July 14, 2026
Tuesday Morning Threat Report: Jul 14, 2026
Where the news is always bad, but the analysis is always good.

By Mark Maguire
3 min read
Good morning everybody! Happy Tuesday!
A Pakistani police portal is breached by hackers, and Russian cyber groups compromise internet-connected cameras along NATO supply lines. Let's dive in!
Top Stories:
This week's biggest headlines. Analysis section below.
Pakistan Police Portal Breached by Hackers: Hackers have exploited the Balochistan Police portal as part of a multi-group espionage campaign, targeting sensitive data such as criminal records and biometric information from Pakistani law enforcement organizations.
AI Finds Another Severe Vulnerability Humans Missed for Years: Nebula Security used AI to discover "GhostLock" — a privilege escalation vulnerability that has existed in Linux since 2011 and allows a logged-in user to take full admin rights on a device.
Fake VPN Apps Used to Route Traffic Through Victim's PCs: Hackers are using fake VPN and 7-Zip apps to turn victims' devices into residential proxy nodes, allowing criminals to route internet traffic through their IP addresses without their knowledge.
Ransomware Negotiator Jailed for Helping Hackers: A former ransomware negotiator, Angelo Martino, was sentenced to 70 months in prison for conspiring with the BlackCat ransomware group to extort victims by leaking confidential negotiation details.
U.S. Government Agency Paid $1M Ransom to Hackers: A U.S. government agency reportedly paid $1 million to the hacking group Kairos to prevent the release of stolen private data. While the payer has not been officially confirmed, it is believed to have been Union County, Ohio.
Critical Vulnerabilities Found in U-Boot: U-Boot is open-source software that is used by millions of connected devices and industrial systems. Six critical vulnerabilities discovered in U-Boot could enable hackers to compromise devices as they power on.
Mythos is Scanning Government Codebases for Vulnerabilities: The Cybersecurity and Infrastructure Security Agency is using Anthropic's Mythos AI to scan U.S. government code repositories for vulnerabilities before they can be exploited by foreign intelligence services or cybercriminals.
Microsoft Says AI is Causing Them to Rethink Patching: Microsoft is rewriting its Windows patch guidance to recommend shorter deployment timelines for security updates, as advances in AI are reducing the time attackers need to exploit vulnerabilities after updates are released.
My Takeaways
Analysis based on this week's news and my experience in the industry. More headlines below in the Lower Echelon.
New Bottlenecks: Whether you are manufacturing Volvos, running an airline, or shipping new software features, you need to identify and remediate bottlenecks to expand capacity. As each bottleneck is relieved, another step becomes the new constraint on throughput. For much of the past 50 years, the limiting factor for software production was the speed at which developers could write code. However, especially in the last 6 months, I have seen that bottleneck abating. Code generation is becoming easier due to AI, so the two new bottlenecks that are emerging are testing and security.
Even before AI, it became vogue to require all software engineers to play a role in security. "Shift Left" caught steam in the mid 2010s, with the core idea being that it is much cheaper to write secure software than it is to patch vulnerable software later in the cycle. Source Code Analysis (SCA) tools, like Mend, were added to developer workflows. As a software engineer writes code, an SCA tool scans it and proactively identifies vulnerabilities, allowing the developer to fix issues before they ever commit the code to the codebase.
With code generation becoming easier, I expect that the software engineer role will continue to evolve and become even more focused on security. Less time writing code means engineers will have more cycles available to focus on ensuring AI-generated code is secure and robust. It's possible that the industry keeps shifting left, allowing security not to be the responsibility of a single department, but more broadly distributed across all of engineering.
The Lower Echelon:
Interesting cybersecurity news that didn't quite make the cut to be a top story.
Russian Hackers Breach Home Cameras Along NATO Supply Lines: Russian state-backed hackers compromised internet-connected cameras along military logistics routes in the Netherlands to monitor the transfer of military equipment to Ukraine, according to Dutch intelligence services.
Meta AI Tool Allows Users to Generate Images with Others' Photos: Meta's new AI tool, Muse Image, allows users to create AI-generated content using publicly posted Instagram photos without notifying the original poster.
U.K. Launches Cyber Resilience Pledge: The UK government's Cyber Resilience Pledge has gained over 60 signatories, including major companies like Marks & Spencer, Nationwide, Microsoft UK, Cloudflare, Deloitte, Accenture UK, and Vodafone. Signatories commit to board-level cybersecurity oversight.
"Ill Bloom" Used to Steal Millions in Cryptocurrency: Hackers exploited a vulnerability called "Ill Bloom" to steal over $5 million from cryptocurrency wallets. This flaw allowed attackers to predict weak recovery phrases used in some wallet software
Vulnerability in Zimbra Email Service Can Run Malicious Code: A critical security flaw in Zimbra's Classic Web Client allows specially crafted emails to execute malicious code in a user's session, potentially compromising their mailbox and account settings.
Balbooa Forms Added to CISA's KEV: The Cybersecurity and Infrastructure Security Agency (CISA) added Balbooa Forms vulnerabilities to its Known Exploited Vulnerabilities catalog on July 9, 2026, due to active exploitation of an unauthenticated file upload flaw that allows remote code execution.
jscrambler 8.14.0 Compromised in Supply-Chain Attack: Version 8.14.0 of jscrambler was compromised in a supply-chain attack. A malware installer was introduced which steals cloud credentials and browser sessions.
BeyondTrust Patches Two Critical Vulnerabilities: BeyondTrust has patched two critical authentication bypass vulnerabilities in its Remote Support and Privileged Remote Access products, which could allow unauthorized access to affected systems.
On the right side of this page, you can follow and subscribe to receive this newsletter to your inbox weekly (no Medium account needed, just sign in with Google)!
Thanks for reading! See everyone next week!