
Loading summary
A
From the CISO series. It's Cybersecurity Headlines
B
these are the cybersecurity headlines for Friday, July 10, 2026. I'm Sarah Lane. Interpol's Fraud sweep goes Global Interpol said a three month global crackdown called Operation First Light led to more than 5,800 arrests across 97 countries. Authorities say they identified more than 142,000 victims and seized $293 million tied to online fraud and money laundering. The cases included business email, compromise, romance scams, sex torsion, impersonation and investment fraud. Investigators also blocked more than 31,000 bank accounts connected to this activity. These operations can be very elaborate. For example, police in Espatini seized a fake Brazilian police station setup, including uniforms and signage allegedly used to trick victims into sending money. China flags Claude codes China's national vulnerability database says it found security issues in several versions of Anthropic's claude code, claiming the coding tool could send sensitive user information like location or identity data back to remote servers. But Anthropic is pushing back on this, saying the feature was an anti abuse measure meant to detect unauthorized resale and use of claude code. It wasn't a secret backdoor. There's also a political layer here. Claude code not officially available in China, but developers there have been using it through workarounds and resale channels. So this is part software security claim, part AI access fight old GitHub accounts, new tricks Datadog Security Labs reports that attackers are quietly mapping corporate GitHub environments by using old dormant accounts that look a lot less suspicious than brand new ones. Some of these accounts were created years ago and then left unused until they were brought back for automated scraping. The attackers are using GitHub's API to collect information about public repositories, which organization members, followers, gists and starred projects. Most of that is technically public data, but at scale, it does give an attacker a useful map of a company's developers and their code. In some cases, researchers say the activity has gone beyond reconnaissance and included cloning private repositories. Rubrik bets big on London Rubrik says it plans to invest more than $500 million in the UK and make London its European headquarters. The US company sells data security and recovery tools, so this is a signal about where it sees demand going in Europe. Rubrik is pointing to ransomware recovery, cyber resilience and security data management as major drivers and that bigger base in London at a time when governments and large companies are putting more attention on whether they can recover quickly after destructive attacks. Huge thanks to our sponsor Vanta, your team just added its 67th AI tool. Unfortunately also your 67th security blind spot. There's good news. The Vanta Agent works like a GRC engineer in the background, finding every app your team uses, scoring the risk and drafting fixes for you. Vanta is the platform used by over 16,000 fast moving companies like Ramp Cursor and Harvey who are shaping the future with AI and staying ahead of AI risk. Get started today and at vanta.com headlines forge 365 puts phishing on autopilot Researchers at 0bec Email Security say a new phishing as a service platform called Forge 365 is packaging a lot of modern Microsoft 365 attack tactics into one tool. It supports device code phishing adversary in the middle, fishing AI generated lures, token management and post compromised activity all from one dashboard. It's not just about stealing a password in device code attacks. Victims are tricked into authorizing an attacker controlled device through Microsoft's legitimate login flow. Forge 365 also includes a browser extension that can refresh Microsoft sign in cookies, which gives attackers a way to hold onto access after that initial compromise. Latvian forestry firm digs out after ransomware Latvia's state owned forestry company is still working its way back from a ransomware attack that hit late last month. The company says several internal and customer facing systems were disrupted, like mapping tools and services used to communicate with contractors and customers. Officials say the attackers likely got in through a system that had not been updated in about two years and and may have been inside the network for more than a week before anybody spotted them. About 44 gigabytes of stolen data has been leaked, including internal documents, email correspondence, code repositories, certificates, keys and credentials. Helix leans on phone calls and SharePoint. Researchers at Cybersecurity firm Reliaquest are tracking a new data extortion group called Helix, which appears to be very identity focused. The attack often starts with a phone call from a manager or somebody else the employee would trust, then pushing the target into a device code phishing flow. Once Helix gets in, the group then adds a new authenticator app to keep access searches through SharePoint and downloads files. The stolen data is then used for extortion or sold to other criminals. The tactics appear similar to activity tied to Shiny Hunters and Blackfile, though there's no official connection. Chat Control survives For now the EU's chat control fight is back, a reminder that this fight was over rules letting platforms voluntarily scan for child sexual abuse material. Also known as csam. Privacy advocates say this still opens the door to broad scanning of private communications. Supporters argue it's needed to help detect and remove abuse material online. More lawmakers voted to block the temporary rules than voted to keep them. But opponents needed 360 votes to stop the measure. And they didn't get there end to end. Encrypted services are still carved out with separate rules. If you have some thoughts on the news from today or about our show in general, be sure to reach out to us. Feedbackisoseries.com we always want to hear from you. I am Sarah Lane, reporting for the CISO series. You stay classy and safe out there.
A
Cybersecurity headlines are available every weekday. Head to cisoseries.com for the full stories. Behind the headlines.
Date: July 10, 2026
Host: Sarah Lane, CISO Series
Episode Theme:
A rapid roundup of the most important information security stories making global impact, focusing on international law enforcement actions, emerging attacker techniques, major investments in cyber resilience, and ongoing debates around security and privacy.
[00:13 – 01:35]
Scope and Impact:
Types of Fraud Targeted:
Notable Tactics:
[01:36 – 02:15]
Claim:
Anthropic’s Response:
Broader Issues:
[02:16 – 02:57]
Discovery by Datadog Security Labs:
Risks:
[02:58 – 03:25]
Announcement:
Industry Trend:
[03:54 – 04:43]
Research by 0bec Email Security:
Techniques:
[04:44 – 05:27]
Incident:
Root Cause & Exposure:
Data Leak:
[05:28 – 06:04]
Findings by Reliaquest:
Attack Flow:
[06:05 – 06:44]
Background:
Debate:
Outcome:
“You stay classy and safe out there.” – Sarah Lane (06:44)
For more in-depth news, visit: CISOseries.com