
Loading summary
A
From the CISO series, it's Cybersecurity Headlines
B
these are the cybersecurity headlines for Wednesday, July 8, 2026. I'm Rich Stroffelino. The UK's Cyber Pledge and Cyber Shield as part of the UK government's reset on cybersecurity, it announced a flagship voluntary cybersecurity pledge earlier this year. This would see companies commit to making cybersecurity a board level responsibility, register for the National CyberSecurity Center's or NCSC's free early warning, and require a Cyber Essentials certification in their supply chains. Despite outreach to all firms on the Financial Times Stock Exchange 350, only 15 signed up for the pledge at its official launch this week. In other UK cybersecurity news, the NCSC laid out plans for a national scale sovereign defense capability. Dubbed cybershield. This model would pair red and blue AI agents across critical infrastructure and government IT systems to both proactively probe for weaknesses and defend them in real time. And the NCSE said the government cannot deliver this capability on its own and will be done in association or partnership with leading frontier AI capabilities, cyber defense organizations and academia. After rolling this capability out to government networks, the NCSC plans to transition IT to commercially scalable solutions. Millions exposed in Japanese Telco Attack Telco KDDI disclosed this week that a cyberattack exposed more than 12 million customer email addresses and over 7 million passwords. This breach occurred through a third party tool that impacted an email system used to manage customer accounts. KDDI originally disclosed that it experienced unauthorized access last month, but only this week confirmed the scale. There was no evidence that attackers were able to move into other systems and the breach did not impact email services for mobile and fixed line Internet customers. KDDI said that Internet service providers impacted by the breach will complete mandatory password resets in the coming days. China looking to Curb Overseas model Access Reuter sources say that Chinese authorities met with Alibaba, ByteDance and the startup Zai to discuss potentially restricting overseas access to advanced AI models. The Ministry of Commerce led the meetings and discussed imposing access limits on both open and closed source models. There were also discussions on making leaks or theft of proprietary AI data, offenses under China's National Security Law, and setting limits on foreign investment in AI firms. These talks all reportedly remain provisional at this point and could potentially only apply to future models. Scattered Spider gets Reclassified if you've been listening to cybersecurity headlines over the past couple months, you've definitely heard US report on arrests and disruption efforts targeting the group's scattered spider. Despite this, the group has maintained malicious activity. A new analysis by Group IB sheds light on why that's the case. They've reclassified the group as a decentralized cybercrime collective rather than a single organized threat group. Research has found that the group lacks a central hierarchy or shared leadership. Instead, this appears to be a smaller cluster of groups that use common techniques and tools and have some overlap in online communities. Despite that, in these decentralized groups, social engineering remains a common thread across their activity patterns. These are often used to push people to phishing pages that impersonate identity providers such as Okta, Microsoft, Citrix and and Google. Unfortunately, this analysis means that targeting individual members for arrest is unlikely to eliminate the broader threat. And now, thanks to today's episode sponsor Vanta, your team just added its 67th AI tool and unfortunately, also your 67th security blind spot. The good news the Vanta agent works like a GRC engineer in the background, finding every app your team uses, scoring the risk and and drafting fixes for you. Vanta is the platform used by over 16,000 fast moving companies like Ramp Cursor and Harvey, who are shaping the future with AI and staying ahead of AI risk. Get started at vanta.com headlines CISA using Mythos to Audit government Code Reuters sources say that even as the relationship between the US Government and Anthropic remains testy, that hasn't stopped CISA from using the company's Mythos model to audit government software. It's reportedly being led by CISA's Attack Service Evaluation team and is looking through code repositories for bugs that could leave doors open for foreign espionage. While not going into specifics, the source has said the audit has already uncovered numerous vulnerabilities. Reuters investigators could not establish how thorough the audit has been so far or the severity of the bugs discovered. Critical session isolation bug found an AI platform A new report by San Security Research found a vulnerability dubbed rideout that could allow for a cross tenant compromise to the enterprise AI platform rider. By sharing an agent created in their own account to another rider user, an attacker could obtain the victim's cookie in their sandbox, allowing them to read the account's memory, recover session tokens and transmit that information to a C2 server. The researchers contacted Ryder, who patched the issue by preventing a user's session cookie from being forwarded into any sandbox previews There is no evidence of exploitation in the wild. Not all who wander are gitlost. Researchers at Noma Security released a proof of concept for a flaw called Gitlost that could allow an unauthorized attacker to create a GitHub issue in a public repository and then pull data from an organization's private repos. This applies when an organization has configured an agentic workflow that triggers on issue assignments, with the agent having read access to all organizational repositories. An attacker could embed hidden plaintext English commands to exfiltrate private data, which the agent can't distinguish from trusted system instructions in the issue. Nomma reported the flaw to GitHub, although it's not clear if it's been addressed. Iranian apt using modular C2 framework check point published new research about the Iranian linked APT Cavern Manticore seen using a novel command and control framework to target organizations in Israel rather than using traditional obfuscation methods, Cavern Manticore's framework is compiled into three different. NET formats, each requiring a different reverse engineering toolchain, making the framework's format itself the obfuscation layer. A core agent in the framework handles communication and can pull down additional modules based on operator commands ranging from file ops to network recon and websocket tunneling. There are a lot of options. Each of these modules run its own app domain, which which is torn down after use. The researchers found Cavern Manticore using this framework to complement its deep knowledge of Israel's IT supply chain, often hitting multiple IT providers to access their real target. Remember to join us this Friday for Super Cyber Friday. Our topic will be Hacking M and A. We'll be digging into all the security concerns that you need to take into account when organizations merge and what only gets remembered after the deal closes. We have fantastic expertise on tap for this, so be sure to head on over to our events page@cisoseries.com to register and join us this Friday at 1pm Eastern. And if you have some thoughts about the news from today or about the show in general, be sure to reach out to us. Feedbackisoseries.com we'd love to hear from you. Reporting for the CISO series, I'm Rich Strofalino reminding you to have a super sparkly day.
A
Cybersecurity headlines are available every weekday. Head to cisoseries.com for the full stream stories behind the headlines.
Host: Rich Stroffolino, CISO Series
Main Theme:
A roundup of significant cybersecurity stories from around the globe, including critical government initiatives, major breaches, AI policy developments, threat actor updates, and emerging vulnerabilities.
This episode delivers a brisk, insightful overview of global cybersecurity developments with a professional-yet-accessible tone focused on actionable information for security leaders and practitioners. The host offers succinct explanations, attributes sources, and highlights both the technical details and strategic implications of each headline story.