Featured image of post Cybersecurity Week in Review: July 9–15, 2026

Cybersecurity Week in Review: July 9–15, 2026

Cyberattacks, data breaches, zero-days, and global responses—discover the biggest cybersecurity headlines of this week.

Introduction

This week’s cybersecurity landscape was marked by a surge in high-impact data breaches, sophisticated cyberattacks targeting critical infrastructure and supply chains, and the disclosure of several critical vulnerabilities with active exploitation in the wild. Government agencies worldwide responded with new advisories and sanctions, while the industry grappled with the growing threat of AI-driven attacks and supply chain compromises. Below, we break down the most significant developments from Tuesday, July 7, through Monday, July 13, 2026.


Major Data Breaches

Accenture Confirms Source Code Breach

Accenture, the global technology consulting giant, confirmed a breach after a threat actor known as “888” claimed to have stolen 35GB of source code, SSH and RSA keys, Azure Storage Access Keys, and configuration files. The attacker began selling the data on underground forums, but Accenture stated that the incident was isolated and had no impact on operations or service delivery. The breach highlights the persistent risk posed by exposed credentials and the value of source code to cybercriminals1.

  • Date of disclosure: July 9, 2026
  • Data exposed: Source code, keys, configuration files
  • Attack vector: Not publicly disclosed
  • Response: Remediation of the source, no operational impact

Read more


Deutsche Bank Employee Data Breach

Deutsche Bank was listed on a ransomware leak site by the Unsafe ransomware group, which posted alleged employee database records as proof. The leaked data reportedly includes employee email addresses, password hashes, physical addresses, and internal records. The bank confirmed a third-party breach at a German service provider but stated there was no evidence of unauthorized access to its internal network. The incident underscores the risks of third-party service providers and the potential for employee data to be leveraged in phishing and further attacks2.

  • Date of disclosure: July 7–8, 2026
  • Data exposed: Employee emails, password hashes, addresses
  • Attack vector: Third-party service provider compromise
  • Response: Ongoing investigation, no evidence of customer data exposure

Read more


AssuranceAmerica: 6.9 Million Driver’s License Numbers Stolen

AssuranceAmerica, a major US auto insurer, disclosed a breach affecting up to 6.9 million individuals. Attackers accessed names, contact information, driver’s license numbers, insurance policy and account data, and vehicle information. The breach was traced to compromised employee credentials3.

  • Date of disclosure: July 9, 2026
  • Data exposed: Personal and driver’s license information
  • Attack vector: Compromised credentials
  • Response: Notification to affected individuals, investigation ongoing

Read more


Other Notable Breaches

  • Fluke Corporation: Over 100GB of data, including 21 million Salesforce records, reportedly stolen by ShinyHunters ransomware group.
  • Ingram Content: Targeted by ShinyHunters, with the extent of data exposure under investigation.
  • Edgewood Police Department: Ransomware attack by Wallstreet group, impact under review.
  • Ford Motor Company Mexico: Listed as a victim of the Krybit ransomware group, with details still emerging4.

Significant Cyberattacks

AI-Driven Ransomware: JADEPUFFER Automates Database Attack

Security researchers documented what is believed to be the first fully autonomous ransomware attack orchestrated by an AI agent, dubbed JADEPUFFER. The attack exploited CVE-2025-3248 in Langflow, an open-source AI workflow tool, to gain access, steal credentials, and encrypt a production database. The AI agent executed the entire intrusion chain, including lateral movement and data exfiltration, without direct human intervention. The incident signals a new era of AI-driven cybercrime, lowering the barrier for complex attacks5.

  • Date of report: July 2, 2026
  • Attack vector: CVE-2025-3248 (Langflow RCE)
  • Impact: Database encrypted and wiped, ransom note left
  • Response: Patch available for Langflow; urgent updates recommended

Read more


Supply Chain and Open Source Attacks

A wave of attacks targeted open source projects and supply chains, compromising tools such as Aqua Security’s Trivy, Bitwarden, and Checkmarx. Attackers inserted backdoors into widely used software, enabling credential theft and downstream compromises of major tech companies, including OpenAI and Vercel. These incidents highlight the systemic risk posed by software supply chain vulnerabilities6.


State-Linked Espionage and Infrastructure Attacks

  • China-aligned threat actors exploited Roundcube webmail vulnerabilities (CVE-2024-42009, CVE-2025-49113) to infiltrate US and Canadian university networks, targeting physics and engineering departments with national security ties. Attackers established persistent access via webshells and backdoors, with the campaign believed to be ongoing7.
  • Russian FSB was formally blamed for a destructive attack on Poland’s energy grid, prompting coordinated EU-UK sanctions. The campaign is part of a broader pattern of digital sabotage across Europe8.

Critical Vulnerabilities

BeyondTrust Remote Support and PRA: Critical Auth Bypass

BeyondTrust patched two critical pre-authentication vulnerabilities (CVE-2026-40138 and CVE-2026-40139, both CVSS 9.2) in its Remote Support and Privileged Remote Access products. Exploitation could allow unauthenticated attackers to bypass access controls and gain privileged access. No exploitation in the wild has been reported, but the flaws are considered a worst-case scenario for privileged access management9.

  • Affected versions: RS and PRA 25.3.2 and lower
  • Remediation: Update to RS/PRA 25.3.3 or above

Read more


Januscape: 16-Year-Old Linux KVM Hypervisor Escape

A critical vulnerability (CVE-2026-53359, “Januscape”) was discovered in the Linux KVM hypervisor, allowing guest VMs to escape to the host on both Intel and AMD x86 systems. The flaw, undetected for 16 years, poses a severe risk to cloud providers and multi-tenant environments. Public proof-of-concept code can cause host panic, and a private exploit achieves full code execution10.

  • CVSS: Not specified, but considered critical
  • Remediation: Apply KVM/hypervisor patches immediately

Adobe ColdFusion Path Traversal (CVE-2026-48282, CVSS 10.0)

A maximum-severity path traversal vulnerability in Adobe ColdFusion is now under active exploitation. Attackers can achieve arbitrary code execution without user interaction. Organizations running ColdFusion are urged to patch immediately and audit for unauthorized files11.


Gitea Docker Image Authentication Bypass (CVE-2026-20896, CVSS 9.8)

A critical flaw in Gitea Docker images allows attackers to impersonate any user, including administrators, via a crafted HTTP header. The default configuration trusts all source IPs, making default installations vulnerable out of the box. Active exploitation has been observed12.


Other Notable Vulnerabilities

  • Microsoft SharePoint RCE (CVE-2026-45659, CVSS 8.8): Added to CISA KEV after confirmed exploitation. Allows authenticated attackers to execute code remotely.
  • Ubiquiti UniFi: New device takeover vulnerabilities disclosed, details pending10.

Government Responses

CISA and NSA Advisories

  • CISA added multiple vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, including SharePoint RCE and Gitea Docker flaws, urging immediate patching by federal agencies13.
  • NSA published new guidance on router hygiene to protect against Russian state-sponsored attacks and issued a fact sheet on reducing SNMP abuse risk14.

EU-UK Sanctions on Russian Cyber Operators

The European Union and the UK announced coordinated sanctions against Russian individuals and organizations linked to the FSB, following destructive attacks on Poland’s energy grid and a broader campaign of digital sabotage across Europe8.


Miscellaneous

AI Security and Research

  • Ghostcommit Attack: Researchers demonstrated how AI coding agents can be manipulated by hidden instructions embedded in images, raising concerns about the security of AI-assisted software development8.
  • ModHeader Extension Pulled: Google and Microsoft removed the popular ModHeader browser extension after discovering a dormant browsing-history collector in the codebase, affecting 1.6 million users15.

Industry News

  • Ransomware Negotiator Sentenced: A US-based ransomware negotiator was sentenced to over five years in prison for conspiring with hackers to extort companies, with authorities seizing over $10 million in assets8.
  • Supermarket Chain Lidl: Warned customers after a data leak, with the number of affected individuals not yet disclosed8.

Conclusion

The week of July 9–15, 2026, underscored the relentless pace and evolving sophistication of cyber threats. From AI-driven ransomware and supply chain attacks to critical vulnerabilities and state-sponsored campaigns, organizations must remain vigilant, prioritize patching, and strengthen third-party risk management. Government advisories and international sanctions reflect the growing recognition of cybersecurity as a matter of national and economic security.

Stay informed, stay secure.


Sources:

For technical details, CVEs, and further reading, please refer to the linked articles above.