Security Newsletter

Daily Security Briefing #305

DjediTech July 4, 2026 4 min read
Daily Security Briefing #305
Table of Contents

July 4, 2026 | Read Online

Malware campaigns, AI-powered attacks, and vulnerability exploits dominate recent cybersecurity news…


Executive Summary

Cybersecurity threats continue to evolve with malicious actors adapting to disruptions. Recent malware campaigns, including Avalon and BusySnake, demonstrate a shift toward consolidation of multiple offensive capabilities into a single recovered payload. Meanwhile, the use of AI in ransomware operations has become more prevalent, as seen in the JadePuffer campaign. Additionally, vulnerabilities in SMB protocols have been exposed.



Top Articles

Weekly Metasploit Update: Modules for SMB-to-Meterpreter, Peyara Remote Mouse RCE exploit, and more Metasploit contributor Dean Welch has added an SMB to Meterpreter session upgrade module, enabling users to load the module with use windows/manage/smb_to_meterpreter and specify the session number they wish to upgrade. This functionality is also available with the command sessions -u. The update is part of a broader effort to enhance Metasploit’s capabilities. rapid7.com

Avalon Malware Uses Legal Document Lure to Deliver CrownX Ransomware Capabilities A previously undocumented malware framework, tracked as Avalon, uses a spoofed legal-document lure and a multi-stage, fileless-oriented chain to deliver a ransomware component internally labeled CrownX. The campaign highlights the use of modern development practices, including AI assistance, in creating sophisticated malware. gbhackers.com

Armored Likho APT Deploys BusySnake Stealer Against Government and Power Sector Targets A focused phishing campaign operated by a previously unreported APT, Armored Likho (also tracked under the provisional alias Eagle Werewolf), targets government agencies and the electric power sector across Russia, Brazil, and Kazakhstan. The group demonstrates an evolving toolkit that blends commodity and bespoke tooling. gbhackers.com

BusySnake Stealer Targets Browser Passwords, Cookies, Telegram Sessions, and Crypto Keys BusySnake Stealer, a previously undocumented Python-based infostealer deployed by Armored Likho, is engineered to harvest high-value secrets: browser-stored passwords and cookies, Telegram desktop sessions, clipboard contents, system screenshots, and cryptocurrency keys and wallet files. cyberpress.org

U.S. Government Entity Paid Kairos $1 Million in Data-Theft Extortion Case A U.S. government entity paid about $1 million to keep stolen files from being leaked, according to a new case study by Rakesh Krishnan for Ransom-ISAC. The group that took the money calls itself Kairos, but it may not be a ransomware gang at all. thehackernews.com

CrownX Ransomware Embedded Inside Avalon Framework Targets Recovery and Backup Systems A previously undocumented multi-stage malware framework, tracked as Avalon, embeds a ransomware component internally labeled CrownX and specifically targets recovery and backup systems. The actor avoided email-layer scanning by placing malicious content inside an ISO image. cyberpress.org

North Korean Hackers Publish 108 Malicious Packages and Extensions in PolinRider Campaign The North Korean threat actors linked to the Contagious Interview campaign have been observed publishing 108 unique packages and web browser extensions spanning npm, Packagist, Go, and Google Chrome as part of an ongoing activity referred to as PolinRider. thehackernews.com

JadePuffer ransomware used AI agent to automate entire attack Researchers identified what they believe is the first documented case of a ransomware operation, JadePuffer, conducted entirely by a large language model (LLM) agent. bleepingcomputer.com

Parrot 7.3 released With new menu system and smoother day-to-day use Parrot 7.3 arrives focused on refinement rather than a tool glut, rebuilding all editions to deliver perceptible gains on modern hardware and a smoother desktop experience. gbhackers.com

Verified X Sponsored Ad Spreads Mac Malware While ConsentFix Hijacks Microsoft 365 Accounts A Mac-targeting ClickFix campaign amplified through a verified X sponsored ad, and a novel browser-based hijack technique called ConsentFix that exfiltrates Microsoft 365 session tokens without traditional malware. gbhackers.com

TimbreStealer Malware Targets Mexico Companies With Advanced Evasion Techniques A new campaign linked to the TimbreStealer information stealer that specifically targets Mexican companies, employing layered evasion and sophisticated runtime tricks to frustrate detection and analysis. gbhackers.com


AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.