7-Zip Vulnerability CVE-2026-14266 Enables Arbitrary Code Execution Through Malicious XZ Archives
🇷🇺 AntiMalwareJuly 17, 2026

7-Zip Vulnerability CVE-2026-14266 Enables Arbitrary Code Execution Through Malicious XZ Archives

A critical buffer overflow vulnerability has been identified in the popular file archiver 7-Zip, tracked as CVE-2026-14266, that allows attackers to execute arbitrary code by delivering a specially crafted XZ archive containing fragmented data. The flaw stems from improper handling of fragmented XZ streams, which can cause the application to write data beyond allocated memory buffers and potentially grant attackers the same privileges as the running 7-Zip process. Exploitation requires user interaction, such as opening a malicious archive received via email, messaging apps, or file-sharing services, making it particularly suitable for targeted phishing campaigns rather than automated remote attacks. The vulnerability received a CVSS score of 7 out of 10, reflecting its significant impact on confidentiality, integrity, and availability without requiring authentication or prior access. No real-world exploitation cases have been reported yet, but technical details have been made public, increasing the risk that working exploits could be developed quickly. Developers have already released a fix in version 26.0, and users are strongly advised to update immediately while exercising caution with unexpected XZ files. The issue highlights ongoing risks associated with archive processing software that handles complex compression formats.

Translated from Russian

Read full article

Latest News

One in Five Data Leaks Now Linked to Shadow AI Usage as Employees Feed Sensitive Corporate Data into Public AI Services
🇷🇺AntiMalwareJul 17

One in Five Data Leaks Now Linked to Shadow AI Usage as Employees Feed Sensitive Corporate Data into Public AI Services

According to new research from Informzashchita, unauthorized use of generative AI tools has become a major driver of data leaks, accounting for 20% of incidents in July 2026 compared with 12% the previous year. Employees are rapidly uploading contracts, source code, internal correspondence, client data, and technical documentation to public AI interfaces, browser extensions, self-connected APIs, and coding assistants before security teams can detect the activity. The study highlights that 42% of these leaks occur through web-based AI services, 24% via browser extensions that access tabs and cookies, 19% through unauthorized APIs, and 15% via programming tools. Nearly one-third of organizations using AI have already discovered exposed API keys or secrets in configuration files, test scripts, workstations, and Git repositories, increasing both financial and data exposure risks. Incidents involving shadow AI raise average breach costs by approximately $670,000 due to delayed detection, prompting experts to recommend service inventories, secret scanning, extension controls, and data classification rather than outright bans.

Translated from Russian

US Accuses Russian Cybersecurity Specialist D.O. of Void Blizzard Attacks on European Governments and US Companies, Kaspersky Ties Emerge
🇷🇺securitylab_nJul 17

US Accuses Russian Cybersecurity Specialist D.O. of Void Blizzard Attacks on European Governments and US Companies, Kaspersky Ties Emerge

American authorities have charged Russian information security specialist D.O. with participating in cyberattacks by the Void Blizzard group, also known as Laundry Bear, targeting NATO-aligned European government agencies and at least 11 US companies since 2023. D.O., who previously held a senior position at one of Russia’s largest cybersecurity firms widely identified as Kaspersky, did not plead guilty during a court hearing in Boston. The US Department of Commerce banned the company’s software in 2024 over national security concerns, while European agencies had issued similar warnings earlier. Prosecutors also linked D.O. to a Nizhny Novgorod IT company where he served as deputy director from 2024, although his earlier Kaspersky employment was confirmed through salary records and a former colleague rather than the indictment itself. D.O. graduated from Bauman Moscow State Technical University with a degree in information security, an institution previously flagged by European journalists as a potential training ground for state-linked operatives. Experts note that movement between commercial cybersecurity roles and intelligence structures occurs across countries, but D.O.’s guilt remains to be proven in court.

Translated from Russian

Scientists Build Moisture-Powered Generator from Cigarette Filters, Sugarcane Fibers, Table Salt and Spent Battery Components
🇷🇺securitylab_nJul 17

Scientists Build Moisture-Powered Generator from Cigarette Filters, Sugarcane Fibers, Table Salt and Spent Battery Components

Researchers have developed a flexible, paper-like electricity generator that harvests energy from atmospheric humidity using only low-cost waste materials. The device combines fibers from the invasive sugarcane species Saccharum with cellulose extracted from discarded cigarette filters, sodium chloride, and carbon paste recovered from used batteries, topped with an aluminum foil electrode. At around 65% relative humidity, a single cell produces up to 1.16 volts—nearly double the output of most previous moisture harvesters—while four units connected in series delivered 1.79 volts and 0.323 milliamperes, sufficient to light a small red LED continuously for more than three hours. The generator does not store chemical energy like a conventional battery; instead, absorbed water dissolves the salt, creating an ion-concentration gradient that drives charge separation between the carbon and aluminum electrodes. Performance drops sharply when humidity becomes too high or too low because the internal moisture gradient disappears, confirming that ionic movement, not an undisclosed chemical reaction, is the true source of electricity. The approach demonstrates that abundant waste streams can replace expensive nanostructures for low-power environmental sensors and wearable electronics, although the technology remains unsuitable for replacing conventional batteries.

Translated from Russian

OpenAI GPT-RED and Fudan AgentCyberRange Usher in the Era of AI Self-Play Cybersecurity
🇨🇳安全客Jul 17

OpenAI GPT-RED and Fudan AgentCyberRange Usher in the Era of AI Self-Play Cybersecurity

In July 2026, three major milestones signaled a shift from human-led to AI-driven security testing: OpenAI released GPT-RED, an automated red-team model trained via self-play reinforcement learning; Fudan University open-sourced AgentCyberRange, the first realistic cyber-range benchmark for AI agents; and the UK AISI quantified that frontier AI cyber-attack capabilities are doubling every four months. GPT-RED demonstrated 6.5× higher indirect prompt-injection success than human experts and discovered the previously unknown “Fake Chain-of-Thought” attack that bypasses reasoning models. AgentCyberRange evaluated six leading AI systems across 110 vulnerabilities in 15 real applications and 156-host enterprise ranges, with GPT-5.5 leading in both web exploitation and post-exploitation tasks. AISI’s multi-step scenarios showed models progressing from 1.7 to fully solving 32-step enterprise attacks within 18 months. Together the developments illustrate an accelerating “AI versus AI” paradigm in which stronger attack models generate better defensive training data, yet also highlight persistent gaps in OPSEC, deep vulnerability reach, and the high compute barriers to replicating such systems.

Translated from Chinese

Yandex Maps and Navigator Add Real-Time Fuel Availability and Queue Data Plus Fuel-Efficient Routing Options
🇷🇺AntiMalwareJul 17

Yandex Maps and Navigator Add Real-Time Fuel Availability and Queue Data Plus Fuel-Efficient Routing Options

Yandex has rolled out major updates to its Maps and Navigator services aimed at helping drivers find gas stations with available fuel and minimal queues. The new features display fuel stock levels and queue sizes directly in each gas station's information card, allowing users to instantly build a route to the chosen location. The same queue and fuel data have also been integrated into the Yandex Go and Zapravki applications. Information is aggregated from multiple sources including anonymized fuel order records, data from taxi drivers using Yandex Pro, real-time traffic conditions near stations, and optional short surveys sent to drivers who have recently refueled or passed by. In addition, the apps now offer economical route suggestions that prioritize lower fuel consumption through smoother speeds and fewer traffic lights, even if the trip takes slightly longer. These capabilities are currently live in Moscow, Saint Petersburg, and 14 other major Russian cities including Kazan, Yekaterinburg, Krasnodar, Novosibirsk, Samara, and Chelyabinsk, with gradual expansion planned as more reliable data becomes available.

Translated from Russian

Avito Considers Launching In-App Dating Service for Serious Relationships with Emphasis on Safety and Verification
🇷🇺AntiMalwareJul 17

Avito Considers Launching In-App Dating Service for Serious Relationships with Emphasis on Safety and Verification

Russian classifieds platform Avito is exploring the possibility of introducing its own dating service directly inside the main application. The company has confirmed that the idea is under active consideration, though no final decision has been made yet. The planned service would be free of charge and specifically oriented toward users seeking serious, long-term relationships rather than casual encounters. A major focus will be placed on security features, including mandatory profile verification, anti-bot measures, three-stage moderation, and protected communication channels, potentially leveraging external services such as Gosuslugi. Avito intends to apply its existing machine-learning technologies, already used across more than 100 models for matching listings, to generate partner recommendations. Before any full rollout, the company plans to test user interest through a Fake Door experiment by presenting the feature as if it already exists. Competitors have reacted calmly, noting that mandatory verification is no longer unique, while some observers question whether users will accept mixing classifieds and dating profiles under a single account.

Translated from Russian

Cyberattack on Nichirei Logistics Group Disrupts Frozen Food Deliveries to KFC Japan and Thousands of Restaurants Nationwide
🇷🇺securitylab_nJul 17

Cyberattack on Nichirei Logistics Group Disrupts Frozen Food Deliveries to KFC Japan and Thousands of Restaurants Nationwide

A cyberattack on Nichirei Logistics Group, Japan's largest operator of refrigerated and frozen logistics, forced the company to shut down critical systems on July 13, halting operations across its network of 140 cold storage distribution centers. The incident quickly impacted major clients including KFC Japan, which serves more than 1,300 restaurants, leading to shortages of chicken and other ingredients needed for its Original Recipe. Other affected companies include Hotto Motto, Yayoi Ken, Kura Sushi, Aeon supermarkets, and TableMark, all of which reported delivery delays or product shortages. Nichirei confirmed that personal data was stored on some compromised servers and notified Japan's data protection authority while promising to disclose any confirmed breach. The company has not identified the attackers, disclosed the intrusion method, or confirmed whether ransomware was involved, citing security reasons for withholding technical details. Recovery efforts are scheduled to begin gradually on July 17, though a full return to normal operations has not yet been announced.

Translated from Russian

White House Teleprompter Operator Gabriel Perez Accused of Insider Trading on Kalshi Prediction Market, Earning Over $100,000 from Trump's Speeches
🇷🇺securitylab_nJul 17

White House Teleprompter Operator Gabriel Perez Accused of Insider Trading on Kalshi Prediction Market, Earning Over $100,000 from Trump's Speeches

A White House employee exploited his access to President Donald Trump's prepared speeches to place profitable bets on the Kalshi prediction market platform. Gabriel Perez, the teleprompter operator, reportedly earned more than $100,000 by wagering on whether specific words and phrases would be uttered during over a dozen public events, including addresses to Congress and the World Economic Forum. His trading patterns raised red flags when he adjusted or canceled positions after Trump deviated from prepared remarks, prompting Kalshi to detect the suspicious activity and refer the case to the U.S. Commodity Futures Trading Commission. Federal regulators are now negotiating a potential civil settlement that could require Perez to return his profits and cease further trading. The White House placed him on unpaid administrative leave, citing violations of rules against profiting from non-public information, and confirmed that President Trump has been informed of the incident. This case follows earlier enforcement actions by Kalshi against politicians and other insiders, highlighting ongoing challenges in regulating prediction markets.

Translated from Russian

VK Apps Remain Downloadable in US Google Play Despite Removal in Russia and Turkey Amid Sanctions
🇷🇺AntiMalwareJul 17

VK Apps Remain Downloadable in US Google Play Despite Removal in Russia and Turkey Amid Sanctions

The removal of VK services from Google Play has proven to be less global than initially reported, with applications still accessible to users whose Google accounts are registered in the United States region. Testing revealed a clear geographic pattern: the apps are unavailable in Russian and Turkish storefronts but remain fully visible and installable under the American region. The services disappeared from the store on July 16, prompting VK to confirm that already installed applications will continue functioning without restrictions and directing users to alternative stores such as RuStore. The exact cause of the regional discrepancy remains unclear and may relate to Google Play configuration settings, ongoing sanctions against Russia, distribution policies, or simple catalog synchronization delays. In a related development, VK users have begun receiving notifications urging them to switch to the vk.ru domain, which the company states offers superior speed and reliability and will now serve as the primary address.

Translated from Russian

🇷🇺

From Russian sources

Translated from Russian

View all (90) →
Russian Interior Ministry Opens Five Criminal Cases Against 'Glaz Boga' Analog Platforms Selling Personal Data of Russian Citizens
🇷🇺AntiMalwareJul 17

Russian Interior Ministry Opens Five Criminal Cases Against 'Glaz Boga' Analog Platforms Selling Personal Data of Russian Citizens

The Russian Ministry of Internal Affairs (MVD) has initiated five criminal investigations following the discovery of online platforms that sold personal data of Russian citizens, operating on the same model as the notorious 'Glaz Boga' service. These platforms allowed users to pay for access to detailed biographies and confidential information compiled into multiple files, including passport details, bank account records, and other sensitive personal information. The cases are being investigated under Article 272.1 of the Russian Criminal Code, which addresses the illegal use, transfer, collection, and storage of computer information containing personal data. Authorities have seized the servers of the implicated services and are currently analyzing their contents to gather evidence, although the specific names of the platforms, the number of clients, and the volume of data sold remain undisclosed. The developments highlight how repeated data leaks have transformed personal information into a marketable commodity traded on underground marketplaces, prompting law enforcement action against the operators responsible for distributing such data.

TELEPUZ Malware Spreads via ClickFix Social Engineering, Targets Windows with Modular Capabilities and Resilient C2 Infrastructure
🇷🇺securitylab_nJul 17

TELEPUZ Malware Spreads via ClickFix Social Engineering, Targets Windows with Modular Capabilities and Resilient C2 Infrastructure

Since late April 2026, compromised websites have been distributing the new modular malware TELEPUZ through the ClickFix scheme. Attackers replace standard browser error fixes with instructions that trick users into pasting and executing a PowerShell command from the clipboard, which then downloads an intermediate loader, the Vidar infostealer, and finally TELEPUZ via rundll32.exe. The malware performs extensive environment checks to avoid sandboxes and debuggers before disabling Windows security features, escalating privileges, and persisting as a service inside svchost.exe. For command-and-control, TELEPUZ relies on WebSocket connections with multiple fallback mechanisms, including encrypted links stored in Telegram profiles, Steam accounts, DNS records, and a Polygon smart contract. It offers a wide range of capabilities such as file manipulation, keylogging, screenshot capture, process management, cookie theft from Chromium browsers, and arbitrary JavaScript execution in both Chromium and Firefox. Researchers at Elastic assess TELEPUZ as a malware-as-a-service offering still in early development, evidenced by a limited number of C2 domains yet frequent daily builds and rapid updates hosted on compromised sites in Brazil and India.

50,000-Year-Old DNA Found in South African Teeth Where Heat Should Have Destroyed It
🇷🇺securitylab_nJul 17

50,000-Year-Old DNA Found in South African Teeth Where Heat Should Have Destroyed It

Researchers have successfully extracted ancient DNA from animal teeth discovered in the warm coastal caves of South Africa, pushing back the known limits of genetic preservation in hot climates by tens of thousands of years. The study analyzed 320 fossil bones and teeth from six species of wild bovids, with 144 samples undergoing genetic testing that yielded a 45% success rate. A key innovation was the use of single-stranded DNA analysis, which recovered up to 6.7 times more genetic material than traditional double-stranded methods by targeting short, damaged fragments. The oldest successful sample came from a tooth approximately 50,000 years old belonging to an extinct long-horned buffalo, far surpassing the previous record of 9,300-year-old DNA from a blue antelope. These findings demonstrate that ancient DNA can survive in subtropical environments for much longer than previously assumed, opening new possibilities for studying African fauna from the Pleistocene era. The results encourage future paleogenetic research to prioritize Holocene specimens while still testing older material from warm regions.

Scientists Introduce Centered Daydreaming Algorithm to Eliminate Hallucinations in Hopfield Networks by Mimicking Sleep and Memory Consolidation
🇷🇺securitylab_nJul 17

Scientists Introduce Centered Daydreaming Algorithm to Eliminate Hallucinations in Hopfield Networks by Mimicking Sleep and Memory Consolidation

Researchers have adapted the biological process of sleep-based memory consolidation into Hopfield networks, enabling AI models to reduce false attractors that cause hallucinations while dramatically increasing memory capacity. The new Centered Daydreaming algorithm integrates learning and cleanup phases, allowing the network to approach the theoretical limit of one memory per neuron instead of the previous 13 per 100 neurons. By comparing pixel deviations from the mean rather than absolute values, the improved model handles heavily skewed real-world data such as overexposed or nighttime images without losing accuracy. The approach maintains local, biologically plausible updates where each neuron adjusts connections based only on its immediate neighbors, avoiding global operations. This work provides deeper insight into how false memories form and can be suppressed in simplified associative memory models, offering potential pathways toward more reliable and interpretable AI systems.

Bitrix24 Adds Email One-Time Codes as New Two-Factor Authentication Option in Cloud Version
🇷🇺AntiMalwareJul 16

Bitrix24 Adds Email One-Time Codes as New Two-Factor Authentication Option in Cloud Version

Bitrix24 has introduced email-based one-time codes as an additional two-factor authentication method for its cloud platform, expanding options beyond authenticator apps, push notifications, and SMS. The new feature targets organizations where employees cannot or prefer not to use dedicated 2FA applications or receive text messages reliably. It reinforces account security by requiring a second verification step after login credentials, making unauthorized access more difficult even if passwords are compromised through phishing or leaks. However, the company notes that email as a second factor carries risks if an attacker already controls the user's mailbox. The same capability is planned for the on-premise edition soon, and Bitrix24 intends to mandate two-factor authentication for Professional and Enterprise cloud tariff customers. This update highlights the growing emphasis on flexible yet secure authentication mechanisms in enterprise collaboration tools.

Solar inRights 3.11 Automatically Blocks Corporate Accounts Whose Passwords Appear in Dark Web Leaks
🇷🇺AntiMalwareJul 16

Solar inRights 3.11 Automatically Blocks Corporate Accounts Whose Passwords Appear in Dark Web Leaks

GC Solar has released Solar inRights 3.11, a major update to its identity and access management platform that integrates directly with the Solar AURA threat monitoring service. The new version automatically detects corporate credentials exposed in open sources and dark web dumps, validates whether the same login-password pairs remain active inside the organization, and instantly revokes access while alerting the security team. The feature addresses the common scenario in which employees reuse work email addresses and passwords on third-party websites, allowing attackers to test stolen credentials against corporate systems in what appears to be legitimate login attempts. Research cited by Solar shows that a single large Russian company typically has more than 600 unique corporate accounts circulating in public and underground sources, although only about 4 percent directly indicate infrastructure compromise. Yandex Cloud data further reveals that valid account abuse featured in 54 percent of over 25,000 attacks on cloud and hybrid environments during the first half of 2025. In addition to the leak-response capability, version 3.11 introduces improved search, request filtering, and integration templates for Active Directory, Exchange, and 1C.

🇨🇳

From Chinese sources

Translated from Chinese

View all (8) →
Bankrupt After Just Six Weeks of Production Shutdown: How a Cyber Attack Killed a 37-Year-Old German Textile Manufacturer and Exposed the Cruel Reality of Modern Cyber Threats
🇨🇳安全客Jul 14

Bankrupt After Just Six Weeks of Production Shutdown: How a Cyber Attack Killed a 37-Year-Old German Textile Manufacturer and Exposed the Cruel Reality of Modern Cyber Threats

A 37-year-old German textile processing company, ZEGO Textilveredelungszentrum, has filed for insolvency after a cyber attack halted its production lines for nearly six weeks, demonstrating that business interruption alone can destroy even well-established manufacturing firms without any data theft or ransom demands. The firm, based in Bavaria and serving automotive, workwear, and technical textiles industries, suffered the attack on March 29, 2026, leading to irrecoverable financial losses despite eventual system recovery. Managing Director Johannes Zenglein described the decision as one of the most difficult in the company's history, noting that the prolonged downtime caused severe cash flow disruption, lost orders, and customer attrition. The incident highlights a growing trend where cyber attacks on industrial systems lead directly to bankruptcy, as seen in prior cases like the 158-year-old British transport company Knights of Old and a German mobile phone repair firm. Key lessons include the critical need for robust business continuity plans, quantified downtime cost assessments, and supply chain resilience evaluations beyond traditional security measures. Unlike typical ransomware events, this attack required no encryption or extortion to achieve devastating results, underscoring that operational resilience is now a matter of corporate survival.

Ghostcommit Attack: Malicious Prompts Hidden in PNG Images Hijack AI Coding Agents to Steal .env Secrets
🇨🇳安全客Jul 13

Ghostcommit Attack: Malicious Prompts Hidden in PNG Images Hijack AI Coding Agents to Steal .env Secrets

A novel supply-chain attack called Ghostcommit allows attackers to embed prompt-injection instructions inside PNG images, bypassing AI-powered code review tools and tricking coding agents into leaking sensitive .env configuration files and API keys. Researchers from the ASSET Research Group demonstrated that direct plaintext instructions are immediately flagged by tools such as Cursor and CodeRabbit, but splitting the payload across an AGENTS.md file and a seemingly innocuous image evades detection. The attack remains dormant until a developer later asks the agent to perform normal development tasks, at which point the agent reads the image, extracts the .env contents byte-by-byte, and outputs them as a long tuple of ASCII numbers. Testing across 11 tool-model combinations revealed that success depends primarily on the runtime framework rather than the underlying LLM, with Cursor and Antigravity leaking secrets while Claude Code successfully blocked the attack in most cases. The team also released an open-source multimodal defense prototype based on Gemma 4 that runs on a single 4 GB GPU and achieved near-perfect detection rates on both known and unknown attack samples.

Phase II of National 100-City FDE Frontier Deployment Engineer Onboarding Program Officially Launches
🇨🇳安全客Jul 12

Phase II of National 100-City FDE Frontier Deployment Engineer Onboarding Program Officially Launches

The second phase of the nationwide "Hundred Cities On-the-Job Plan" for FDE Frontier Deployment Engineers has been announced, expanding opportunities across China. The initiative targets experienced engineers specializing in advanced deployment technologies and aims to place professionals in key urban centers. Building on the success of the first phase, this new round seeks to strengthen technical capabilities in critical infrastructure and cybersecurity domains. Participants will receive structured onboarding, training, and direct placement support in multiple cities. The program underscores growing demand for specialized deployment expertise amid rapid digital transformation.

630GB of Apple Secrets Leaked on Dark Web: WorldLeaks Breach Shatters Tata Electronics Supply Chain Security
🇨🇳安全客Jul 12

630GB of Apple Secrets Leaked on Dark Web: WorldLeaks Breach Shatters Tata Electronics Supply Chain Security

In June 2026, the ransomware group WorldLeaks infiltrated Tata Electronics, Apple's key manufacturing partner in India, and exfiltrated 630GB of highly sensitive data comprising over 200,000 files that were subsequently posted on the dark web. The stolen materials include unreleased iPhone 18 Pro motherboard schematics, A20 Pro chip technical manuals, complete supplier lists, Tesla component designs, and employee passport copies, exposing the vulnerabilities in Apple's two-decade supply chain secrecy system built at a cost of billions of dollars. WorldLeaks, formerly known as Hunters International, employed a 'steal-only' tactic without encryption, capitalizing on the growing trend of data extortion that has proven more profitable than traditional ransomware. The breach raises serious concerns about Apple's ambitious India manufacturing expansion, which aims to increase local component sourcing from 10% to 50% within three years, and highlights broader risks to global supply chains involving companies such as Tesla, TSMC, and Qualcomm. Apple responded swiftly by deploying DMCA takedowns across platforms like X within 24 hours, yet the irreversible nature of dark web leaks underscores the need for enhanced supplier security audits, data segmentation, and proactive data loss prevention measures.

Iranian State-Sponsored Hackers Unveil Cavern C2 Framework: Multi-Format .NET Compilation Bypasses All Security Detection Tools
🇨🇳安全客Jul 12

Iranian State-Sponsored Hackers Unveil Cavern C2 Framework: Multi-Format .NET Compilation Bypasses All Security Detection Tools

In July 2026, Check Point Research exposed Cavern Manticore, an Iranian MOIS-linked APT group, actively targeting Israeli IT providers and government entities with a sophisticated modular C2 framework called Cavern (also known as Cav3rn). Unlike previous Iranian groups that rely on public tools, this actor built an entirely custom .NET-based framework deliberately compiled into three incompatible binary formats—pure IL, mixed-mode C++/CLI, and .NET 8 Native AOT—to force analysts to maintain multiple reverse-engineering toolchains and dramatically increase operational costs. The framework achieves near-zero detection rates on VirusTotal by avoiding traditional obfuscation and instead weaponizing compilation formats themselves, with modules running in isolated AppDomains that leave no persistent artifacts. Attackers gain initial access through compromised RMM solutions such as SysAid, abusing legitimate update mechanisms to sideload the Cavern Agent disguised as uxtheme.dll via a WinDirStat DLL side-loading chain. Communication uses XOR encryption with Base64 encoding, fixed Edge User-Agent strings, custom headers, and a unique protocol syntax, while supporting hot updates and aggressive cleanup. The campaign coincides with parallel operations by MuddyWater against regional targets, highlighting Iran’s coordinated escalation in cyberspace and the growing threat of supply-chain trust abuse against MSPs and RMM platforms worldwide.

Medtronic Cyberattack Exposes Patient Data: Six-Day Breach Puts Social Security Numbers and Health Records at Risk
🇨🇳安全客Jul 12

Medtronic Cyberattack Exposes Patient Data: Six-Day Breach Puts Social Security Numbers and Health Records at Risk

In April 2026, medical device giant Medtronic suffered a cyber intrusion that lasted six days, allowing unauthorized access to backend IT systems containing sensitive patient information. The breach, discovered on April 19 after beginning on April 13, exposed names, contact details, birth dates, Social Security numbers, and health treatment data linked to devices such as pacemakers, insulin pumps, and neurostimulators. Although the medical devices themselves remain unaffected and show no signs of remote tampering, the leaked data poses severe risks of identity theft, financial fraud, and targeted scams that could persist for years. Medtronic has initiated emergency response measures, engaged external experts, and notified law enforcement and regulators, while offering 24 months of free identity monitoring to affected users. The incident highlights how even large enterprises struggle with securing ordinary office IT systems that store critical patient records, underscoring the need for individuals to monitor accounts and adopt stronger security habits.