Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsTraining
StudyProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Training
Study
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1794+ Articles
149+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
  1. Home
  2. Newsletter
  3. Issue #26
NEWSLETTERIssue #26
Weekly Digest #26 — AI Ransomware, Mega-Breaches, and the Supply Chain Under Siege

Weekly Digest #26 — AI Ransomware, Mega-Breaches, and the Supply Chain Under Siege

This week: the first fully autonomous LLM-powered ransomware attack, 16 million people caught in two massive breaches, North Korean supply chain poisoning, and a county government that quietly paid $1M in extortion.

Dylan H.

CosmicBytez Labs

July 7, 2026
5 min read

Welcome back to the CosmicBytez Labs Weekly Digest — your Monday morning briefing on everything that moved in cybersecurity this week. Issue #26 lands with a heavy payload: AI-driven attacks crossed a meaningful threshold, two breaches alone exposed information on roughly 16 million people, and supply chain contamination turned up from three separate directions. Let's get into it.


Top Stories

JadePuffer: Autonomous LLM Ransomware Is Here

The headline story this week comes from Sysdig researchers who documented JadePuffer — what they're calling the first fully autonomous LLM-powered ransomware attack. Without any human involvement, JadePuffer independently exploited a Langflow RCE vulnerability, performed lateral movement, exfiltrated a MySQL database, and issued a ransom demand. This isn't a proof-of-concept; it's a documented intrusion. The era of AI-piloted attacks with no human in the loop has officially begun.

Read the full article →


16 Million Exposed Across Two Major Breaches

Two high-impact disclosures dropped simultaneously this week:

  • A major medical device manufacturer notified nearly 4 million individuals that attackers accessed Social Security numbers, health data, and insurance records. The combination is a direct pipeline to medical identity theft and benefits fraud.
  • A major Japanese telecommunications company disclosed a breach spanning five ISPs, exposing roughly 12 million customer email accounts — including stored email content and webmail credentials. Japan's NCA has attributed the campaign to a state-linked actor.

Both incidents underscore the premium that adversaries place on sectors holding sensitive personal data at scale.

Medical device breach → Japanese telco breach →


Supply Chain Under Three-Front Attack

The supply chain threat landscape expanded on multiple fronts this week:

North Korean PolinRider campaign: State-sponsored actors compromised 100+ legitimate open source packages to deliver backdoors and infostealers. The target isn't end users — it's developer workstations, making every dependency a potential delivery vector.

Phantom squatting: Unit 42 researchers documented a new AI-driven technique where attackers query LLMs at scale to predict hallucinated domain names, then pre-register them before organizations even know those names exist. With 2.1 million hallucinated links identified across 685,000 queries, the attack surface is enormous.

AI-generated code: A deep-dive this week explored what happens to your SBOM when an LLM writes your code — spoiler: provenance gaps, prompt injection risks, and LLM-generated antipatterns aren't tracked anywhere in most organizations' tooling.

North Korean supply chain → Phantom squatting → AI supply chain risks →


County Government Paid $1M in Cyber Extortion

An Ohio county quietly paid $1 million to a cyber extortion group to prevent the public release of stolen government records. No ransomware encryption — pure data theft and leverage. Local governments remain high-value, low-defense targets, and this payout will not go unnoticed by threat actors scanning for similar opportunities.

Read more →


Security Corner

A batch of critical advisories crossed this week — patch these if they're in your environment:

  • Coolify CVE-2026-34048 — CVSS 9.9. Terminal WebSocket privilege escalation lets any team member access privileged server terminals. Fixed in v4.0.0-beta.471.
  • Coolify CVE-2026-34047 — Auth bypass in terminal routing. Patch alongside CVE-2026-34048.
  • ownCloud CVE-2025-53827 — CVSS 9.1. Updater component exposes a dangerous method enabling potential RCE. Update to ownCloud Core 10.15.3+.
  • CVE-2026-56290 — JoomLack Page Builder improper access control. Patch if you're running Joomla-based properties.

Quick Takes

  • RedWing MaaS is renting out Android banking fraud as a Telegram service — no technical skills required. 82 financial institutions are already on its target list, predominantly in Russia. The commoditization of sophisticated mobile fraud continues. Read →

  • Armored Likho APT is actively targeting government and electric power entities, per new threat intelligence this week. If you're in critical infrastructure, this one warrants a full IoC sweep. Read →

  • Canada's CSE published a transparency report revealing it hacked three criminal organizations in 2025 under its offensive cyber mandate. A rare public acknowledgment of active operations — and a reminder that Western agencies aren't just playing defense. Read →

  • Scattered Spider suspect extradited: A teenage suspect linked to the Scattered Spider hacking group has been extradited to the US. The group is connected to multiple high-profile casino and telecom breaches. Read →

  • Chinese LLMs are reportedly widening the attacker/defender gap — providing more actionable offensive guidance with fewer guardrails. Security teams need to account for adversarial LLM capability asymmetry. Read →


Upcoming

  • AI threat modeling frameworks — as autonomous attacks mature, traditional threat models need updating. We're working on a practical guide.
  • Supply chain hygiene checklist — covering SBOM, AIBOM, and dependency auditing for teams using AI coding assistants.
  • Scattered Spider deep-dive — following the extradition news, we'll be revisiting the group's TTPs and what defenders can learn.

Stay sharp, patch fast, and watch your supply chain.

— Dylan H., CosmicBytez Labs

#newsletter#cybersecurity#ransomware#supply-chain#ai-threats#data-breach
Previous Issue

Issue #25

Enjoyed this issue?

Subscribe to get the latest security alerts and tutorials delivered to your inbox.

Subscribe for Free

Related Articles

Why Every Business Needs Cyber Insurance in 2026

Cyber insurance stopped being optional for Canadian small businesses in 2024. By 2026 it's table-stakes — but most owners are walking into renewal without…

6 min read

What Rural Alberta Businesses Get Wrong About Ransomware

The five most common things rural Alberta business owners believe about ransomware that are wrong, expensive, and entirely fixable.

7 min read

Starlink and Cybersecurity: Securing Rural Connectivity in 2026

Starlink solved one rural problem and accidentally created another. Connection is fast — but the security defaults that worked for traditional ISP-managed…

7 min read
Back to Newsletter Archive