Cybersecurity Roundup: Critical Vulnerabilities, Supply Chain Attacks, and Major Breaches
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) catalog with new entries, including a KNX Association protocol flaw (Connection Authorization Option 1) and multiple Oracle, SonicWall, Microsoft, and Cisco IOS vulnerabilities. These additions highlight active exploitation risks, urging organizations to prioritize patching.
In a supply chain attack, malicious actors injected malware into AsyncAPI npm packages, which collectively see 2 million weekly downloads. The compromised packages could expose developers to data theft or further compromise.
Lidl disclosed a data breach affecting online shop customers in Germany, Belgium, and the Netherlands, though details on the scope and impact remain limited.
Microsoft’s July 2026 Patch Tuesday set a record with 621 CVEs addressed, marking the largest security update in its history. The fixes span critical vulnerabilities across Windows, Office, and other enterprise products.
The U.S. Treasury sanctioned a VPN provider and cryptor seller linked to billions in ransomware losses, targeting infrastructure used by cybercriminals to evade detection and launder payments.
Japan faced multiple cyber incidents, including a malware attack on Nihon Kotsu, the country’s largest taxi operator, which temporarily suspended services. Additionally, Nichirei, a major food company, confirmed a cyberattack, though operational disruptions were not disclosed.
Ernst & Young (EY) is investigating a data breach involving third-party support tickets, raising concerns over unauthorized access to sensitive client information.
Two members of the Scattered Spider hacking group were sentenced for their role in a £29 million cyberattack on Transport for London (TfL), underscoring the group’s financial motivations and persistent threat to critical infrastructure.
A new Russian cyber campaign was uncovered, distributing fake Webex and Zoom installers to deploy Starland RAT, a remote access trojan used for espionage and data exfiltration.
Security researchers identified CrashStealer, a macOS infostealer leveraging signed apps to bypass Gatekeeper protections, and TuxBot v3, an AI-powered IoT botnet with documented flaws but potential for large-scale attacks.
The EU imposed sanctions on FSB-linked hackers for cyber sabotage, targeting state-backed actors behind disruptive campaigns.
A Chinese cyber espionage group was found using Claude and DeepSeek AI models to enhance malware development, including a custom PowerShell reconnaissance tool.
SonicWall warned of active exploitation of two SMA 1000 zero-day vulnerabilities, while Zoom patched CVE-2026-53412, a critical account takeover flaw that could allow unauthorized access to user sessions.
Cisco cybersecurity rating report: https://www.rankiteo.com/company/cisco
SonicWall cybersecurity rating report: https://www.rankiteo.com/company/sonicwall
Microsoft Security cybersecurity rating report: https://www.rankiteo.com/company/microsoft-security
Oracle cybersecurity rating report: https://www.rankiteo.com/company/oracle
AsyncAPI Initiative cybersecurity rating report: https://www.rankiteo.com/company/asyncapi
KNX Association cybersecurity rating report: https://www.rankiteo.com/company/knx-association
"id": "CISSONMICORAASYKNX1784341544",
"linkid": "cisco, sonicwall, microsoft-security, oracle, asyncapi, knx-association",
"type": "Vulnerability",
"date": "7/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 'Online shop customers',
'industry': 'Retail',
'location': ['Germany', 'Belgium', 'Netherlands'],
'name': 'Lidl',
'type': 'Retail'},
{'customers_affected': 'Clients with third-party '
'support tickets',
'industry': 'Consulting',
'name': 'Ernst & Young (EY)',
'type': 'Professional Services'},
{'industry': 'Taxi Services',
'location': 'Japan',
'name': 'Nihon Kotsu',
'size': 'Largest taxi operator in Japan',
'type': 'Transportation'},
{'industry': 'Food Manufacturing',
'location': 'Japan',
'name': 'Nichirei',
'size': 'Major food company',
'type': 'Food'},
{'industry': 'Transportation',
'location': 'UK',
'name': 'Transport for London (TfL)',
'type': 'Public Transportation'},
{'customers_affected': 'Developers (2 million weekly '
'downloads)',
'industry': 'Technology',
'name': 'AsyncAPI npm Packages',
'type': 'Software'},
{'customers_affected': 'Enterprise users',
'industry': 'Software',
'location': 'Global',
'name': 'Microsoft',
'type': 'Technology'},
{'industry': 'Cybersecurity',
'location': 'Global',
'name': 'SonicWall',
'type': 'Technology'},
{'industry': 'Software',
'location': 'Global',
'name': 'Zoom',
'type': 'Technology'}],
'attack_vector': ['Exploited Vulnerabilities',
'Malicious npm Packages',
'Phishing',
'Fake Installers',
'Third-Party Compromise'],
'data_breach': {'personally_identifiable_information': ['Lidl customer data',
'EY client data'],
'sensitivity_of_data': ['High (PII, client data)'],
'type_of_data_compromised': ['Customer data',
'Sensitive client information',
'Personally identifiable '
'information']},
'description': 'A compilation of recent cybersecurity incidents including '
'critical vulnerabilities, supply chain attacks, data '
'breaches, ransomware, and state-backed cyber campaigns.',
'impact': {'brand_reputation_impact': ['Lidl',
'EY',
'Nihon Kotsu',
'Nichirei'],
'data_compromised': ['Customer data (Lidl)',
'Sensitive client information (EY)',
'Personally identifiable information (various '
'breaches)'],
'downtime': 'Temporary suspension of Nihon Kotsu services',
'financial_loss': '£29 million (Scattered Spider attack on TfL)',
'identity_theft_risk': ['Lidl customers', 'EY clients'],
'operational_impact': ['Service disruptions (Nihon Kotsu)',
'Unauthorized access (EY)'],
'systems_affected': ['Nihon Kotsu taxi services',
'Nichirei food company systems',
'Transport for London (TfL)']},
'motivation': ['Financial Gain', 'Espionage', 'Data Theft', 'Sabotage'],
'post_incident_analysis': {'corrective_actions': ['Patch management',
'Supply chain security',
'Third-party risk '
'assessments',
'User awareness training'],
'root_causes': ['Unpatched vulnerabilities',
'Supply chain compromise',
'Third-party risks',
'Phishing/fake installers']},
'ransomware': {'ransom_demanded': '£29 million (Scattered Spider attack on '
'TfL)'},
'recommendations': ['Prioritize patching for known exploited vulnerabilities '
'(CISA KEV catalog)',
'Monitor supply chain risks (e.g., npm packages)',
'Enhance third-party security assessments',
'Deploy AI-powered threat detection for malware '
'development trends'],
'references': [{'source': 'CISA Known Exploited Vulnerabilities Catalog'},
{'source': 'U.S. Treasury Sanctions'},
{'source': 'EU Sanctions on FSB-linked Hackers'}],
'regulatory_compliance': {'legal_actions': ['U.S. Treasury sanctions',
'EU sanctions on FSB-linked '
'hackers']},
'response': {'remediation_measures': ['Patching (Microsoft, SonicWall, Zoom)',
'Sanctions (U.S. Treasury)']},
'threat_actor': ['Scattered Spider',
'Russian Cyber Campaign',
'Chinese Cyber Espionage Group',
'FSB-linked Hackers'],
'title': 'Cybersecurity Roundup: Critical Vulnerabilities, Supply Chain '
'Attacks, and Major Breaches',
'type': ['Vulnerability Exploitation',
'Supply Chain Attack',
'Data Breach',
'Ransomware',
'Malware Attack',
'Cyber Espionage'],
'vulnerability_exploited': ['KNX Association protocol flaw (Connection '
'Authorization Option 1)',
'Oracle vulnerabilities',
'SonicWall vulnerabilities',
'Microsoft vulnerabilities',
'Cisco IOS vulnerabilities',
'SonicWall SMA 1000 zero-day vulnerabilities',
'Zoom CVE-2026-53412 (account takeover flaw)']}