
Week 27 | cybersecurity - technology - privacy news recap
- OpenAI is reportedly in early stage talks to give a 5% stake in the ChatGPT developer to the US government as artificial intelligence companies attempt to smooth relations with Donald Trump’s administration. Source: https://www.theguardian.com/technology/2026/jul/02/openai-stake-us-government-ai-sam-altman
- Cybercriminals are posing as international law enforcement agencies in a phishing campaign designed to deliver ransomware attacks. As detailed by Bitdefender Antispam Lab in a blog post published on July 1, the phishing attacks target small businesses across Europe, Asia, the Middle East and North America with emails which claim to come from the ‘Cybercrime Investigation Unit’ at Interpol. Source: https://www.infosecurity-magazine.com/news/cybercriminals-pose-interpol/
- The massive FortiBleed credential theft campaign has been linked to the INC and Lynx ransomware operations, suggesting the stolen Fortinet credentials were intended to fuel future network intrusions. Earlier this month, a server containing credentials stolen from more than 73,000 Fortinet devices was discovered exposed on the internet. Researchers found the server contained downloaded FortiGate configuration files, credentials harvested from compromised devices, and infrastructure used to crack password hashes and perform credential-stuffing attacks. Source: https://www.bleepingcomputer.com/news/security/fortibleed-credential-theft-campaign-linked-to-lynx-ransomware/
- The Department of Homeland Security is investigating a cyberattack that compromised the Homeland Security Information Network (HSIN), a sensitive information-sharing platform used by federal, state, local, and private-sector partners. The intrusion, first reported by Nextgov, was carried out by an unknown threat actor in recent weeks and is believed to have occurred sometime between late May and early June, according to two people familiar with the matter who spoke on the condition of anonymity. Source: https://www.bleepingcomputer.com/news/security/dhs-confirms-hackers-breached-hsin-info-sharing-platform/
- A Swedish court on Wednesday ordered Alphabet's Google to pay about $1.5 billion in damages to PriceRunner, the price comparison business owned by payments platform Klarna for favouring its own shopping service in search results. Source: https://www.reuters.com/business/swedish-court-says-google-is-pay-15-billion-klarna-antitrust-damages-2026-07-01/
- An aggressive password-spraying campaign targeting Microsoft 365 environments generated more than 81 million login attempts over a two-week period. The threat actor tried to authenticate via Microsoft's Azure command-line interface (CLI) using still valid username and password combinations that had been exposed in past breaches. Source: https://www.bleepingcomputer.com/news/security/hackers-target-microsoft-365-accounts-with-81-million-login-attempts/
- Google, the FBI, and other organizations coordinated in a joint effort to dismantle NetNut, a massive residential proxy network. Also known as Popa, NetNut is believed to consist of more than 2 million Android devices such as smart TVs and streaming boxes, that have been infected through trojanized applications and malware such as Badbox 2.0. Source: https://www.securityweek.com/google-fbi-disrupt-netnut-residential-proxy-network-powered-by-millions-of-devices/