Top stories.
- Australian telecom outage attributed to software bug.
- FBI disrupts residential proxy network used by botnet.
- Zimbra patches a critical flaw in its Classic Web Client.
- Maximum-severity ColdFusion flaw is under active exploitation.
- Accenture confirms a data breach.
- GhostApproval flaw exploits trust in major AI coding assistants.
Australian telecom outage attributed to software bug.
A nationwide outage at Telstra, Australia's largest telecommunications company, disrupted train services and emergency calls on Wednesday, the BBC reports. The outage began at 4:30 AM on July 8th and lasted for around twelve hours. Telstra's CFO, Michael Ackland, said the incident was caused by software defects on time-keeping servers and did not involve malicious activity.
The outage blocked more than 600 people from calling emergency services, the Australian Financial Review reports. The incident also led to the cancellation of all regional train services in Victoria and disrupted payment services for approximately 80,000 businesses that relied on the Tyro app.
The Australian Communications and Media Authority will investigate the outage. The country's communications minister, Anika Wells, stated, "Telstra has a lot of questions to answer. We need to get to the bottom of what happened. We need to understand how to prevent it happening again." Telstra executives will be called in for a Senate hearing as early as next week.
FBI disrupts residential proxy network used by botnet.
The US Federal Bureau of Investigation (FBI), assisted by Google, Lumen, and others, seized hundreds of domains belonging to NetNut, a residential proxy service operated by Israeli company Alarum Technologies, KrebsOnSecurity says. Krebs reported two weeks ago that NetNut was linked to the Android-based botnet "Popa," which used "millions of consumer TV boxes to relay Internet traffic linked to advertising fraud, account takeovers, and mass data-scraping efforts."
The Google Threat Intelligence Group (GTIG) said in a blog post, "We believe our coordinated actions have caused significant degradation to NetNut’s proxy network and its business operations, reducing the available pool of devices for the proxy operator by millions."
Alarum's legal counsel said in a statement, "Alarum takes this matter seriously and will fully cooperate with law enforcement to ensure any misuse of its infrastructure is thoroughly investigated and those responsible are held to account."
Zimbra patches a critical flaw in its Classic Web Client.
Zimbra is urging users to patch a critical cross-site scripting (XSS) flaw affecting its Classic Web Client, BleepingComputer reports. The company stated, "The update fixes a security issue in the Classic Web Client where a specially crafted email could run malicious code when the email is opened. If exploited, it could allow access to mailbox information, session data, or account settings." Customers are advised to upgrade to version ZCS v10.1.19.
BleepingComputer notes that the flaw was discovered by Google's Threat Analysis Group, which often reports zero-days exploited by nation-state groups. Zimbra hasn't said whether this flaw is under active exploitation, but the company has flagged the Patch Security Severity as "High."
Maximum-severity ColdFusion flaw is under active exploitation.
Adobe continues to urge customers to immediately address six maximum-severity vulnerabilities in ColdFusion that received patches last week, one of which is now under active exploitation, Infosecurity Magazine reports. Researchers at KEVIntel observed exploitation of CVE-2026-48282, a path traversal flaw that does not require user interaction, within two hours of the vulnerability's disclosure.
Infosecurity Magazine notes that data from the ShadowServer Foundation shows 775 exposed ColdFusion instances online, though it's unclear how many of these are vulnerable.
Accenture confirms a data breach.
Accenture has confirmed that it sustained a data breach after a threat actor claimed to have stolen 35 GB of data from the company, BleepingComputer reports. A criminal hacker dubbed "888" posted the alleged data for sale, saying the dump contained "source code, RSA keys, SSH keys, Azure PAT (personal access tokens), Azure Storage access keys, and configuration files." Accenture did not elaborate on which types of data were stolen or how the breach occurred, telling BleepingComputer in a statement, "We are aware of this isolated matter, and we have remediated its source. There is no impact to Accenture operations and service delivery."
GhostApproval flaw exploits trust in major AI coding assistants.
Wiz discovered a vulnerability pattern affecting six top AI coding assistants, in which a malicious repository can trick an AI agent into accessing arbitrary files on a developer's machine and potentially achieving remote code execution. The flaw, dubbed "GhostApproval," affects Amazon Q Developer, Anthropic Claude Code, Augment, Cursor, Google Antigravity, and Windsurf.
Wiz explains, "The technical primitive -- symlink following (CWE-61) – is well-known. What we found, however, goes further: in several cases, the agent's internal reasoning explicitly recognizes the dangerous target, yet the confirmation prompt shown to the user conceals this information entirely. This is CWE-451 – UI misrepresentation of critical information – layered on top of the symlink vulnerability. The user approves what they believe is a harmless local edit; the agent writes to a sensitive file outside of the project workspace."
Wiz notified all six vendors: Amazon, Cursor, and Google fixed the issue promptly, while Anthropic determined that it has sufficient measures in place to ensure that a human must confirm the file operation. Augment and Cognition (Windsurf) acknowledged receipt of the report but did not provide any further updates.