Security Newsletter

Daily Security Briefing #308

DjediTech July 7, 2026 3 min read
Daily Security Briefing #308
Table of Contents

July 7, 2026 | Read Online

Critical vulnerabilities exposed, AI-powered phishing campaigns, and stealthy malware execution…


Executive Summary

Cybersecurity threats continue to evolve with malicious actors adapting to disruptions. Recent discoveries highlight the importance of robust security measures in various domains. Critical vulnerabilities have been exposed in Microsoft SharePoint, while Chinese hackers develop LONGLEASH malware to expand their ORB network. Meanwhile, AI-powered phishing campaigns are on the rise, and stealthy malware execution techniques are being employed.



Top Articles

The ‘Ghost’ in the Database: Recovering Active ADFS Signing Keys via Machine DPAPI Google’s Threat Intelligence Group has published a detailed analysis of how threat actors can recover active ADFS signing keys using machine DPAPI. This technique, known as “Golden SAML,” allows attackers to forge identity assertions and bypass multifactor authentication. Google Cloud Blog

Google Is Suing Chinese Scammers Who Are Using Gemini Google has filed a lawsuit against the Chinese group Outsider Enterprise, which offers phishing-as-a-service using Google’s Gemini AI. The group provides instructions on how to create websites that imitate those of Google. Schneier

How Unified Policies Close Security Gaps As organizations adopt distributed security architectures, maintaining consistency across firewalls and SASE becomes increasingly challenging. Check Point’s latest blog post highlights the importance of unified policies in closing security gaps. Check Point Blog

SindriKit 1.3.0 Abuses Call Stack Spoofing to Bypass EDR Detection The latest version of SindriKit, a malware framework, employs dynamic call stack spoofing to evade Endpoint Detection and Response (EDR) systems. This technique defeats telemetry that inspects kernel-transition call chains. GBHackers

Kazuar Backdoor Uses DLL Side-Loading and PowerShell Loaders for Stealthy Execution Turla’s Kazuar backdoor has re-emerged with a combination of DLL side-loading and PowerShell-based loaders to achieve stealthy execution. This persistence and reconnaissance tool minimizes disk activity tied to novel executables. GBHackers

Public PoC Released for SharePoint Remote Code Execution Vulnerability A working proof-of-concept exploit has been released for CVE-2026-33112, a critical vulnerability in Microsoft SharePoint. This flaw allows low-privilege authenticated users to achieve remote code execution. CyberPress

Ubiquiti Disclosed 25 Security Vulnerabilities Including Injection and DoS Flaws Ubiquiti has disclosed a set of 25 security vulnerabilities affecting its UniFi ecosystem. The flaws span various applications, with severity scores ranging from High to Critical. CyberPress

RedWing MaaS Packages Android Bank Fraud as a Telegram Rental Service A new Android malware operation called RedWing is being rented out on Telegram as a ready-made bank-fraud service. This allows low-skill criminals to take over victim’s phones and steal their banking logins. The Hacker News

Rogue Agent Flaw Could Have Let Attackers Hijack Google Dialogflow CX Chatbots A critical flaw in Google’s Dialogflow CX could have allowed an attacker with edit rights to compromise other Code Block-enabled agents. This would enable them to read live conversations and steal user data. The Hacker News

Chinese hackers develop LONGLEASH malware to expand ORB network Chinese hackers tracked as ‘UAT-7810’ are evolving their malware to expand their Operational Relay Box (ORB) network by compromising internet-facing networking devices. Bleeping Computer

Hidden backdoor in Tenda router firmware grants admin access A hidden authentication backdoor has been found in multiple Tenda router firmware versions, potentially allowing an attacker to gain administrative access. Bleeping Computer


AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.