CyberNews: 13/07/2026 Edition

Published by Dunateo on 2026-07-13

Today’s roundup

  • EU sanctions Russian GRU military hackers over cyberattacks
  • Russian State Hackers Target Vulnerable Routers Worldwide, Joint Advisory Warns
  • RedHook Android malware now uses Wireless ADB for shell access
  • Misconfigured Server Reveals Three Evilginx Phishing Operations Targeting Microsoft 365
  • Hacker Extradited from Ukraine Pleads Guilty to Ryuk Ransomware Charges
  • Dutch Nationals Suspected in Odido Hack That Exposed Six Million Customers
  • Australia Alerts Organizations to Ongoing CMS Exploitation Attacks
  • Progress Told ShareFile Customers to Pull the Plug on Their Servers. Here’s What We Know.
  • A Leak of San Francisco Police Drone Footage Exposes the New Reality of Urban Surveillance
  • Summary

    The European Union and the United Kingdom have jointly sanctioned Russian individuals and entities, accusing Russia's GRU military intelligence of coordinating extensive cyberattacks across Europe. This marks the first joint cyber sanctions package from the EU and UK against Russian state-backed hacking groups.

    Cybersecurity agencies from 12 countries, including the United States, have issued a joint advisory warning that Russian state-backed hackers are actively targeting vulnerable routers globally. Attackers are exploiting weak SNMP credentials to infiltrate critical infrastructure networks, emphasizing the urgent need for robust network security.

    A new variant of the RedHook Android malware has been observed leveraging the Android Wireless Debugging (Wireless ADB) mechanism to achieve shell-level privileges. This novel technique allows the malware to gain elevated access on compromised devices without requiring a physical computer connection, posing a significant mobile security threat.

    French security firm Lexfo uncovered three active Evilginx phishing operations targeting Microsoft 365 users after discovering a misconfigured Python web server. The server, left with directory listing enabled and a readable `.bash_history` file, exposed the attackers' full toolkit and operational data.

    An Armenian national, extradited from Ukraine, has pleaded guilty in the United States for his involvement in the Ryuk ransomware operation. This legal development underscores ongoing international efforts to bring cybercriminals responsible for major ransomware attacks to justice.

    Dutch police are investigating suspected involvement of Dutch nationals in the February 2026 cyberattack on telecom provider Odido, which resulted in the theft of data from over six million customers. The breach was initiated via a phishing attack, with investigators seeking public assistance to identify a Dutch-speaking individual who impersonated an IT employee.

    Australia's Signals Directorate has issued a global alert regarding a large-scale exploitation campaign targeting numerous Content Management Systems (CMS) and their plugins, including WordPress, Joomla, and Craft CMS. Attackers are exploiting 17 known CVEs to deploy webshells, gain remote access, and potentially facilitate broader network compromise, highlighting the accelerated pace of exploitation due to AI.

    Progress Software has urgently instructed ShareFile Storage Zone customers to immediately shut down their internet-facing Windows servers due to a "credible external security threat." The company also temporarily disabled cloud access for these customers, citing an active investigation into potential compromise of the on-premises Storage Zone Controllers.

    A significant leak of San Francisco Police Department (SFPD) drone footage, acquired from the Skydio platform, has exposed the extensive scope of urban surveillance in the city. The incident highlights critical concerns regarding data privacy and the potential for sensitive surveillance data to be compromised and spill online.

    Want to dig deeper?

    Malware Families

    Global GLOBAL GROUP