Happy Independence Day.
The CyberWire will be on hiatus tomorrow, July 3rd, and Saturday, July 4th, in observance of Independence Day. We'll be back as usual on Monday.

ThreatLocker helps organizations reduce risk by allowing trusted applications to run while limiting their access to only the resources they need. It’s a straightforward, default deny approach that gives you more control and visibility—without slowing down operations. Explore how ThreatLocker can help simplify your security strategy.
The CyberWire will be on hiatus tomorrow, July 3rd, and Saturday, July 4th, in observance of Independence Day. We'll be back as usual on Monday.
Cisco has confirmed that threat actors are exploiting a critical vulnerability (CVE-2026-20230) in Cisco Unified Communications Manager (Unified CM), BleepingComputer reports. The server-side request forgery (SSRF) flaw can allow attackers to elevate privileges to root. Researchers at Defused observed exploitation in mid-June, and the US Cybersecurity and Infrastructure Security Agency (CISA) added the flaw to its Known Exploited Vulnerabilities catalog on June 25th.
Cisco has now updated its advisory to state, "In June 2026, the Cisco PSIRT became aware of active exploitation of this vulnerability. Cisco continues to strongly recommend that customers upgrade to a fixed software release to remediate this vulnerability."
AI is moving into every corner of the enterprise, often faster than organizations can govern it. Johnny Hand, VP of AI Excellence at TrendAI, joins host Dave Bittner to explain how leaders can embrace AI innovation while keeping people, governance, and operational excellence at the center. Listen now to learn how to build AI capabilities without creating new operational risks.
Nextgov reports that the US Department of Homeland Security (DHS) is investigating a cyberattack that compromised the Homeland Security Information Network (HSIN), an information-sharing database used to exchange sensitive information between federal, state, local, and industry partners. Anonymous sources told Nextgov that the hackers targeted HSIN servers and a SharePoint system used for collaboration. The intrusion took place sometime between late May and early June. The hackers' affiliation is unclear.
A DHS spokesperson said in a statement following Nextgov's report, "The Department of Homeland Security is aware of a recent cyber incident involving a specific, unclassified legacy information sharing environment. We immediately took action to isolate the affected systems, mitigate the vulnerability, and launch a comprehensive forensic investigation. There is no indication that classified networks were impacted, and the system remains operational for our partners. As this is an ongoing investigation, we cannot provide further operational details at this time."
An alleged member of the Scattered Spider extortion gang has been arrested in Finland and extradited to the US on charges of conspiracy, computer intrusion, and fraud. 19-year-old Peter Stokes, a dual citizen of the United States and Estonia, allegedly "breached a luxury jewelry retailer’s computer system, exfiltrated data from the company, and made a ransom demand of approximately $8 million in cryptocurrency in May 2025." The victim organization did not pay the ransom, but suffered losses equivalent to $2 million as a result of the attack.
Stokes made an initial appearance in a Chicago court on Tuesday, and will remain in Federal custody.
Veil#Drop: Blogspot-Hosted PowerShell Loader Delivers PureLog Stealer Through XOR-Encoded In-Memory .NET Payloads (Securonix) Veil#Drop is a sophisticated multi-stage malware delivery framework that combines social engineering, compromised websites, malicious JavaScript launchers, PowerShell download cradles, and trusted cloud-hosted infrastructure to deploy PureLog Stealer entirely in memory.
CISA: Windows BlueHammer flaw now exploited by ransomware gangs (BleepingComputer) CISA confirmed on Monday that ransomware gangs are now exploiting a Microsoft Defender privilege escalation vulnerability, dubbed BlueHammer, that has previously been abused in zero-day attacks.
Sysdig Details JADEPUFFER, the First Documented Agentic Ransomware Operation (Hackread) A new Sysdig report traces how an LLM agent abused a Langflow flaw, stole credentials, reached production MySQL, and destroyed Nacos config data in minutes flat.
OpenAI in talks to give Trump administration a 5% stake in the company, FT reports (CNN) OpenAI, the creator of ChatGPT, is reportedly discussing handing the Trump administration a 5% stake in the company amid growing government scrutiny of artificial intelligence firms.
For a complete running list of events, please visit the Event Tracker.
Interviewing Essentials: Grow Interviewing Muscle with Mock Interviews on The Dev Difference Tool (Virtual, USA, Jul 17, 2026) This session will introduce members to The Dev Difference, a free mock interview tool designed to help candidates practice, build confidence, and prepare for real interviews.
Breaking Barriers: Navigating Your Early Career as Women in STEM (Virtual, USA, Jul 21, 2026) Starting a career in tech can feel exciting, challenging, and uncertain. This session is designed to help women in STEM navigate the early years of their careers with more clarity and confidence. You’ll hear from Hayley Murphy, Senior Campus Recruiter on CBRE’s Campus Digital & Technology team, along with women working in Digital & Technology at CBRE.
Tech for Good: When Moments Matter with Axon (Virtual, USA, Jul 28, 2026) This session will explore career pathways in mission-driven technology and give members a closer look at how technical teams at Axon build products that support public safety, accountability, and real-world impact.
Black Hat USA (Las Vegas, Nevada, USA, Aug 1 - 6, 2026) The premier cybersecurity event of the year returns to Mandalay Bay with a re-engineered, six-day program built to ignite innovation, push boundaries, and bring the global security community together like never before. This year’s event features four days of immersive, expert-led Trainings (August 1–4), followed by Summit Day on Tuesday, August 4, and a two-day main conference packed with groundbreaking Briefings, open-source tool demos in Arsenal, a dynamic Business Hall, and unlimited learning & networking opportunities.
