Featured image of post Cybersecurity Week in Review: June 30 – July 6, 2026
News

Cybersecurity Week in Review: June 30 – July 6, 2026

Cyberattacks, data breaches, zero-days, and global responses—discover the biggest cybersecurity headlines of this week.

By Senthorus SOC

Major Data Breaches

Figure Technology Solutions: Nearly 1 Million Accounts Exposed

Summary:
Fintech lender Figure Technology Solutions confirmed a significant data breach affecting nearly 1 million customer accounts. The breach, attributed to the ShinyHunters cybercrime group, resulted from a successful social engineering attack targeting an employee. Sensitive data, including names, contact information, and birth dates, was posted on a dark web leak site after the company reportedly refused to pay a ransom. The breach is part of a broader campaign targeting SSO credentials across financial firms, with attackers leveraging Okta vishing techniques. Figure is offering free credit monitoring to affected individuals and has warned customers to be vigilant for phishing attempts.

Key Details:

  • Organization: Figure Technology Solutions (San Francisco, US)
  • Data Exposed: Names, email addresses, phone numbers, physical addresses, dates of birth
  • Attack Vector: Social engineering (Okta vishing campaign)
  • Discovery Date: Publicly confirmed July 2026
  • Response: Credit monitoring offered, customer notifications, ongoing investigation

Technical Details:

  • Threat Actor: ShinyHunters
  • Initial Access: Employee tricked via social engineering
  • Data Exfiltration: Confirmed, 2.5GB of data posted online
  • Ransom Demand: Undisclosed, not paid

Cross-reference notes:
Multiple sources confirm the breach scale and the use of SSO-focused social engineering. The incident highlights the growing risk of identity compromise in outsourced and cloud environments.
Read more at Cybernews

Significant Cyberattacks

Escalation in Middle East: DDoS, Data Leaks, and Wiper Attacks

Summary:
The ongoing Iran–Israel/US cyber conflict saw a surge in attacks this week, with pro-Russian and pro-Iranian hacktivist groups targeting Israeli, Gulf, and US-linked organizations. Notable incidents included DDoS disruptions of Israeli energy and research institutions, the defacement of Indian and Nepali educational sites, and unverified claims of large-scale data erasure and exfiltration from Israeli companies and military units. The RuskiNet group and Handala were particularly active, with claims of wiping 22TB of data across 14 Israeli companies and leaking personal details of military officers. While some claims remain unverified, technical evidence (such as HTTP errors and published data samples) supports the occurrence of several attacks.

Key Details:

  • Targets: Israeli energy sector, agricultural research, air defense contractors, and e-commerce; UAE renewable energy; Indian and Nepali educational institutions
  • Attack Vectors: DDoS, wiper malware, data exfiltration, defacement
  • Notable Groups: RuskiNet, Handala, Z-PENTEST Alliance, BD Anonymous
  • Impact: Service disruptions, data leaks, reputational damage

Technical Details:

  • DDoS Verification: HTTP 502/503/504 errors confirmed for several targets
  • Wiper Claims: 22TB erased from Israeli companies (unverified but plausible given group history)
  • Data Leaks: Personal data of military officers and e-commerce customers published

Cross-reference notes:
The attacks are part of a broader campaign of cyber escalation tied to regional conflict, with hacktivist and APT involvement.
Live dashboard and incident details at SOCRadar

Critical Vulnerabilities

Fortinet FortiClient EMS Zero-Day (CVE-2026-35616) Under Active Exploitation

Summary:
Fortinet issued an emergency update for a critical zero-day vulnerability (CVE-2026-35616, CVSS 9.1) in FortiClient Enterprise Management Server (EMS). The flaw, an improper access control issue, allows unauthenticated attackers to bypass API authentication and execute arbitrary code. Exploitation in the wild has been confirmed, prompting urgent patching guidance. The vulnerability is notable for its low attack complexity and high impact on confidentiality, integrity, and availability.

Key Details:

  • Product: FortiClient EMS (versions 7.4.5, 7.4.6)
  • Vulnerability: Pre-authentication API access bypass, remote code execution
  • Discovery: Reported by Defused, confirmed by Fortinet April 4, 2026
  • Exploitation: Active, with attacks observed in the wild
  • Response: Emergency hotfixes released, patching strongly advised

Technical Details:

  • CVE: CVE-2026-35616
  • CVSS Score: 9.1 (Critical)
  • Attack Vector: Network, no privileges required
  • Mitigation: Apply hotfixes for affected versions; forthcoming fix in 7.4.7

Cross-reference notes:
Multiple security advisories and vulnerability databases confirm the severity and exploitation status.
Forbes coverage | SecurityWeek

Citrix NetScaler ADC/Gateway Memory Flaw (CVE-2026-3055) Exploited

Summary:
A critical vulnerability in Citrix NetScaler ADC and Gateway appliances (CVE-2026-3055) is being actively exploited to obtain sensitive data. The flaw, an out-of-bounds read, affects devices configured as SAML IDP and can lead to memory overread and potential data leakage. Citrix has released mitigations and urges immediate action.

Key Details:

  • Product: Citrix NetScaler ADC, NetScaler Gateway
  • Vulnerability: Out-of-bounds read, memory overread
  • CVE: CVE-2026-3055
  • Exploitation: Confirmed in the wild
  • Mitigation: Apply vendor-provided patches and mitigations

Cross-reference notes:
Read more at BleepingComputer

Langflow AI Platform RCE (CVE-2026-33017) Weaponized Within 20 Hours

Summary:
A critical code injection vulnerability (CVE-2026-33017, CVSS 9.3) in the open-source Langflow AI platform was exploited within 20 hours of public disclosure. The flaw allows unauthenticated remote code execution via a public API endpoint, enabling attackers to exfiltrate credentials and deploy malware. The vulnerability affects all versions up to 1.8.1, with a fix available in the development branch. CISA has added the issue to its Known Exploited Vulnerabilities catalog, requiring urgent patching by federal agencies.

Key Details:

  • Product: Langflow (AI workflow platform)
  • Vulnerability: Unauthenticated RCE via code injection
  • CVE: CVE-2026-33017
  • CVSS Score: 9.3 (Critical)
  • Exploitation: Observed within 20 hours of disclosure
  • Mitigation: Update to latest development version, rotate credentials, restrict network access

Technical Details:

  • Attack Vector: Single HTTP POST with malicious Python code
  • Impact: Credential theft, database access, potential supply chain compromise

Cross-reference notes:
The Hacker News | CISA KEV Catalog

Government Responses

CISA Adds New Exploited Vulnerabilities to KEV Catalog

Summary:
The US Cybersecurity and Infrastructure Security Agency (CISA) added several new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog this week, including the Fortinet FortiClient EMS zero-day (CVE-2026-35616) and the Langflow RCE (CVE-2026-33017). Federal agencies are required to apply vendor fixes by specified deadlines. CISA continues to issue alerts and advisories on emerging threats, emphasizing the need for rapid patching and improved vulnerability management.

Key Details:

  • Vulnerabilities Added: CVE-2026-35616 (Fortinet), CVE-2026-33017 (Langflow), and others
  • Action Required: Federal agencies must patch by April 8 and April 16, 2026, respectively
  • Guidance: Apply vendor mitigations, monitor for exploitation, rotate credentials as needed

Cross-reference notes:
CISA Alerts & Advisories

Miscellaneous

European Cybersecurity Conferences: Industry Gathers for 2026 Events

Summary:
Europe’s cybersecurity community is convening at major conferences throughout 2026, with Infosecurity Europe in London and Black Hat Europe in December among the highlights. These events provide a platform for sharing the latest research, innovations, and security tools, with a strong focus this year on AI-driven threats and adaptive risk management. The rapid evolution of the threat landscape makes these gatherings essential for professionals seeking to stay ahead of adversaries.

Key Details:

  • Infosecurity Europe: June 2–4, 2026, ExCeL London
  • Black Hat Europe: December 7–10, 2026, London
  • Focus Topics: AI in cybersecurity, operational technology, adaptive risk management

Cross-reference notes:
Infosecurity Europe | Cybersecurity Ventures Calendar

Conclusion

This week’s cybersecurity landscape was marked by high-impact data breaches, a surge in state-linked and hacktivist cyberattacks, and the rapid weaponization of critical vulnerabilities. The speed at which attackers exploit newly disclosed flaws continues to outpace defensive patch cycles, underscoring the urgent need for proactive vulnerability management and robust incident response. As government agencies and industry leaders respond to these evolving threats, collaboration and information sharing remain vital to building cyber resilience.

For further details and technical advisories, consult the linked sources above.

© 2026 Senthorus Blog