Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7

Azure CLI password spray compromises 78 Microsoft accounts by bypassing MFA

Huntress is tracking a large automated password-spray campaign against Microsoft 365 that has made more than 81 million login attempts through the Azure CLI in two weeks and broken into 78 accounts across 64 organizations. The attackers replay old username and password pairs from breach data against an authentication flow that sends credentials straight to the token endpoint without triggering interactive multi-factor authentication, so weak or reused passwords give them direct access. Several victims had MFA, but it was scoped only to admins, only to certain apps, or only to untrusted locations, and so did not cover this path. The traffic comes from infrastructure whose address ranges trace back to China.

Check
Review whether your multi-factor authentication and Conditional Access policies cover every sign-in path, including the Azure CLI and token-endpoint flows, not just web portals and admin accounts, and hunt for password-spray bursts.
Affected
Microsoft 365 organizations with weak or reused passwords, incomplete MFA, or Conditional Access gaps; attackers use a credential flow that skips interactive MFA to break in through the Azure CLI.
Fix
Enforce phishing-resistant MFA across all users, apps, and authentication flows, block legacy and password-based credential grants, apply Conditional Access to CLI access, and monitor sign-in logs for spray patterns and suspicious networks.

Critical Kemp LoadMaster flaw gives unauthenticated attackers root on edge appliances

A critical flaw in Progress Kemp LoadMaster lets an unauthenticated attacker run commands as root on the appliance by sending a crafted request to its API. Rated 9.8, the bug (CVE-2026-8037) sits in a function meant to sanitize input before it reaches a shell command, and LoadMaster's position as an edge load balancer and application delivery controller makes a pre-authentication flaw especially dangerous, since it can turn a protective choke point into a direct foothold. Progress patched it in early June, and researchers at watchTowr published a full technical write-up with a working proof-of-concept on June 29. No exploitation has been reported yet, but Progress also makes MOVEit, a past mass-exploitation target.

Check
Identify Progress Kemp LoadMaster appliances with the API enabled, confirm their versions, and determine whether the management API is reachable from untrusted networks or the internet, the exposure this flaw needs.
Affected
Kemp LoadMaster GA 7.2.63.1 and earlier and LTSF 7.2.54.17 and earlier with the API enabled (CVE-2026-8037); an unauthenticated attacker who can reach the API gains root on an edge device.
Fix
Update to LoadMaster GA 7.2.63.2 or LTSF 7.2.54.18, and question whether the management API needs to be reachable at all, restricting it to trusted management networks or disabling it where unused.

Windows Defender BlueHammer flaw now used by ransomware gangs for SYSTEM access

CISA has updated its Known Exploited Vulnerabilities catalog to warn that ransomware gangs are now exploiting BlueHammer, a Microsoft Defender privilege-escalation flaw. The bug (CVE-2026-33825) lets a local attacker who already has a foothold escalate to SYSTEM by abusing Defender's file-remediation logic, giving them access to password hashes and the control needed to disable defenses and prepare systems for encryption. It was leaked with proof-of-concept code by a researcher in early April as a protest over Microsoft's disclosure process, exploited as a zero-day, then patched on April 14. It cannot be used for remote compromise on its own, but it strengthens attackers after initial access.

Check
Confirm the April 2026 Microsoft Defender update is applied across all Windows systems, and review endpoint logs for local privilege escalation, suspicious local-account access, and attempts to dump or read password hashes.
Affected
Windows systems missing the April 2026 Defender patch (CVE-2026-33825); after gaining initial access, attackers use the flaw to reach SYSTEM privileges, dump password hashes, and disable defenses ahead of ransomware.
Fix
Ensure the Microsoft Defender update is installed everywhere, prioritize systems exposed to phishing or stolen-credential access, and monitor for privilege-escalation behavior, since this flaw is now part of active ransomware playbooks.

Citrix patches six NetScaler flaws, including a CitrixBleed-style memory leak

Citrix has released fixes for six vulnerabilities in NetScaler ADC and NetScaler Gateway, including a high-severity memory-disclosure flaw that researchers place in the same class as the 2023 CitrixBleed bug. That flaw (CVE-2026-8451, rated 8.8) leaks small amounts of memory through malformed SAML requests and shares a root cause with an earlier NetScaler bug that was exploited within days of disclosure. The bulletin also covers an unauthenticated arbitrary file read and several denial-of-service issues, with CVSS scores from 6.9 to 8.8. No exploitation has been reported yet, but NetScaler appliances have drawn more than 20 entries on CISA's exploited-vulnerabilities list in three years, several used in ransomware.

Check
Inventory NetScaler ADC and Gateway appliances and their configurations, checking whether they run as SAML identity providers, expose management IPs, or use HTTP/2, and confirm which builds they are on.
Affected
NetScaler ADC and Gateway appliances on affected builds (CVE-2026-8451 and five others); SAML identity-provider setups risk memory disclosure, and other configurations face arbitrary file read or denial of service.
Fix
Update to NetScaler ADC and Gateway 14.1-72.61 or later fixed builds, and for the HTTP/2 denial-of-service flaw, manually set the Http2SmallWndTimeout parameter, since patching alone does not fully close it.

Aflac Japan breach exposes personal data of 4.38 million customers and agents

Aflac Life Insurance Japan, a subsidiary of the US insurance giant Aflac, says attackers broke into its policyholder portal and stole personal data belonging to about 4.38 million customers and agents. The intruders accessed systems repeatedly between June 15 and June 25, when the breach was detected through a surge in traffic, and the company suspended affected systems in response. Exposed data includes names, addresses, phone numbers, dates of birth, gender, and insurance account details, plus premium payment account information for roughly 230,000 people; no credit card data was taken. Aflac says the incident is limited to its Japan systems and does not affect its US operations.

Check
Aflac Japan policyholders and agents should watch for their notification letter, stay alert to phishing and fraud referencing Aflac or insurance accounts, and monitor bank accounts used for premium payments.
Affected
About 4.38 million Aflac Japan customers and agents whose personal and insurance data was exposed, including premium payment account details for roughly 230,000; the breach is limited to Aflac's Japan systems.
Fix
Affected people should monitor accounts for fraud and be cautious of insurance-themed phishing. Organizations should tighten access to customer portals, enforce phishing-resistant MFA, and monitor for unusual access and data exfiltration.

Microsoft warns poisoned MCP tool descriptions can make AI agents leak data

Microsoft is warning that attackers can hijack AI agents through poisoned tool descriptions, the plain-text notes that tell an agent what a tool does. Because agents connect to systems through the Model Context Protocol and read these descriptions to decide how to act, an attacker who updates a trusted third-party tool can bury a hidden instruction in its description, telling the agent to quietly collect and exfiltrate data on its next task. Many setups pick up description changes without re-approval, so the poisoned version goes live silently. Each step the agent takes looks legitimate and runs with the user's own permissions, so no alarm fires.

Check
Inventory the MCP tools and servers your AI agents can use, especially third-party ones, and check whether your setup re-approves or reviews tool descriptions when they change rather than trusting updates automatically.
Affected
Organizations running AI agents connected to third-party MCP tools without re-approval on description changes; a poisoned description can redirect the agent to exfiltrate data using the user's own permissions, invisibly.
Fix
Require review when tool descriptions change, pin and verify tool sources, scope agents with least privilege, log every tool invocation at the infrastructure layer, and gate sensitive actions behind human approval.

BioShocking attack convinces AI browsers they are in a game, then steals credentials

Researchers at LayerX detailed BioShocking, an attack that manipulates AI browser agents into ignoring their safety rules by convincing them they are inside a fictional game. Using a web page with a puzzle that rewards deliberately wrong answers, the attack gets the agent to accept a false reality, after which it treats a request to open a page and copy its contents as just another step. In the demonstration, that page redirected to the victim's work GitHub repository and the agent handed over SSH credentials, treating the theft as finishing the game. None of the six AI browser agents tested flagged it as a rule violation.

Check
Review where AI browser agents are used and what logged-in accounts they can reach, and test whether an agent follows instructions from web content telling it the normal rules no longer apply.
Affected
Users of AI browser agents that act on logged-in sessions; an attacker-controlled page can trick the agent into ignoring its rules and stealing credentials or data from sites the user uses.
Fix
Require user confirmation before an agent reads from logged-in accounts, limit which sites and data agents can touch, and prefer AI browsers that flag when content tries to override their instructions.

Critical Oracle E-Business Suite flaw now exploited for unauthenticated takeover

Attackers have begun exploiting a critical flaw in Oracle E-Business Suite, the financial and operations platform used by large enterprises, threat intelligence firm Defused reports. The bug (CVE-2026-46817), rated 9.8, sits in the File Transmission component of Oracle Payments and lets an unauthenticated attacker with HTTP access take over the system through a low-complexity attack. Oracle patched it in its May 2026 update, but exploitation began over the weekend despite no public proof-of-concept existing, meaning attackers built their own. Observed payloads attempt to read sensitive system files. Shadowserver tracks more than 450 EBS instances exposed online, many in North America and Asia, with unknown numbers still unpatched.

Check
Identify internet-facing Oracle E-Business Suite instances, confirm whether the May 2026 Critical Patch Update is applied, and review logs for suspicious requests to the Payments component and unexpected system-file access.
Affected
Oracle E-Business Suite versions 12.2.3 through 12.2.15 with the Payments component reachable over HTTP (CVE-2026-46817); unauthenticated attackers can fully compromise the system, and a private exploit is already in use.
Fix
Apply Oracle's May 2026 Critical Patch Update immediately, restrict EBS access to trusted networks, and run a compromise assessment if patching was delayed, since exploitation is underway without public exploit code.

Public exploit released for critical libssh2 flaw affecting curl, Git, and more

A public proof-of-concept has been released for a critical flaw in libssh2 (CVE-2026-55200), the client-side SSH library embedded in curl, Git, PHP, backup agents, firmware updaters, and countless appliances. A malicious or compromised SSH server can send a crafted packet that corrupts memory on the connecting client, with no credentials or user interaction needed, potentially leading to code execution. Rated 9.2, the bug affects all versions through 1.11.1. The fix was merged into the source on June 12, but no tagged release exists yet, so distributions are backporting it. The hardest part is that libssh2 is often statically bundled, so package updates miss those copies entirely.

Check
Inventory everything that links libssh2, including statically bundled copies inside curl, Git, PHP, backup tools, and appliances that package managers will not flag, especially anything connecting to untrusted SSH servers.
Affected
Any software using libssh2 through version 1.11.1 that connects to an untrusted or attacker-controlled SSH server (CVE-2026-55200); the malicious server, not the client, triggers the memory corruption without authentication.
Fix
Apply a build that includes the upstream fix, whether a distribution backport or patched source, watch vendor advisories for tagged releases, and restrict outbound SSH to untrusted servers until patched.

Nissan employee data stolen through Oracle PeopleSoft zero-day attacks

Nissan has disclosed that current and former employees' data was stolen after attackers exploited a zero-day flaw in Oracle PeopleSoft, the software it uses to manage payroll, tax, and personnel records. In a filing with California's attorney general, Nissan said Oracle informed it that the personnel records of hundreds of companies may have been taken. The attacks, tied to the extortion group ShinyHunters, exploited PeopleSoft vulnerability CVE-2026-35273 as a zero-day between late May and early June, primarily hitting education organizations, before Oracle issued mitigations. ShinyHunters has begun leaking stolen data, with Nissan joining victims that include the University of Nottingham and a US insurance regulator group.

Check
Organizations using Oracle PeopleSoft should confirm the CVE-2026-35273 mitigations are applied and review access logs from late May through early June for signs of the data-theft activity Mandiant documented.
Affected
Nissan's current and former employees whose payroll and personnel records were exposed, and the hundreds of other PeopleSoft-using organizations Oracle says were caught in the same ShinyHunters zero-day campaign (CVE-2026-35273).
Fix
Apply Oracle's PeopleSoft mitigations, rotate exposed credentials, and offer affected employees identity protection. Affected individuals should watch for phishing and fraud using stolen payroll and personnel data, including tax-related identity theft.