LiveThreat Advisory
// ADVISORIES & THREAT INTEL

ADVISORIES & THREAT INTEL

APT campaigns, nation-state threats, and security advisories analyzed through a third-party risk management lens.

Breaches Advisories Vulnerabilities 📡 RSS
Time: Severity: 4778 items
THREAT INTELLT BRIEF🔍
LIVETHREAT BRIEFEU Parliament Revives ‘Chat Control’ Law, Mandating Big‑Tech Scans for Child Sexual Abuse Material

The European Parliament reinstated a rule that gives major online platforms legal cover to scan user communications for CSAM through 2028. The change creates a privacy‑compliance dilemma that SOC 2‑ready organizations must address with robust consent and data‑subject rights processes.

High · Jul 10, 2026 · The Record
Read Full Intelligence Brief →
THREAT INTELLT BRIEF🕵️
LIVETHREAT BRIEFAnthropic’s Claude AI Agents Targeted in Espionage Campaign Highlighting Enterprise AI Governance Gaps

Researchers uncovered an espionage campaign that abuses Anthropic’s Claude LLM agents to pull proprietary code from victim networks. The incident underscores the need for SOC 2‑aligned access‑control policies and continuous monitoring of AI‑driven data flows.

High · Jul 10, 2026 · TechRepublic Security
Read Full Intelligence Brief →
THREAT INTELLT BRIEF🔍
LIVETHREAT BRIEFAI Safety Index Scores All Major AI Developers Below C+, Highlight Governance Gaps

The Future of Life Institute’s AI Safety Index gave every major AI developer a grade below C+, exposing weak safety pledges and missing audit evidence. This matters for SOC 2 readiness because auditors will look for measurable controls and continuous evidence of responsible AI practices.

High · Jul 10, 2026 · DataBreachToday
Read Full Intelligence Brief →
THREAT INTELLT BRIEF🔍
LIVETHREAT BRIEFSoftware Defect Triggers Nationwide Telstra Outage Impacting Mobile, Rail, Payments and Emergency Calls in Australia

A coding error in Telstra's network‑management software knocked out mobile, rail, payment and emergency call services across Australia. The outage highlights gaps in change‑management and configuration controls that SOC 2 auditors scrutinize for availability compliance.

High · Jul 10, 2026 · TechRepublic Security
Read Full Intelligence Brief →
ADVISORYLT BRIEF📋
LIVETHREAT BRIEFChrome 150 Rolls Out Android Back Button and Critical Security Fixes

Google's Chrome 150 update adds an Android back button and patches several high‑severity vulnerabilities. For SOC 2‑ready organizations, the release underscores the need for documented, continuous patch‑management evidence.

High · Jul 10, 2026 · TechRepublic Security
Read Full Intelligence Brief →
THREAT INTELLT BRIEF🔍
LIVETHREAT BRIEFHealthcare Service Providers See Attack Volume More Than Double in H1 2026

Cybercriminal activity targeting hospitals grew modestly in early 2026, but attacks on healthcare service providers more than doubled, raising supply‑chain risk for the sector. For organizations pursuing SOC 2 readiness, the surge underscores the need for robust vendor‑risk management and continuous monitoring to demonstrate due diligence.

High · Jul 10, 2026 · Dark Reading
Read Full Intelligence Brief →
THREAT INTELLT BRIEF🔍
LIVETHREAT BRIEFSupreme Court Ruling Raises Fourth‑Amendment Questions for Automated License‑Plate Readers

The U.S. Supreme Court held that geofence searches of cell‑phone location history need a warrant, a reasoning that could apply to ALPR systems that capture billions of license‑plate images each month. Organizations must now treat ALPR data as a privacy‑sensitive asset and be audit‑ready under SOC 2 and global privacy laws.

High · Jul 10, 2026 · The Record
Read Full Intelligence Brief →
ADVISORYLT BRIEF📋
LIVETHREAT BRIEFProgress Urges ShareFile Storage Zone Controllers to Shut Down Amid Credible External Threat

Progress Software warned customers that a credible external threat targets on‑premises ShareFile Storage Zone Controllers, prompting an immediate shutdown directive. The advisory underscores the need for continuous control mapping and audit evidence in hybrid deployments.

High · Jul 10, 2026 · BleepingComputer
Read Full Intelligence Brief →
ADVISORYLT BRIEF📋
LIVETHREAT BRIEFMicrosoft Secure Future Initiative – July 2026 Progress Report Highlights New Control‑Mapping and Audit‑Ready Telemetry

Microsoft detailed July 2026 updates to its Secure Future Initiative, including automated control‑mapping dashboards and continuous compliance telemetry for Azure services. The move illustrates how cloud providers can supply ready‑to‑use audit evidence, a key consideration for SOC 2 readiness.

Informational · Jul 10, 2026 · Microsoft Security Blog
Read Full Intelligence Brief →
ADVISORYLT BRIEF📋
LIVETHREAT BRIEFNew York Bans Smart Glasses in All State Courts Over Privacy Concerns

New York will prohibit smart‑glass devices in its 1,240 state courts due to privacy and recording worries, prompting organizations to reassess consent and data‑subject controls under SOC 2. This highlights the need for documented privacy policies and audit‑ready evidence.

Medium · Jul 10, 2026 · TechRepublic Security
Read Full Intelligence Brief →
ADVISORYLT BRIEF📋
LIVETHREAT BRIEFLaser Pulse Attack Resets Passwords on Tangem Crypto Wallet Cards, Bypassing User Authentication

Researchers showed a laser pulse can force a Tangem hardware‑wallet card to reset its PIN, giving attackers full control of stored crypto. The incident highlights the need for SOC 2‑aligned physical‑access controls and continuous evidence of hardware‑integrity monitoring.

High · Jul 10, 2026 · The Hacker News
Read Full Intelligence Brief →
THREAT INTELLT BRIEF🔍
LIVETHREAT BRIEFAI Agents Exploit Unmanaged Machine Identities, Expanding Credential Compromise Across Enterprises

AI‑driven agents and forgotten service accounts are being used to steal OAuth tokens and pivot into cloud environments, exposing a systemic access‑control gap that SOC 2 programs must address with continuous monitoring and audit‑ready evidence.

High · Jul 10, 2026 · BleepingComputer
Read Full Intelligence Brief →
ADVISORYLT BRIEF📋
LIVETHREAT BRIEFCritical BitLocker Wrapper Flaws Expose ATM Crypto Modules to Attack

Researchers uncovered vulnerabilities in Microsoft BitLocker’s wrapper used by ATM crypto modules, potentially allowing encryption bypass and transaction manipulation. For compliance teams, the finding stresses the need for continuous third‑party risk monitoring and auditable evidence of encryption control effectiveness.

High · Jul 10, 2026 · Dark Reading
Read Full Intelligence Brief →
THREAT INTELLT BRIEF🔍
LIVETHREAT BRIEFCountries Enforce Social Media Bans, Pressuring Platforms to Accelerate Privacy Compliance

Several governments have announced bans or strict age‑verification requirements for major social‑media services, citing privacy and youth‑protection concerns. The regulatory wave highlights gaps in consent and DSAR processes that SOC 2 privacy controls must address, making continuous‑compliance tooling essential.

Medium · Jul 10, 2026 · Dark Reading
Read Full Intelligence Brief →
THREAT INTELLT BRIEF🔍
LIVETHREAT BRIEFNew MODBEACON RAT Leverages gRPC Streaming for Encrypted C2 Traffic

Silver Fox’s Rust‑based MODBEACON RAT encrypts its command‑and‑control traffic via gRPC streams, complicating detection. Organizations must ensure SOC 2 monitoring controls can capture such stealthy traffic to stay audit‑ready.

High · Jul 10, 2026 · The Hacker News
Read Full Intelligence Brief →
THREAT INTELLT BRIEF💀
LIVETHREAT BRIEFRansomware Threat Landscape: 9,291 Confirmed Attacks Worldwide Since 2018

Ransomnews verified 9,291 ransomware incidents from 2018‑2026, with annual counts stabilizing around 1,400‑1,550 attacks. The data highlights the ongoing risk to enterprises and the compliance imperative to maintain SOC 2‑ready security controls.

High · Jul 10, 2026 · Security Affairs
Read Full Intelligence Brief →
THREAT INTELLT BRIEF🔍
LIVETHREAT BRIEFIncode Launches On‑Device Age Estimation to Meet Global Age‑Assurance Laws While Preserving Privacy

Incode’s new on‑device age‑estimation runs facial analysis locally, sending only the age estimate and tamper metadata to the service. The approach satisfies emerging age‑verification statutes and gives organizations concrete, privacy‑by‑design evidence for SOC 2 audits.

Informational · Jul 10, 2026 · Help Net Security
Read Full Intelligence Brief →
ADVISORYLT BRIEF📋
LIVETHREAT BRIEFCISA Adds Two Actively Exploited Unrestricted File‑Upload Vulnerabilities (CVE‑2026‑48939, CVE‑2026‑56291) to KEV Catalog

CISA placed two unrestricted file‑upload vulnerabilities affecting iCagenda and Balbooa Forms plugins into its KEV catalog, citing active exploitation. Organizations must treat these as high‑risk controls, map them to SOC 2 requirements, and retain remediation evidence for audit readiness.

CVE-2026-48939CVE-2026-56291
High · Jul 10, 2026 · CISA Advisories
Read Full Intelligence Brief →
THREAT INTELLT BRIEF🔍
LIVETHREAT BRIEFLumen Scales Asset Inventory from 17K to 1.1M, Highlighting Enterprise Exposure Management Gaps

Lumen Technologies grew its internal asset inventory to over 1.1 million assets after a 2026 Axonius survey showed most firms lack a unified view. The expansion underscores how incomplete inventories jeopardize SOC 2 control coverage and audit readiness.

High · Jul 10, 2026 · The Hacker News
Read Full Intelligence Brief →
THREAT INTELLT BRIEF🔍
LIVETHREAT BRIEFExposed Hacker Server Uncovers WP‑SHELLSTORM Campaign Backdooring Over 1.4 M WordPress Sites

A cyber‑crime crew left a command‑and‑control server open for three weeks, exposing tooling and a target list of 1.4 million WordPress sites. The leak confirms a mass‑scale backdoor operation, highlighting the compliance need for continuous configuration monitoring and control mapping.

High · Jul 10, 2026 · The Hacker News
Read Full Intelligence Brief →
THREAT INTELLT BRIEF🔍
LIVETHREAT BRIEFCriminal Recruiters Turn Everyday People into Mule Betting Scams to Launder Funds via Online Gambling Accounts

Criminals are luring ordinary individuals—often students or job‑seekers—into opening gambling accounts that are later used to launder illicit money. The scheme bypasses traditional AML controls and can expose victims to criminal prosecution, highlighting the need for robust security awareness and KYC processes in compliance programs.

High · Jul 10, 2026 · Malwarebytes Labs
Read Full Intelligence Brief →
Page 1 of 228