Correction.
Yesterday's Briefing incorrectly stated that ReliaQuest was a victim of the Klue supply-chain attack campaign. ReliaQuest discovered the attack and reported it to Klue, but the company itself does not use Klue and was not affected.

“Autonomous AI” has become a buzzword, but real autonomy isn’t purchased, it’s earned through trust. In this guide, learn how to evaluate security AI beyond vendor claims, understand the autonomy spectrum, and build confidence before handing over control. Read Trust, then autonomy: A new framework for evaluating security AI.
Yesterday's Briefing incorrectly stated that ReliaQuest was a victim of the Klue supply-chain attack campaign. ReliaQuest discovered the attack and reported it to Klue, but the company itself does not use Klue and was not affected.
Intelligence agencies from Australia, Canada, New Zealand, the UK, and the US issued a statement yesterday outlining the risks posed by rapidly evolving frontier AI models, Reuters reports. The agencies stated, "Frontier Al models are anticipated to exceed current industry expectations, fundamentally transforming both offensive and defensive cyber capabilities. The timeline is not years, it is months. In this environment, cyber resilience is integral to advancing business continuity, market confidence, and long-term value."
The alliance urges organizations to proactively work toward cyber resilience and ensure that their defenses are effective during real incidents. The statement mostly outlines well-known cybersecurity best practices, including the following actions:
If you follow the research, you already know a lot of it breaks at Black Hat first. Hundreds of peer-reviewed Briefings, more than a hundred hands-on Trainings, and the largest Business Hall in Black Hat's history, across AI, cyber conflict, resilience, and identity. Six days in Las Vegas, August 1–6. Prices increase July 17. Register now with code CYBERWIRE for $200 off your Briefings pass.
SOCRadar yesterday published an updated analysis of the FortiBleed campaign that's targeted more than 430,000 Fortinet FortiGate devices since February 2026. SOCRadar attributes the operation to a financially motivated Initial Access Broker (IAB), likely based in Russia.
The threat actor first gains administrative access to the FortiGate firewalls via credential stuffing and brute-force attacks, then deploys a tool dubbed "FortigateSniffer" that's designed to collect cleartext and hashed credentials from traffic passing through compromised devices. SOCRadar says this tool "abuses the FortiOS diagnose sniffer packet command across 24 protocols, distributed GPU cracking through Hashtopolis and Hashcat, and session-cookie replay for persistent access."
SOCRadar found that the Fortibleed campaign used FortigateSniffer and other tools to harvest more than 110 million credentials.
Most organizations have a plan. Fewer have prepared for the decisions, tradeoffs, and uncertainty that come with a real crisis.
In a recent conversation with Dave Bittner, Courtney Guss of Semperis explains why compliance alone doesn't create resilience and how organizations can better prepare for the moments that matter most.
Listen now for practical guidance on strengthening your incident response program.
Researchers at Paradigm Shift have disclosed a new exploit affecting Apple's SecureROM, the foundational code of Apple's secure boot chain on iPhones, SecurityWeek reports. The exploit, dubbed "usbliter8," chains a hardware bug in the USB controller and a configuration flaw in the device firmware. The exploit is effective against iPhones with A12 and A13 chips, including iPhone XS, XR, and 11.
An attacker would need physical access to a device in order to run the code, and the exploit itself does not grant access to user data due to Apple's SEP (Secure Enclave Processor) offering an additional layer of protection. The researcher say the exploit "doesn't affect SEP itself, [but] it opens up wider attack vectors to compromise the Secure Enclave." SecurityWeek notes that such an exploit could be useful for forensic vendors.
Inside the Media Minds pulls back the curtain on today’s media landscape, helping communicators understand what journalists, editors, and audiences actually care about. Hosts Christine Blake and Madison Farabaugh of W2 Communications sit down with influential media professionals for candid conversations about news, storytelling, and media trends. Listen now to sharpen your messaging, strengthen your media strategy, and tell stories that resonate.
Two British men, 20-year-old Thalha Jubair from East London and eighteen-year-old Owen Flowers from the West Midlands, pleaded guilty yesterday to their involvement in the Scattered Spider criminal gang, the Record reports. The two were arrested in 2024 following a notable cyberattack against Transport for London (TfL).
The UK's National Crime Agency said in a statement, "The pair compromised TfL’s network, forcing all 28,000 employees to attend a TfL office for a password reset. The organisation suffered a reported £29 million in loss and recovery costs. Data from TfL’s Oyster refunds system was accessed and the incident also affected TfL’s customer refund system, leaving some out of pocket for much longer than usual. It also closed down the application system for Oyster photocards for children and young people."
Jubair and Flowers will be sentenced on July 16th.
Today's issue includes events affecting Australia, Canada, New Zealand, the United Kingdom, and the United States.
Tata Electronics, a major tech supplier to Apple and Tesla, confirms data breach (TechCrunch) The incident comes as Tata Electronics expands its role in global technology supply chains.
Gizmodo readers hit with ClickFix malware prompts after account compromise (The Register) Infosec buffs say Windows users could have been infected with a nasty trojan, while Mac users got off lightly
Anthropic's Mythos AI broke into almost all NSA classified systems in hours (Security Affairs) Senate testimony claims Anthropic's Mythos AI breached NSA and Cyber Command systems in hours, prompting a U.S.-ordered shutdown.
Trump executive orders speed up post-quantum migration, boost industry (CyberScoop) Both EOs are expected to be signed as soon as Monday per an industry source with knowledge of timing. The White House has a signing ceremony scheduled this afternoon.
For a complete running list of events, please visit the Event Tracker.
CSA Agentic AI Security Summit 2026 (Virtual, USA, Jun 24 - 25, 2026) Coding agents are rewriting how software gets built. Orchestration harnesses are rewriting how work gets done. And underneath all of it, non-human identity is the trust fabric that determines what these systems are allowed to touch, chain together, and act on autonomously. Most organizations are adopting coding agents and harnesses right now, without a clear picture of the identity and access model being created in the process. Every agent spins up credentials. Every harness chains permissions. And without a coherent NHI strategy, that trust fabric becomes your largest unmanaged attack surface. CSA's free virtual Agentic AI Security Summit is where the security community comes to get ahead of this. Over two days, we'll work through the full agentic stack: how coding agents operate and authenticate, how harnesses like LangChain, CrewAI, and AutoGen chain access across systems, and how to build the NHI trust fabric that governs all of it safely. Sessions are grounded in real enterprise environments and focused on what you can act on now.
Black Hat USA (Las Vegas, Nevada, USA, Aug 1 - 6, 2026) The premier cybersecurity event of the year returns to Mandalay Bay with a re-engineered, six-day program built to ignite innovation, push boundaries, and bring the global security community together like never before. This year’s event features four days of immersive, expert-led Trainings (August 1–4), followed by Summit Day on Tuesday, August 4, and a two-day main conference packed with groundbreaking Briefings, open-source tool demos in Arsenal, a dynamic Business Hall, and unlimited learning & networking opportunities.
