Loading summary
A
The NSA's Tailored Access Operations team is back. India bans an app used to hack ericshaws. Accenture has another data breach and a leak exposes a suspected Chinese cyber contractor. This is the Risky bulletin prepared by Catalyn Kimpanu and read by me, Claire aird. Today is the 10th of July and this podcast episode is brought to you by Sublime Security. In today's top story, the U.S. national Security Agency's elite hacking division is back to its old name, Tailored Access Operations. This name was originally used in 2016 when the NSA changed it to the Office of Computer Network Operation. The team developed Stuxnet and exploits leaked by the Shadow Brokers in 2016. In other news, CISA is using Anthropics Mythos to scan government source code repositories for bugs. Cloud code audits have allegedly uncovered several vulnerabilities. The agency is using the tool despite Anthropic being blacklisted as a supply chain risk by the Pentagon. The Chinese government is considering blocking foreign access to its top AI models. Officials recently met with Alibaba, ByteDance and Z AI about the possibility. Beijing is also considering restricting the parties allowed to fund domestic AI companies, citing national security concerns. EU banks and financial institutions have been ordered to make plans to counter AI based cyber attacks. The European Central bank told banks to prioritise protecting Internet facing systems. Organisations will have to replace old technologies, improve cyber hygiene and strengthen crisis management and data recovery. Banks have four months to draw up their plans. The UK government will build an AI powered national cyber defence capability. The Cyber Shield will use advanced agentic AI tools to find weaknesses and defend UK critical infrastructure. The UK National Cyber Security Centre and the Department for Science will build the new capability. Accenture has confirmed a security breach after a threat actor published some internal documents on a hacking forum. The intrusion allegedly took place this month. The same actor stole and sold a batch of accenture data in 2024. The Indian government has banned a mobile app used to disable ericshaws. Videos of the hacks showed distressed drivers stuck in traffic or crying over lost revenue. Attackers used the Bat BMS app to connect to lithium batteries on the vehicle. The app is normally used to diagnose batteries from several Chinese vendors via a Bluetooth connection. Indian officials last week ordered Apple and Google to remove the app from their stores. The share price of Israeli Fintech Nayax fell 16% after the company disclosed a security breach. Hackers accessed Nayak's subsidiary cloud account. The company says it's blocked the account and the incident didn't impact its main payment systems. Hackers have stolen the personal Data of almost 7 million assurance America in insurance customers. The March breach exposed personal data including drivers licenses, claims information, tax IDs and Social Security numbers. No hacker group has taken credit for the intrusion. EU cloud provider Nextcloud has leaked internal documents through a misconfigured Elasticsearch database. More than 367,000 sensitive files were exposed on the Internet, but for almost 10 days in May. The files included invoices, contracts, employee details, emails and setup scripts. A threat intel analyst suggests a security breach has exposed another Chinese offensive Cyber contractor Documents stolen from Changcho Changrong Network Technology reveal the company has an arsenal of hacking and data analysis tools. Threat intel analyst Net Askari says says while these tools are standard for pen testing firms, the presence of advanced data analysis systems indicates services designed for government operations. APT groups from China and India have hacked the police IT network in Pakistan's Balochistan province. The Chinese APT collected data on possible threats to Chinese nationals in the province, while the Indian APT sought details of Pakistan's general crisis response. The hacks date back to February. 20 Dutch police have found strong indications that a Dutch citizen was involved in hacking the Odido isp. The suspect allegedly called Odido's staff pretending to be an IT employee and convinced them to access a phishing site. The incident took place in February and resulted in the theft of 6.2 million Odido customer records. Authorities across 97 countries have arrested more than 5,800 suspects involved in cyber scams. The suspects allegedly ra crypto investment and romance scams, as well as bec attacks. Interpol's Operation Firstlight 2026 also recovered $293 million in stolen funds. Hackers have compromised the Injective Blockchain project's GitHub account. The intruders added an infostealer to Injective's NPM package. The infostealer is designed to steal cryptocurrency, wallet, private keys and seed phrases. An Israeli cyber security startup has published seven NPM packages that contain an infostealer. The malware does not collect credentials, but instead gathers git, SSH and cloud identity metadata. The packages were published in April and June this year. The security researcher who discovered the libraries chose not to name the startup. Attackers are exploiting a vulnerability in the GT Docker image to gain unauthorised access to GT servers allows attackers to use a malcrafted request header to impersonate any user on the site. The bug was privately reported and patched at the end of June, there are more than 6,200 GT source code management servers connected to the Internet. CISA has received reports of attacks against two new Joomla CMS plugins. Attackers are targeting the Joom Shaper SP and and Joomla Page builders. Their reports come after hackers last month exploited a zero day in another Joomla plugin. Google has awarded security researchers $92,000 for identifying a new Linux kernel vulnerability. The Ghost Lock vulnerability enables attackers to gain root privileges on all Linux kernel versions released over the past 15 years. The bug was fixed in the Linux kernel 7.1 and finally, a Discord AI moderation system bug has incorrectly banned more than 8200 users. The bug resulted in images with square grid like structures being flagged as malicious. Users who shared images of spreadsheets or chessboards said they had accounts banned without warning. The company has confirmed the issue and says it's working to restore the accounts. Discord has more than 200 million monthly active users and that is all for this podcast edition. Today's show was brought to you by our sponsor, Sublime Security. Find them at Sublime Security. Thanks for your company.
Podcast: Risky Bulletin
Date: July 10, 2026
Host: Risky Business Media (Prepared by Catalyn Kimpanu, read by Claire Aird)
This episode delivers a rapid-fire roundup of key cybersecurity developments globally, with the headline news being the return of the NSA’s elite hacking division to its original name: Tailored Access Operations (TAO). Other significant stories include regulatory responses to AI and cybersecurity in Europe and the UK, major data breaches (Accenture, Nayax, Assurance America), inter-state hacking activities involving APT groups, and several software supply chain attacks.
“The NSA’s Tailored Access Operations team is back. This name was originally used in 2016 when the NSA changed it to the Office of Computer Network Operation. The team developed Stuxnet and exploits leaked by the Shadow Brokers in 2016.” – Claire Aird
Accenture
“Accenture has confirmed a security breach after a threat actor published some internal documents on a hacking forum. The intrusion allegedly took place this month.” – Claire Aird
Nayax (Israel)
Assurance America (USA)
Nextcloud (EU)
Pakistan’s Balochistan Province Police IT Networks Targeted
Odido ISP (Netherlands)
Injective Blockchain Project
Israeli Cybersecurity Startup
GT Docker Image Vulnerability
Joomla CMS Plugin Attacks
Linux Kernel Flaw
India Bans Bat BMS App
Discord AI Moderation Bug
“A Discord AI moderation system bug has incorrectly banned more than 8,200 users. The bug resulted in images with square grid like structures being flagged as malicious.” – Claire Aird
On NSA TAO's reputation:
“The team developed Stuxnet and exploits leaked by the Shadow Brokers in 2016.” – Claire Aird [00:11]
On international law enforcement efforts:
“Authorities across 97 countries have arrested more than 5,800 suspects involved in cyber scams. Interpol’s Operation Firstlight 2026 also recovered $293 million in stolen funds.” – Claire Aird [03:09]
On Discord’s moderation fail:
“The bug resulted in images with square grid like structures being flagged as malicious. Users who shared images of spreadsheets or chessboards said they had accounts banned without warning.” – Claire Aird [04:27]
| Timestamp | Topic/Story Summary | |-----------|---------------------------------------------------------------------------------------------------| | 00:08 | NSA’s Tailored Access Operations returns to its original name | | 00:29 | CISA’s controversial use of Anthropic’s Mythos tool | | 00:38 | China considering AI export/funding restrictions | | 00:46 | EU and UK regulatory responses to AI cyber threats | | 00:55 | Accenture breach confirmation | | 01:04 | India bans Bat BMS app for hacking ericshaws | | 01:32 | Nayax breach and stock drop | | 01:40 | Assurance America customer data leak | | 01:50 | Nextcloud exposes 367k+ internal documents | | 02:01 | Leak exposing suspected Chinese government cyber contractor | | 02:10 | Chinese and Indian APTs hack Pakistani police IT | | 02:26 | Dutch police track Odido ISP breach to a local suspect | | 02:35 | Interpol’s mass international crackdown on cyber fraud | | 02:50 | Injective Blockchain compromised, infostealer inserted | | 03:00 | Israeli startup releases infected NPM packages | | 03:09 | GT Docker image impersonation vulnerability | | 03:20 | New Joomla plugin attacks reported by CISA | | 03:31 | Linux “Ghost Lock” kernel vulnerability and Google bug bounty | | 03:40 | Discord AI moderation bug bans thousands of users over spreadsheet & chessboard images |
This Risky Bulletin episode highlights a cascade of significant cybersecurity news: the resurgence of the NSA’s infamous TAO branch; major regulatory and technological moves in AI cyber defense in the EU, UK, and China; breaches at Accenture, Nayax, and Assurance America; state-on-state hacking campaigns; software supply chain threats; and the human impact of flawed moderation or misused apps. The episode maintains a brisk, matter-of-fact tone, rapidly cycling through global cyber developments that underscore the increasing complexity and scope of cyber risk in 2026.