CyberSecurity Updates

Ghost Accounts Abuse GitHub API in Mass Recon Campaign

Threat actors are abusing the GitHub API to systematically enumerate organizations, repositories, and user accounts, Datadog reports. Spanning multiple overlapping campaigns, the activity has been ongoing for several months, relying on ghost accounts that were registered two to five years ago but left dormant. The activity, Datadog says, involves automated scanners, the abuse of leaked credentials, and coordinated networks of dormant accounts. While the observed GitHub API requests are targeting publicly available data, blending with…

Read More

In Other News: DHS Database Hacked, Adobe Boosts Patch Cadence, Canada Disrupts Ransomware Ops

SecurityWeek’s weekly cybersecurity news roundup offers a concise overview of important developments that may not receive full standalone coverage but remain relevant to the broader threat landscape. This curated summary highlights key stories across vulnerability disclosures, emerging attack methods, policy updates, industry reports, and other noteworthy events to help readers maintain a well-rounded awareness of the evolving cybersecurity environment. Here are this week’s highlights: Armenian man pleads guilty in the US to ransomware attacks Karen…

Read More

Third US Security Expert Sentenced to Prison for Helping Ransomware Gang

Another cybersecurity expert from the United States, accused of helping a cybercrime gang while working as a ransomware negotiator, has been sentenced to prison. Angelo Martino, 41, of Florida, was sentenced on Thursday to 70 months in prison after he pleaded guilty in April.  Martino is one of the three individuals charged by US authorities last year over their role in ransomware attacks. The three men worked at cybersecurity firms, and two of them served…

Read More

ESET Threat Report H1 2026

ESET Research Threat Reports A view of the H1 2026 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts. Jiří Kropáč 08 Jul 2026  •  , 2 min. read The first half of 2026 shows how attackers continue to improve the efficiency and scalability of their operations. Rather than relying on entirely new methods and tools, they are quickly adapting established techniques to new platforms, technologies,…

Read More

QIZ Security Raises $17 Million for Cryptographic Governance Platform

Israeli startup QIZ Security announced on Thursday that it has raised $17 million in seed funding for its cryptographic posture and post-quantum cryptography (PQC) management platform. The funding round was led by Bessemer Venture Partners and Merlin Ventures, with participation from Evolution Equity Partners, Qbeat Ventures, Singtel Innov8, and Qino Cyber Capital.  The investment will be used to accelerate the company’s growth and enhance its platform. QIZ Security has developed a platform designed to help…

Read More

Accenture Confirms Data Breach After Hacker Claims Source Code Theft

Professional services giant Accenture confirmed a data breach after a hacker claimed the theft of internal source code from the company. The incident came to light this week, when a threat actor boasted on the hacker forum PwnForums about compromising Accenture and stealing 35 gigabytes of data. According to the hacker, the information, including Azure access keys and tokens, configuration files, RSA and SSH keys, and source code, was exfiltrated from Accenture earlier this month.…

Read More

Felons, Fraudsters Flog Offensive Cybersecurity Startup

A cybersecurity startup dangling millions of dollars to acquire zero-day security vulnerabilities in popular software is run by a pair of far-right conspiracy theorists and convicted felons whose most recent ventures included fake intelligence companies and a now-defunct AI-based lobbying platform they operated under assumed names. The X/Twitter account IRIS C2 (@C2IRIS) has gained more than 4,000 followers since its creation in January 2025, posting frequently about security vulnerabilities, AI and software exploits. IRIS C2…

Read More

CISA Reportedly Using Anthropic’s Mythos to Scan Government Software for Flaws

The US Cybersecurity and Infrastructure Security Agency (CISA) is using Anthropic’s powerful Mythos AI model to scan and audit federal government software for security vulnerabilities, according to a report from Reuters. Citing three sources familiar with the matter, Reuters reported that CISA is utilizing Mythos to scan code repositories across federal agencies. The operation aims to proactively discover and patch security bugs that could otherwise be exploited by foreign intelligence agencies and cybercriminals. The audits are…

Read More

The Shift Toward Business-Aligned Risk Management

In the movie Moneyball, the Oakland A’s didn’t need more data; they needed to know which data actually won games. Risk assessment data has the same problem. A CVSS score of 9.1 might mean little to a CFO; the fact that it represents a vulnerability in a payment system processing $2 million daily means a great deal. This data must therefore link to information about operational disruptions that can cause financial loss, product delays, or…

Read More

Cyber readiness for SMBs: Getting the basics right

Business Security AI is changing cybercrime, but SMB cyber readiness still largely depends on closing the familiar gaps Phil Muncaster 03 Jul 2026  •  , 5 min. read AI is changing attackers’ toolkits. It can help criminals write better lures, scale social engineering and speed up reconnaissance, all while generally lowering the barrier to entry for less skilled attackers. Organizations are right to pay attention, especially because malicious use of AI makes old gaps a…

Read More