<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 7/1/2026

SHARE

Trends

AI-generated code risks reach security, legal, and compliance teams

Most engineering organizations write code with AI, and a good number of them keep that code away from customers. A Flux survey of engineering leaders and practitioners found that nearly half run AI-generated code in production. Almost every company in the sample uses AI somewhere in development, with under 5% reporting no plans to adopt it within a year. Teams reach for AI on repetitive work first. It writes documentation, fills out unit tests, and handles simple functions. READ MORE...

Software Updates

Citrix patches a new NetScaler flaw with echoes of CitrixBleed

Citrix published a security bulletin Tuesday disclosing six vulnerabilities in NetScaler ADC and NetScaler Gateway appliances, including a high-severity memory disclosure flaw that researchers say belongs to a vulnerability class first identified in the 2023 incident known as CitrixBleed. The company rated the overall bulletin severity as high and assigned CVSS scores ranging from 6.9 to 8.8 across the six CVEs. READ MORE...


Adobe Patches Critical ColdFusion, Campaign Classic Vulnerabilities

Adobe on Tuesday announced security updates for ColdFusion and Campaign Classic to resolve half a dozen maximum severity vulnerabilities. The update for Adobe Campaign Classic resolves CVE-2026-48286 (CVSS score of 10/10), an incorrect authorization issue that could allow attackers to execute arbitrary code. Patches for the flaw were included in Adobe Campaign Classic version 7.4.3 build 9397, which is now rolling out to Windows and Linux users. READ MORE...


Google Patches 382 Chrome Vulnerabilities

Google on Tuesday announced the release of Chrome 151 with patches for 382 vulnerabilities, the vast majority of which were discovered by the tech giant itself. Of the 382 vulnerabilities, 358 were found by Google. The company has discovered and patched hundreds of Chrome flaws in recent months, a surge likely driven by AI. However, it has shared no details on which specific AI tools are driving the surge. READ MORE...

Malware

Fake Perplexity extension on Chrome Web Store tracked searches

A malicious extension in the Chrome Web Store is masquerading as the Perplexity AI answer engine, intercepting search traffic and collecting browsing information. Called "Search for perplexity ai," the extension routed search queries and real-time suggestions through its infrastructure before redirecting users to the legitimate search services. Microsoft Threat Intelligence researchers said that the extension did not steal credentials or sensitive data but its permissions would easily allow it. READ MORE...


This phishing kit looks more like BEC-as-a-service

Toolkits to wage phishing campaigns are a now-venerable instrument for cybercriminals, but researchers recently turned up details on something like a full-fledged "business email compromise-as-a-service" platform. Cisco Talos said Wednesday that it had found an operator panel dubbed ARToken, which shares infrastructure and other things in common with, and as an affiliate to, the EvilTokens phishing-as-a-service operation built to bypass multi-factor authentication and compromise MS365 accounts. READ MORE...

Information Security

Over 900 Oracle E-Business instances exposed to ongoing attacks

Over 900 Oracle E-Business Suite (EBS) instances have been found exposed online amid ongoing attacks exploiting a critical security flaw. The vulnerability (tracked as CVE-2026-46817) was found in the File Transmission component of EBS's Oracle Payments product and allows malicious actors without privileges and with HTTP network access to take over vulnerable systems through low-complexity attacks. READ MORE...

Exploits/Vulnerabilities

'Phantom Squatting': An Emerging AI-Driven Supply Chain Threat

Cybercriminals are taking advantage of a new large language model (LLM)-driven attack vector called "phantom squatting" to threaten the software supply chain by registering nonexistent domains linked to legitimate brands to intercept traffic generated by AI systems. One attacker even used an AI coding assistant to build a full phishing kit targeting a high-risk phantom domain that researchers had identified earlier. READ MORE...


New attack provides one more reason why AI browsers are a bad idea

Makers of AI browsers make lofty promises. With a single prompt, users can ask one to find a restaurant in a particular part of town, reserve a table, invite a colleague to lunch, and email a confirmation. These makers are much more reticent about the risks of blurring the once fine line between browsing sites and asking a large language model a question or instructing it to take potentially sensitive actions. READ MORE...

On This Date

  • ...in 1863, the Battle of Gettysburg begins in Gettysburg, PA.
  • ...in 1934, blues musician and songwriter Willie Dixon is born in Vicksburg, MS.
  • ...in 1963, the US Postal Service introduces the ZIP Code.
  • ...in 1979, Sony introduces the Walkman, the first commercially-successful personal stereo audio device.