
Loading summary
A
From the CISO series, it's Cybersecurity Headlines
B
these are the cybersecurity headlines for Monday, July 13, 2026. I'm Steve Prentiss. Windows Backdoor stuffs multiple wipers and ransomware code into a single package. According to Microsoft, this newly identified backdoor combines ransomware like encryption with multiple data wiping features. First spotted last October, this Golang based application is now named Giga Wiper. It contains multiple malware families in the software as on demand commands, giving criminals a Swiss army knife of command and control and destructive capabilities including multiple wiping commands and file encryption without any possibility of decryption. Microsoft's Threat Intelligence Group says this quote reflects a notable shift in wiper malware, which is typically designed purely to destroy rather than to extort and carry real world consequences. NSA brings back tailored access operations name for Elite hacking unit this is a rebrand of sorts for its Elite Hacking division changed from Computer Network Operations. The change is part of a reorganisation to make the largest electronic spy agency in the world more adept at facing evolving digital threats from China, Russia and others. It's not just the name that has reverted, but so too some of the internal reshuffle from 2016 in which offensive operations and intelligence collection were spread out into broader directorates from a standalone unit, which now, a decade later, is described by those involved to have been the better approach. Progress software urges ShareFile customers to shut down storage zone controllers Progress Software made this alert on Friday to shut down the Windows servers running their storage zone controllers, confirming that it is responding to a credible external security threat. The company has temporarily disabled access to affected accounts while it works with internal and external security experts. As of this announcement, the company has no indication of any unauthorized access to any ShareFile accounts or data and has not said what the threat is or who is behind it. Only the storage zone controller is affected and not standard cloud, only ShareFile accounts. Australian Cyber agency warns of global CMS exploits the Australian Cybersecurity Centre is warning about a global exploitation campaign targeting including vulnerable content management systems and plugins, with many Australian businesses already affected by the malicious activity with web shells being deployed on their sites. The agency says as part of this campaign, malicious cyber actors are actively scanning websites for opportunities to deploy web shells, leveraging various vulnerabilities affecting CMS software and plugins. This activity leverages flaws in several CMS platforms and plugins including WordPress Joomla, and a full list of these exploits is available in the show. Notes to this episode Huge thanks to our sponsor Threatlocker Every security leader is being asked the same question right now. How do we enable innovation without creating unnecessary risk? That's the challenge behind cloud adoption, behind AI, behind automation, and behind every major technology decision. ThreatLocker helps organizations take a zero trust approach to that challenge, giving them greater control over what can execute, what can access their environment, and what users and applications are allowed to do. That's why ThreatLocker is proud to support cybersecurity headlines, because security works best when innovation and control move together. Dutch Odido Telco cyber attack traced to local accomplice maybe following up on a story we covered in February Dutch police announced on Thursday they had uncovered evidence suggesting that Dutch criminals were involved in the cyber attack on telecom provider Odido that exposed the personal data of more than 6 million customers. According to the announcement, a Dutch speaking man posing as an Odido IT employee called the company's customer service department before the February attack, helping trick employees into granting access that enabled hackers to steal customer information. The police force is still trying to identify the caller and suggested they might release a recording of the caller's voice if necessary. Ghost commit hides prompt injection in images to fool AI agents and steal secrets, Steganography has come to the AI world. Researchers at the University of Missouri, Kansas City's Asset Research Group have built a pull request that steals a repository's secrets by hiding the malicious instruction inside a PNG that AI code reviewers never open. The researchers published a proof of concept on GitHub this past week and says it has disclosed the findings to affected vendors. The exploit lives in text rendered inside a png, which appears to automated reviewers as simply a binary blob. As part of their research, the team even stuffed the PNG with the words malicious prompt injection and and an explicit order to read the env file. But it still passed. Clean data centers drive up big Tech's carbon emissions to a third of those of all of France the collective carbon emissions of Microsoft, Amazon and Google have increased by nearly 20% in the past year, driven largely by data center construction. For the financial year ending March 2026, the three companies produced an amount of carbon dioxide equivalent to one third third of that of France, a country of 69 million people. Cecilia Rickapp, an economics professor at the University College London, warns that other companies that store data and train and use AI models are outsourcing their own digital AI carbon footprint to cloud giants. Basically, shifting to the cloud helps other corporations obscure their environmental footprint. End quote. Former digital Mint ransomware negotiator who duped clients sentenced to 70 months in jail. Angelo John Martino III exploited his insider position and fed confidential information to ransomware co conspirators to extort a combined $75.3 million from five US based victims. This former ransomware negotiator for Digital Mint has now been sentenced to 70 months in jail, that is almost six years for helping Black Cat affiliates, effectively conducting ransomware negotiations with himself and with his co conspirators. The victims in this scam, all of whom did pay ransoms, include a non profit, a financial services company and a hospitality company. If you have some thoughts on the news from today or about this show in general, please be sure to reach out to us@feedbackisoseries.com we would love to hear from you. Steve I'm Steve Prentice reporting for the CISO series.
A
Cybersecurity headlines are available every weekday. Head to CISoseries.com for the full stories behind the headlines.
Host: Steve Prentiss, CISO Series
Main Theme:
A packed daily update on urgent threats, notable breaches, ongoing exploits, and significant industry trends in the world of information security.
[00:06–01:29]
[01:29–02:06]
[02:06–02:52]
[02:52–03:30]
[04:28–05:25]
[05:25–06:10]
[06:10–06:58]
[06:58–08:04]
For further details and the full list of CMS vulnerabilities, see the show notes at CISOseries.com.