SonicWall, Oracle, Microsoft, KNX Association, AsyncAPI and Cisco: Ernst & Young (EY) - Security Affairs

SonicWall, Oracle, Microsoft, KNX Association, AsyncAPI and Cisco: Ernst & Young (EY) - Security Affairs

Cybersecurity Roundup: Critical Vulnerabilities, Supply Chain Attacks, and Major Breaches

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) catalog with new entries, including a KNX Association protocol flaw (Connection Authorization Option 1) and multiple Oracle, SonicWall, Microsoft, and Cisco IOS vulnerabilities. These additions highlight active exploitation risks, urging organizations to prioritize patching.

In a supply chain attack, malicious actors injected malware into AsyncAPI npm packages, which collectively see 2 million weekly downloads. The compromised packages could expose developers to data theft or further compromise.

Lidl disclosed a data breach affecting online shop customers in Germany, Belgium, and the Netherlands, though details on the scope and impact remain limited.

Microsoft’s July 2026 Patch Tuesday set a record with 621 CVEs addressed, marking the largest security update in its history. The fixes span critical vulnerabilities across Windows, Office, and other enterprise products.

The U.S. Treasury sanctioned a VPN provider and cryptor seller linked to billions in ransomware losses, targeting infrastructure used by cybercriminals to evade detection and launder payments.

Japan faced multiple cyber incidents, including a malware attack on Nihon Kotsu, the country’s largest taxi operator, which temporarily suspended services. Additionally, Nichirei, a major food company, confirmed a cyberattack, though operational disruptions were not disclosed.

Ernst & Young (EY) is investigating a data breach involving third-party support tickets, raising concerns over unauthorized access to sensitive client information.

Two members of the Scattered Spider hacking group were sentenced for their role in a £29 million cyberattack on Transport for London (TfL), underscoring the group’s financial motivations and persistent threat to critical infrastructure.

A new Russian cyber campaign was uncovered, distributing fake Webex and Zoom installers to deploy Starland RAT, a remote access trojan used for espionage and data exfiltration.

Security researchers identified CrashStealer, a macOS infostealer leveraging signed apps to bypass Gatekeeper protections, and TuxBot v3, an AI-powered IoT botnet with documented flaws but potential for large-scale attacks.

The EU imposed sanctions on FSB-linked hackers for cyber sabotage, targeting state-backed actors behind disruptive campaigns.

A Chinese cyber espionage group was found using Claude and DeepSeek AI models to enhance malware development, including a custom PowerShell reconnaissance tool.

SonicWall warned of active exploitation of two SMA 1000 zero-day vulnerabilities, while Zoom patched CVE-2026-53412, a critical account takeover flaw that could allow unauthorized access to user sessions.

Source: https://securityaffairs.com/195550/data-breach/ernst-young-ey-investigates-data-breach-involving-third-party-support-tickets.html/attachment/image-1540

Cisco cybersecurity rating report: https://www.rankiteo.com/company/cisco

SonicWall cybersecurity rating report: https://www.rankiteo.com/company/sonicwall

Microsoft Security cybersecurity rating report: https://www.rankiteo.com/company/microsoft-security

Oracle cybersecurity rating report: https://www.rankiteo.com/company/oracle

AsyncAPI Initiative cybersecurity rating report: https://www.rankiteo.com/company/asyncapi

KNX Association cybersecurity rating report: https://www.rankiteo.com/company/knx-association

"id": "CISSONMICORAASYKNX1784341544",
"linkid": "cisco, sonicwall, microsoft-security, oracle, asyncapi, knx-association",
"type": "Vulnerability",
"date": "7/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 'Online shop customers',
                        'industry': 'Retail',
                        'location': ['Germany', 'Belgium', 'Netherlands'],
                        'name': 'Lidl',
                        'type': 'Retail'},
                       {'customers_affected': 'Clients with third-party '
                                              'support tickets',
                        'industry': 'Consulting',
                        'name': 'Ernst & Young (EY)',
                        'type': 'Professional Services'},
                       {'industry': 'Taxi Services',
                        'location': 'Japan',
                        'name': 'Nihon Kotsu',
                        'size': 'Largest taxi operator in Japan',
                        'type': 'Transportation'},
                       {'industry': 'Food Manufacturing',
                        'location': 'Japan',
                        'name': 'Nichirei',
                        'size': 'Major food company',
                        'type': 'Food'},
                       {'industry': 'Transportation',
                        'location': 'UK',
                        'name': 'Transport for London (TfL)',
                        'type': 'Public Transportation'},
                       {'customers_affected': 'Developers (2 million weekly '
                                              'downloads)',
                        'industry': 'Technology',
                        'name': 'AsyncAPI npm Packages',
                        'type': 'Software'},
                       {'customers_affected': 'Enterprise users',
                        'industry': 'Software',
                        'location': 'Global',
                        'name': 'Microsoft',
                        'type': 'Technology'},
                       {'industry': 'Cybersecurity',
                        'location': 'Global',
                        'name': 'SonicWall',
                        'type': 'Technology'},
                       {'industry': 'Software',
                        'location': 'Global',
                        'name': 'Zoom',
                        'type': 'Technology'}],
 'attack_vector': ['Exploited Vulnerabilities',
                   'Malicious npm Packages',
                   'Phishing',
                   'Fake Installers',
                   'Third-Party Compromise'],
 'data_breach': {'personally_identifiable_information': ['Lidl customer data',
                                                         'EY client data'],
                 'sensitivity_of_data': ['High (PII, client data)'],
                 'type_of_data_compromised': ['Customer data',
                                              'Sensitive client information',
                                              'Personally identifiable '
                                              'information']},
 'description': 'A compilation of recent cybersecurity incidents including '
                'critical vulnerabilities, supply chain attacks, data '
                'breaches, ransomware, and state-backed cyber campaigns.',
 'impact': {'brand_reputation_impact': ['Lidl',
                                        'EY',
                                        'Nihon Kotsu',
                                        'Nichirei'],
            'data_compromised': ['Customer data (Lidl)',
                                 'Sensitive client information (EY)',
                                 'Personally identifiable information (various '
                                 'breaches)'],
            'downtime': 'Temporary suspension of Nihon Kotsu services',
            'financial_loss': '£29 million (Scattered Spider attack on TfL)',
            'identity_theft_risk': ['Lidl customers', 'EY clients'],
            'operational_impact': ['Service disruptions (Nihon Kotsu)',
                                   'Unauthorized access (EY)'],
            'systems_affected': ['Nihon Kotsu taxi services',
                                 'Nichirei food company systems',
                                 'Transport for London (TfL)']},
 'motivation': ['Financial Gain', 'Espionage', 'Data Theft', 'Sabotage'],
 'post_incident_analysis': {'corrective_actions': ['Patch management',
                                                   'Supply chain security',
                                                   'Third-party risk '
                                                   'assessments',
                                                   'User awareness training'],
                            'root_causes': ['Unpatched vulnerabilities',
                                            'Supply chain compromise',
                                            'Third-party risks',
                                            'Phishing/fake installers']},
 'ransomware': {'ransom_demanded': '£29 million (Scattered Spider attack on '
                                   'TfL)'},
 'recommendations': ['Prioritize patching for known exploited vulnerabilities '
                     '(CISA KEV catalog)',
                     'Monitor supply chain risks (e.g., npm packages)',
                     'Enhance third-party security assessments',
                     'Deploy AI-powered threat detection for malware '
                     'development trends'],
 'references': [{'source': 'CISA Known Exploited Vulnerabilities Catalog'},
                {'source': 'U.S. Treasury Sanctions'},
                {'source': 'EU Sanctions on FSB-linked Hackers'}],
 'regulatory_compliance': {'legal_actions': ['U.S. Treasury sanctions',
                                             'EU sanctions on FSB-linked '
                                             'hackers']},
 'response': {'remediation_measures': ['Patching (Microsoft, SonicWall, Zoom)',
                                       'Sanctions (U.S. Treasury)']},
 'threat_actor': ['Scattered Spider',
                  'Russian Cyber Campaign',
                  'Chinese Cyber Espionage Group',
                  'FSB-linked Hackers'],
 'title': 'Cybersecurity Roundup: Critical Vulnerabilities, Supply Chain '
          'Attacks, and Major Breaches',
 'type': ['Vulnerability Exploitation',
          'Supply Chain Attack',
          'Data Breach',
          'Ransomware',
          'Malware Attack',
          'Cyber Espionage'],
 'vulnerability_exploited': ['KNX Association protocol flaw (Connection '
                             'Authorization Option 1)',
                             'Oracle vulnerabilities',
                             'SonicWall vulnerabilities',
                             'Microsoft vulnerabilities',
                             'Cisco IOS vulnerabilities',
                             'SonicWall SMA 1000 zero-day vulnerabilities',
                             'Zoom CVE-2026-53412 (account takeover flaw)']}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.