By security practitioners, for security practitioners novacoast federal | Apex Program | novacoast | about innovate
By security practitioners, for security practitioners

Top 10 Cybersecurity News (July 13, 2026): Malicious Go Module Exposes GitHub Malware Lure Network, GhostApproval Flaws Break Major AI Coding Assistants, and More

WEEKLY TOP TEN: July 13, 2026, 16:00 GMT

  1. Gitea Docker Image Flaw Under Active Exploitation

    Attackers are exploiting a critical authentication-bypass flaw in the official Gitea Docker image for the self-hosted Git service. The Gitea Docker image ships an app.ini template that hard-codes REVERSE_PROXY_TRUSTED_PROXIES = * by default. Tracked as CVE-2026-20896 with a CVSS score of 9.8, the flaw stems from the platform trusting the X-WEBAUTH-USER header from any source IP address, effectively allowing an unauthenticated internet client to gain elevated access. Researchers warned this lets attackers impersonate any user, including administrators, exposing repositories and sensitive secrets. Organizations running affected Gitea Docker deployments were urged to correct the configuration and patch without delay.
  2. Accenture Confirms Breach After 35GB Source-Code Theft

    Consulting giant Accenture confirmed a security breach after a threat actor using the handle “888” claimed to have stolen roughly 35GB of source code and offered it for sale. The stolen data reportedly includes source code, RSA keys, SSH keys, Azure personal access tokens, Azure Storage access keys, and configuration files. To support the claims, the actor shared a screenshot appearing to show them cloning an Azure DevOps repository hosted under a redacted accenture.com hostname. Accenture confirmed the incident but declined to comment on the amount or type of data accessed. The same actor previously targeted Accenture-linked data in a 2024 third-party breach.
  3. AssuranceAmerica Breach Exposes Nearly 7 Million Drivers

    Auto insurer AssuranceAmerica confirmed a breach exposing nearly seven million driver’s licenses after attackers compromised an employee account. The company discovered unauthorized access on March 17 and concluded that attackers had stolen names, contact information, and driver’s license numbers for almost seven million customers. Attackers also took information about customers’ auto insurance policies and accounts, their drivers and vehicles, and claim details. This is one of the largest known exposures of driver’s license numbers so far in 2026. The company contained the incident, reset credentials, and began notifying affected individuals, urging vigilance against identity fraud using the stolen personal data.
  4. Ubiquiti Patches Critical UniFi OS Vulnerabilities

    Networking vendor Ubiquiti released security updates addressing multiple UniFi OS flaws. The company patched seven UniFi OS flaws, including the critical CVE-2026-50746, which allows command injection in the UniFi Connect Application. Its Security Advisory Bulletin 066 disclosed 25 vulnerabilities across the UniFi ecosystem, including CVE-2026-50746, a perfect 10.0-rated command injection flaw exploitable without authentication, with several other critical bugs scoring 9.9 spanning SQL injection, SSRF, and access control issues across UniFi Talk, Access, and Protect. Administrators of UniFi Connect, Talk, Access, and Protect deployments were urged to apply updates promptly, since successful exploitation could enable arbitrary code execution and privilege escalation on affected devices.
  5. GhostApproval Flaws Break Major AI Coding Assistants

    Wiz researchers disclosed GhostApproval, a symlink-based flaw pattern affecting popular AI coding assistants. The vulnerability pattern affected tools from Amazon, Anthropic, Augment, Cursor, Google, Windsurf, and Cognition, with outcomes including misleading approval prompts and file changes made before users could respond. Using symbolic links, attackers could disguise sensitive system files as ordinary project files, so an edit presented as a local config change could reach files such as ~/.ssh/authorized_keys outside the project directory. This could grant password-free remote access to a developer’s machine. Some vendors shipped fixes; others had not at disclosure, and Anthropic disputed the classification as a bug.
  6. Microsoft Closes RoguePlanet Defender Zero-Day

    Microsoft fixed RoguePlanet, a Defender privilege-escalation flaw tracked as CVE-2026-50656. The bug exploits a race condition in Microsoft Defender to spawn a command prompt with SYSTEM privileges, granting an attacker complete control of the local machine if the timing is right. The vulnerability was addressed through an update to the Microsoft Malware Protection Engine rather than a monthly Patch Tuesday bundle, so customers should ensure they run the latest engine version. The flaw surfaced in June when researcher Nightmare Eclipse published technical details and proof-of-concept code claiming it worked against fully patched Windows 10 and Windows 11 systems.
  7. GodDamn Ransomware Uses BYOVD to Hit US Companies

    Symantec researchers flagged a new ransomware family called GodDamn targeting US companies. The ransomware employs the PoisonX kernel driver to neutralize security software as part of its defense evasion strategy and was first publicly spotted in the wild on May 21, 2026. It is assessed to be a rebrand of the Beast ransomware family. By abusing a bring-your-own-vulnerable-driver technique, the operators blind endpoint defenses before encrypting files. In one early June attack, the operators leveraged AnyDesk for remote access and used a NirSoft-based credential harvesting toolkit before deploying the ransomware. The initial access vector remains unknown, complicating defense for targeted businesses.
  8. Fresh ATM Crypto Software Bugs Tied to Microsoft BitLocker

    Researchers disclosed vulnerabilities that put organizations, and potentially cryptocurrency ATMs, at risk. The flaws reside in a Microsoft BitLocker security wrapper, placing organizations and possibly ATMs at risk of compromise. Because the weaknesses sit in a wrapper around Microsoft’s BitLocker disk-encryption technology, attackers could undermine the protections that BitLocker is meant to provide, opening a path to compromise on systems and embedded machines that rely on it. The research highlights how third-party integrations around trusted security components can introduce exploitable gaps. Enterprises using the affected BitLocker wrapper, and operators of crypto ATM hardware built on Windows, were advised to evaluate exposure and apply available mitigations.
  9. Lone Attacker Uses AI to Breach AWS Cloud in 72 Hours

    Researchers documented how a single attacker leveraged artificial intelligence to breach an Amazon Web Services cloud environment in roughly three days. The case demonstrates how AI tooling can compress the timeline for reconnaissance, exploitation, and lateral movement inside cloud infrastructure, letting one operator accomplish what previously required a larger team. The finding underscores growing concern that AI accelerates both the discovery and weaponization of cloud misconfigurations and exposed credentials. For businesses relying on AWS, the takeaway is that detection and response windows are shrinking, making rapid credential rotation, least-privilege access, and continuous monitoring of cloud identity activity increasingly essential to contain machine-speed intrusions.
  10. Malicious Go Module Exposes GitHub Malware Lure Network

    Researchers uncovered a malicious Go module used to seed a broad GitHub malware distribution network. The scanner-themed module had more than 1,200 versions, over 700 of them malicious, an anomaly for a small Go module first published on January 24, 2026. The version sprawl likely stemmed from the threat actor’s own GitHub Actions workflow generating timestamp commits surfaced as Go pseudo-versions. Before any scanner logic could run, the module launched a hidden PowerShell command that downloaded external content, decoded it with certutil, and executed the resulting script with an execution-policy bypass. Developers pulling GitHub-hosted Go modules were urged to scrutinize dependencies.

Our Threat Operations and Intelligence team compiles a daily digest of the most recent online cybersecurity risks. The previous 10 stories were determined to be most significant during the course of the week, ranked by highest risk, and using multiple sources when available.

Previous Post

Top 10 Cybersecurity News (July 07, 2026): Sysdig Documents First End-To-End AI Agent Ransomware Attack, DHS Confirms Breach Of Homeland Security Information Network, and More

Innovate uses cookies to give you the best online experience. If you continue to use this site, you agree to the use of cookies. Please see our privacy policy for details.