Policy & Government
FBI Arrests 21-Year-Old Zyaire Wilkins Over Steam-Game Malware Campaign Draining Crypto Wallets
A cryptocurrency-user targeting arrest via a novel Steam-games vector — law-enforcement coverage this weekend.
Threat Intelligence
A botnet targeting self-hosted AI tooling for cloud keys — defender review for organizations exposing AI services this weekend.
Vulnerabilities
A silent OpenSSL fix gets belated technical detail: eleven bytes of TLS request data can reportedly strand up to 131 KB of server memory. Defender review is warranted across OpenSSL-dependent infrastructure this weekend.
Supply Chain Attack
A code-signing-integrity attribution against a Chinese cybercrime subgroup — and a prompt for supply-chain defenders to review how much trust their pipelines place in a valid signature.
Vulnerabilities
An unauthenticated remote-code-execution flaw in WordPress Core, disclosed as wp2shell, affects the 6.9 and 7.0 branches. Fixes shipped July 17 in 6.9.5 and 7.0.2 — defender teams and hosting providers should verify patch status rather than assume forced updates landed.
Ransomware
INC Ransomware named as the SonicWall SMA zero-day exploiter — defender teams stay in accelerated verification posture this weekend.
Supply Chain Attack
Another JavaScript-ecosystem compromise with a novel blockchain-C2 angle — seven scoped npm packages impersonating the Vite tooling namespace, and defender inventory work this weekend.
Vulnerabilities
Rapid7 goes deep on the SharePoint CVSS-9.8 RCE — defender-team detection-engineering review this weekend.
Cybersecurity 101
The major categories of cyber threat actors explained — nation-states, cybercriminals, hacktivists, insiders, and script kiddies — with motivations and defense implications.
phishing
A scale-significant AI-filter-bypass research beat — defender review for AI-heavy email-security stacks this week.
Three chained OT zero-days in Siemens ROX II — a defender review for industrial operators this week, with Unit 42's analysis and Siemens's fixed firmware as the anchors.
Another Southeast-Asia-focused espionage cluster documented by Kaspersky — a defender research review this week for government and diplomatic entities in the region.
A mobile lock-screen bypass involving Gemini — defender verification across managed Android fleets this week.
An Apple advisory on FaceTime-based social engineering — defender-team end-user awareness this week.
A cross-border REvil extradition drama - an identity dispute and the Armenian judicial process take center stage this week, with a Russian tourist detained on a US warrant his lawyers say names a different man.
Another named stealer joins the ClickFix pattern — a defender posture review across Microsoft 365 environments after Microsoft's published analysis this week.
ClickFix migrates from financially motivated crime to nation-state activity, according to Ars Technica's report on Russia's Sandworm cluster - a defender-awareness read for this week.
A fast-moving Rust-based ransomware family — defender detection-engineering review this week.
More detail on Scattered Spider's TfL leaders: US authorities have Jubair on the record for 120 attacks, and defender pattern-tracking continues this week.
A CVSS 9.8 SharePoint zero-day joins CISA's KEV catalog with a two-day patch deadline — defender teams accelerate verification this week.
The ransomware leaderboard shifts — The Gentlemen tops the chart in ReliaQuest’s latest tracking, and defender-team pattern-watching continues this week from the analyst’s chair, not the attacker’s.
Two FortiSandbox flaws under active attack — CISA's July 19 deadline puts defender teams on the clock this week.