# Today's Top Stories
July 04, 2026
-
1SecurityWeek general Jul 03Medtronic Data Breach Impacts 3.8 Million People
Medical device giant Medtronic disclosed a data breach affecting 3.8 million individuals after the ShinyHunters extortion group accessed corporate IT systems in April 2026. The breach was confirmed by Medtronic in late April, with personal and medical information compromised. The scale of exposed medical data makes this critical for healthcare security practitioners and breach response teams.
-
2SecurityWeek general Jul 03Alleged Scattered Spider Hacker Extradited to US
Peter Stokes, a 19-year-old dual US-Estonian citizen, has been extradited to the United States on charges of being a member of Scattered Spider, the hacking collective linked to over 100 network intrusions and more than $100 million in ransom payments. The extradition marks continued law enforcement pressure on a group that has targeted major enterprises including MGM and Caesars. Security teams should note Scattered Spider's continued operational activity despite ongoing arrests.
-
3SecurityWeek general Jul 03Google, FBI Disrupt NetNut Residential Proxy Network Powered by Millions of Devices
Google's Threat Intelligence Group (GTIG), working with the FBI, Lumen, and other partners, significantly disrupted NetNut (also tracked as Popa), a residential proxy network comprising approximately 2 million compromised Android devices including smart TVs and streaming boxes. The operation reduced the network's usable device pool by millions, cutting off infrastructure used by cybercriminals and nation-state actors to anonymize malicious traffic. This takedown is notable for the joint public-private partnership model and the scale of compromised consumer devices involved.
-
4SecurityWeek general Jul 02FortiBleed Campaign Linked to INC, Lynx Ransomware Attacks
Researchers have linked the FortiBleed campaign — which harvested credentials from hundreds of thousands of FortiGate firewalls via an exploited vulnerability — to active ransomware attacks conducted by the INC and Lynx ransomware operations. Attackers are also reportedly layering in exploitation of a Nextcloud zero-day bug. Organizations running FortiGate devices that haven't rotated credentials following FortiBleed exposure are at immediate risk of ransomware intrusion.
-
5SecurityWeek general Jul 02CISA Warns of Actively Exploited Microsoft SharePoint Vulnerability
CISA has added CVE-2026-45659, a high-severity Microsoft SharePoint remote code execution vulnerability patched in May 2026, to its Known Exploited Vulnerabilities catalog after confirming active in-the-wild exploitation. Federal agencies face mandatory remediation deadlines under BOD 22-01, and the flaw is being targeted with public PoC code. SharePoint administrators should prioritize patching immediately given the confirmed active exploitation.
-
ADSponsoredPenetration Testing
Comprehensive security assessments by certified professionals. Find vulnerabilities before attackers do.
Learn More → -
6SecurityWeek general Jul 02New CitrixBleed Vulnerability Exploited Immediately After Public Disclosure
A new CitrixBleed-class vulnerability in NetScaler appliances is being actively exploited within hours of public PoC disclosure, with attackers using the exploit code to retrieve arbitrary memory content from HTTP responses — a technique that can expose session tokens and credentials. The rapid weaponization mirrors the original CitrixBleed (CVE-2023-4966) exploitation pattern from 2023. NetScaler administrators should treat this as a patch-now priority given the immediate exploitation timeline.
-
7The Hacker News general Jul 03European Parliament Member Investigating Spyware Was Hacked With Pegasus
Citizen Lab's forensic analysis of MEP Stelios Kouloglou's mobile device confirmed multiple infections with NSO Group's Pegasus spyware while he was serving on the European Parliament's PEGA Committee — the body specifically tasked with investigating illegal use of commercial surveillance tools. The targeting of a spyware investigator with the very tool under investigation underscores the political dimensions of Pegasus deployments. This finding adds direct evidentiary weight to ongoing EU regulatory scrutiny of NSO Group.
-
8SecurityWeek general Jul 02Cisco Confirms In-the-Wild Exploitation of Unified CM Vulnerability
Cisco has confirmed in-the-wild exploitation of a vulnerability in Cisco Unified Communications Manager (Unified CM), with the first exploitation attempts observed the week following public disclosure of an available PoC exploit. Security teams running Unified CM deployments should apply available patches immediately, as the combination of a public exploit and confirmed active exploitation significantly compresses the defensive window.
-
9The Hacker News general Jul 02ToddyCat-Linked Umbrij Malware Abuses OAuth to Access Gmail via Google API
Kaspersky researchers have attributed a new malware strain called Umbrij to the Chinese APT group ToddyCat, designed to abuse OAuth flows and the Google API to silently access victims' Gmail corporate email. The malware targets organizations using Google Workspace for corporate email, exfiltrating correspondence without triggering standard login alerts. Security teams should audit OAuth application grants and Google API access tokens for anomalous third-party authorizations.
-
10The Hacker News general Jul 03New "Bad Epoll" Linux Kernel Flaw Lets Unprivileged Users Gain Root, Hits Android
A Linux kernel privilege escalation vulnerability dubbed Bad Epoll (CVE-2026-46242) allows unprivileged local users to gain root on Linux desktops, servers, and Android devices, with a patch now available. Notably, the bug resides in the same kernel code region where Anthropic's Mythos AI model recently identified a separate vulnerability — raising questions about AI-assisted vulnerability discovery coverage gaps. Android device patching timelines mean many mobile devices will remain exposed for weeks or months despite the upstream fix.