Canadian Cyber Security Journal
SOCIAL:
Filed under: News

Cybersecurity Daily Brief — Friday, July 3, 2026

Here are today’s top cybersecurity stories for Friday, July 3, 2026.

Google and FBI Disrupt NetNut Residential Proxy Network of 2 Million Devices
Google’s Threat Intelligence Group, working with the FBI, Lumen, and other partners, disrupted the NetNut residential proxy network, also tracked as Popa, cutting off at least 2 million compromised consumer devices worldwide. NetNut grew its botnet by distributing SDKs embedded in software for smart TVs and streaming boxes, then rented the hijacked connections to criminals and espionage groups seeking to mask their traffic. In a single week in June, researchers observed 316 distinct threat clusters routing activity through suspected NetNut exit nodes.
BleepingComputer

CISA: Ransomware Gangs Now Exploit BlueHammer Microsoft Defender Flaw
CISA updated its Known Exploited Vulnerabilities entry for CVE-2026-33825, the Microsoft Defender privilege escalation flaw known as BlueHammer, to confirm use in ransomware attacks. The flaw lets a low-privileged local attacker gain SYSTEM permissions on unpatched Windows devices. Microsoft patched it on April 14 after researcher “Nightmare Eclipse” leaked details and proof-of-concept code in early April.
BleepingComputer

Exploitation Attempts Target Progress Kemp LoadMaster Pre-Auth RCE Flaw
eSentire’s Threat Response Unit observed exploitation attempts against CVE-2026-8037, a critical unauthenticated OS command injection flaw in Progress Kemp LoadMaster load balancers, beginning June 29 — the same day functional proof-of-concept code went public. The flaw stems from improper string handling in the appliance’s escape_quotes() function and is triggered through crafted requests to the /accessv2 endpoint. Observed attempts have failed so far, but researchers expect activity to increase.
The Hacker News

Cisco Talos Exposes ARToken Phishing Panel Targeting Microsoft 365
Cisco Talos researchers documented ARToken, a React-based phishing-as-a-service panel operating as an affiliate of the EvilTokens platform, exposing more than 80 API endpoints for device code phishing, Primary Refresh Token persistence, mailbox access, and SharePoint exfiltration. Stolen tokens survive password resets, letting operators read and send mail as the victim and plant inbox rules to bury evidence. The panel went dark following the research.
Cisco Talos

DuneSlide: Cursor IDE Flaws Allow Zero-Click Prompt Injection to Full RCE
Cato Networks disclosed two critical Cursor IDE vulnerabilities, CVE-2026-50548 and CVE-2026-50549, rated CVSS 9.8 and collectively named DuneSlide. A poisoned payload ingested from an MCP server or web search result steers the AI agent into writing files outside the project scope or through unvalidated symlinks, letting attackers overwrite the sandbox binary and execute unsandboxed code. Cursor shipped fixes in its 3.0 client.
The Hacker News

Adobe ColdFusion Flaw Exploited Within Hours as Adobe Moves to Twice-Monthly Patches
Exploitation attempts against CVE-2026-48282, one of the seven maximum-severity ColdFusion and Campaign Classic flaws patched this week, began within hours of public disclosure. Adobe announced a shift to twice-monthly security bulletins starting July 14, citing a disclosure-to-exploitation window compressing from days to hours as attackers adopt AI tooling.
The Hacker News

Ransomware Campaign Impersonates Interpol to Target Small Businesses
Attackers are sending phishing emails posing as Interpol investigators, telling small businesses they are under criminal investigation and directing them to download “evidence” from a password-protected Proton Drive archive. The archive delivers ransomware disguised as a video file, with victims instructed to negotiate over the Tox messaging platform. Targets span pharmaceuticals, food, agriculture, technology, media, and legal services across the US, Europe, Asia, and the Middle East.
Dark Reading

Opera Launches Clipboard Protection to Block ClickFix Attacks
Opera introduced Paste Protect, a browser feature designed to stop clipboard-based social engineering, including the ClickFix technique responsible for more than half of malware-delivery attacks in 2025. The feature flags suspicious clipboard writes before users paste and run attacker-supplied commands.
Help Net Security

AI-Discovered Bugs Outpace Open-Source Patching Capacity
New reporting highlights a growing gap between AI-assisted vulnerability discovery and human remediation capacity in open source. Anthropic’s Claude Mythos Preview identified more than 23,000 open-source code paths of concern and disclosed 1,596 verified bugs in 63 days, leaving volunteer maintainers with more reports than they are able to act on. Researchers warn unfixed, machine-discovered flaws accumulate into a public backlog attackers mine.
Help Net Security

Stay tuned for today’s in-depth analysis posts.

Enjoy this article? Don’t forget to share.