• Google Patches Chrome’s Fifth Zero-Day of the Year »
  An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.
• APT Lazarus Targets Engineers with macOS Malware »
  The North Korean APT is using a fake job posting for Coinbase in a cyberespionage campaign targeting users of both Apple and Intel-based systems.
• U.K. Water Supplier Hit with Clop Ransomware Attack »
  The incident disrupted corporate IT systems at one company while attackers misidentified the victim in a post on its website that leaked stolen data.
• Xiaomi Phone Bug Allowed Payment Forgery »
  Mobile transactions could’ve been disabled, created and signed by attackers.
• Black Hat and DEF CON Roundup »
  ‘Summer Camp’ for hackers features a compromised satellite, a homecoming for hackers and cyberwarfare warnings.
• Feds: Zeppelin Ransomware Resurfaces with New Compromise, Encryption Tactics »
  The CISA has seen a resurgence of the malware targeting a range of verticals and critical infrastructure organizations by exploiting RDP, firewall vulnerabilities.
• Facebook’s In-app Browser on iOS Tracks ‘Anything You Do on Any Website’ »
  Researcher shows how Instagram and Facebook’s use of an in-app browser within both its iOS apps can track interactions with external websites.
• Starlink Successfully Hacked Using $25 Modchip »
  Belgian researcher Lennert Wouters revealed at Black Hat how he mounted a successful fault injection attack on a user terminal for SpaceX’s satellite-based internet system
• New Hacker Forum Takes Pro-Ukraine Stance »
  A uniquely politically motivated site called DUMPS focuses solely on threat activity directed against Russia and Belarus
• Cisco Confirms Network Breach Via Hacked Employee Google Account »
  Networking giant says attackers gained initial access to an employee’s VPN client via a compromised Google account.