<?xml version="1.0" encoding="UTF-8" standalone="no"?><rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:itunes="http://www.itunes.com/dtds/podcast-1.0.dtd" xmlns:media="http://search.yahoo.com/mrss/" xmlns:slash="http://purl.org/rss/1.0/modules/slash/" xmlns:sy="http://purl.org/rss/1.0/modules/syndication/" xmlns:wfw="http://wellformedweb.org/CommentAPI/" version="2.0">

<channel>
	<title>Cybersecurity News and Magazine</title>
	<atom:link href="https://thecyberexpress.com/feed/" rel="self" type="application/rss+xml"/>
	<link>https://thecyberexpress.com</link>
	<description>Trending Cybersecurity News, Updates, Magazine and More.</description>
	<lastBuildDate>Fri, 17 Jul 2026 11:38:11 +0000</lastBuildDate>
	<language>en-US</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	

<image>
	<url>https://thecyberexpress.com/wp-content/uploads/tce-favicon-75x75.jpg?crop=1</url>
	<title>The Cyber Express</title>
	<link>https://thecyberexpress.com</link>
	<width>32</width>
	<height>32</height>
</image> 
<site xmlns="com-wordpress:feed-additions:1">208869986</site>	<itunes:explicit>no</itunes:explicit><itunes:subtitle>Trending Cybersecurity News, Updates, Magazine and More.</itunes:subtitle><item>
		<title>The Cyber Express Weekly Roundup: TikTok Age Verification Probe, Healthcare Data Breach, Qantas Ruling, and Major Cyberattacks</title>
		<link>https://thecyberexpress.com/cybersecurity-weekly-roundup-tce/</link>
		
		<dc:creator><![CDATA[Ashish Khaitan]]></dc:creator>
		<pubDate>Fri, 17 Jul 2026 11:38:04 +0000</pubDate>
				<category><![CDATA[Firewall Daily]]></category>
		<category><![CDATA[Cyber News]]></category>
		<category><![CDATA[Data Breach News]]></category>
		<category><![CDATA[cyber risks]]></category>
		<category><![CDATA[The Cyber Express]]></category>
		<category><![CDATA[The Cyber Express News]]></category>
		<category><![CDATA[TikTok]]></category>
		<category><![CDATA[weekly round]]></category>
		<guid isPermaLink="false">https://thecyberexpress.com/?p=113202</guid>

					<description><![CDATA[<p><img width="1101" height="614" src="https://thecyberexpress.com/wp-content/uploads/weekly-round.webp" class="attachment-post-thumbnail size-post-thumbnail wp-post-image" alt="weekly round" decoding="async" srcset="https://thecyberexpress.com/wp-content/uploads/weekly-round.webp 1101w, https://thecyberexpress.com/wp-content/uploads/weekly-round-300x167.webp 300w, https://thecyberexpress.com/wp-content/uploads/weekly-round-1024x571.webp 1024w, https://thecyberexpress.com/wp-content/uploads/weekly-round-768x428.webp 768w, https://thecyberexpress.com/wp-content/uploads/weekly-round-600x335.webp 600w, https://thecyberexpress.com/wp-content/uploads/weekly-round-150x84.webp 150w, https://thecyberexpress.com/wp-content/uploads/weekly-round-750x418.webp 750w, https://thecyberexpress.com/wp-content/uploads/weekly-round.webp 1101w, https://thecyberexpress.com/wp-content/uploads/weekly-round-300x167.webp 300w, https://thecyberexpress.com/wp-content/uploads/weekly-round-1024x571.webp 1024w, https://thecyberexpress.com/wp-content/uploads/weekly-round-768x428.webp 768w, https://thecyberexpress.com/wp-content/uploads/weekly-round-600x335.webp 600w, https://thecyberexpress.com/wp-content/uploads/weekly-round-150x84.webp 150w, https://thecyberexpress.com/wp-content/uploads/weekly-round-750x418.webp 750w" sizes="(max-width: 1101px) 100vw, 1101px" title="The Cyber Express Weekly Roundup: TikTok Age Verification Probe, Healthcare Data Breach, Qantas Ruling, and Major Cyberattacks 1"></p><span data-contrast="auto">This week’s cybersecurity roundup highlights growing concerns around online child safety, healthcare data protection, supply chain risks, and cyber threats affecting organizations worldwide. From regulatory scrutiny of digital platforms to large-scale vulnerabilities and operational disruptions, recent incidents show how cyber risks continue expanding across industries.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>

<span data-contrast="auto">The key theme in this weekly roundup is the increasing pressure on organizations to strengthen security, improve <a class="wpil_keyword_link" href="https://thecyberexpress.com/what-is-data/"   title="data" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29030">data</a> protection measures, and adapt to rapidly changing threat environments. Regulators, businesses, and <a class="wpil_keyword_link" href="https://thecyberexpress.com/what-is-cybersecurity/"   title="cybersecurity" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29026">cybersecurity</a> teams are facing challenges ranging from social engineering attacks and malware incidents to vulnerabilities affecting widely used enterprise technologies.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>
<h2 aria-level="2"><b><span data-contrast="none">The Cyber Express Weekly Roundup</span></b><span data-ccp-props="{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:160,&quot;335559739&quot;:80}"> </span></h2>
<h3 aria-level="3"><b><span data-contrast="none">UK Investigates TikTok Age Verification Compliance</span></b><span data-ccp-props="{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:160,&quot;335559739&quot;:80}"> </span></h3>
<span data-contrast="auto">The UK communications regulator Ofcom has launched an investigation into TikTok’s age verification system, examining whether the platform is meeting its child safety obligations under the Online Safety Act. The probe comes as the UK government prepares stricter social media restrictions for users under 16, with enhanced age assurance requirements expected to take effect by Spring 2027. </span><a href="https://thecyberexpress.com/tiktok-age-verification-probe-launched-by-uk/"><span data-contrast="none">Read more…</span></a><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>
<h3 aria-level="3"><b><span data-contrast="none">Partnered Health Cyberattack Exposes Australian Patient Data</span></b><span data-ccp-props="{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:160,&quot;335559739&quot;:80}"> </span></h3>
<span data-contrast="auto">Healthcare provider Partnered Health has suffered a <a class="wpil_keyword_link" href="https://cyble.com/cyberattack/" target="_blank"  rel="noopener" title="cyberattack" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29031">cyberattack</a> that exposed sensitive patient information from 21 clinics across Australia. The compromised data reportedly includes personal details, Medicare information, health insurance records, and medical documents. Authorities and the company continue investigating the incident to determine the full scope of the breach and whether additional information was affected. </span><a href="https://thecyberexpress.com/partnered-health-cyberattack/"><span data-contrast="none">Read more…</span></a><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>
<h3 aria-level="3"><b><span data-contrast="none">Qantas Data Breach Cleared After Privacy Review</span></b><span data-ccp-props="{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:160,&quot;335559739&quot;:80}"> </span></h3>
<span data-contrast="auto">Australia’s privacy regulator has concluded its review of the 2025 Qantas <a class="wpil_keyword_link" href="https://cyble.com/knowledge-hub/what-is-a-data-breach/" target="_blank"  rel="noopener" title="data breach" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29029">data breach</a>, finding no evidence that the airline failed to take reasonable measures to protect customer information. The incident affected approximately 5.67 million records after attackers used <a class="wpil_keyword_link" href="https://cyble.com/knowledge-hub/what-is-social-engineering/" target="_blank"  rel="noopener" title="social engineering" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29032">social engineering</a> techniques to compromise a contact center employee. </span><a href="https://thecyberexpress.com/qantas-did-everything-right-yet-got-breached/"><span data-contrast="none">Read more…</span></a><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>
<h3 aria-level="3"><b><span data-contrast="none">Nichirei Cyberattack Disrupts KFC Japan Supply Chain</span></b><span data-ccp-props="{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:160,&quot;335559739&quot;:80}"> </span></h3>
<span data-contrast="auto">Japanese frozen food and logistics company Nichirei experienced a cyberattack that disrupted deliveries to KFC Japan after unauthorized access impacted its systems. The <a href="https://www.nichirei.co.jp/sites/default/files/inline-images/english/ir/pdf_file/news/20260716_e.pdf" target="_blank" rel="nofollow noopener">company isolated</a> affected infrastructure, suspended certain logistics operations, and began recovery efforts with external cybersecurity specialists while investigating the incident. </span><a href="https://thecyberexpress.com/nichirei-cyberattack-disrupts-supply-chain/"><span data-contrast="none">Read more…</span></a><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>
<h3 aria-level="3"><b><span data-contrast="none">Microsoft Patch Tuesday Addresses 622 Security Flaws</span></b><span data-ccp-props="{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:160,&quot;335559739&quot;:80}"> </span></h3>
<span data-contrast="auto">Microsoft’s July 2026 Patch Tuesday update fixed 622 <a class="wpil_keyword_link" href="https://thecyberexpress.com/what-are-vulnerabilities/"   title="vulnerabilities" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29033">vulnerabilities</a> across its product ecosystem, making it the company’s largest security release to date. The update included patches for two actively exploited zero-day vulnerabilities, CVE-2026-56164 and CVE-2026-56155, affecting Microsoft SharePoint Server and Active Directory Federation Services. </span><a href="https://thecyberexpress.com/microsoft-patch-tuesday-july-2026-622-flaws/"><span data-contrast="none">Read more…</span></a><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>
<h3 aria-level="3"><b><span data-contrast="none">Nihon Kotsu Cyberattack Disrupts Japan Taxi Operations</span></b><span data-ccp-props="{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:160,&quot;335559739&quot;:80}"> </span></h3>
<span data-contrast="auto">Japan’s largest taxi operator, Nihon Kotsu, suffered a malware-related cyberattack that forced the company to shut down parts of its IT infrastructure. The incident, detected on July 11, 2026, affected taxi dispatch services and internal systems as the company worked to contain the attack and investigate potential data exposure. </span><a href="https://thecyberexpress.com/nihon-kotsu-cyberattack/"><span data-contrast="none">Read more…</span></a><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>
<h2 aria-level="2"><b><span data-contrast="none">Weekly Cybersecurity Takeaway</span></b><span data-ccp-props="{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:160,&quot;335559739&quot;:80}"> </span></h2>
<span data-contrast="auto">This week’s cybersecurity developments highlight the growing complexity of modern <a class="wpil_keyword_link" href="https://thecyberexpress.com/cyber-news/"   title="cyber" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29027">cyber</a> threats, with attacks and security challenges affecting technology platforms, healthcare providers, logistics companies, transportation services, and enterprise software environments. From regulatory action on digital safety to actively exploited vulnerabilities and supply chain disruptions, organizations are facing increased pressure to strengthen resilience and respond faster to emerging <a class="wpil_keyword_link" href="https://thecyberexpress.com/what-are-risks-in-cybersecurity/"   title="risks" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29028">risks</a>.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>]]></description>
										<content:encoded><![CDATA[<p><img width="1101" height="614" src="https://thecyberexpress.com/wp-content/uploads/weekly-round.webp" class="attachment-post-thumbnail size-post-thumbnail wp-post-image" alt="weekly round" decoding="async" srcset="https://thecyberexpress.com/wp-content/uploads/weekly-round.webp 1101w, https://thecyberexpress.com/wp-content/uploads/weekly-round-300x167.webp 300w, https://thecyberexpress.com/wp-content/uploads/weekly-round-1024x571.webp 1024w, https://thecyberexpress.com/wp-content/uploads/weekly-round-768x428.webp 768w, https://thecyberexpress.com/wp-content/uploads/weekly-round-600x335.webp 600w, https://thecyberexpress.com/wp-content/uploads/weekly-round-150x84.webp 150w, https://thecyberexpress.com/wp-content/uploads/weekly-round-750x418.webp 750w, https://thecyberexpress.com/wp-content/uploads/weekly-round.webp 1101w, https://thecyberexpress.com/wp-content/uploads/weekly-round-300x167.webp 300w, https://thecyberexpress.com/wp-content/uploads/weekly-round-1024x571.webp 1024w, https://thecyberexpress.com/wp-content/uploads/weekly-round-768x428.webp 768w, https://thecyberexpress.com/wp-content/uploads/weekly-round-600x335.webp 600w, https://thecyberexpress.com/wp-content/uploads/weekly-round-150x84.webp 150w, https://thecyberexpress.com/wp-content/uploads/weekly-round-750x418.webp 750w" sizes="(max-width: 1101px) 100vw, 1101px" title="The Cyber Express Weekly Roundup: TikTok Age Verification Probe, Healthcare Data Breach, Qantas Ruling, and Major Cyberattacks 2"></p><span data-contrast="auto">This week’s cybersecurity roundup highlights growing concerns around online child safety, healthcare data protection, supply chain risks, and cyber threats affecting organizations worldwide. From regulatory scrutiny of digital platforms to large-scale vulnerabilities and operational disruptions, recent incidents show how cyber risks continue expanding across industries.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>

<span data-contrast="auto">The key theme in this weekly roundup is the increasing pressure on organizations to strengthen security, improve <a class="wpil_keyword_link" href="https://thecyberexpress.com/what-is-data/"   title="data" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29030">data</a> protection measures, and adapt to rapidly changing threat environments. Regulators, businesses, and <a class="wpil_keyword_link" href="https://thecyberexpress.com/what-is-cybersecurity/"   title="cybersecurity" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29026">cybersecurity</a> teams are facing challenges ranging from social engineering attacks and malware incidents to vulnerabilities affecting widely used enterprise technologies.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>
<h2 aria-level="2"><b><span data-contrast="none">The Cyber Express Weekly Roundup</span></b><span data-ccp-props="{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:160,&quot;335559739&quot;:80}"> </span></h2>
<h3 aria-level="3"><b><span data-contrast="none">UK Investigates TikTok Age Verification Compliance</span></b><span data-ccp-props="{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:160,&quot;335559739&quot;:80}"> </span></h3>
<span data-contrast="auto">The UK communications regulator Ofcom has launched an investigation into TikTok’s age verification system, examining whether the platform is meeting its child safety obligations under the Online Safety Act. The probe comes as the UK government prepares stricter social media restrictions for users under 16, with enhanced age assurance requirements expected to take effect by Spring 2027. </span><a href="https://thecyberexpress.com/tiktok-age-verification-probe-launched-by-uk/"><span data-contrast="none">Read more…</span></a><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>
<h3 aria-level="3"><b><span data-contrast="none">Partnered Health Cyberattack Exposes Australian Patient Data</span></b><span data-ccp-props="{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:160,&quot;335559739&quot;:80}"> </span></h3>
<span data-contrast="auto">Healthcare provider Partnered Health has suffered a <a class="wpil_keyword_link" href="https://cyble.com/cyberattack/" target="_blank"  rel="noopener" title="cyberattack" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29031">cyberattack</a> that exposed sensitive patient information from 21 clinics across Australia. The compromised data reportedly includes personal details, Medicare information, health insurance records, and medical documents. Authorities and the company continue investigating the incident to determine the full scope of the breach and whether additional information was affected. </span><a href="https://thecyberexpress.com/partnered-health-cyberattack/"><span data-contrast="none">Read more…</span></a><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>
<h3 aria-level="3"><b><span data-contrast="none">Qantas Data Breach Cleared After Privacy Review</span></b><span data-ccp-props="{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:160,&quot;335559739&quot;:80}"> </span></h3>
<span data-contrast="auto">Australia’s privacy regulator has concluded its review of the 2025 Qantas <a class="wpil_keyword_link" href="https://cyble.com/knowledge-hub/what-is-a-data-breach/" target="_blank"  rel="noopener" title="data breach" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29029">data breach</a>, finding no evidence that the airline failed to take reasonable measures to protect customer information. The incident affected approximately 5.67 million records after attackers used <a class="wpil_keyword_link" href="https://cyble.com/knowledge-hub/what-is-social-engineering/" target="_blank"  rel="noopener" title="social engineering" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29032">social engineering</a> techniques to compromise a contact center employee. </span><a href="https://thecyberexpress.com/qantas-did-everything-right-yet-got-breached/"><span data-contrast="none">Read more…</span></a><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>
<h3 aria-level="3"><b><span data-contrast="none">Nichirei Cyberattack Disrupts KFC Japan Supply Chain</span></b><span data-ccp-props="{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:160,&quot;335559739&quot;:80}"> </span></h3>
<span data-contrast="auto">Japanese frozen food and logistics company Nichirei experienced a cyberattack that disrupted deliveries to KFC Japan after unauthorized access impacted its systems. The <a href="https://www.nichirei.co.jp/sites/default/files/inline-images/english/ir/pdf_file/news/20260716_e.pdf" target="_blank" rel="nofollow noopener">company isolated</a> affected infrastructure, suspended certain logistics operations, and began recovery efforts with external cybersecurity specialists while investigating the incident. </span><a href="https://thecyberexpress.com/nichirei-cyberattack-disrupts-supply-chain/"><span data-contrast="none">Read more…</span></a><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>
<h3 aria-level="3"><b><span data-contrast="none">Microsoft Patch Tuesday Addresses 622 Security Flaws</span></b><span data-ccp-props="{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:160,&quot;335559739&quot;:80}"> </span></h3>
<span data-contrast="auto">Microsoft’s July 2026 Patch Tuesday update fixed 622 <a class="wpil_keyword_link" href="https://thecyberexpress.com/what-are-vulnerabilities/"   title="vulnerabilities" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29033">vulnerabilities</a> across its product ecosystem, making it the company’s largest security release to date. The update included patches for two actively exploited zero-day vulnerabilities, CVE-2026-56164 and CVE-2026-56155, affecting Microsoft SharePoint Server and Active Directory Federation Services. </span><a href="https://thecyberexpress.com/microsoft-patch-tuesday-july-2026-622-flaws/"><span data-contrast="none">Read more…</span></a><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>
<h3 aria-level="3"><b><span data-contrast="none">Nihon Kotsu Cyberattack Disrupts Japan Taxi Operations</span></b><span data-ccp-props="{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:160,&quot;335559739&quot;:80}"> </span></h3>
<span data-contrast="auto">Japan’s largest taxi operator, Nihon Kotsu, suffered a malware-related cyberattack that forced the company to shut down parts of its IT infrastructure. The incident, detected on July 11, 2026, affected taxi dispatch services and internal systems as the company worked to contain the attack and investigate potential data exposure. </span><a href="https://thecyberexpress.com/nihon-kotsu-cyberattack/"><span data-contrast="none">Read more…</span></a><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>
<h2 aria-level="2"><b><span data-contrast="none">Weekly Cybersecurity Takeaway</span></b><span data-ccp-props="{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:160,&quot;335559739&quot;:80}"> </span></h2>
<span data-contrast="auto">This week’s cybersecurity developments highlight the growing complexity of modern <a class="wpil_keyword_link" href="https://thecyberexpress.com/cyber-news/"   title="cyber" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29027">cyber</a> threats, with attacks and security challenges affecting technology platforms, healthcare providers, logistics companies, transportation services, and enterprise software environments. From regulatory action on digital safety to actively exploited vulnerabilities and supply chain disruptions, organizations are facing increased pressure to strengthen resilience and respond faster to emerging <a class="wpil_keyword_link" href="https://thecyberexpress.com/what-are-risks-in-cybersecurity/"   title="risks" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29028">risks</a>.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>]]></content:encoded>
					
		
		
		<post-id xmlns="com-wordpress:feed-additions:1">113202</post-id>	<enclosure length="143156" type="application/pdf" url="https://www.nichirei.co.jp/sites/default/files/inline-images/english/ir/pdf_file/news/20260716_e.pdf"/><itunes:explicit>no</itunes:explicit><itunes:subtitle>This week’s cybersecurity roundup highlights growing concerns around online child safety, healthcare data protection, supply chain risks, and cyber threats affecting organizations worldwide. From regulatory scrutiny of digital platforms to large-scale vulnerabilities and operational disruptions, recent incidents show how cyber risks continue expanding across industries.  The key theme in this weekly roundup is the increasing pressure on organizations to strengthen security, improve data protection measures, and adapt to rapidly changing threat environments. Regulators, businesses, and cybersecurity teams are facing challenges ranging from social engineering attacks and malware incidents to vulnerabilities affecting widely used enterprise technologies.  The Cyber Express Weekly Roundup  UK Investigates TikTok Age Verification Compliance  The UK communications regulator Ofcom has launched an investigation into TikTok’s age verification system, examining whether the platform is meeting its child safety obligations under the Online Safety Act. The probe comes as the UK government prepares stricter social media restrictions for users under 16, with enhanced age assurance requirements expected to take effect by Spring 2027. Read more…  Partnered Health Cyberattack Exposes Australian Patient Data  Healthcare provider Partnered Health has suffered a cyberattack that exposed sensitive patient information from 21 clinics across Australia. The compromised data reportedly includes personal details, Medicare information, health insurance records, and medical documents. Authorities and the company continue investigating the incident to determine the full scope of the breach and whether additional information was affected. Read more…  Qantas Data Breach Cleared After Privacy Review  Australia’s privacy regulator has concluded its review of the 2025 Qantas data breach, finding no evidence that the airline failed to take reasonable measures to protect customer information. The incident affected approximately 5.67 million records after attackers used social engineering techniques to compromise a contact center employee. Read more…  Nichirei Cyberattack Disrupts KFC Japan Supply Chain  Japanese frozen food and logistics company Nichirei experienced a cyberattack that disrupted deliveries to KFC Japan after unauthorized access impacted its systems. The company isolated affected infrastructure, suspended certain logistics operations, and began recovery efforts with external cybersecurity specialists while investigating the incident. Read more…  Microsoft Patch Tuesday Addresses 622 Security Flaws  Microsoft’s July 2026 Patch Tuesday update fixed 622 vulnerabilities across its product ecosystem, making it the company’s largest security release to date. The update included patches for two actively exploited zero-day vulnerabilities, CVE-2026-56164 and CVE-2026-56155, affecting Microsoft SharePoint Server and Active Directory Federation Services. Read more…  Nihon Kotsu Cyberattack Disrupts Japan Taxi Operations  Japan’s largest taxi operator, Nihon Kotsu, suffered a malware-related cyberattack that forced the company to shut down parts of its IT infrastructure. The incident, detected on July 11, 2026, affected taxi dispatch services and internal systems as the company worked to contain the attack and investigate potential data exposure. Read more…  Weekly Cybersecurity Takeaway  This week’s cybersecurity developments highlight the growing complexity of modern cyber threats, with attacks and security challenges affecting technology platforms, healthcare providers, logistics companies, transportation services, and enterprise software environments. From regulatory action on digital safety to actively exploited vulnerabilities and supply chain disruptions, organizations are facing increased pressure to strengthen resilience and respond faster to emerging risks. </itunes:subtitle><itunes:summary>This week’s cybersecurity roundup highlights growing concerns around online child safety, healthcare data protection, supply chain risks, and cyber threats affecting organizations worldwide. From regulatory scrutiny of digital platforms to large-scale vulnerabilities and operational disruptions, recent incidents show how cyber risks continue expanding across industries.  The key theme in this weekly roundup is the increasing pressure on organizations to strengthen security, improve data protection measures, and adapt to rapidly changing threat environments. Regulators, businesses, and cybersecurity teams are facing challenges ranging from social engineering attacks and malware incidents to vulnerabilities affecting widely used enterprise technologies.  The Cyber Express Weekly Roundup  UK Investigates TikTok Age Verification Compliance  The UK communications regulator Ofcom has launched an investigation into TikTok’s age verification system, examining whether the platform is meeting its child safety obligations under the Online Safety Act. The probe comes as the UK government prepares stricter social media restrictions for users under 16, with enhanced age assurance requirements expected to take effect by Spring 2027. Read more…  Partnered Health Cyberattack Exposes Australian Patient Data  Healthcare provider Partnered Health has suffered a cyberattack that exposed sensitive patient information from 21 clinics across Australia. The compromised data reportedly includes personal details, Medicare information, health insurance records, and medical documents. Authorities and the company continue investigating the incident to determine the full scope of the breach and whether additional information was affected. Read more…  Qantas Data Breach Cleared After Privacy Review  Australia’s privacy regulator has concluded its review of the 2025 Qantas data breach, finding no evidence that the airline failed to take reasonable measures to protect customer information. The incident affected approximately 5.67 million records after attackers used social engineering techniques to compromise a contact center employee. Read more…  Nichirei Cyberattack Disrupts KFC Japan Supply Chain  Japanese frozen food and logistics company Nichirei experienced a cyberattack that disrupted deliveries to KFC Japan after unauthorized access impacted its systems. The company isolated affected infrastructure, suspended certain logistics operations, and began recovery efforts with external cybersecurity specialists while investigating the incident. Read more…  Microsoft Patch Tuesday Addresses 622 Security Flaws  Microsoft’s July 2026 Patch Tuesday update fixed 622 vulnerabilities across its product ecosystem, making it the company’s largest security release to date. The update included patches for two actively exploited zero-day vulnerabilities, CVE-2026-56164 and CVE-2026-56155, affecting Microsoft SharePoint Server and Active Directory Federation Services. Read more…  Nihon Kotsu Cyberattack Disrupts Japan Taxi Operations  Japan’s largest taxi operator, Nihon Kotsu, suffered a malware-related cyberattack that forced the company to shut down parts of its IT infrastructure. The incident, detected on July 11, 2026, affected taxi dispatch services and internal systems as the company worked to contain the attack and investigate potential data exposure. Read more…  Weekly Cybersecurity Takeaway  This week’s cybersecurity developments highlight the growing complexity of modern cyber threats, with attacks and security challenges affecting technology platforms, healthcare providers, logistics companies, transportation services, and enterprise software environments. From regulatory action on digital safety to actively exploited vulnerabilities and supply chain disruptions, organizations are facing increased pressure to strengthen resilience and respond faster to emerging risks. </itunes:summary><itunes:keywords>Firewall Daily, Cyber News, Data Breach News, cyber risks, The Cyber Express, The Cyber Express News, TikTok, weekly round</itunes:keywords></item>
		<item>
		<title>ClickFix Attacks Drive UAC-0145 Cyber Campaigns, CERT-UA Warns</title>
		<link>https://thecyberexpress.com/clickfix-attacks-fuel-uac-0145-cyber-campaigns/</link>
		
		<dc:creator><![CDATA[Samiksha Jain]]></dc:creator>
		<pubDate>Fri, 17 Jul 2026 11:24:18 +0000</pubDate>
				<category><![CDATA[Cyber News]]></category>
		<category><![CDATA[Firewall Daily]]></category>
		<category><![CDATA[Malware News]]></category>
		<category><![CDATA[Android Malware]]></category>
		<category><![CDATA[APT44]]></category>
		<category><![CDATA[CERT-UA]]></category>
		<category><![CDATA[ClickFix attacks]]></category>
		<category><![CDATA[Data Theft Tools]]></category>
		<category><![CDATA[fake CAPTCHA prompts]]></category>
		<category><![CDATA[UAC-0002]]></category>
		<category><![CDATA[UAC-0145]]></category>
		<category><![CDATA[UAC-0145 Operations]]></category>
		<guid isPermaLink="false">https://thecyberexpress.com/?p=113194</guid>

					<description><![CDATA[<p><img width="1536" height="1024" src="https://thecyberexpress.com/wp-content/uploads/ClickFix-Attacks.webp" class="attachment-post-thumbnail size-post-thumbnail wp-post-image" alt="ClickFix Attacks" decoding="async" srcset="https://thecyberexpress.com/wp-content/uploads/ClickFix-Attacks.webp 1536w, https://thecyberexpress.com/wp-content/uploads/ClickFix-Attacks-300x200.webp 300w, https://thecyberexpress.com/wp-content/uploads/ClickFix-Attacks-1024x683.webp 1024w, https://thecyberexpress.com/wp-content/uploads/ClickFix-Attacks-768x512.webp 768w, https://thecyberexpress.com/wp-content/uploads/ClickFix-Attacks-600x400.webp 600w, https://thecyberexpress.com/wp-content/uploads/ClickFix-Attacks-150x100.webp 150w, https://thecyberexpress.com/wp-content/uploads/ClickFix-Attacks-750x500.webp 750w, https://thecyberexpress.com/wp-content/uploads/ClickFix-Attacks-1140x760.webp 1140w, https://thecyberexpress.com/wp-content/uploads/ClickFix-Attacks.webp 1536w, https://thecyberexpress.com/wp-content/uploads/ClickFix-Attacks-300x200.webp 300w, https://thecyberexpress.com/wp-content/uploads/ClickFix-Attacks-1024x683.webp 1024w, https://thecyberexpress.com/wp-content/uploads/ClickFix-Attacks-768x512.webp 768w, https://thecyberexpress.com/wp-content/uploads/ClickFix-Attacks-600x400.webp 600w, https://thecyberexpress.com/wp-content/uploads/ClickFix-Attacks-150x100.webp 150w, https://thecyberexpress.com/wp-content/uploads/ClickFix-Attacks-750x500.webp 750w, https://thecyberexpress.com/wp-content/uploads/ClickFix-Attacks-1140x760.webp 1140w" sizes="(max-width: 1536px) 100vw, 1536px" title="ClickFix Attacks Drive UAC-0145 Cyber Campaigns, CERT-UA Warns 3"></p><p class="PDq2pG_selectionAnchorContainer" data-start="390" data-end="851">The ClickFix attacks technique has become a key initial access method for the UAC-0145 cyber threat cluster, according to a new report from Ukraine's Computer Emergency Response Team (<a href="https://thecyberexpress.com/cert-ua-warns-of-darkcrystal-rat/" target="_blank" rel="noopener">CERT-UA</a>). The agency said the threat group, also tracked as Sandworm, <a href="https://thecyberexpress.com/alleged-ddos-attack-on-denmark/" target="_blank" rel="noopener">APT44</a>, Seashell Blizzard, and a subcluster of UAC-0002, has shifted its tactics during 2026, increasingly relying on <a href="https://thecyberexpress.com/google-recaptcha-trojanized-by-russian-hackers/" target="_blank" rel="noopener">fake CAPTCHA prompts</a> and social engineering to compromise systems.</p>
<p data-start="853" data-end="1196">CERT-UA said it has worked with Ukrainian cybersecurity agencies for several years to investigate the activities of UAC-0145. While the group previously relied on infected software installers distributed through torrent websites, recent campaigns have increasingly used ClickFix to trick users into executing malicious PowerShell commands.</p>

<h3 data-section-id="4rdrqx" data-start="1198" data-end="1255"><strong><span role="text">ClickFix Attacks Emerging as Primary Initial Access Vector</span></strong></h3>
<p data-start="1257" data-end="1565"><a href="https://cert.gov.ua/article/6318437" target="_blank" rel="nofollow noopener">According to CERT-UA</a>, infections recorded during the spring and summer of 2026 frequently began when victims visited compromised websites displaying fake CAPTCHA pages. Users were instructed to copy and execute PowerShell commands in their terminal, a <a class="wpil_keyword_link" href="https://cyble.com/knowledge-hub/what-is-phishing/" target="_blank"  rel="noopener" title="phishing" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29024">phishing</a> technique commonly referred to as ClickFix.</p>
<p data-start="1567" data-end="1765">The downloaded commands were designed to retrieve malicious files such as GHETTOVIBE, a Visual Basic Script (VBS) that establishes persistence by placing itself in the Windows Startup directory.</p>
<p data-start="1767" data-end="2036">Once executed, attackers could deploy SCOUTCURL, a PowerShell reconnaissance tool capable of collecting information about the compromised system, including device specifications, installed software, browser <a class="wpil_keyword_link" href="https://thecyberexpress.com/what-is-data/"   title="data" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29022">data</a>, and local files before exfiltrating the information.</p>
<p data-start="2038" data-end="2186">CERT-UA also observed <a class="wpil_keyword_link" href="https://thecyberexpress.com/what-is-malware/"   title="malware" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29017">malware</a> loaders including FLUIDLEECH, disguised as antivirus software, and LOADLOOP being used during these campaigns.</p>

<h3 data-section-id="1n2nqi8" data-start="2188" data-end="2241"><strong><span role="text">Backdoors and Data Theft Tools Widely Deployed</span></strong></h3>
<p data-start="2243" data-end="2395">The report noted that attackers continue using <a class="wpil_keyword_link" href="https://cyble.com/knowledge-hub/what-is-malware/" target="_blank"  rel="noopener" title="malware" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29025">malware</a> families such as KALAMBUR, SUMBUR, and TAMBUR after gaining access to victim systems.</p>
<p data-start="2397" data-end="2595">To maintain <a href="https://thecyberexpress.com/intellexa-remote-access-to-customer-systems/" target="_blank" rel="noopener">remote access</a>, the group relied on legitimate utilities including OpenSSH and Tor, forwarding local network ports such as 445, 3389, and 22 to attacker-controlled infrastructure.</p>
<p data-start="2597" data-end="2754">CERT-UA also found malware designed to steal messaging data from Signal and <a class="wpil_keyword_link" href="https://thecyberexpress.com/what-to-do-if-and-when-your-whatsapp-is-hacked/"   title="WhatsApp" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29019">WhatsApp</a>, with stolen information reportedly exfiltrated using RSYNC.</p>
<p data-start="2756" data-end="2993">On infected systems examined during <a class="wpil_keyword_link" href="https://thecyberexpress.com/cyber-news/"   title="cyber" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29023">cyber</a> defense operations, investigators additionally identified FREAKYPOLL, a Python-based backdoor distributed as compiled bytecode (.pyc), providing attackers with persistent unauthorized access.</p>

<h2 data-section-id="1s2gyff" data-start="2995" data-end="3057"><span role="text"><strong data-start="2998" data-end="3057">Compromised Websites Used to Deliver Fake CAPTCHA Pages</strong></span></h2>
<p data-start="3059" data-end="3171">During June and July 2026, CERT-UA analyzed more than ten compromised websites involved in <strong data-start="3150" data-end="3170">ClickFix attacks</strong>.</p>
<p data-start="3173" data-end="3516">Investigators found attackers using both the <strong data-start="3218" data-end="3236">Cloaking.House</strong> service and custom malware called <strong data-start="3271" data-end="3283">SMARTAXE</strong> to dynamically modify legitimate webpages. SMARTAXE retrieves remote domains from blockchain smart contracts through Ethereum's <strong data-start="3412" data-end="3424">eth_call</strong> function before displaying fake CAPTCHA pages or redirecting visitors to malicious content.</p>
<p data-start="3518" data-end="3773">CERT-UA warned that any website used in these attacks should be considered compromised, potentially through vulnerable content management systems (CMS), stolen credentials, web shells, malicious plugins, modified website scripts, or server-side backdoors.</p>
<p data-start="3775" data-end="3908">The agency urged website administrators and hosting providers to strengthen website <a class="wpil_keyword_link" href="https://thecyberexpress.com/"   title="security" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29018">security</a> and respond quickly to incident reports.</p>

<h3 data-section-id="xet64s" data-start="3910" data-end="3965"><span role="text"><strong data-start="3913" data-end="3965">Android Malware Also Part of UAC-0145 Operations</strong></span></h3>
<p data-start="3967" data-end="4069">The report also highlighted growing use of Android malware distributed through messaging applications.</p>
<p data-start="4071" data-end="4338">Attackers were observed sharing APK files disguised as security or antivirus tools. One such malware family, tracked as COWARDDUCK, functions as a full-featured Android backdoor capable of collecting device information, contacts, files, and real-time geolocation.</p>
<p data-start="4340" data-end="4527">The malware targets files from directories including DCIM, Documents, Downloads, Pictures, and Alarms while searching for formats such as DOCX, XLSX, PPTX, ZIP, RAR, JSON, and OVPN files.</p>
<p data-start="4529" data-end="4744">According to CERT-UA, COWARDDUCK uploads stolen files through the Dropbox API while receiving commands from legitimate services including Steam Community and StockMemory domains through proxy infrastructure.</p>

<h3 data-section-id="1o8fspw" data-start="4746" data-end="4801"><span role="text"><strong data-start="4749" data-end="4801">Microsoft Sees Global Rise in ClickFix Campaigns</strong></span></h3>
<p data-start="4803" data-end="5026">Microsoft Threat Intelligence and Microsoft Defender Experts also <a href="https://www.microsoft.com/en-us/security/blog/2025/08/21/think-before-you-clickfix-analyzing-the-clickfix-social-engineering-technique/" target="_blank" rel="nofollow noopener">reported</a> that ClickFix campaigns have increased significantly since early 2024, targeting thousands of enterprise and consumer devices globally each day.</p>
<p data-start="5028" data-end="5345">Microsoft said the technique commonly delivers malware such as Lumma <a class="wpil_keyword_link" href="https://cyble.com/stealer/" target="_blank"  rel="noopener" title="Stealer" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29020">Stealer</a> by persuading users to copy and execute commands through Windows Run, Windows Terminal, or Windows PowerShell. The campaigns are often combined with phishing, malvertising, and drive-by compromise techniques that imitate trusted brands.</p>
<p data-start="5347" data-end="5605">Because ClickFix attacks rely on user interaction rather than exploiting software <a class="wpil_keyword_link" href="https://thecyberexpress.com/what-are-vulnerabilities/"   title="vulnerabilities" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29021">vulnerabilities</a> directly, Microsoft recommends organizations strengthen user awareness and apply security policies that restrict unnecessary use of command execution tools.</p>]]></description>
										<content:encoded><![CDATA[<p><img width="1536" height="1024" src="https://thecyberexpress.com/wp-content/uploads/ClickFix-Attacks.webp" class="attachment-post-thumbnail size-post-thumbnail wp-post-image" alt="ClickFix Attacks" decoding="async" srcset="https://thecyberexpress.com/wp-content/uploads/ClickFix-Attacks.webp 1536w, https://thecyberexpress.com/wp-content/uploads/ClickFix-Attacks-300x200.webp 300w, https://thecyberexpress.com/wp-content/uploads/ClickFix-Attacks-1024x683.webp 1024w, https://thecyberexpress.com/wp-content/uploads/ClickFix-Attacks-768x512.webp 768w, https://thecyberexpress.com/wp-content/uploads/ClickFix-Attacks-600x400.webp 600w, https://thecyberexpress.com/wp-content/uploads/ClickFix-Attacks-150x100.webp 150w, https://thecyberexpress.com/wp-content/uploads/ClickFix-Attacks-750x500.webp 750w, https://thecyberexpress.com/wp-content/uploads/ClickFix-Attacks-1140x760.webp 1140w, https://thecyberexpress.com/wp-content/uploads/ClickFix-Attacks.webp 1536w, https://thecyberexpress.com/wp-content/uploads/ClickFix-Attacks-300x200.webp 300w, https://thecyberexpress.com/wp-content/uploads/ClickFix-Attacks-1024x683.webp 1024w, https://thecyberexpress.com/wp-content/uploads/ClickFix-Attacks-768x512.webp 768w, https://thecyberexpress.com/wp-content/uploads/ClickFix-Attacks-600x400.webp 600w, https://thecyberexpress.com/wp-content/uploads/ClickFix-Attacks-150x100.webp 150w, https://thecyberexpress.com/wp-content/uploads/ClickFix-Attacks-750x500.webp 750w, https://thecyberexpress.com/wp-content/uploads/ClickFix-Attacks-1140x760.webp 1140w" sizes="(max-width: 1536px) 100vw, 1536px" title="ClickFix Attacks Drive UAC-0145 Cyber Campaigns, CERT-UA Warns 4"></p><p class="PDq2pG_selectionAnchorContainer" data-start="390" data-end="851">The ClickFix attacks technique has become a key initial access method for the UAC-0145 cyber threat cluster, according to a new report from Ukraine's Computer Emergency Response Team (<a href="https://thecyberexpress.com/cert-ua-warns-of-darkcrystal-rat/" target="_blank" rel="noopener">CERT-UA</a>). The agency said the threat group, also tracked as Sandworm, <a href="https://thecyberexpress.com/alleged-ddos-attack-on-denmark/" target="_blank" rel="noopener">APT44</a>, Seashell Blizzard, and a subcluster of UAC-0002, has shifted its tactics during 2026, increasingly relying on <a href="https://thecyberexpress.com/google-recaptcha-trojanized-by-russian-hackers/" target="_blank" rel="noopener">fake CAPTCHA prompts</a> and social engineering to compromise systems.</p>
<p data-start="853" data-end="1196">CERT-UA said it has worked with Ukrainian cybersecurity agencies for several years to investigate the activities of UAC-0145. While the group previously relied on infected software installers distributed through torrent websites, recent campaigns have increasingly used ClickFix to trick users into executing malicious PowerShell commands.</p>

<h3 data-section-id="4rdrqx" data-start="1198" data-end="1255"><strong><span role="text">ClickFix Attacks Emerging as Primary Initial Access Vector</span></strong></h3>
<p data-start="1257" data-end="1565"><a href="https://cert.gov.ua/article/6318437" target="_blank" rel="nofollow noopener">According to CERT-UA</a>, infections recorded during the spring and summer of 2026 frequently began when victims visited compromised websites displaying fake CAPTCHA pages. Users were instructed to copy and execute PowerShell commands in their terminal, a <a class="wpil_keyword_link" href="https://cyble.com/knowledge-hub/what-is-phishing/" target="_blank"  rel="noopener" title="phishing" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29024">phishing</a> technique commonly referred to as ClickFix.</p>
<p data-start="1567" data-end="1765">The downloaded commands were designed to retrieve malicious files such as GHETTOVIBE, a Visual Basic Script (VBS) that establishes persistence by placing itself in the Windows Startup directory.</p>
<p data-start="1767" data-end="2036">Once executed, attackers could deploy SCOUTCURL, a PowerShell reconnaissance tool capable of collecting information about the compromised system, including device specifications, installed software, browser <a class="wpil_keyword_link" href="https://thecyberexpress.com/what-is-data/"   title="data" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29022">data</a>, and local files before exfiltrating the information.</p>
<p data-start="2038" data-end="2186">CERT-UA also observed <a class="wpil_keyword_link" href="https://thecyberexpress.com/what-is-malware/"   title="malware" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29017">malware</a> loaders including FLUIDLEECH, disguised as antivirus software, and LOADLOOP being used during these campaigns.</p>

<h3 data-section-id="1n2nqi8" data-start="2188" data-end="2241"><strong><span role="text">Backdoors and Data Theft Tools Widely Deployed</span></strong></h3>
<p data-start="2243" data-end="2395">The report noted that attackers continue using <a class="wpil_keyword_link" href="https://cyble.com/knowledge-hub/what-is-malware/" target="_blank"  rel="noopener" title="malware" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29025">malware</a> families such as KALAMBUR, SUMBUR, and TAMBUR after gaining access to victim systems.</p>
<p data-start="2397" data-end="2595">To maintain <a href="https://thecyberexpress.com/intellexa-remote-access-to-customer-systems/" target="_blank" rel="noopener">remote access</a>, the group relied on legitimate utilities including OpenSSH and Tor, forwarding local network ports such as 445, 3389, and 22 to attacker-controlled infrastructure.</p>
<p data-start="2597" data-end="2754">CERT-UA also found malware designed to steal messaging data from Signal and <a class="wpil_keyword_link" href="https://thecyberexpress.com/what-to-do-if-and-when-your-whatsapp-is-hacked/"   title="WhatsApp" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29019">WhatsApp</a>, with stolen information reportedly exfiltrated using RSYNC.</p>
<p data-start="2756" data-end="2993">On infected systems examined during <a class="wpil_keyword_link" href="https://thecyberexpress.com/cyber-news/"   title="cyber" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29023">cyber</a> defense operations, investigators additionally identified FREAKYPOLL, a Python-based backdoor distributed as compiled bytecode (.pyc), providing attackers with persistent unauthorized access.</p>

<h2 data-section-id="1s2gyff" data-start="2995" data-end="3057"><span role="text"><strong data-start="2998" data-end="3057">Compromised Websites Used to Deliver Fake CAPTCHA Pages</strong></span></h2>
<p data-start="3059" data-end="3171">During June and July 2026, CERT-UA analyzed more than ten compromised websites involved in <strong data-start="3150" data-end="3170">ClickFix attacks</strong>.</p>
<p data-start="3173" data-end="3516">Investigators found attackers using both the <strong data-start="3218" data-end="3236">Cloaking.House</strong> service and custom malware called <strong data-start="3271" data-end="3283">SMARTAXE</strong> to dynamically modify legitimate webpages. SMARTAXE retrieves remote domains from blockchain smart contracts through Ethereum's <strong data-start="3412" data-end="3424">eth_call</strong> function before displaying fake CAPTCHA pages or redirecting visitors to malicious content.</p>
<p data-start="3518" data-end="3773">CERT-UA warned that any website used in these attacks should be considered compromised, potentially through vulnerable content management systems (CMS), stolen credentials, web shells, malicious plugins, modified website scripts, or server-side backdoors.</p>
<p data-start="3775" data-end="3908">The agency urged website administrators and hosting providers to strengthen website <a class="wpil_keyword_link" href="https://thecyberexpress.com/"   title="security" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29018">security</a> and respond quickly to incident reports.</p>

<h3 data-section-id="xet64s" data-start="3910" data-end="3965"><span role="text"><strong data-start="3913" data-end="3965">Android Malware Also Part of UAC-0145 Operations</strong></span></h3>
<p data-start="3967" data-end="4069">The report also highlighted growing use of Android malware distributed through messaging applications.</p>
<p data-start="4071" data-end="4338">Attackers were observed sharing APK files disguised as security or antivirus tools. One such malware family, tracked as COWARDDUCK, functions as a full-featured Android backdoor capable of collecting device information, contacts, files, and real-time geolocation.</p>
<p data-start="4340" data-end="4527">The malware targets files from directories including DCIM, Documents, Downloads, Pictures, and Alarms while searching for formats such as DOCX, XLSX, PPTX, ZIP, RAR, JSON, and OVPN files.</p>
<p data-start="4529" data-end="4744">According to CERT-UA, COWARDDUCK uploads stolen files through the Dropbox API while receiving commands from legitimate services including Steam Community and StockMemory domains through proxy infrastructure.</p>

<h3 data-section-id="1o8fspw" data-start="4746" data-end="4801"><span role="text"><strong data-start="4749" data-end="4801">Microsoft Sees Global Rise in ClickFix Campaigns</strong></span></h3>
<p data-start="4803" data-end="5026">Microsoft Threat Intelligence and Microsoft Defender Experts also <a href="https://www.microsoft.com/en-us/security/blog/2025/08/21/think-before-you-clickfix-analyzing-the-clickfix-social-engineering-technique/" target="_blank" rel="nofollow noopener">reported</a> that ClickFix campaigns have increased significantly since early 2024, targeting thousands of enterprise and consumer devices globally each day.</p>
<p data-start="5028" data-end="5345">Microsoft said the technique commonly delivers malware such as Lumma <a class="wpil_keyword_link" href="https://cyble.com/stealer/" target="_blank"  rel="noopener" title="Stealer" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29020">Stealer</a> by persuading users to copy and execute commands through Windows Run, Windows Terminal, or Windows PowerShell. The campaigns are often combined with phishing, malvertising, and drive-by compromise techniques that imitate trusted brands.</p>
<p data-start="5347" data-end="5605">Because ClickFix attacks rely on user interaction rather than exploiting software <a class="wpil_keyword_link" href="https://thecyberexpress.com/what-are-vulnerabilities/"   title="vulnerabilities" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29021">vulnerabilities</a> directly, Microsoft recommends organizations strengthen user awareness and apply security policies that restrict unnecessary use of command execution tools.</p>]]></content:encoded>
					
		
		
		<post-id xmlns="com-wordpress:feed-additions:1">113194</post-id>	</item>
		<item>
		<title>US Charges Two Over $43M Chinese Money Laundering Operation</title>
		<link>https://thecyberexpress.com/chinese-money-laundering/</link>
		
		<dc:creator><![CDATA[Ashish Khaitan]]></dc:creator>
		<pubDate>Fri, 17 Jul 2026 11:05:42 +0000</pubDate>
				<category><![CDATA[Firewall Daily]]></category>
		<category><![CDATA[Cyber News]]></category>
		<category><![CDATA[Chinese money laundering]]></category>
		<category><![CDATA[Haojie Zhang]]></category>
		<category><![CDATA[The Cyber Express]]></category>
		<category><![CDATA[The Cyber Express News]]></category>
		<category><![CDATA[Zhuoying Chen]]></category>
		<guid isPermaLink="false">https://thecyberexpress.com/?p=113188</guid>

					<description><![CDATA[<p><img width="1236" height="721" src="https://thecyberexpress.com/wp-content/uploads/Chinese-money-laundering.webp" class="attachment-post-thumbnail size-post-thumbnail wp-post-image" alt="Chinese money laundering" decoding="async" srcset="https://thecyberexpress.com/wp-content/uploads/Chinese-money-laundering.webp 1236w, https://thecyberexpress.com/wp-content/uploads/Chinese-money-laundering-300x175.webp 300w, https://thecyberexpress.com/wp-content/uploads/Chinese-money-laundering-1024x597.webp 1024w, https://thecyberexpress.com/wp-content/uploads/Chinese-money-laundering-768x448.webp 768w, https://thecyberexpress.com/wp-content/uploads/Chinese-money-laundering-600x350.webp 600w, https://thecyberexpress.com/wp-content/uploads/Chinese-money-laundering-150x88.webp 150w, https://thecyberexpress.com/wp-content/uploads/Chinese-money-laundering-750x438.webp 750w, https://thecyberexpress.com/wp-content/uploads/Chinese-money-laundering-1140x665.webp 1140w, https://thecyberexpress.com/wp-content/uploads/Chinese-money-laundering.webp 1236w, https://thecyberexpress.com/wp-content/uploads/Chinese-money-laundering-300x175.webp 300w, https://thecyberexpress.com/wp-content/uploads/Chinese-money-laundering-1024x597.webp 1024w, https://thecyberexpress.com/wp-content/uploads/Chinese-money-laundering-768x448.webp 768w, https://thecyberexpress.com/wp-content/uploads/Chinese-money-laundering-600x350.webp 600w, https://thecyberexpress.com/wp-content/uploads/Chinese-money-laundering-150x88.webp 150w, https://thecyberexpress.com/wp-content/uploads/Chinese-money-laundering-750x438.webp 750w, https://thecyberexpress.com/wp-content/uploads/Chinese-money-laundering-1140x665.webp 1140w" sizes="(max-width: 1236px) 100vw, 1236px" title="US Charges Two Over $43M Chinese Money Laundering Operation 5"></p><span data-contrast="auto">U.S. authorities have charged two New York residents, including Zhuoying Chen, in connection with an alleged Chinese money laundering network accused of laundering at least $43 million generated through cyber investment fraud schemes. The indictment, unsealed in Brooklyn, alleges the operation ran between 2020 and 2022 and involved an extensive network of shell companies and bank accounts.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>

<span data-contrast="auto">According to <a href="https://www.justice.gov/opa/pr/two-key-members-chinese-money-laundering-network-charged-laundering-43-million-investment" target="_blank" rel="nofollow noopener">prosecutors</a>, Zhuoying Chen, 27, of Brooklyn, and Haojie Zhang, 38, of Queens, managed more than a dozen individuals across Brooklyn and Queens. The group allegedly opened 140 bank accounts under approximately 45 shell companies to move proceeds from fraudulent investment scams before transferring the funds to co-conspirators based in China.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>

<span data-contrast="auto">Authorities said the <a href="https://thecyberexpress.com/global-crypto-investment-scam/" target="_blank" rel="noopener">investment fraud</a> schemes began with perpetrators contacting victims through messaging platforms and social media. They allegedly built trust over time, persuaded victims to invest in seemingly lucrative opportunities, displayed fake profits to encourage additional investments, and ultimately stole the victims' money.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>
<h3 aria-level="2"><b><span data-contrast="none">Officials Vow Crackdown on Chinese Money Laundering Operations</span></b><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:299,&quot;335559739&quot;:299}"> </span></h3>
<span data-contrast="auto">Commenting on the Chinese money laundering case, Assistant Attorney <a class="wpil_keyword_link" href="https://cyble.com/general/" target="_blank"  rel="noopener" title="General" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29016">General</a> A. Tysen Duva said, "As alleged in the indictment, the defendants laundered <a class="wpil_keyword_link" href="https://cyble.com/cybercrime/fraud/" target="_blank"  rel="noopener" title="fraud" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29015">fraud</a> proceeds, enabling scammers to continue to victimize Americans and deprive them of their hard-earned money." He added that dismantling Chinese money laundering networks supporting investment fraud is critical to protecting Americans and that the Criminal Division "will relentlessly pursue the financial networks that fuel and profit from these fraud schemes."</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>

<span data-contrast="auto">U.S. Attorney Joseph Nocella Jr. for the Eastern District of New York described the defendants as "key members of a sophisticated money laundering network" that allegedly routed more than $40 million in victim funds to bank accounts in China. He said the office would continue pursuing individuals involved in investment fraud targeting vulnerable victims.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>

<span data-contrast="auto">FBI New York Assistant Director in Charge James C. Barnacle Jr. stated that the operation allegedly laundered more than $40 million from American victims before depositing the funds into Chinese accounts overseas. He said the <a href="https://thecyberexpress.com/operation-tri-force-sentinel/" target="_blank" rel="noopener">FBI</a> remains committed to working with federal partners to dismantle such fraud networks.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>

<span data-contrast="auto">Acting Executive Associate Director John A. Condon of Homeland <a class="wpil_keyword_link" href="https://thecyberexpress.com/"   title="Security" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29014">Security</a> Investigations said the two Chinese nationals allegedly operated the illicit network for nearly two years, laundering victims' life savings. IRS Criminal Investigation Special Agent in Charge Harry T. Chavis Jr. said the indictment demonstrates that "justice is coming" for fraudsters, while U.S. Postal Inspection Service Inspector in Charge Ketty Larco-Ward noted that investment fraud schemes <a class="wpil_keyword_link" href="https://cyble.com/exploit/" target="_blank"  rel="noopener" title="exploit" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29013">exploit</a> victims' trust through false promises of returns.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>
<h3 aria-level="2"><b><span data-contrast="none">Investigation and Legal Proceedings Continue</span></b><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:299,&quot;335559739&quot;:299}"> </span></h3>
<span data-contrast="auto">The conspiracy to commit money laundering charge carries a maximum sentence of 20 years in prison. The investigation is being conducted by FBI New York, HSI New York, IRS Criminal Investigation New York, and the U.S. Postal Inspection Service. The prosecution is being led by Trial Attorneys Claire Galasso, David Ginensky, and Adrienne Rosen, along with Assistant U.S. Attorneys Benjamin Weintraub and David Berman.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>

<span data-contrast="auto">The case also forms part of the Homeland Security Task Force initiative established under Executive Order 14159. Officials emphasized that an indictment is only an allegation, and Zhuoying Chen and the co-defendant are presumed innocent unless proven guilty beyond a reasonable doubt in court.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>]]></description>
										<content:encoded><![CDATA[<p><img width="1236" height="721" src="https://thecyberexpress.com/wp-content/uploads/Chinese-money-laundering.webp" class="attachment-post-thumbnail size-post-thumbnail wp-post-image" alt="Chinese money laundering" decoding="async" srcset="https://thecyberexpress.com/wp-content/uploads/Chinese-money-laundering.webp 1236w, https://thecyberexpress.com/wp-content/uploads/Chinese-money-laundering-300x175.webp 300w, https://thecyberexpress.com/wp-content/uploads/Chinese-money-laundering-1024x597.webp 1024w, https://thecyberexpress.com/wp-content/uploads/Chinese-money-laundering-768x448.webp 768w, https://thecyberexpress.com/wp-content/uploads/Chinese-money-laundering-600x350.webp 600w, https://thecyberexpress.com/wp-content/uploads/Chinese-money-laundering-150x88.webp 150w, https://thecyberexpress.com/wp-content/uploads/Chinese-money-laundering-750x438.webp 750w, https://thecyberexpress.com/wp-content/uploads/Chinese-money-laundering-1140x665.webp 1140w, https://thecyberexpress.com/wp-content/uploads/Chinese-money-laundering.webp 1236w, https://thecyberexpress.com/wp-content/uploads/Chinese-money-laundering-300x175.webp 300w, https://thecyberexpress.com/wp-content/uploads/Chinese-money-laundering-1024x597.webp 1024w, https://thecyberexpress.com/wp-content/uploads/Chinese-money-laundering-768x448.webp 768w, https://thecyberexpress.com/wp-content/uploads/Chinese-money-laundering-600x350.webp 600w, https://thecyberexpress.com/wp-content/uploads/Chinese-money-laundering-150x88.webp 150w, https://thecyberexpress.com/wp-content/uploads/Chinese-money-laundering-750x438.webp 750w, https://thecyberexpress.com/wp-content/uploads/Chinese-money-laundering-1140x665.webp 1140w" sizes="(max-width: 1236px) 100vw, 1236px" title="US Charges Two Over $43M Chinese Money Laundering Operation 6"></p><span data-contrast="auto">U.S. authorities have charged two New York residents, including Zhuoying Chen, in connection with an alleged Chinese money laundering network accused of laundering at least $43 million generated through cyber investment fraud schemes. The indictment, unsealed in Brooklyn, alleges the operation ran between 2020 and 2022 and involved an extensive network of shell companies and bank accounts.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>

<span data-contrast="auto">According to <a href="https://www.justice.gov/opa/pr/two-key-members-chinese-money-laundering-network-charged-laundering-43-million-investment" target="_blank" rel="nofollow noopener">prosecutors</a>, Zhuoying Chen, 27, of Brooklyn, and Haojie Zhang, 38, of Queens, managed more than a dozen individuals across Brooklyn and Queens. The group allegedly opened 140 bank accounts under approximately 45 shell companies to move proceeds from fraudulent investment scams before transferring the funds to co-conspirators based in China.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>

<span data-contrast="auto">Authorities said the <a href="https://thecyberexpress.com/global-crypto-investment-scam/" target="_blank" rel="noopener">investment fraud</a> schemes began with perpetrators contacting victims through messaging platforms and social media. They allegedly built trust over time, persuaded victims to invest in seemingly lucrative opportunities, displayed fake profits to encourage additional investments, and ultimately stole the victims' money.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>
<h3 aria-level="2"><b><span data-contrast="none">Officials Vow Crackdown on Chinese Money Laundering Operations</span></b><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:299,&quot;335559739&quot;:299}"> </span></h3>
<span data-contrast="auto">Commenting on the Chinese money laundering case, Assistant Attorney <a class="wpil_keyword_link" href="https://cyble.com/general/" target="_blank"  rel="noopener" title="General" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29016">General</a> A. Tysen Duva said, "As alleged in the indictment, the defendants laundered <a class="wpil_keyword_link" href="https://cyble.com/cybercrime/fraud/" target="_blank"  rel="noopener" title="fraud" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29015">fraud</a> proceeds, enabling scammers to continue to victimize Americans and deprive them of their hard-earned money." He added that dismantling Chinese money laundering networks supporting investment fraud is critical to protecting Americans and that the Criminal Division "will relentlessly pursue the financial networks that fuel and profit from these fraud schemes."</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>

<span data-contrast="auto">U.S. Attorney Joseph Nocella Jr. for the Eastern District of New York described the defendants as "key members of a sophisticated money laundering network" that allegedly routed more than $40 million in victim funds to bank accounts in China. He said the office would continue pursuing individuals involved in investment fraud targeting vulnerable victims.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>

<span data-contrast="auto">FBI New York Assistant Director in Charge James C. Barnacle Jr. stated that the operation allegedly laundered more than $40 million from American victims before depositing the funds into Chinese accounts overseas. He said the <a href="https://thecyberexpress.com/operation-tri-force-sentinel/" target="_blank" rel="noopener">FBI</a> remains committed to working with federal partners to dismantle such fraud networks.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>

<span data-contrast="auto">Acting Executive Associate Director John A. Condon of Homeland <a class="wpil_keyword_link" href="https://thecyberexpress.com/"   title="Security" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29014">Security</a> Investigations said the two Chinese nationals allegedly operated the illicit network for nearly two years, laundering victims' life savings. IRS Criminal Investigation Special Agent in Charge Harry T. Chavis Jr. said the indictment demonstrates that "justice is coming" for fraudsters, while U.S. Postal Inspection Service Inspector in Charge Ketty Larco-Ward noted that investment fraud schemes <a class="wpil_keyword_link" href="https://cyble.com/exploit/" target="_blank"  rel="noopener" title="exploit" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29013">exploit</a> victims' trust through false promises of returns.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>
<h3 aria-level="2"><b><span data-contrast="none">Investigation and Legal Proceedings Continue</span></b><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:299,&quot;335559739&quot;:299}"> </span></h3>
<span data-contrast="auto">The conspiracy to commit money laundering charge carries a maximum sentence of 20 years in prison. The investigation is being conducted by FBI New York, HSI New York, IRS Criminal Investigation New York, and the U.S. Postal Inspection Service. The prosecution is being led by Trial Attorneys Claire Galasso, David Ginensky, and Adrienne Rosen, along with Assistant U.S. Attorneys Benjamin Weintraub and David Berman.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>

<span data-contrast="auto">The case also forms part of the Homeland Security Task Force initiative established under Executive Order 14159. Officials emphasized that an indictment is only an allegation, and Zhuoying Chen and the co-defendant are presumed innocent unless proven guilty beyond a reasonable doubt in court.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>]]></content:encoded>
					
		
		
		<post-id xmlns="com-wordpress:feed-additions:1">113188</post-id>	</item>
		<item>
		<title>Critical Notepad++ Bugs Could Lead to Code Execution, Patch Available</title>
		<link>https://thecyberexpress.com/notepad-vulnerabilities-v897/</link>
		
		<dc:creator><![CDATA[Ashish Khaitan]]></dc:creator>
		<pubDate>Fri, 17 Jul 2026 08:41:51 +0000</pubDate>
				<category><![CDATA[Firewall Daily]]></category>
		<category><![CDATA[Vulnerabilities]]></category>
		<category><![CDATA[Vulnerability News]]></category>
		<category><![CDATA[CVE-2026-52886]]></category>
		<category><![CDATA[CVE-2026-54758]]></category>
		<category><![CDATA[CVE-2026-57233]]></category>
		<category><![CDATA[Notepad++ vulnerabilities]]></category>
		<category><![CDATA[The Cyber Express]]></category>
		<category><![CDATA[The Cyber Express News]]></category>
		<guid isPermaLink="false">https://thecyberexpress.com/?p=113180</guid>

					<description><![CDATA[<p><img width="1101" height="614" src="https://thecyberexpress.com/wp-content/uploads/Notepad-vulnerabilities.webp" class="attachment-post-thumbnail size-post-thumbnail wp-post-image" alt="Notepad++ vulnerabilities" decoding="async" srcset="https://thecyberexpress.com/wp-content/uploads/Notepad-vulnerabilities.webp 1101w, https://thecyberexpress.com/wp-content/uploads/Notepad-vulnerabilities-300x167.webp 300w, https://thecyberexpress.com/wp-content/uploads/Notepad-vulnerabilities-1024x571.webp 1024w, https://thecyberexpress.com/wp-content/uploads/Notepad-vulnerabilities-768x428.webp 768w, https://thecyberexpress.com/wp-content/uploads/Notepad-vulnerabilities-600x335.webp 600w, https://thecyberexpress.com/wp-content/uploads/Notepad-vulnerabilities-150x84.webp 150w, https://thecyberexpress.com/wp-content/uploads/Notepad-vulnerabilities-750x418.webp 750w, https://thecyberexpress.com/wp-content/uploads/Notepad-vulnerabilities.webp 1101w, https://thecyberexpress.com/wp-content/uploads/Notepad-vulnerabilities-300x167.webp 300w, https://thecyberexpress.com/wp-content/uploads/Notepad-vulnerabilities-1024x571.webp 1024w, https://thecyberexpress.com/wp-content/uploads/Notepad-vulnerabilities-768x428.webp 768w, https://thecyberexpress.com/wp-content/uploads/Notepad-vulnerabilities-600x335.webp 600w, https://thecyberexpress.com/wp-content/uploads/Notepad-vulnerabilities-150x84.webp 150w, https://thecyberexpress.com/wp-content/uploads/Notepad-vulnerabilities-750x418.webp 750w" sizes="(max-width: 1101px) 100vw, 1101px" title="Critical Notepad++ Bugs Could Lead to Code Execution, Patch Available 7"></p><span data-contrast="auto">The latest Notepad++ vulnerabilities addressed in version 8.9.7 include several high-impact security flaws that could expose Windows systems to arbitrary code execution, file overwrite attacks, memory corruption, and authentication bypass. </span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>

<span data-contrast="auto">Among the most critical issues is a PowerShell command injection vulnerability in the installer, alongside fixes for CVE-2026-52886, CVE-2026-54758, and CVE-2026-57233. The release also delivers stability improvements and feature enhancements for one of the most widely used text editors on Windows.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>
<h3 aria-level="2"><b><span data-contrast="none">PowerShell Command Injection Tops the List of Notepad++ Vulnerabilities</span></b><span data-ccp-props="{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:160,&quot;335559739&quot;:80}"> </span></h3>
<span data-contrast="auto">The most severe Notepad++ <a class="wpil_keyword_link" href="https://thecyberexpress.com/firewall-daily/vulnerabilities/"   title="vulnerability" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29010">vulnerability</a> involves improper handling of PowerShell commands during installation. According to the <a href="https://community.notepad-plus-plus.org/topic/27604/notepad-release-8.9.7" target="_blank" rel="nofollow noopener">developers</a>, the installer has been updated to improve the robustness of PowerShell command processing, reducing the risk of command injection and unauthorized command execution.</span>

<span data-contrast="auto">If exploited, the flaw could allow attackers to manipulate the installation process and execute arbitrary <a href="https://thecyberexpress.com/new-powershell-campaign/" target="_blank" rel="noopener">PowerShell</a> commands. In practical scenarios, a compromised installer distributed through spoofed download sources or <a class="wpil_keyword_link" href="https://cyble.com/knowledge-hub/what-is-social-engineering/" target="_blank"  rel="noopener" title="social engineering" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29009">social engineering</a> campaigns could enable malware deployment during installation, potentially leading to complete system compromise without the user's knowledge.</span>
<h3 aria-level="2"><b><span data-contrast="none">CVE-2026-52886, CVE-2026-54758, and CVE-2026-57233 Address Critical Risks</span></b></h3>
<span data-contrast="auto">In addition to the installer flaw, the update resolves several other <a class="wpil_keyword_link" href="https://thecyberexpress.com/"   title="security" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29011">security</a> issues across different components. CVE-2026-54758 addresses a stack buffer overflow in the </span><span data-contrast="auto">expandNppEnvironmentStrs</span><span data-contrast="auto"> function that could result in memory corruption and potentially <a href="https://thecyberexpress.com/new-powershell-campaign/" target="_blank" rel="noopener">remote code execution</a>. Meanwhile, CVE-2026-57233 fixes a Zip Slip path traversal vulnerability in the WinGUp updater, preventing attackers from overwriting arbitrary files during the update extraction process.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>

<span data-contrast="auto">Another patched issue, CVE-2026-52886, fixes a session handling flaw where manipulated </span><span data-contrast="auto">session.xml</span><span data-contrast="auto"> entries could bypass path validation through the </span><span data-contrast="auto">backupFilePath starts_with</span><span data-contrast="auto"> check. The release also resolves an unassigned vulnerability affecting the macro system, where </span><span data-contrast="auto">shortcuts.xml</span><span data-contrast="auto"> allowed macro execution without proper HMAC verification, creating an integrity bypass that could enable unauthorized macro execution.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>

<span data-contrast="auto">Collectively, these Notepad++ <a class="wpil_keyword_link" href="https://thecyberexpress.com/what-are-vulnerabilities/"   title="vulnerabilities" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29012">vulnerabilities</a> demonstrate how installers, local configuration files, session management, update mechanisms, and macro validation can become attack vectors if not adequately protected.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>
<h3 aria-level="2"><b><span data-contrast="none">Notepad++ v8.9.7 Brings Stability Improvements Alongside Security Fixes</span></b><span data-ccp-props="{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:160,&quot;335559739&quot;:80}"> </span></h3>
<span data-contrast="auto">Beyond addressing Notepad++ vulnerabilities, version 8.9.7 introduces several usability and stability improvements. Users can now retain the expand and collapse state within "Folder as Workspace," while Incremental Search has been enhanced with count and nth-position indicators. The update also fixes crashes, user interface <a href="https://thecyberexpress.com/cve-2026-45829-chromatoast-chromadb/" target="_blank" rel="noopener">glitches</a>, high-DPI scaling issues, symbolic link freezes, file handling inconsistencies, and search performance problems. Additionally, bundled components have been updated to Scintilla 5.6.4, Lexilla 5.5.1, and pugixml 1.16.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>

<span data-contrast="auto">The Notepad++ team recommends that users update to version 8.9.7 as soon as possible, particularly in enterprise and development environments where the editor processes untrusted files or operates within automated workflows. Although the auto-updater is expected to roll out the release within two weeks, provided no regressions are detected, manual installation is recommended for immediate protection. </span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>

<span data-contrast="auto">Developers are also encouraged to verify download sources, as keeping software updated and installing packages only from trusted locations remains an essential safeguard against exploitation of CVE-2026-52886, CVE-2026-54758, CVE-2026-57233, and other Notepad++ vulnerabilities.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>]]></description>
										<content:encoded><![CDATA[<p><img width="1101" height="614" src="https://thecyberexpress.com/wp-content/uploads/Notepad-vulnerabilities.webp" class="attachment-post-thumbnail size-post-thumbnail wp-post-image" alt="Notepad++ vulnerabilities" decoding="async" srcset="https://thecyberexpress.com/wp-content/uploads/Notepad-vulnerabilities.webp 1101w, https://thecyberexpress.com/wp-content/uploads/Notepad-vulnerabilities-300x167.webp 300w, https://thecyberexpress.com/wp-content/uploads/Notepad-vulnerabilities-1024x571.webp 1024w, https://thecyberexpress.com/wp-content/uploads/Notepad-vulnerabilities-768x428.webp 768w, https://thecyberexpress.com/wp-content/uploads/Notepad-vulnerabilities-600x335.webp 600w, https://thecyberexpress.com/wp-content/uploads/Notepad-vulnerabilities-150x84.webp 150w, https://thecyberexpress.com/wp-content/uploads/Notepad-vulnerabilities-750x418.webp 750w, https://thecyberexpress.com/wp-content/uploads/Notepad-vulnerabilities.webp 1101w, https://thecyberexpress.com/wp-content/uploads/Notepad-vulnerabilities-300x167.webp 300w, https://thecyberexpress.com/wp-content/uploads/Notepad-vulnerabilities-1024x571.webp 1024w, https://thecyberexpress.com/wp-content/uploads/Notepad-vulnerabilities-768x428.webp 768w, https://thecyberexpress.com/wp-content/uploads/Notepad-vulnerabilities-600x335.webp 600w, https://thecyberexpress.com/wp-content/uploads/Notepad-vulnerabilities-150x84.webp 150w, https://thecyberexpress.com/wp-content/uploads/Notepad-vulnerabilities-750x418.webp 750w" sizes="(max-width: 1101px) 100vw, 1101px" title="Critical Notepad++ Bugs Could Lead to Code Execution, Patch Available 8"></p><span data-contrast="auto">The latest Notepad++ vulnerabilities addressed in version 8.9.7 include several high-impact security flaws that could expose Windows systems to arbitrary code execution, file overwrite attacks, memory corruption, and authentication bypass. </span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>

<span data-contrast="auto">Among the most critical issues is a PowerShell command injection vulnerability in the installer, alongside fixes for CVE-2026-52886, CVE-2026-54758, and CVE-2026-57233. The release also delivers stability improvements and feature enhancements for one of the most widely used text editors on Windows.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>
<h3 aria-level="2"><b><span data-contrast="none">PowerShell Command Injection Tops the List of Notepad++ Vulnerabilities</span></b><span data-ccp-props="{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:160,&quot;335559739&quot;:80}"> </span></h3>
<span data-contrast="auto">The most severe Notepad++ <a class="wpil_keyword_link" href="https://thecyberexpress.com/firewall-daily/vulnerabilities/"   title="vulnerability" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29010">vulnerability</a> involves improper handling of PowerShell commands during installation. According to the <a href="https://community.notepad-plus-plus.org/topic/27604/notepad-release-8.9.7" target="_blank" rel="nofollow noopener">developers</a>, the installer has been updated to improve the robustness of PowerShell command processing, reducing the risk of command injection and unauthorized command execution.</span>

<span data-contrast="auto">If exploited, the flaw could allow attackers to manipulate the installation process and execute arbitrary <a href="https://thecyberexpress.com/new-powershell-campaign/" target="_blank" rel="noopener">PowerShell</a> commands. In practical scenarios, a compromised installer distributed through spoofed download sources or <a class="wpil_keyword_link" href="https://cyble.com/knowledge-hub/what-is-social-engineering/" target="_blank"  rel="noopener" title="social engineering" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29009">social engineering</a> campaigns could enable malware deployment during installation, potentially leading to complete system compromise without the user's knowledge.</span>
<h3 aria-level="2"><b><span data-contrast="none">CVE-2026-52886, CVE-2026-54758, and CVE-2026-57233 Address Critical Risks</span></b></h3>
<span data-contrast="auto">In addition to the installer flaw, the update resolves several other <a class="wpil_keyword_link" href="https://thecyberexpress.com/"   title="security" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29011">security</a> issues across different components. CVE-2026-54758 addresses a stack buffer overflow in the </span><span data-contrast="auto">expandNppEnvironmentStrs</span><span data-contrast="auto"> function that could result in memory corruption and potentially <a href="https://thecyberexpress.com/new-powershell-campaign/" target="_blank" rel="noopener">remote code execution</a>. Meanwhile, CVE-2026-57233 fixes a Zip Slip path traversal vulnerability in the WinGUp updater, preventing attackers from overwriting arbitrary files during the update extraction process.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>

<span data-contrast="auto">Another patched issue, CVE-2026-52886, fixes a session handling flaw where manipulated </span><span data-contrast="auto">session.xml</span><span data-contrast="auto"> entries could bypass path validation through the </span><span data-contrast="auto">backupFilePath starts_with</span><span data-contrast="auto"> check. The release also resolves an unassigned vulnerability affecting the macro system, where </span><span data-contrast="auto">shortcuts.xml</span><span data-contrast="auto"> allowed macro execution without proper HMAC verification, creating an integrity bypass that could enable unauthorized macro execution.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>

<span data-contrast="auto">Collectively, these Notepad++ <a class="wpil_keyword_link" href="https://thecyberexpress.com/what-are-vulnerabilities/"   title="vulnerabilities" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29012">vulnerabilities</a> demonstrate how installers, local configuration files, session management, update mechanisms, and macro validation can become attack vectors if not adequately protected.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>
<h3 aria-level="2"><b><span data-contrast="none">Notepad++ v8.9.7 Brings Stability Improvements Alongside Security Fixes</span></b><span data-ccp-props="{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:160,&quot;335559739&quot;:80}"> </span></h3>
<span data-contrast="auto">Beyond addressing Notepad++ vulnerabilities, version 8.9.7 introduces several usability and stability improvements. Users can now retain the expand and collapse state within "Folder as Workspace," while Incremental Search has been enhanced with count and nth-position indicators. The update also fixes crashes, user interface <a href="https://thecyberexpress.com/cve-2026-45829-chromatoast-chromadb/" target="_blank" rel="noopener">glitches</a>, high-DPI scaling issues, symbolic link freezes, file handling inconsistencies, and search performance problems. Additionally, bundled components have been updated to Scintilla 5.6.4, Lexilla 5.5.1, and pugixml 1.16.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>

<span data-contrast="auto">The Notepad++ team recommends that users update to version 8.9.7 as soon as possible, particularly in enterprise and development environments where the editor processes untrusted files or operates within automated workflows. Although the auto-updater is expected to roll out the release within two weeks, provided no regressions are detected, manual installation is recommended for immediate protection. </span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>

<span data-contrast="auto">Developers are also encouraged to verify download sources, as keeping software updated and installing packages only from trusted locations remains an essential safeguard against exploitation of CVE-2026-52886, CVE-2026-54758, CVE-2026-57233, and other Notepad++ vulnerabilities.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>]]></content:encoded>
					
		
		
		<post-id xmlns="com-wordpress:feed-additions:1">113180</post-id>	</item>
		<item>
		<title>TikTok Age Verification Under Investigation as UK Tightens Child Safety Rules</title>
		<link>https://thecyberexpress.com/tiktok-age-verification-probe-launched-by-uk/</link>
		
		<dc:creator><![CDATA[Samiksha Jain]]></dc:creator>
		<pubDate>Fri, 17 Jul 2026 05:50:24 +0000</pubDate>
				<category><![CDATA[Cyber News]]></category>
		<category><![CDATA[Firewall Daily]]></category>
		<category><![CDATA[Google Search]]></category>
		<category><![CDATA[Ofcom]]></category>
		<category><![CDATA[Online Safety Act]]></category>
		<category><![CDATA[Search Engines]]></category>
		<category><![CDATA[social media ban for under-16s]]></category>
		<category><![CDATA[The Cyber Express]]></category>
		<category><![CDATA[The Cyber Express News]]></category>
		<category><![CDATA[TikTok]]></category>
		<category><![CDATA[TikTok age verification]]></category>
		<guid isPermaLink="false">https://thecyberexpress.com/?p=113167</guid>

					<description><![CDATA[<p><img width="1536" height="1024" src="https://thecyberexpress.com/wp-content/uploads/TikTok-age-verification.webp" class="attachment-post-thumbnail size-post-thumbnail wp-post-image" alt="TikTok age verification" decoding="async" srcset="https://thecyberexpress.com/wp-content/uploads/TikTok-age-verification.webp 1536w, https://thecyberexpress.com/wp-content/uploads/TikTok-age-verification-300x200.webp 300w, https://thecyberexpress.com/wp-content/uploads/TikTok-age-verification-1024x683.webp 1024w, https://thecyberexpress.com/wp-content/uploads/TikTok-age-verification-768x512.webp 768w, https://thecyberexpress.com/wp-content/uploads/TikTok-age-verification-600x400.webp 600w, https://thecyberexpress.com/wp-content/uploads/TikTok-age-verification-150x100.webp 150w, https://thecyberexpress.com/wp-content/uploads/TikTok-age-verification-750x500.webp 750w, https://thecyberexpress.com/wp-content/uploads/TikTok-age-verification-1140x760.webp 1140w, https://thecyberexpress.com/wp-content/uploads/TikTok-age-verification.webp 1536w, https://thecyberexpress.com/wp-content/uploads/TikTok-age-verification-300x200.webp 300w, https://thecyberexpress.com/wp-content/uploads/TikTok-age-verification-1024x683.webp 1024w, https://thecyberexpress.com/wp-content/uploads/TikTok-age-verification-768x512.webp 768w, https://thecyberexpress.com/wp-content/uploads/TikTok-age-verification-600x400.webp 600w, https://thecyberexpress.com/wp-content/uploads/TikTok-age-verification-150x100.webp 150w, https://thecyberexpress.com/wp-content/uploads/TikTok-age-verification-750x500.webp 750w, https://thecyberexpress.com/wp-content/uploads/TikTok-age-verification-1140x760.webp 1140w" sizes="(max-width: 1536px) 100vw, 1536px" title="TikTok Age Verification Under Investigation as UK Tightens Child Safety Rules 9"></p><p class="PDq2pG_selectionAnchorContainer" data-start="405" data-end="878">The UK's communications regulator has launched a formal investigation into TikTok age verification, raising questions over whether the platform is adequately protecting children online under the country's <a href="https://thecyberexpress.com/uk-online-age-checks-are-failing/" target="_blank" rel="noopener">Online Safety Act</a>. The move comes as Britain prepares to introduce a <a href="https://thecyberexpress.com/uk-social-media-ban-set-for-2027-rollout/" target="_blank" rel="noopener">social media ban for under-16s</a>, with regulators warning that current age assurance methods used by some platforms may not be sufficient to prevent children from accessing harmful content.</p>
<p data-start="880" data-end="1113">The investigation follows the publication of a new <a href="https://thecyberexpress.com/ofcom-online-child-safety-rules/" target="_blank" rel="noopener">Ofcom</a> report that found age checks are becoming more common across online services, but significant gaps remain, particularly on social media platforms and some pornography websites.</p>

<h2 data-section-id="yy7t36" data-start="1115" data-end="1168"><span role="text"><strong data-start="1118" data-end="1168">Ofcom Questions TikTok Age Verification Method</strong></span></h2>
<p data-start="1170" data-end="1388">According to Ofcom, some social media companies rely primarily on age inference methods to identify child users. These systems estimate a user's age based on their online behavior rather than verifying it directly.</p>
<p data-start="1390" data-end="1750">The regulator <a href="https://www.ofcom.org.uk/online-safety/protecting-children/age-checks-helping-make-online-experiences-safer-for-uk-children-but-job-not-done-and-tech-industry-must-act-to-strengthen-protections" target="_blank" rel="nofollow noopener">said</a> it has "serious doubts" about whether these methods are capable of meeting the standards required under the Online Safety Act. Ofcom believes some companies may be failing to correctly identify a significant number of children, potentially exposing them to harmful content, including pornography, self-harm, and suicide-related material.</p>
<p data-start="1752" data-end="1907">As a result, Ofcom has launched a formal investigation into whether TikTok is complying with its legal duties to protect children from harmful content.</p>
<p data-start="1909" data-end="2249">The regulator also warned that age inference alone will not be considered sufficient for enforcing the government's planned restrictions on social media use by children under 16. Platforms using such methods have been urged to adopt more effective age assurance technologies or provide compelling evidence demonstrating their effectiveness.</p>

<h2 data-section-id="c7nu5l" data-start="2251" data-end="2300"><span role="text"><strong data-start="2254" data-end="2300">Age Checks Increase Across Online Services</strong></span></h2>
<p data-start="2302" data-end="2457">The report found significant progress in the adoption of age checks since the Online Safety Act's child protection duties came into force in July 2025.</p>
<p data-start="2459" data-end="2589">Between July 2025 and January 2026, the proportion of children encountering highly effective age checks increased from 25% to 43%.</p>
<p data-start="2591" data-end="2783">Ofcom said more than 69 million age checks were completed across a sample of 32 UK services during the second half of 2025, representing a 23-fold increase compared to the previous six months.</p>
<p data-start="2785" data-end="2930">The regulator also reported that all of the UK's top 10 pornography websites and most of the top 100 now have age verification measures in place.</p>
<p data-start="2932" data-end="3209">Among children aged 8 to 14 who attempted to access pornography, only 8% visited such services. Half of those children reached only websites with age checks, while nearly 87% of their visits lasted less than 30 seconds, suggesting age verification discouraged continued access.</p>

<h2 data-section-id="1ukhku3" data-start="3211" data-end="3251"><span role="text"><strong data-start="3214" data-end="3251">Search Engines Also Face Scrutiny</strong></span></h2>
<p data-start="3253" data-end="3428">Despite the wider rollout of age assurance, Ofcom found that children can still easily discover <a href="https://thecyberexpress.com/breachforums-admin-pompompurin-pleaded-guilty/" target="_blank" rel="noopener">pornography</a> websites without age checks through Google Search and Bing.</p>
<p data-start="3430" data-end="3608">Its analysis found that 33% of first-page Google search results and 54% of Bing results directed users to pornography websites lacking age verification or equivalent protections.</p>
<p data-start="3610" data-end="3781">Following discussions with the regulator, Google and Bing have agreed to work with Ofcom on practical measures to reduce the visibility of such websites in search results.</p>
<p data-start="3783" data-end="4049">Meanwhile, Ofcom continues enforcement against adult services that fail to comply with the law. The regulator has opened 23 investigations involving 88 adult service providers, with many either introducing age assurance or blocking UK users after enforcement action.</p>

<h2 data-section-id="1fml1dm" data-start="4051" data-end="4104"><span role="text"><strong data-start="4054" data-end="4104">UK Moves Toward Social Media Ban for Under-16s</strong></span></h2>
<p data-start="4106" data-end="4249">The investigation comes as the UK government advances plans to introduce a social media ban for under-16s, modeled on Australia's approach.</p>
<p data-start="4251" data-end="4503"><a href="https://www.gov.uk/government/news/social-media-to-be-banned-for-under-16s-in-landmark-government-move-to-givekids-their-childhood-back" target="_blank" rel="nofollow noopener">Under the proposal</a>, platforms including <a href="https://thecyberexpress.com/tiktok-addictive-design-breaches/" target="_blank" rel="noopener">TikTok</a>, Snapchat, <a href="https://thecyberexpress.com/instagram-teen-accounts-for-young-users/" target="_blank" rel="noopener">Instagram</a>, Facebook, YouTube, and X would be prohibited from offering social media services to users under 16. Messaging services such as <a class="wpil_keyword_link" href="https://thecyberexpress.com/unknown-international-calls-whatsapp-scams/"   title="WhatsApp" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29008">WhatsApp</a> and Signal are not expected to be included.</p>
<p data-start="4505" data-end="4840">The government also plans to introduce additional protections, including restrictions on livestreaming and communication with strangers for children under 16 across social media and certain gaming platforms. Similar safeguards would apply by default to users aged 16 and 17 to avoid what officials describe as a "cliff-edge" at age 16.</p>
<p data-start="4842" data-end="4980">The proposed measures are expected to be presented to Parliament before the end of the year, with implementation targeted for Spring 2027.</p>
<p data-start="4982" data-end="5224">Ofcom said it will submit a rapid assessment to Parliament by the end of October outlining what constitutes highly effective age assurance for verifying whether someone is over 16, helping shape future enforcement of the planned restrictions.</p>]]></description>
										<content:encoded><![CDATA[<p><img width="1536" height="1024" src="https://thecyberexpress.com/wp-content/uploads/TikTok-age-verification.webp" class="attachment-post-thumbnail size-post-thumbnail wp-post-image" alt="TikTok age verification" decoding="async" srcset="https://thecyberexpress.com/wp-content/uploads/TikTok-age-verification.webp 1536w, https://thecyberexpress.com/wp-content/uploads/TikTok-age-verification-300x200.webp 300w, https://thecyberexpress.com/wp-content/uploads/TikTok-age-verification-1024x683.webp 1024w, https://thecyberexpress.com/wp-content/uploads/TikTok-age-verification-768x512.webp 768w, https://thecyberexpress.com/wp-content/uploads/TikTok-age-verification-600x400.webp 600w, https://thecyberexpress.com/wp-content/uploads/TikTok-age-verification-150x100.webp 150w, https://thecyberexpress.com/wp-content/uploads/TikTok-age-verification-750x500.webp 750w, https://thecyberexpress.com/wp-content/uploads/TikTok-age-verification-1140x760.webp 1140w, https://thecyberexpress.com/wp-content/uploads/TikTok-age-verification.webp 1536w, https://thecyberexpress.com/wp-content/uploads/TikTok-age-verification-300x200.webp 300w, https://thecyberexpress.com/wp-content/uploads/TikTok-age-verification-1024x683.webp 1024w, https://thecyberexpress.com/wp-content/uploads/TikTok-age-verification-768x512.webp 768w, https://thecyberexpress.com/wp-content/uploads/TikTok-age-verification-600x400.webp 600w, https://thecyberexpress.com/wp-content/uploads/TikTok-age-verification-150x100.webp 150w, https://thecyberexpress.com/wp-content/uploads/TikTok-age-verification-750x500.webp 750w, https://thecyberexpress.com/wp-content/uploads/TikTok-age-verification-1140x760.webp 1140w" sizes="(max-width: 1536px) 100vw, 1536px" title="TikTok Age Verification Under Investigation as UK Tightens Child Safety Rules 10"></p><p class="PDq2pG_selectionAnchorContainer" data-start="405" data-end="878">The UK's communications regulator has launched a formal investigation into TikTok age verification, raising questions over whether the platform is adequately protecting children online under the country's <a href="https://thecyberexpress.com/uk-online-age-checks-are-failing/" target="_blank" rel="noopener">Online Safety Act</a>. The move comes as Britain prepares to introduce a <a href="https://thecyberexpress.com/uk-social-media-ban-set-for-2027-rollout/" target="_blank" rel="noopener">social media ban for under-16s</a>, with regulators warning that current age assurance methods used by some platforms may not be sufficient to prevent children from accessing harmful content.</p>
<p data-start="880" data-end="1113">The investigation follows the publication of a new <a href="https://thecyberexpress.com/ofcom-online-child-safety-rules/" target="_blank" rel="noopener">Ofcom</a> report that found age checks are becoming more common across online services, but significant gaps remain, particularly on social media platforms and some pornography websites.</p>

<h2 data-section-id="yy7t36" data-start="1115" data-end="1168"><span role="text"><strong data-start="1118" data-end="1168">Ofcom Questions TikTok Age Verification Method</strong></span></h2>
<p data-start="1170" data-end="1388">According to Ofcom, some social media companies rely primarily on age inference methods to identify child users. These systems estimate a user's age based on their online behavior rather than verifying it directly.</p>
<p data-start="1390" data-end="1750">The regulator <a href="https://www.ofcom.org.uk/online-safety/protecting-children/age-checks-helping-make-online-experiences-safer-for-uk-children-but-job-not-done-and-tech-industry-must-act-to-strengthen-protections" target="_blank" rel="nofollow noopener">said</a> it has "serious doubts" about whether these methods are capable of meeting the standards required under the Online Safety Act. Ofcom believes some companies may be failing to correctly identify a significant number of children, potentially exposing them to harmful content, including pornography, self-harm, and suicide-related material.</p>
<p data-start="1752" data-end="1907">As a result, Ofcom has launched a formal investigation into whether TikTok is complying with its legal duties to protect children from harmful content.</p>
<p data-start="1909" data-end="2249">The regulator also warned that age inference alone will not be considered sufficient for enforcing the government's planned restrictions on social media use by children under 16. Platforms using such methods have been urged to adopt more effective age assurance technologies or provide compelling evidence demonstrating their effectiveness.</p>

<h2 data-section-id="c7nu5l" data-start="2251" data-end="2300"><span role="text"><strong data-start="2254" data-end="2300">Age Checks Increase Across Online Services</strong></span></h2>
<p data-start="2302" data-end="2457">The report found significant progress in the adoption of age checks since the Online Safety Act's child protection duties came into force in July 2025.</p>
<p data-start="2459" data-end="2589">Between July 2025 and January 2026, the proportion of children encountering highly effective age checks increased from 25% to 43%.</p>
<p data-start="2591" data-end="2783">Ofcom said more than 69 million age checks were completed across a sample of 32 UK services during the second half of 2025, representing a 23-fold increase compared to the previous six months.</p>
<p data-start="2785" data-end="2930">The regulator also reported that all of the UK's top 10 pornography websites and most of the top 100 now have age verification measures in place.</p>
<p data-start="2932" data-end="3209">Among children aged 8 to 14 who attempted to access pornography, only 8% visited such services. Half of those children reached only websites with age checks, while nearly 87% of their visits lasted less than 30 seconds, suggesting age verification discouraged continued access.</p>

<h2 data-section-id="1ukhku3" data-start="3211" data-end="3251"><span role="text"><strong data-start="3214" data-end="3251">Search Engines Also Face Scrutiny</strong></span></h2>
<p data-start="3253" data-end="3428">Despite the wider rollout of age assurance, Ofcom found that children can still easily discover <a href="https://thecyberexpress.com/breachforums-admin-pompompurin-pleaded-guilty/" target="_blank" rel="noopener">pornography</a> websites without age checks through Google Search and Bing.</p>
<p data-start="3430" data-end="3608">Its analysis found that 33% of first-page Google search results and 54% of Bing results directed users to pornography websites lacking age verification or equivalent protections.</p>
<p data-start="3610" data-end="3781">Following discussions with the regulator, Google and Bing have agreed to work with Ofcom on practical measures to reduce the visibility of such websites in search results.</p>
<p data-start="3783" data-end="4049">Meanwhile, Ofcom continues enforcement against adult services that fail to comply with the law. The regulator has opened 23 investigations involving 88 adult service providers, with many either introducing age assurance or blocking UK users after enforcement action.</p>

<h2 data-section-id="1fml1dm" data-start="4051" data-end="4104"><span role="text"><strong data-start="4054" data-end="4104">UK Moves Toward Social Media Ban for Under-16s</strong></span></h2>
<p data-start="4106" data-end="4249">The investigation comes as the UK government advances plans to introduce a social media ban for under-16s, modeled on Australia's approach.</p>
<p data-start="4251" data-end="4503"><a href="https://www.gov.uk/government/news/social-media-to-be-banned-for-under-16s-in-landmark-government-move-to-givekids-their-childhood-back" target="_blank" rel="nofollow noopener">Under the proposal</a>, platforms including <a href="https://thecyberexpress.com/tiktok-addictive-design-breaches/" target="_blank" rel="noopener">TikTok</a>, Snapchat, <a href="https://thecyberexpress.com/instagram-teen-accounts-for-young-users/" target="_blank" rel="noopener">Instagram</a>, Facebook, YouTube, and X would be prohibited from offering social media services to users under 16. Messaging services such as <a class="wpil_keyword_link" href="https://thecyberexpress.com/unknown-international-calls-whatsapp-scams/"   title="WhatsApp" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29008">WhatsApp</a> and Signal are not expected to be included.</p>
<p data-start="4505" data-end="4840">The government also plans to introduce additional protections, including restrictions on livestreaming and communication with strangers for children under 16 across social media and certain gaming platforms. Similar safeguards would apply by default to users aged 16 and 17 to avoid what officials describe as a "cliff-edge" at age 16.</p>
<p data-start="4842" data-end="4980">The proposed measures are expected to be presented to Parliament before the end of the year, with implementation targeted for Spring 2027.</p>
<p data-start="4982" data-end="5224">Ofcom said it will submit a rapid assessment to Parliament by the end of October outlining what constitutes highly effective age assurance for verifying whether someone is over 16, helping shape future enforcement of the planned restrictions.</p>]]></content:encoded>
					
		
		
		<post-id xmlns="com-wordpress:feed-additions:1">113167</post-id>	</item>
		<item>
		<title>Zoom Patches Critical Windows Flaw Enabling Account Takeover</title>
		<link>https://thecyberexpress.com/cve-2026-53412-zoom-desktop-client/</link>
		
		<dc:creator><![CDATA[Ashish Khaitan]]></dc:creator>
		<pubDate>Fri, 17 Jul 2026 05:41:33 +0000</pubDate>
				<category><![CDATA[Firewall Daily]]></category>
		<category><![CDATA[Vulnerabilities]]></category>
		<category><![CDATA[Vulnerability News]]></category>
		<category><![CDATA[CVE-2026-53412]]></category>
		<category><![CDATA[Meeting SDK]]></category>
		<category><![CDATA[The Cyber Express]]></category>
		<category><![CDATA[The Cyber Express News]]></category>
		<category><![CDATA[Zoom Desktop Client]]></category>
		<category><![CDATA[ZSB-26014]]></category>
		<guid isPermaLink="false">https://thecyberexpress.com/?p=113169</guid>

					<description><![CDATA[<p><img width="1110" height="717" src="https://thecyberexpress.com/wp-content/uploads/CVE-2026-53412.webp" class="attachment-post-thumbnail size-post-thumbnail wp-post-image" alt="CVE-2026-53412" decoding="async" srcset="https://thecyberexpress.com/wp-content/uploads/CVE-2026-53412.webp 1110w, https://thecyberexpress.com/wp-content/uploads/CVE-2026-53412-300x194.webp 300w, https://thecyberexpress.com/wp-content/uploads/CVE-2026-53412-1024x661.webp 1024w, https://thecyberexpress.com/wp-content/uploads/CVE-2026-53412-768x496.webp 768w, https://thecyberexpress.com/wp-content/uploads/CVE-2026-53412-600x388.webp 600w, https://thecyberexpress.com/wp-content/uploads/CVE-2026-53412-150x97.webp 150w, https://thecyberexpress.com/wp-content/uploads/CVE-2026-53412-750x484.webp 750w, https://thecyberexpress.com/wp-content/uploads/CVE-2026-53412.webp 1110w, https://thecyberexpress.com/wp-content/uploads/CVE-2026-53412-300x194.webp 300w, https://thecyberexpress.com/wp-content/uploads/CVE-2026-53412-1024x661.webp 1024w, https://thecyberexpress.com/wp-content/uploads/CVE-2026-53412-768x496.webp 768w, https://thecyberexpress.com/wp-content/uploads/CVE-2026-53412-600x388.webp 600w, https://thecyberexpress.com/wp-content/uploads/CVE-2026-53412-150x97.webp 150w, https://thecyberexpress.com/wp-content/uploads/CVE-2026-53412-750x484.webp 750w" sizes="(max-width: 1110px) 100vw, 1110px" title="Zoom Patches Critical Windows Flaw Enabling Account Takeover 11"></p><span data-contrast="auto">Zoom has released security updates to fix CVE-2026-53412, a critical Improper Input Validation vulnerability affecting its Windows software, which could allow attackers to take over user accounts via network access. The flaw primarily impacts the Zoom Desktop Client and other Windows-based Zoom products, prompting the company to urge users to install the latest updates.</span>

According to <a href="https://thehackernews.com/2026/07/zoom-patches-critical-windows-flaw-that.html" target="_blank" rel="nofollow noopener">Zoom</a>, CVE-2026-53412 carries a CVSS score of 9.8 and is tracked under security bulletin ZSB-26014. The company stated, "Improper Input Validation in Zoom Desktop Client for Windows and Zoom VDI Client for Windows may allow an unauthenticated user to conduct an account takeover via network access." The <a class="wpil_keyword_link" href="https://thecyberexpress.com/firewall-daily/vulnerabilities/"   title="vulnerability" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29005">vulnerability</a> is rated Critical with the CVSS vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
<h3 aria-level="2"><b><span data-contrast="none">CVE-2026-53412 Affects Zoom Desktop Client for Windows</span></b><span data-ccp-props="{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:160,&quot;335559739&quot;:80}"> </span></h3>
<span data-contrast="auto">The Improper Input Validation issue impacts Zoom Workplace for Windows before version 7.0.0 and Zoom Workplace VDI Client for Windows before versions 7.0.10, 6.6.15, and 6.5.18, depending on the software branch. <a href="https://thecyberexpress.com/critical-zoom-vulnerability-cve-2025-49457/" target="_blank" rel="noopener">Zoom</a> advised users to remain protected by installing the latest software updates available through its download portal.</span>

<span data-contrast="auto">The advisory credits Zoom Offensive <a class="wpil_keyword_link" href="https://thecyberexpress.com/"   title="Security" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29007">Security</a> for reporting the vulnerability. It also includes a revision history showing that version 1.0 of the bulletin was published on July 14, 2026, while version 1.1, released on July 15, 2026, removed Meeting SDK for Windows from the list of affected products.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>
<h3 aria-level="2"><b><span data-contrast="none">Three Additional High-Severity Vulnerabilities Addressed</span></b><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:299,&quot;335559739&quot;:299}"> </span></h3>
<span data-contrast="auto">Alongside CVE-2026-53412, Zoom resolved three high-severity <a href="https://thecyberexpress.com/cisa-flags-2-critical-windows-vulnerabilities/" target="_blank" rel="noopener">Windows vulnerabilities</a>.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>

<span data-contrast="auto">CVE-2026-53411 received a CVSS score of 7.8 and involves an Improper Input Validation flaw in the Zoom Workplace VDI Plugin for Windows before version 6.6.14. The issue could allow an authenticated local user to escalate privileges.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>

<span data-contrast="auto">CVE-2026-53410, with a CVSS score of 7.0, is a time-of-check to time-of-use (TOCTOU) race condition affecting the installation and uninstallation process of certain Zoom Windows clients. The flaw could enable an authenticated local user to gain elevated privileges. </span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>

<span data-contrast="auto">It affects Zoom Workplace for Windows before version 7.0.5, Zoom Workplace VDI Client for Windows before versions 6.5.17 and 6.6.14, Zoom Workplace VDI Plugin for Windows before versions 6.5.17 and 6.6.14, Zoom Rooms for Windows before version 7.0.5, and Remote Control for Zoom Contact Center for Windows before version 7.0.0.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>

<span data-contrast="auto">The fourth issue, CVE-2026-53409, carries a CVSS score of 7.8 and is an improper privilege management vulnerability affecting Zoom Rooms for <a href="https://thecyberexpress.com/cisa-flags-2-critical-windows-vulnerabilities/" target="_blank" rel="noopener">Windows</a> before version 7.1.0. It could allow an authenticated local user to escalate privileges through local access.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>

<span data-contrast="auto">At the time of publication, there is no evidence that CVE-2026-53412 or the other disclosed <a class="wpil_keyword_link" href="https://thecyberexpress.com/what-are-vulnerabilities/"   title="vulnerabilities" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29004">vulnerabilities</a> are being actively exploited in real-world attacks. Nevertheless, Zoom recommends users update affected Windows applications as soon as possible to mitigate potential security <a class="wpil_keyword_link" href="https://thecyberexpress.com/what-are-risks-in-cybersecurity/"   title="risks" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29006">risks</a> associated with the Zoom Desktop Client and related software.</span>]]></description>
										<content:encoded><![CDATA[<p><img width="1110" height="717" src="https://thecyberexpress.com/wp-content/uploads/CVE-2026-53412.webp" class="attachment-post-thumbnail size-post-thumbnail wp-post-image" alt="CVE-2026-53412" decoding="async" srcset="https://thecyberexpress.com/wp-content/uploads/CVE-2026-53412.webp 1110w, https://thecyberexpress.com/wp-content/uploads/CVE-2026-53412-300x194.webp 300w, https://thecyberexpress.com/wp-content/uploads/CVE-2026-53412-1024x661.webp 1024w, https://thecyberexpress.com/wp-content/uploads/CVE-2026-53412-768x496.webp 768w, https://thecyberexpress.com/wp-content/uploads/CVE-2026-53412-600x388.webp 600w, https://thecyberexpress.com/wp-content/uploads/CVE-2026-53412-150x97.webp 150w, https://thecyberexpress.com/wp-content/uploads/CVE-2026-53412-750x484.webp 750w, https://thecyberexpress.com/wp-content/uploads/CVE-2026-53412.webp 1110w, https://thecyberexpress.com/wp-content/uploads/CVE-2026-53412-300x194.webp 300w, https://thecyberexpress.com/wp-content/uploads/CVE-2026-53412-1024x661.webp 1024w, https://thecyberexpress.com/wp-content/uploads/CVE-2026-53412-768x496.webp 768w, https://thecyberexpress.com/wp-content/uploads/CVE-2026-53412-600x388.webp 600w, https://thecyberexpress.com/wp-content/uploads/CVE-2026-53412-150x97.webp 150w, https://thecyberexpress.com/wp-content/uploads/CVE-2026-53412-750x484.webp 750w" sizes="(max-width: 1110px) 100vw, 1110px" title="Zoom Patches Critical Windows Flaw Enabling Account Takeover 12"></p><span data-contrast="auto">Zoom has released security updates to fix CVE-2026-53412, a critical Improper Input Validation vulnerability affecting its Windows software, which could allow attackers to take over user accounts via network access. The flaw primarily impacts the Zoom Desktop Client and other Windows-based Zoom products, prompting the company to urge users to install the latest updates.</span>

According to <a href="https://thehackernews.com/2026/07/zoom-patches-critical-windows-flaw-that.html" target="_blank" rel="nofollow noopener">Zoom</a>, CVE-2026-53412 carries a CVSS score of 9.8 and is tracked under security bulletin ZSB-26014. The company stated, "Improper Input Validation in Zoom Desktop Client for Windows and Zoom VDI Client for Windows may allow an unauthenticated user to conduct an account takeover via network access." The <a class="wpil_keyword_link" href="https://thecyberexpress.com/firewall-daily/vulnerabilities/"   title="vulnerability" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29005">vulnerability</a> is rated Critical with the CVSS vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
<h3 aria-level="2"><b><span data-contrast="none">CVE-2026-53412 Affects Zoom Desktop Client for Windows</span></b><span data-ccp-props="{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:160,&quot;335559739&quot;:80}"> </span></h3>
<span data-contrast="auto">The Improper Input Validation issue impacts Zoom Workplace for Windows before version 7.0.0 and Zoom Workplace VDI Client for Windows before versions 7.0.10, 6.6.15, and 6.5.18, depending on the software branch. <a href="https://thecyberexpress.com/critical-zoom-vulnerability-cve-2025-49457/" target="_blank" rel="noopener">Zoom</a> advised users to remain protected by installing the latest software updates available through its download portal.</span>

<span data-contrast="auto">The advisory credits Zoom Offensive <a class="wpil_keyword_link" href="https://thecyberexpress.com/"   title="Security" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29007">Security</a> for reporting the vulnerability. It also includes a revision history showing that version 1.0 of the bulletin was published on July 14, 2026, while version 1.1, released on July 15, 2026, removed Meeting SDK for Windows from the list of affected products.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>
<h3 aria-level="2"><b><span data-contrast="none">Three Additional High-Severity Vulnerabilities Addressed</span></b><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:299,&quot;335559739&quot;:299}"> </span></h3>
<span data-contrast="auto">Alongside CVE-2026-53412, Zoom resolved three high-severity <a href="https://thecyberexpress.com/cisa-flags-2-critical-windows-vulnerabilities/" target="_blank" rel="noopener">Windows vulnerabilities</a>.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>

<span data-contrast="auto">CVE-2026-53411 received a CVSS score of 7.8 and involves an Improper Input Validation flaw in the Zoom Workplace VDI Plugin for Windows before version 6.6.14. The issue could allow an authenticated local user to escalate privileges.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>

<span data-contrast="auto">CVE-2026-53410, with a CVSS score of 7.0, is a time-of-check to time-of-use (TOCTOU) race condition affecting the installation and uninstallation process of certain Zoom Windows clients. The flaw could enable an authenticated local user to gain elevated privileges. </span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>

<span data-contrast="auto">It affects Zoom Workplace for Windows before version 7.0.5, Zoom Workplace VDI Client for Windows before versions 6.5.17 and 6.6.14, Zoom Workplace VDI Plugin for Windows before versions 6.5.17 and 6.6.14, Zoom Rooms for Windows before version 7.0.5, and Remote Control for Zoom Contact Center for Windows before version 7.0.0.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>

<span data-contrast="auto">The fourth issue, CVE-2026-53409, carries a CVSS score of 7.8 and is an improper privilege management vulnerability affecting Zoom Rooms for <a href="https://thecyberexpress.com/cisa-flags-2-critical-windows-vulnerabilities/" target="_blank" rel="noopener">Windows</a> before version 7.1.0. It could allow an authenticated local user to escalate privileges through local access.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>

<span data-contrast="auto">At the time of publication, there is no evidence that CVE-2026-53412 or the other disclosed <a class="wpil_keyword_link" href="https://thecyberexpress.com/what-are-vulnerabilities/"   title="vulnerabilities" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29004">vulnerabilities</a> are being actively exploited in real-world attacks. Nevertheless, Zoom recommends users update affected Windows applications as soon as possible to mitigate potential security <a class="wpil_keyword_link" href="https://thecyberexpress.com/what-are-risks-in-cybersecurity/"   title="risks" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29006">risks</a> associated with the Zoom Desktop Client and related software.</span>]]></content:encoded>
					
		
		
		<post-id xmlns="com-wordpress:feed-additions:1">113169</post-id>	</item>
		<item>
		<title>Partnered Health Cyberattack Exposes Patient Data Across Australia</title>
		<link>https://thecyberexpress.com/partnered-health-cyberattack/</link>
		
		<dc:creator><![CDATA[Ashish Khaitan]]></dc:creator>
		<pubDate>Thu, 16 Jul 2026 08:54:00 +0000</pubDate>
				<category><![CDATA[Firewall Daily]]></category>
		<category><![CDATA[Cyber News]]></category>
		<category><![CDATA[Data Breach News]]></category>
		<category><![CDATA[Healthcare Cybersecurity]]></category>
		<category><![CDATA[Partnered Health cyberattack]]></category>
		<category><![CDATA[Partnered Health Data Breach]]></category>
		<category><![CDATA[Quadrant]]></category>
		<category><![CDATA[The Cyber Express]]></category>
		<category><![CDATA[The Cyber Express News]]></category>
		<guid isPermaLink="false">https://thecyberexpress.com/?p=113160</guid>

					<description><![CDATA[<p><img width="1165" height="768" src="https://thecyberexpress.com/wp-content/uploads/Partnered-Health-cyberattack.webp" class="attachment-post-thumbnail size-post-thumbnail wp-post-image" alt="Partnered Health cyberattack" decoding="async" srcset="https://thecyberexpress.com/wp-content/uploads/Partnered-Health-cyberattack.webp 1165w, https://thecyberexpress.com/wp-content/uploads/Partnered-Health-cyberattack-300x198.webp 300w, https://thecyberexpress.com/wp-content/uploads/Partnered-Health-cyberattack-1024x675.webp 1024w, https://thecyberexpress.com/wp-content/uploads/Partnered-Health-cyberattack-768x506.webp 768w, https://thecyberexpress.com/wp-content/uploads/Partnered-Health-cyberattack-600x396.webp 600w, https://thecyberexpress.com/wp-content/uploads/Partnered-Health-cyberattack-150x99.webp 150w, https://thecyberexpress.com/wp-content/uploads/Partnered-Health-cyberattack-750x494.webp 750w, https://thecyberexpress.com/wp-content/uploads/Partnered-Health-cyberattack-1140x752.webp 1140w, https://thecyberexpress.com/wp-content/uploads/Partnered-Health-cyberattack.webp 1165w, https://thecyberexpress.com/wp-content/uploads/Partnered-Health-cyberattack-300x198.webp 300w, https://thecyberexpress.com/wp-content/uploads/Partnered-Health-cyberattack-1024x675.webp 1024w, https://thecyberexpress.com/wp-content/uploads/Partnered-Health-cyberattack-768x506.webp 768w, https://thecyberexpress.com/wp-content/uploads/Partnered-Health-cyberattack-600x396.webp 600w, https://thecyberexpress.com/wp-content/uploads/Partnered-Health-cyberattack-150x99.webp 150w, https://thecyberexpress.com/wp-content/uploads/Partnered-Health-cyberattack-750x494.webp 750w, https://thecyberexpress.com/wp-content/uploads/Partnered-Health-cyberattack-1140x752.webp 1140w" sizes="(max-width: 1165px) 100vw, 1165px" title="Partnered Health Cyberattack Exposes Patient Data Across Australia 13"></p><span data-contrast="auto">The Partnered Health cyberattack has exposed sensitive patient information across multiple Australian clinics, raising fresh concerns about healthcare cybersecurity.</span>

<span data-contrast="auto">The Partnered Health data breach, involving clinics owned by healthcare provider Partnered Health, a company backed by Quadrant, affected facilities in New South Wales, Victoria, Queensland, Western Australia, and the ACT.</span>

<span data-contrast="auto">The incident has also renewed scrutiny of the growing number of cyberattacks targeting Australia's healthcare sector.</span>
<h3 aria-level="2"><b><span data-contrast="none">Partnered Health Data Breach Impacted Medical and Personal Information</span></b><span data-ccp-props="{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:160,&quot;335559739&quot;:80}"> </span></h3>
<span data-contrast="auto">Partnered Health <a href="https://partneredhealth.com.au/partnered-health-recent-cyber-incident/" target="_blank" rel="nofollow noopener">confirmed</a> that a malicious actor accessed its systems on 23 June, compromising data from 21 clinics across cities, including Sydney, Melbourne, and Canberra. The healthcare provider disclosed the breach more than three weeks later, informing patients that investigations had confirmed personal and <a href="https://thecyberexpress.com/medisecure-data-breach-confirmed/" target="_blank" rel="noopener">health information</a> had been taken from some clinics within its network.</span>

<span data-contrast="auto">"Our investigations to date have confirmed that personal information (including health information) was taken from some of the clinics in our network," the company said. It added, "As a health services provider, we know our patients and our people trust us with personal and medical information, and we sincerely apologise for any concern and inconvenience this may cause them."</span>

<span data-contrast="auto">The stolen information includes names, dates of birth, addresses, contact details, Medicare information, private health insurance details, concession card information, consultation notes, referral letters, pathology reports, diagnostic results, and other treatment records maintained by <a class="wpil_keyword_link" href="https://cyble.com/general/" target="_blank"  rel="noopener" title="general" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29002">general</a> practitioners.</span>
<h3 aria-level="2"><b><span data-contrast="none">Investigation into the Partnered Health Cyberattack Continues</span></b><span data-ccp-props="{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:160,&quot;335559739&quot;:80}"> </span></h3>
<span data-contrast="auto">Partnered Health said the cyberattack has been reported to the <a href="https://thecyberexpress.com/fiig-cyberattack-au2-5m-fine-fiig-securities/" target="_blank" rel="noopener">Australian Cyber Security Centre</a>, the Office of the Australian Information Commissioner, and law enforcement authorities. The company has also secured an interim injunction from the NSW Supreme Court preventing the stolen information from being used or published.</span>

<span data-contrast="auto">While investigations remain ongoing, the provider said the extent of the breach is still being determined at five clinics, including three in Western Australia and two in Victoria.</span>

<span data-contrast="auto">"While there is no direct evidence that patient records have been viewed, as a precaution we have written to patients from these clinics to make them aware of this and provide details of steps that can be taken to protect their information," a Partnered Health spokesperson said. The spokesperson added, "We understand that this sort of news can cause concern. We sincerely apologize for any distress this may have caused our patients."</span>
<h3 aria-level="2"><b><span data-contrast="none">Quadrant-backed Healthcare Provider Faces Growing Scrutiny</span></b><span data-ccp-props="{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:160,&quot;335559739&quot;:80}"> </span></h3>
<span data-contrast="auto">Established in 2013, Partnered Health operates more than 60 medical centres, along with skin cancer, allied health, and mental health clinics, providing services to more than 5 million people nationwide. The company is owned by Quadrant, while Bupa announced in June that it would acquire the healthcare provider.</span>

<span data-contrast="auto">The Partnered Health data breach comes amid a record year for <a href="https://thecyberexpress.com/australia-cyber-incident-review-board/" target="_blank" rel="noopener">cybersecurity incidents in Australia</a>. According to the Office of the Australian Information Commissioner, 1,205 <a class="wpil_keyword_link" href="https://cyble.com/knowledge-hub/what-is-a-data-breach/" target="_blank"  rel="noopener" title="data breach" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29001">data breach</a> notifications were recorded in 2025, marking an 8% increase compared with 2024. Among the year's largest incidents was the cyberattack on Qantas, which compromised the information of 5.7 million customers and was reportedly leaked on the <a class="wpil_keyword_link" href="https://cyble.com/knowledge-hub/what-is-the-dark-web/" target="_blank"  rel="noopener" title="dark web" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29000">dark web</a>.</span>

<span data-contrast="auto">A <a href="https://www.smh.com.au/national/nsw/patient-details-exposed-in-cyberattack-on-australian-healthcare-provider-20260715-p60fna.html" target="_blank" rel="nofollow noopener">spokesperson for the Department of Home Affairs</a> said the federal government is aware of the Partnered Health cyberattack and confirmed that relevant agencies are engaged as investigations continue. Authorities have not yet disclosed how many patients were affected or the full scope of the stolen <a class="wpil_keyword_link" href="https://thecyberexpress.com/what-is-data/"   title="data" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29003">data</a>.</span>]]></description>
										<content:encoded><![CDATA[<p><img width="1165" height="768" src="https://thecyberexpress.com/wp-content/uploads/Partnered-Health-cyberattack.webp" class="attachment-post-thumbnail size-post-thumbnail wp-post-image" alt="Partnered Health cyberattack" decoding="async" srcset="https://thecyberexpress.com/wp-content/uploads/Partnered-Health-cyberattack.webp 1165w, https://thecyberexpress.com/wp-content/uploads/Partnered-Health-cyberattack-300x198.webp 300w, https://thecyberexpress.com/wp-content/uploads/Partnered-Health-cyberattack-1024x675.webp 1024w, https://thecyberexpress.com/wp-content/uploads/Partnered-Health-cyberattack-768x506.webp 768w, https://thecyberexpress.com/wp-content/uploads/Partnered-Health-cyberattack-600x396.webp 600w, https://thecyberexpress.com/wp-content/uploads/Partnered-Health-cyberattack-150x99.webp 150w, https://thecyberexpress.com/wp-content/uploads/Partnered-Health-cyberattack-750x494.webp 750w, https://thecyberexpress.com/wp-content/uploads/Partnered-Health-cyberattack-1140x752.webp 1140w, https://thecyberexpress.com/wp-content/uploads/Partnered-Health-cyberattack.webp 1165w, https://thecyberexpress.com/wp-content/uploads/Partnered-Health-cyberattack-300x198.webp 300w, https://thecyberexpress.com/wp-content/uploads/Partnered-Health-cyberattack-1024x675.webp 1024w, https://thecyberexpress.com/wp-content/uploads/Partnered-Health-cyberattack-768x506.webp 768w, https://thecyberexpress.com/wp-content/uploads/Partnered-Health-cyberattack-600x396.webp 600w, https://thecyberexpress.com/wp-content/uploads/Partnered-Health-cyberattack-150x99.webp 150w, https://thecyberexpress.com/wp-content/uploads/Partnered-Health-cyberattack-750x494.webp 750w, https://thecyberexpress.com/wp-content/uploads/Partnered-Health-cyberattack-1140x752.webp 1140w" sizes="(max-width: 1165px) 100vw, 1165px" title="Partnered Health Cyberattack Exposes Patient Data Across Australia 14"></p><span data-contrast="auto">The Partnered Health cyberattack has exposed sensitive patient information across multiple Australian clinics, raising fresh concerns about healthcare cybersecurity.</span>

<span data-contrast="auto">The Partnered Health data breach, involving clinics owned by healthcare provider Partnered Health, a company backed by Quadrant, affected facilities in New South Wales, Victoria, Queensland, Western Australia, and the ACT.</span>

<span data-contrast="auto">The incident has also renewed scrutiny of the growing number of cyberattacks targeting Australia's healthcare sector.</span>
<h3 aria-level="2"><b><span data-contrast="none">Partnered Health Data Breach Impacted Medical and Personal Information</span></b><span data-ccp-props="{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:160,&quot;335559739&quot;:80}"> </span></h3>
<span data-contrast="auto">Partnered Health <a href="https://partneredhealth.com.au/partnered-health-recent-cyber-incident/" target="_blank" rel="nofollow noopener">confirmed</a> that a malicious actor accessed its systems on 23 June, compromising data from 21 clinics across cities, including Sydney, Melbourne, and Canberra. The healthcare provider disclosed the breach more than three weeks later, informing patients that investigations had confirmed personal and <a href="https://thecyberexpress.com/medisecure-data-breach-confirmed/" target="_blank" rel="noopener">health information</a> had been taken from some clinics within its network.</span>

<span data-contrast="auto">"Our investigations to date have confirmed that personal information (including health information) was taken from some of the clinics in our network," the company said. It added, "As a health services provider, we know our patients and our people trust us with personal and medical information, and we sincerely apologise for any concern and inconvenience this may cause them."</span>

<span data-contrast="auto">The stolen information includes names, dates of birth, addresses, contact details, Medicare information, private health insurance details, concession card information, consultation notes, referral letters, pathology reports, diagnostic results, and other treatment records maintained by <a class="wpil_keyword_link" href="https://cyble.com/general/" target="_blank"  rel="noopener" title="general" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29002">general</a> practitioners.</span>
<h3 aria-level="2"><b><span data-contrast="none">Investigation into the Partnered Health Cyberattack Continues</span></b><span data-ccp-props="{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:160,&quot;335559739&quot;:80}"> </span></h3>
<span data-contrast="auto">Partnered Health said the cyberattack has been reported to the <a href="https://thecyberexpress.com/fiig-cyberattack-au2-5m-fine-fiig-securities/" target="_blank" rel="noopener">Australian Cyber Security Centre</a>, the Office of the Australian Information Commissioner, and law enforcement authorities. The company has also secured an interim injunction from the NSW Supreme Court preventing the stolen information from being used or published.</span>

<span data-contrast="auto">While investigations remain ongoing, the provider said the extent of the breach is still being determined at five clinics, including three in Western Australia and two in Victoria.</span>

<span data-contrast="auto">"While there is no direct evidence that patient records have been viewed, as a precaution we have written to patients from these clinics to make them aware of this and provide details of steps that can be taken to protect their information," a Partnered Health spokesperson said. The spokesperson added, "We understand that this sort of news can cause concern. We sincerely apologize for any distress this may have caused our patients."</span>
<h3 aria-level="2"><b><span data-contrast="none">Quadrant-backed Healthcare Provider Faces Growing Scrutiny</span></b><span data-ccp-props="{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:160,&quot;335559739&quot;:80}"> </span></h3>
<span data-contrast="auto">Established in 2013, Partnered Health operates more than 60 medical centres, along with skin cancer, allied health, and mental health clinics, providing services to more than 5 million people nationwide. The company is owned by Quadrant, while Bupa announced in June that it would acquire the healthcare provider.</span>

<span data-contrast="auto">The Partnered Health data breach comes amid a record year for <a href="https://thecyberexpress.com/australia-cyber-incident-review-board/" target="_blank" rel="noopener">cybersecurity incidents in Australia</a>. According to the Office of the Australian Information Commissioner, 1,205 <a class="wpil_keyword_link" href="https://cyble.com/knowledge-hub/what-is-a-data-breach/" target="_blank"  rel="noopener" title="data breach" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29001">data breach</a> notifications were recorded in 2025, marking an 8% increase compared with 2024. Among the year's largest incidents was the cyberattack on Qantas, which compromised the information of 5.7 million customers and was reportedly leaked on the <a class="wpil_keyword_link" href="https://cyble.com/knowledge-hub/what-is-the-dark-web/" target="_blank"  rel="noopener" title="dark web" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29000">dark web</a>.</span>

<span data-contrast="auto">A <a href="https://www.smh.com.au/national/nsw/patient-details-exposed-in-cyberattack-on-australian-healthcare-provider-20260715-p60fna.html" target="_blank" rel="nofollow noopener">spokesperson for the Department of Home Affairs</a> said the federal government is aware of the Partnered Health cyberattack and confirmed that relevant agencies are engaged as investigations continue. Authorities have not yet disclosed how many patients were affected or the full scope of the stolen <a class="wpil_keyword_link" href="https://thecyberexpress.com/what-is-data/"   title="data" data-wpil-keyword-link="linked"  data-wpil-monitor-id="29003">data</a>.</span>]]></content:encoded>
					
		
		
		<post-id xmlns="com-wordpress:feed-additions:1">113160</post-id>	</item>
		<item>
		<title>Google Rolls Out Chrome 151 Beta and Early Stable Updates</title>
		<link>https://thecyberexpress.com/chrome-beta-chrome-151-desktop-update-rollout/</link>
		
		<dc:creator><![CDATA[Ashish Khaitan]]></dc:creator>
		<pubDate>Thu, 16 Jul 2026 07:02:23 +0000</pubDate>
				<category><![CDATA[Firewall Daily]]></category>
		<category><![CDATA[Cyber News]]></category>
		<category><![CDATA[Vulnerabilities]]></category>
		<category><![CDATA[Vulnerability News]]></category>
		<category><![CDATA[Android]]></category>
		<category><![CDATA[Chrome 151]]></category>
		<category><![CDATA[Chrome Beta]]></category>
		<category><![CDATA[Desktop Update]]></category>
		<category><![CDATA[iOS]]></category>
		<category><![CDATA[The Cyber Express]]></category>
		<category><![CDATA[The Cyber Express News]]></category>
		<guid isPermaLink="false">https://thecyberexpress.com/?p=113153</guid>

					<description><![CDATA[<p><img width="1101" height="614" src="https://thecyberexpress.com/wp-content/uploads/Chrome-Beta.webp" class="attachment-post-thumbnail size-post-thumbnail wp-post-image" alt="Chrome Beta" decoding="async" srcset="https://thecyberexpress.com/wp-content/uploads/Chrome-Beta.webp 1101w, https://thecyberexpress.com/wp-content/uploads/Chrome-Beta-300x167.webp 300w, https://thecyberexpress.com/wp-content/uploads/Chrome-Beta-1024x571.webp 1024w, https://thecyberexpress.com/wp-content/uploads/Chrome-Beta-768x428.webp 768w, https://thecyberexpress.com/wp-content/uploads/Chrome-Beta-600x335.webp 600w, https://thecyberexpress.com/wp-content/uploads/Chrome-Beta-150x84.webp 150w, https://thecyberexpress.com/wp-content/uploads/Chrome-Beta-750x418.webp 750w, https://thecyberexpress.com/wp-content/uploads/Chrome-Beta.webp 1101w, https://thecyberexpress.com/wp-content/uploads/Chrome-Beta-300x167.webp 300w, https://thecyberexpress.com/wp-content/uploads/Chrome-Beta-1024x571.webp 1024w, https://thecyberexpress.com/wp-content/uploads/Chrome-Beta-768x428.webp 768w, https://thecyberexpress.com/wp-content/uploads/Chrome-Beta-600x335.webp 600w, https://thecyberexpress.com/wp-content/uploads/Chrome-Beta-150x84.webp 150w, https://thecyberexpress.com/wp-content/uploads/Chrome-Beta-750x418.webp 750w" sizes="(max-width: 1101px) 100vw, 1101px" title="Google Rolls Out Chrome 151 Beta and Early Stable Updates 15"></p><span data-contrast="auto">Google released a series of Chrome 151 updates on Wednesday, July 15, 2026, covering desktop, Android, and iOS platforms, while ChromeOS devices began receiving their latest Chrome Beta update a day earlier. The latest Desktop Update introduces new Beta and Early Stable builds for Windows, Mac, and Linux, alongside stability and performance improvements across multiple platforms.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>
<h3 aria-level="2"><b><span data-contrast="none">Chrome Beta and Desktop Update Reach Version 151.0.7922.34</span></b><span data-ccp-props="{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:160,&quot;335559739&quot;:80}"> </span></h3>
<span data-contrast="auto">The latest <a href="https://chromereleases.googleblog.com/" target="_blank" rel="nofollow noopener">Chrome Beta Desktop Update</a> has been released for Windows, Mac and Linux, updating the Beta channel to version 151.0.7922.34. Google said a partial list of changes is available through the project's Git log. </span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>

<span data-contrast="auto">Users interested in moving between release channels can do so through the available switching options, while any newly discovered issues can be reported by filing a bug. The company also pointed users to its community help forum for <a href="https://thecyberexpress.com/wp-maps-pro-vulnerability/" target="_blank" rel="noopener">troubleshooting</a> and discussions about common issues.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>

<span data-contrast="auto">Google also introduced an Early Stable Desktop Update, rolling out Chrome 151 versions 151.0.7922.34 and 151.0.7922.35 to a small percentage of Windows and Mac users. According to the company, a complete list of changes for the build is available in the release log, with additional information provided for its Early Stable rollout process.</span>
<h3 aria-level="2"><b><span data-contrast="none">Chrome 151 Expands Across Android and iOS</span></b><span data-ccp-props="{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:160,&quot;335559739&quot;:80}"> </span></h3>
<span data-contrast="auto">On Android, Chrome 151 (151.0.7922.29) entered an Early Stable rollout for a limited number of users and is expected to reach more devices through Google Play over the following days. Google stated that the release focuses on <a href="https://thecyberexpress.com/wp-maps-pro-vulnerability/" target="_blank" rel="noopener">stability and performance</a> improvements, with complete technical changes documented in the Git log.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>

<span data-contrast="auto">The Chrome Beta release for Android, also carrying version 151.0.7922.29, is already available through Google Play. Google said users can review a partial list of changes in the Git log, while information about new features is available on the Chromium blog alongside updates covering the web platform.</span>

<span data-contrast="auto">For iPhone and iPad users, Chrome Stable 151 (151.0.7922.25) is scheduled to appear on the App Store within hours of the <a class="wpil_keyword_link" href="https://cyble.com/announcement/" target="_blank"  rel="noopener" title="announcement" data-wpil-keyword-link="linked"  data-wpil-monitor-id="28999">announcement</a>. Similar to the <a href="https://thecyberexpress.com/overlayphantom-android-banking-trojan/" target="_blank" rel="noopener">Android</a> release, the update delivers stability and performance improvements. Meanwhile, Chrome Beta 151 (151.0.7922.26) for iOS is expected to reach the App Store over the next few days, with Google publishing a partial change log for the release.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>
<h3 aria-level="2"><b><span data-contrast="none">ChromeOS Beta Update Also Released</span></b><span data-ccp-props="{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:160,&quot;335559739&quot;:80}"> </span></h3>
<span data-contrast="auto">Ahead of the broader Chrome 151 announcements, Google began rolling out a Chrome Beta update for ChromeOS and ChromeOS Flex on Tuesday, July 14, 2026. The Beta channel is being upgraded to OS version 16733.19.0, paired with browser version 151.0.7922.23, for most supported ChromeOS devices.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>

<span data-contrast="auto">Google encouraged users across all releases to report newly identified bugs through its official reporting system, submit feedback directly through Chrome, or seek assistance via its ChromeOS and Chromebook community forums. The company also reminded users that instructions for switching release channels remain available for those interested in testing future Chrome Beta and Desktop Update builds.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>]]></description>
										<content:encoded><![CDATA[<p><img width="1101" height="614" src="https://thecyberexpress.com/wp-content/uploads/Chrome-Beta.webp" class="attachment-post-thumbnail size-post-thumbnail wp-post-image" alt="Chrome Beta" decoding="async" srcset="https://thecyberexpress.com/wp-content/uploads/Chrome-Beta.webp 1101w, https://thecyberexpress.com/wp-content/uploads/Chrome-Beta-300x167.webp 300w, https://thecyberexpress.com/wp-content/uploads/Chrome-Beta-1024x571.webp 1024w, https://thecyberexpress.com/wp-content/uploads/Chrome-Beta-768x428.webp 768w, https://thecyberexpress.com/wp-content/uploads/Chrome-Beta-600x335.webp 600w, https://thecyberexpress.com/wp-content/uploads/Chrome-Beta-150x84.webp 150w, https://thecyberexpress.com/wp-content/uploads/Chrome-Beta-750x418.webp 750w, https://thecyberexpress.com/wp-content/uploads/Chrome-Beta.webp 1101w, https://thecyberexpress.com/wp-content/uploads/Chrome-Beta-300x167.webp 300w, https://thecyberexpress.com/wp-content/uploads/Chrome-Beta-1024x571.webp 1024w, https://thecyberexpress.com/wp-content/uploads/Chrome-Beta-768x428.webp 768w, https://thecyberexpress.com/wp-content/uploads/Chrome-Beta-600x335.webp 600w, https://thecyberexpress.com/wp-content/uploads/Chrome-Beta-150x84.webp 150w, https://thecyberexpress.com/wp-content/uploads/Chrome-Beta-750x418.webp 750w" sizes="(max-width: 1101px) 100vw, 1101px" title="Google Rolls Out Chrome 151 Beta and Early Stable Updates 16"></p><span data-contrast="auto">Google released a series of Chrome 151 updates on Wednesday, July 15, 2026, covering desktop, Android, and iOS platforms, while ChromeOS devices began receiving their latest Chrome Beta update a day earlier. The latest Desktop Update introduces new Beta and Early Stable builds for Windows, Mac, and Linux, alongside stability and performance improvements across multiple platforms.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>
<h3 aria-level="2"><b><span data-contrast="none">Chrome Beta and Desktop Update Reach Version 151.0.7922.34</span></b><span data-ccp-props="{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:160,&quot;335559739&quot;:80}"> </span></h3>
<span data-contrast="auto">The latest <a href="https://chromereleases.googleblog.com/" target="_blank" rel="nofollow noopener">Chrome Beta Desktop Update</a> has been released for Windows, Mac and Linux, updating the Beta channel to version 151.0.7922.34. Google said a partial list of changes is available through the project's Git log. </span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>

<span data-contrast="auto">Users interested in moving between release channels can do so through the available switching options, while any newly discovered issues can be reported by filing a bug. The company also pointed users to its community help forum for <a href="https://thecyberexpress.com/wp-maps-pro-vulnerability/" target="_blank" rel="noopener">troubleshooting</a> and discussions about common issues.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>

<span data-contrast="auto">Google also introduced an Early Stable Desktop Update, rolling out Chrome 151 versions 151.0.7922.34 and 151.0.7922.35 to a small percentage of Windows and Mac users. According to the company, a complete list of changes for the build is available in the release log, with additional information provided for its Early Stable rollout process.</span>
<h3 aria-level="2"><b><span data-contrast="none">Chrome 151 Expands Across Android and iOS</span></b><span data-ccp-props="{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:160,&quot;335559739&quot;:80}"> </span></h3>
<span data-contrast="auto">On Android, Chrome 151 (151.0.7922.29) entered an Early Stable rollout for a limited number of users and is expected to reach more devices through Google Play over the following days. Google stated that the release focuses on <a href="https://thecyberexpress.com/wp-maps-pro-vulnerability/" target="_blank" rel="noopener">stability and performance</a> improvements, with complete technical changes documented in the Git log.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>

<span data-contrast="auto">The Chrome Beta release for Android, also carrying version 151.0.7922.29, is already available through Google Play. Google said users can review a partial list of changes in the Git log, while information about new features is available on the Chromium blog alongside updates covering the web platform.</span>

<span data-contrast="auto">For iPhone and iPad users, Chrome Stable 151 (151.0.7922.25) is scheduled to appear on the App Store within hours of the <a class="wpil_keyword_link" href="https://cyble.com/announcement/" target="_blank"  rel="noopener" title="announcement" data-wpil-keyword-link="linked"  data-wpil-monitor-id="28999">announcement</a>. Similar to the <a href="https://thecyberexpress.com/overlayphantom-android-banking-trojan/" target="_blank" rel="noopener">Android</a> release, the update delivers stability and performance improvements. Meanwhile, Chrome Beta 151 (151.0.7922.26) for iOS is expected to reach the App Store over the next few days, with Google publishing a partial change log for the release.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>
<h3 aria-level="2"><b><span data-contrast="none">ChromeOS Beta Update Also Released</span></b><span data-ccp-props="{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:160,&quot;335559739&quot;:80}"> </span></h3>
<span data-contrast="auto">Ahead of the broader Chrome 151 announcements, Google began rolling out a Chrome Beta update for ChromeOS and ChromeOS Flex on Tuesday, July 14, 2026. The Beta channel is being upgraded to OS version 16733.19.0, paired with browser version 151.0.7922.23, for most supported ChromeOS devices.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>

<span data-contrast="auto">Google encouraged users across all releases to report newly identified bugs through its official reporting system, submit feedback directly through Chrome, or seek assistance via its ChromeOS and Chromebook community forums. The company also reminded users that instructions for switching release channels remain available for those interested in testing future Chrome Beta and Desktop Update builds.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span>]]></content:encoded>
					
		
		
		<post-id xmlns="com-wordpress:feed-additions:1">113153</post-id>	</item>
		<item>
		<title>Qantas Did Everything “Right” — And Got Breached Anyway. Regulators Say That’s the Point.</title>
		<link>https://thecyberexpress.com/qantas-did-everything-right-yet-got-breached/</link>
		
		<dc:creator><![CDATA[Mihir Bagwe]]></dc:creator>
		<pubDate>Thu, 16 Jul 2026 06:48:41 +0000</pubDate>
				<category><![CDATA[Cyber News]]></category>
		<category><![CDATA[Firewall Daily]]></category>
		<category><![CDATA[Cyberattack]]></category>
		<category><![CDATA[OAIC]]></category>
		<category><![CDATA[OAIC Report]]></category>
		<category><![CDATA[Privacy Commissioner]]></category>
		<category><![CDATA[Qantas]]></category>
		<category><![CDATA[Qantas Cyberattack]]></category>
		<category><![CDATA[Qantas data breach]]></category>
		<category><![CDATA[social engineering]]></category>
		<guid isPermaLink="false">https://thecyberexpress.com/?p=113146</guid>

					<description><![CDATA[<p><img width="1200" height="800" src="https://thecyberexpress.com/wp-content/uploads/Qantas_Data_Breach.webp" class="attachment-post-thumbnail size-post-thumbnail wp-post-image" alt="Qantas, Qantas Data Breach, Data Breach, Cyber aattack, Socail Engineering, OAIC, OAIC Report, Privacy Commissioner" decoding="async" srcset="https://thecyberexpress.com/wp-content/uploads/Qantas_Data_Breach.webp 1200w, https://thecyberexpress.com/wp-content/uploads/Qantas_Data_Breach-300x200.webp 300w, https://thecyberexpress.com/wp-content/uploads/Qantas_Data_Breach-1024x683.webp 1024w, https://thecyberexpress.com/wp-content/uploads/Qantas_Data_Breach-768x512.webp 768w, https://thecyberexpress.com/wp-content/uploads/Qantas_Data_Breach-600x400.webp 600w, https://thecyberexpress.com/wp-content/uploads/Qantas_Data_Breach-150x100.webp 150w, https://thecyberexpress.com/wp-content/uploads/Qantas_Data_Breach-750x500.webp 750w, https://thecyberexpress.com/wp-content/uploads/Qantas_Data_Breach-1140x760.webp 1140w, https://thecyberexpress.com/wp-content/uploads/Qantas_Data_Breach.webp 1200w, https://thecyberexpress.com/wp-content/uploads/Qantas_Data_Breach-300x200.webp 300w, https://thecyberexpress.com/wp-content/uploads/Qantas_Data_Breach-1024x683.webp 1024w, https://thecyberexpress.com/wp-content/uploads/Qantas_Data_Breach-768x512.webp 768w, https://thecyberexpress.com/wp-content/uploads/Qantas_Data_Breach-600x400.webp 600w, https://thecyberexpress.com/wp-content/uploads/Qantas_Data_Breach-150x100.webp 150w, https://thecyberexpress.com/wp-content/uploads/Qantas_Data_Breach-750x500.webp 750w, https://thecyberexpress.com/wp-content/uploads/Qantas_Data_Breach-1140x760.webp 1140w" sizes="(max-width: 1200px) 100vw, 1200px" title="Qantas Did Everything &quot;Right&quot; — And Got Breached Anyway. Regulators Say That&#039;s the Point. 17"></p><p class="font-claude-response-body break-words whitespace-normal" data-sourcepos="3:1-3:281;93-373">A vishing call to an overseas contact center agent. A fake IT ticket. A default setting nobody thought to lock down. That's all it took to expose the personal <a class="wpil_keyword_link" href="https://thecyberexpress.com/what-is-data/"   title="data" data-wpil-keyword-link="linked"  data-wpil-monitor-id="28992">data</a> of roughly 5 million Australians — and now the country's privacy regulator has decided Qantas isn't to blame for it.</p>
<p class="font-claude-response-body break-words whitespace-normal" data-sourcepos="5:1-5:574;375-948">The Office of the Australian Information Commissioner (OAIC) closed the book this week on its year-long preliminary inquiry into the June 2025 Qantas <a class="wpil_keyword_link" href="https://cyble.com/knowledge-hub/what-is-a-data-breach/" target="_blank"  rel="noopener" title="data breach" data-wpil-keyword-link="linked"  data-wpil-monitor-id="28995">data breach</a>, and the conclusion cuts against the instinct to punish the victim of a cyberattack.</p>

<h5 data-sourcepos="5:1-5:574;375-948"><strong>Also read:</strong> <a href="https://thecyberexpress.com/qantas-cyberattack-confirmed/">Australia’s Qantas Confirms Cyberattack: 6 Million Service Records Compromised</a></h5>
<p class="font-claude-response-body break-words whitespace-normal" data-sourcepos="5:1-5:574;375-948">According to the OAIC's <a href="https://www.oaic.gov.au/privacy/privacy-assessments-and-decisions/privacy-decisions/Investigation-inquiry-reports/report-into-preliminary-inquiries-of-qantas" target="_blank" rel="nofollow noopener">report</a>, the evidence gathered did not indicate a likelihood that Qantas had "failed" to take reasonable steps to protect the personal information it held, nor that it failed to ensure its overseas third-party provider complied with Australia's privacy principles. No investigation. No enforcement action.</p>

<blockquote>
<p data-sourcepos="5:1-5:574;375-948"><em>"After more than a year of making inquiries and obtaining information on the data breach, we're satisfied that the evidence does not support the likelihood that a breach of <a class="wpil_keyword_link" href="https://thecyberexpress.com/what-is-privacy/"   title="privacy" data-wpil-keyword-link="linked"  data-wpil-monitor-id="28998">privacy</a> law occurred. As a result, we've decided not to commence a full investigation of Qantas at this stage."</em> <strong>- Carly Kind, Australian Privacy Commissioner.</strong></p>
</blockquote>
<h3 class="font-claude-response-body break-words whitespace-normal" data-sourcepos="7:1-7:20;950-969"><strong>How It Happened</strong></h3>
<p class="font-claude-response-body break-words whitespace-normal" data-sourcepos="9:1-9:569;971-1539">The breach traces back to a single phone call. A <a class="wpil_keyword_link" href="https://cyble.com/threat-actor/" target="_blank"  rel="noopener" title="threat actor" data-wpil-keyword-link="linked"  data-wpil-monitor-id="28993">threat actor</a> posing as "Qantas IT help" convinced a contact center agent to visit a website tied to the customer relationship management platform used by Qantas agents, walking them through steps framed as necessary to close an IT support ticket. That interaction connected the agent's CRM session to a data extraction tool controlled by the attacker, who then pulled data from every contact profile the agent could access. It was pure social engineering — no malware, no exploited <a class="wpil_keyword_link" href="https://thecyberexpress.com/firewall-daily/vulnerabilities/"   title="vulnerability" data-wpil-keyword-link="linked"  data-wpil-monitor-id="28989">vulnerability</a>, just a convincing lie.</p>
<p class="font-claude-response-body break-words whitespace-normal" data-sourcepos="11:1-11:360;1541-1900">Qantas caught it fast. A staff member spotted an unusual spike in login-attempt alerts on the morning of June 30, two days after the call, and escalated it to the <a class="wpil_keyword_link" href="https://thecyberexpress.com/what-is-cybersecurity/"   title="cybersecurity" data-wpil-keyword-link="linked"  data-wpil-monitor-id="28990">cybersecurity</a> team. Within hours, the company had frozen the compromised account, assessed for data exfiltration, and triggered its <a class="wpil_keyword_link" href="https://cyble.com/knowledge-hub/what-is-incident-response/" target="_blank"  rel="noopener" title="incident response" data-wpil-keyword-link="linked"  data-wpil-monitor-id="28994">incident response</a> process. Public disclosure followed on July 2.</p>

<h3 class="font-claude-response-body break-words whitespace-normal" data-sourcepos="13:1-13:39;1902-1940"><strong>What Was Exposed — And What Wasn't</strong></h3>
<p class="font-claude-response-body break-words whitespace-normal" data-sourcepos="15:1-15:545;1942-2486">The regulator's numbers are more precise than what circulated publicly last year. Roughly 5.67 million customer records were compromised, with about 4 million exposing names, phone numbers, email addresses and Frequent Flyer details, and a further 1.7 million records including combinations of home or business addresses, dates of birth, gender and meal preferences. Critically, no credit card numbers, financial information or passport details lived on the compromised platform, and customer passwords and login credentials were never touched.</p>

<h5 data-sourcepos="15:1-15:545;1942-2486"><strong>Also read:</strong> <a href="https://thecyberexpress.com/qantas-airways-confirms-data-breach/">Qantas Airways Cyberattack Update: Customer Data Released, Security Measures Enhanced</a></h5>
<h3 class="font-claude-response-body break-words whitespace-normal" data-sourcepos="17:1-17:32;2488-2519"><strong>Why The Regulator Let It Go</strong></h3>
<p class="font-claude-response-body break-words whitespace-normal" data-sourcepos="19:1-19:562;2521-3082">The OAIC's reasoning is a rare, explicit acknowledgment that good controls don't guarantee immunity. Investigators found that <a class="wpil_keyword_link" href="https://cyble.com/knowledge-hub/what-is-social-engineering/" target="_blank"  rel="noopener" title="social engineering" data-wpil-keyword-link="linked"  data-wpil-monitor-id="28996">social engineering</a> training generally targets credential theft, not the rarer tactic of talking an employee into authorizing a legitimate-looking system connection — meaning the attack likely would have succeeded even with standard training in place. They also noted the flaw was structural: a default configuration let the agent authorize a third-party app connection, a setting the CRM vendor has since changed for all its customers.</p>
<p class="font-claude-response-body break-words whitespace-normal" data-sourcepos="21:1-21:339;3084-3422">Commissioner Carly Kind put the broader stakes plainly in the OAIC's statement announcing the report, warning that AI-driven threats are only raising the bar. As she framed it, agentic and advanced AI will keep escalating the cybersecurity <a class="wpil_keyword_link" href="https://thecyberexpress.com/what-are-risks-in-cybersecurity/"   title="risks" data-wpil-keyword-link="linked"  data-wpil-monitor-id="28991">risks</a> businesses face, making continuous review of security posture non-negotiable — not optional.</p>
“Data breaches are a persistent feature of today’s digital world, and can occur despite organisations taking steps to protect personal information,” Commissioner Carly <a href="https://www.oaic.gov.au/news/media-centre/privacy-commissioner-completes-preliminary-inquiries-into-qantas-2025-data-incident" target="_blank" rel="nofollow noopener">said</a>.

“Agentic and advanced AI will only increase the cybersecurity risks that businesses face, and it is critical that all organisations continuously review and enhance their <a class="wpil_keyword_link" href="https://thecyberexpress.com/"   title="security" data-wpil-keyword-link="linked"  data-wpil-monitor-id="28997">security</a> to protect against this growing threat.”
<p class="font-claude-response-body break-words whitespace-normal" data-sourcepos="23:1-23:207;3424-3630">The takeaway here isn't that Qantas got a pass. It's that a regulator has now drawn, in writing, the line between negligence and the limits of what training and access controls can realistically stop.</p>]]></description>
										<content:encoded><![CDATA[<p><img width="1200" height="800" src="https://thecyberexpress.com/wp-content/uploads/Qantas_Data_Breach.webp" class="attachment-post-thumbnail size-post-thumbnail wp-post-image" alt="Qantas, Qantas Data Breach, Data Breach, Cyber aattack, Socail Engineering, OAIC, OAIC Report, Privacy Commissioner" decoding="async" srcset="https://thecyberexpress.com/wp-content/uploads/Qantas_Data_Breach.webp 1200w, https://thecyberexpress.com/wp-content/uploads/Qantas_Data_Breach-300x200.webp 300w, https://thecyberexpress.com/wp-content/uploads/Qantas_Data_Breach-1024x683.webp 1024w, https://thecyberexpress.com/wp-content/uploads/Qantas_Data_Breach-768x512.webp 768w, https://thecyberexpress.com/wp-content/uploads/Qantas_Data_Breach-600x400.webp 600w, https://thecyberexpress.com/wp-content/uploads/Qantas_Data_Breach-150x100.webp 150w, https://thecyberexpress.com/wp-content/uploads/Qantas_Data_Breach-750x500.webp 750w, https://thecyberexpress.com/wp-content/uploads/Qantas_Data_Breach-1140x760.webp 1140w, https://thecyberexpress.com/wp-content/uploads/Qantas_Data_Breach.webp 1200w, https://thecyberexpress.com/wp-content/uploads/Qantas_Data_Breach-300x200.webp 300w, https://thecyberexpress.com/wp-content/uploads/Qantas_Data_Breach-1024x683.webp 1024w, https://thecyberexpress.com/wp-content/uploads/Qantas_Data_Breach-768x512.webp 768w, https://thecyberexpress.com/wp-content/uploads/Qantas_Data_Breach-600x400.webp 600w, https://thecyberexpress.com/wp-content/uploads/Qantas_Data_Breach-150x100.webp 150w, https://thecyberexpress.com/wp-content/uploads/Qantas_Data_Breach-750x500.webp 750w, https://thecyberexpress.com/wp-content/uploads/Qantas_Data_Breach-1140x760.webp 1140w" sizes="(max-width: 1200px) 100vw, 1200px" title="Qantas Did Everything &quot;Right&quot; — And Got Breached Anyway. Regulators Say That&#039;s the Point. 18"></p><p class="font-claude-response-body break-words whitespace-normal" data-sourcepos="3:1-3:281;93-373">A vishing call to an overseas contact center agent. A fake IT ticket. A default setting nobody thought to lock down. That's all it took to expose the personal <a class="wpil_keyword_link" href="https://thecyberexpress.com/what-is-data/"   title="data" data-wpil-keyword-link="linked"  data-wpil-monitor-id="28992">data</a> of roughly 5 million Australians — and now the country's privacy regulator has decided Qantas isn't to blame for it.</p>
<p class="font-claude-response-body break-words whitespace-normal" data-sourcepos="5:1-5:574;375-948">The Office of the Australian Information Commissioner (OAIC) closed the book this week on its year-long preliminary inquiry into the June 2025 Qantas <a class="wpil_keyword_link" href="https://cyble.com/knowledge-hub/what-is-a-data-breach/" target="_blank"  rel="noopener" title="data breach" data-wpil-keyword-link="linked"  data-wpil-monitor-id="28995">data breach</a>, and the conclusion cuts against the instinct to punish the victim of a cyberattack.</p>

<h5 data-sourcepos="5:1-5:574;375-948"><strong>Also read:</strong> <a href="https://thecyberexpress.com/qantas-cyberattack-confirmed/">Australia’s Qantas Confirms Cyberattack: 6 Million Service Records Compromised</a></h5>
<p class="font-claude-response-body break-words whitespace-normal" data-sourcepos="5:1-5:574;375-948">According to the OAIC's <a href="https://www.oaic.gov.au/privacy/privacy-assessments-and-decisions/privacy-decisions/Investigation-inquiry-reports/report-into-preliminary-inquiries-of-qantas" target="_blank" rel="nofollow noopener">report</a>, the evidence gathered did not indicate a likelihood that Qantas had "failed" to take reasonable steps to protect the personal information it held, nor that it failed to ensure its overseas third-party provider complied with Australia's privacy principles. No investigation. No enforcement action.</p>

<blockquote>
<p data-sourcepos="5:1-5:574;375-948"><em>"After more than a year of making inquiries and obtaining information on the data breach, we're satisfied that the evidence does not support the likelihood that a breach of <a class="wpil_keyword_link" href="https://thecyberexpress.com/what-is-privacy/"   title="privacy" data-wpil-keyword-link="linked"  data-wpil-monitor-id="28998">privacy</a> law occurred. As a result, we've decided not to commence a full investigation of Qantas at this stage."</em> <strong>- Carly Kind, Australian Privacy Commissioner.</strong></p>
</blockquote>
<h3 class="font-claude-response-body break-words whitespace-normal" data-sourcepos="7:1-7:20;950-969"><strong>How It Happened</strong></h3>
<p class="font-claude-response-body break-words whitespace-normal" data-sourcepos="9:1-9:569;971-1539">The breach traces back to a single phone call. A <a class="wpil_keyword_link" href="https://cyble.com/threat-actor/" target="_blank"  rel="noopener" title="threat actor" data-wpil-keyword-link="linked"  data-wpil-monitor-id="28993">threat actor</a> posing as "Qantas IT help" convinced a contact center agent to visit a website tied to the customer relationship management platform used by Qantas agents, walking them through steps framed as necessary to close an IT support ticket. That interaction connected the agent's CRM session to a data extraction tool controlled by the attacker, who then pulled data from every contact profile the agent could access. It was pure social engineering — no malware, no exploited <a class="wpil_keyword_link" href="https://thecyberexpress.com/firewall-daily/vulnerabilities/"   title="vulnerability" data-wpil-keyword-link="linked"  data-wpil-monitor-id="28989">vulnerability</a>, just a convincing lie.</p>
<p class="font-claude-response-body break-words whitespace-normal" data-sourcepos="11:1-11:360;1541-1900">Qantas caught it fast. A staff member spotted an unusual spike in login-attempt alerts on the morning of June 30, two days after the call, and escalated it to the <a class="wpil_keyword_link" href="https://thecyberexpress.com/what-is-cybersecurity/"   title="cybersecurity" data-wpil-keyword-link="linked"  data-wpil-monitor-id="28990">cybersecurity</a> team. Within hours, the company had frozen the compromised account, assessed for data exfiltration, and triggered its <a class="wpil_keyword_link" href="https://cyble.com/knowledge-hub/what-is-incident-response/" target="_blank"  rel="noopener" title="incident response" data-wpil-keyword-link="linked"  data-wpil-monitor-id="28994">incident response</a> process. Public disclosure followed on July 2.</p>

<h3 class="font-claude-response-body break-words whitespace-normal" data-sourcepos="13:1-13:39;1902-1940"><strong>What Was Exposed — And What Wasn't</strong></h3>
<p class="font-claude-response-body break-words whitespace-normal" data-sourcepos="15:1-15:545;1942-2486">The regulator's numbers are more precise than what circulated publicly last year. Roughly 5.67 million customer records were compromised, with about 4 million exposing names, phone numbers, email addresses and Frequent Flyer details, and a further 1.7 million records including combinations of home or business addresses, dates of birth, gender and meal preferences. Critically, no credit card numbers, financial information or passport details lived on the compromised platform, and customer passwords and login credentials were never touched.</p>

<h5 data-sourcepos="15:1-15:545;1942-2486"><strong>Also read:</strong> <a href="https://thecyberexpress.com/qantas-airways-confirms-data-breach/">Qantas Airways Cyberattack Update: Customer Data Released, Security Measures Enhanced</a></h5>
<h3 class="font-claude-response-body break-words whitespace-normal" data-sourcepos="17:1-17:32;2488-2519"><strong>Why The Regulator Let It Go</strong></h3>
<p class="font-claude-response-body break-words whitespace-normal" data-sourcepos="19:1-19:562;2521-3082">The OAIC's reasoning is a rare, explicit acknowledgment that good controls don't guarantee immunity. Investigators found that <a class="wpil_keyword_link" href="https://cyble.com/knowledge-hub/what-is-social-engineering/" target="_blank"  rel="noopener" title="social engineering" data-wpil-keyword-link="linked"  data-wpil-monitor-id="28996">social engineering</a> training generally targets credential theft, not the rarer tactic of talking an employee into authorizing a legitimate-looking system connection — meaning the attack likely would have succeeded even with standard training in place. They also noted the flaw was structural: a default configuration let the agent authorize a third-party app connection, a setting the CRM vendor has since changed for all its customers.</p>
<p class="font-claude-response-body break-words whitespace-normal" data-sourcepos="21:1-21:339;3084-3422">Commissioner Carly Kind put the broader stakes plainly in the OAIC's statement announcing the report, warning that AI-driven threats are only raising the bar. As she framed it, agentic and advanced AI will keep escalating the cybersecurity <a class="wpil_keyword_link" href="https://thecyberexpress.com/what-are-risks-in-cybersecurity/"   title="risks" data-wpil-keyword-link="linked"  data-wpil-monitor-id="28991">risks</a> businesses face, making continuous review of security posture non-negotiable — not optional.</p>
“Data breaches are a persistent feature of today’s digital world, and can occur despite organisations taking steps to protect personal information,” Commissioner Carly <a href="https://www.oaic.gov.au/news/media-centre/privacy-commissioner-completes-preliminary-inquiries-into-qantas-2025-data-incident" target="_blank" rel="nofollow noopener">said</a>.

“Agentic and advanced AI will only increase the cybersecurity risks that businesses face, and it is critical that all organisations continuously review and enhance their <a class="wpil_keyword_link" href="https://thecyberexpress.com/"   title="security" data-wpil-keyword-link="linked"  data-wpil-monitor-id="28997">security</a> to protect against this growing threat.”
<p class="font-claude-response-body break-words whitespace-normal" data-sourcepos="23:1-23:207;3424-3630">The takeaway here isn't that Qantas got a pass. It's that a regulator has now drawn, in writing, the line between negligence and the limits of what training and access controls can realistically stop.</p>]]></content:encoded>
					
		
		
		<post-id xmlns="com-wordpress:feed-additions:1">113146</post-id>	</item>
		<item>
		<title>Nichirei Cyberattack Hits KFC Japan, Disrupts Frozen Food Supply</title>
		<link>https://thecyberexpress.com/nichirei-cyberattack-disrupts-supply-chain/</link>
		
		<dc:creator><![CDATA[Samiksha Jain]]></dc:creator>
		<pubDate>Thu, 16 Jul 2026 06:14:30 +0000</pubDate>
				<category><![CDATA[Cyber News]]></category>
		<category><![CDATA[Firewall Daily]]></category>
		<category><![CDATA[Ransomware News]]></category>
		<category><![CDATA[cybersecurity incident]]></category>
		<category><![CDATA[Japan cyberattack]]></category>
		<category><![CDATA[KFC Japan]]></category>
		<category><![CDATA[Nichirei Corporation]]></category>
		<category><![CDATA[Nichirei cyberattack]]></category>
		<category><![CDATA[Nichirei Logistics]]></category>
		<category><![CDATA[personal information leak]]></category>
		<category><![CDATA[ransomware attack]]></category>
		<category><![CDATA[The Cyber Express]]></category>
		<category><![CDATA[The Cyber Express News]]></category>
		<guid isPermaLink="false">https://thecyberexpress.com/?p=113139</guid>

					<description><![CDATA[<p><img width="1536" height="1024" src="https://thecyberexpress.com/wp-content/uploads/Nichirei-Cyberattack-Hits-KFC-Japan-Disrupts-Frozen-Food-Supply.webp" class="attachment-post-thumbnail size-post-thumbnail wp-post-image" alt="Nichirei Cyberattack" decoding="async" srcset="https://thecyberexpress.com/wp-content/uploads/Nichirei-Cyberattack-Hits-KFC-Japan-Disrupts-Frozen-Food-Supply.webp 1536w, https://thecyberexpress.com/wp-content/uploads/Nichirei-Cyberattack-Hits-KFC-Japan-Disrupts-Frozen-Food-Supply-300x200.webp 300w, https://thecyberexpress.com/wp-content/uploads/Nichirei-Cyberattack-Hits-KFC-Japan-Disrupts-Frozen-Food-Supply-1024x683.webp 1024w, https://thecyberexpress.com/wp-content/uploads/Nichirei-Cyberattack-Hits-KFC-Japan-Disrupts-Frozen-Food-Supply-768x512.webp 768w, https://thecyberexpress.com/wp-content/uploads/Nichirei-Cyberattack-Hits-KFC-Japan-Disrupts-Frozen-Food-Supply-600x400.webp 600w, https://thecyberexpress.com/wp-content/uploads/Nichirei-Cyberattack-Hits-KFC-Japan-Disrupts-Frozen-Food-Supply-150x100.webp 150w, https://thecyberexpress.com/wp-content/uploads/Nichirei-Cyberattack-Hits-KFC-Japan-Disrupts-Frozen-Food-Supply-750x500.webp 750w, https://thecyberexpress.com/wp-content/uploads/Nichirei-Cyberattack-Hits-KFC-Japan-Disrupts-Frozen-Food-Supply-1140x760.webp 1140w, https://thecyberexpress.com/wp-content/uploads/Nichirei-Cyberattack-Hits-KFC-Japan-Disrupts-Frozen-Food-Supply.webp 1536w, https://thecyberexpress.com/wp-content/uploads/Nichirei-Cyberattack-Hits-KFC-Japan-Disrupts-Frozen-Food-Supply-300x200.webp 300w, https://thecyberexpress.com/wp-content/uploads/Nichirei-Cyberattack-Hits-KFC-Japan-Disrupts-Frozen-Food-Supply-1024x683.webp 1024w, https://thecyberexpress.com/wp-content/uploads/Nichirei-Cyberattack-Hits-KFC-Japan-Disrupts-Frozen-Food-Supply-768x512.webp 768w, https://thecyberexpress.com/wp-content/uploads/Nichirei-Cyberattack-Hits-KFC-Japan-Disrupts-Frozen-Food-Supply-600x400.webp 600w, https://thecyberexpress.com/wp-content/uploads/Nichirei-Cyberattack-Hits-KFC-Japan-Disrupts-Frozen-Food-Supply-150x100.webp 150w, https://thecyberexpress.com/wp-content/uploads/Nichirei-Cyberattack-Hits-KFC-Japan-Disrupts-Frozen-Food-Supply-750x500.webp 750w, https://thecyberexpress.com/wp-content/uploads/Nichirei-Cyberattack-Hits-KFC-Japan-Disrupts-Frozen-Food-Supply-1140x760.webp 1140w" sizes="(max-width: 1536px) 100vw, 1536px" title="Nichirei Cyberattack Hits KFC Japan, Disrupts Frozen Food Supply 19"></p>The Nichirei cyberattack has disrupted food deliveries across Japan after the frozen food and logistics provider confirmed its servers were compromised in a <a href="https://thecyberexpress.com/cyber-incident-shanghai-tunnel-engineering-co/" target="_blank" rel="noopener">cybersecurity incident </a>involving unauthorized access. The attack affected logistics operations supporting KFC Japan, forcing temporary service disruptions while the company investigates the incident and works to restore systems.

Nichirei Corporation said it detected system failures on July 13 and established an emergency response headquarters the same day. "Nichirei Corporation (the "Company") experienced system failures on July 13, 2026, and has since been investigating its cause. The Company hereby announces the facts identified through the investigation to date and the measures it plans to take going forward," reads notice issued by Nichirei.

An investigation later confirmed that company servers had been targeted in a <a class="wpil_keyword_link" href="https://cyble.com/knowledge-hub/what-is-a-cyber-attack/" target="_blank"  rel="noopener" title="cyberattack" data-wpil-keyword-link="linked"  data-wpil-monitor-id="28988">cyberattack</a>. While the company has not disclosed technical details to prevent further damage, it said recovery efforts are underway with the support of an external <a class="wpil_keyword_link" href="https://thecyberexpress.com/what-is-cybersecurity/"   title="cybersecurity" data-wpil-keyword-link="linked"  data-wpil-monitor-id="28987">cybersecurity</a> specialist.
<h3><strong>Nichirei Cyberattack Disrupts Logistics and Food Shipments</strong></h3>
Following the attack, Nichirei disconnected systems across the Nichirei Group to protect customer and business partner <a class="wpil_keyword_link" href="https://thecyberexpress.com/what-is-data/"   title="data" data-wpil-keyword-link="linked"  data-wpil-monitor-id="28986">data</a>. The decision disrupted inbound and outbound operations at Nichirei Logistics refrigerated warehouses and halted frozen food shipments handled by Nichirei Foods.

The company <a href="https://www.nichirei.co.jp/sites/default/files/inline-images/english/ir/pdf_file/news/20260716_e.pdf" target="_blank" rel="nofollow noopener">said</a> it plans to gradually resume affected operations from July 17 after implementing additional security measures.

Nichirei also confirmed that some affected servers contained personal information. As a precaution, it submitted an initial report to Japan's Personal Information Protection Commission regarding the possibility of a <a href="https://thecyberexpress.com/japan-mandatory-cybersecurity-reporting/" target="_blank" rel="noopener">personal information leak</a>.

The company emphasized that, as of its latest update, there is no confirmed evidence that personal information or customer data has been exposed externally. Investigations remain ongoing, and Nichirei said it will notify relevant parties if any data leakage is confirmed.
<h3><strong>Nichirei Cyberattack Impacts KFC Japan Store Operations</strong></h3>
The incident quickly spread beyond Nichirei's own operations, affecting KFC Japan, which relies on Nichirei Logistics to deliver ingredients to stores nationwide.

<a href="https://japan.kfc.co.jp/news_release/8160" target="_blank" rel="nofollow noopener">According to KFC Japan</a>, deliveries have been disrupted since July 14 following the unauthorized access at its logistics partner. As inventory levels fluctuate, customers may experience product shortages, limited menu availability, shortened operating hours, or temporary store closures.

The restaurant chain also temporarily suspended mobile orders, delivery services, coupons, and online ordering through its official website and mobile application.

KFC Japan said it is working closely with Nichirei Logistics and other partners to restore normal operations as quickly as possible. However, it has not provided an estimated timeline for full recovery.
<h3><strong>Investigation Continues Into Japan Cyberattack</strong></h3>
Nichirei said the financial impact of the incident is still being assessed. The company expects to release its first-quarter financial results for the fiscal year ending December 31, 2026, on August 7 as scheduled unless further developments require additional disclosure.

The company added that it will continue investigating the cyberattack on Nichirei and release additional information if material findings emerge.

The incident follows a series of recent <a href="https://thecyberexpress.com/?s=Japan" target="_blank" rel="noopener">Japan cyberattack </a>disclosures involving major organizations.

Earlier this week, <a href="https://thecyberexpress.com/" target="_blank" rel="noopener">The Cyber Express</a> reported that <a href="https://thecyberexpress.com/nihon-kotsu-cyberattack/" target="_blank" rel="noopener">Nihon Kotsu experienced a malware-related security incident</a> that disrupted taxi dispatch services after portions of its IT infrastructure were taken offline.

Earlier this month, The Cyber Express also <a href="https://thecyberexpress.com/japan-cyberattacks-expose-hidden-risks/" target="_blank" rel="noopener">reported cyber incidents</a> involving Aflac Japan, KDDI, Sapporo Holdings, and Nidec. While those cases affected different industries, attackers frequently gained access through subsidiaries, overseas operations, or third-party infrastructure rather than directly compromising corporate headquarters.

Separately<a href="https://thecyberexpress.com/asahi-cyberattack-japan-operations-crippled/" target="_blank" rel="noopener">, Asahi Group Holdings continues recovering</a> from a <a href="https://thecyberexpress.com/chipsoft-ransomware-incident/" target="_blank" rel="noopener">ransomware attack</a> that significantly disrupted online ordering and shipment operations, forcing the company to rely on manual processes.
<h3><strong>Supply Chain Risks Remain in Focus</strong></h3>
The Nichirei cyberattack highlights how attacks on logistics providers can quickly evolve into broader <a href="https://thecyberexpress.com/mercor-cyberattack/" target="_blank" rel="noopener">supply chain disruption </a>affecting downstream businesses and consumers.

Although Nichirei has begun restoring operations, investigations into the incident remain active. Authorities are also continuing to examine whether any personal information was compromised while the company works to return logistics services and KFC Japan operations to normal.

With multiple high-profile <a class="wpil_keyword_link" href="https://thecyberexpress.com/cyber-news/"   title="cyber" data-wpil-keyword-link="linked"  data-wpil-monitor-id="28985">cyber</a> incidents affecting Japanese organizations in recent weeks, the latest disruption highlight he growing operational impact of attacks targeting critical logistics and supply chain infrastructure.]]></description>
										<content:encoded><![CDATA[<p><img width="1536" height="1024" src="https://thecyberexpress.com/wp-content/uploads/Nichirei-Cyberattack-Hits-KFC-Japan-Disrupts-Frozen-Food-Supply.webp" class="attachment-post-thumbnail size-post-thumbnail wp-post-image" alt="Nichirei Cyberattack" decoding="async" srcset="https://thecyberexpress.com/wp-content/uploads/Nichirei-Cyberattack-Hits-KFC-Japan-Disrupts-Frozen-Food-Supply.webp 1536w, https://thecyberexpress.com/wp-content/uploads/Nichirei-Cyberattack-Hits-KFC-Japan-Disrupts-Frozen-Food-Supply-300x200.webp 300w, https://thecyberexpress.com/wp-content/uploads/Nichirei-Cyberattack-Hits-KFC-Japan-Disrupts-Frozen-Food-Supply-1024x683.webp 1024w, https://thecyberexpress.com/wp-content/uploads/Nichirei-Cyberattack-Hits-KFC-Japan-Disrupts-Frozen-Food-Supply-768x512.webp 768w, https://thecyberexpress.com/wp-content/uploads/Nichirei-Cyberattack-Hits-KFC-Japan-Disrupts-Frozen-Food-Supply-600x400.webp 600w, https://thecyberexpress.com/wp-content/uploads/Nichirei-Cyberattack-Hits-KFC-Japan-Disrupts-Frozen-Food-Supply-150x100.webp 150w, https://thecyberexpress.com/wp-content/uploads/Nichirei-Cyberattack-Hits-KFC-Japan-Disrupts-Frozen-Food-Supply-750x500.webp 750w, https://thecyberexpress.com/wp-content/uploads/Nichirei-Cyberattack-Hits-KFC-Japan-Disrupts-Frozen-Food-Supply-1140x760.webp 1140w, https://thecyberexpress.com/wp-content/uploads/Nichirei-Cyberattack-Hits-KFC-Japan-Disrupts-Frozen-Food-Supply.webp 1536w, https://thecyberexpress.com/wp-content/uploads/Nichirei-Cyberattack-Hits-KFC-Japan-Disrupts-Frozen-Food-Supply-300x200.webp 300w, https://thecyberexpress.com/wp-content/uploads/Nichirei-Cyberattack-Hits-KFC-Japan-Disrupts-Frozen-Food-Supply-1024x683.webp 1024w, https://thecyberexpress.com/wp-content/uploads/Nichirei-Cyberattack-Hits-KFC-Japan-Disrupts-Frozen-Food-Supply-768x512.webp 768w, https://thecyberexpress.com/wp-content/uploads/Nichirei-Cyberattack-Hits-KFC-Japan-Disrupts-Frozen-Food-Supply-600x400.webp 600w, https://thecyberexpress.com/wp-content/uploads/Nichirei-Cyberattack-Hits-KFC-Japan-Disrupts-Frozen-Food-Supply-150x100.webp 150w, https://thecyberexpress.com/wp-content/uploads/Nichirei-Cyberattack-Hits-KFC-Japan-Disrupts-Frozen-Food-Supply-750x500.webp 750w, https://thecyberexpress.com/wp-content/uploads/Nichirei-Cyberattack-Hits-KFC-Japan-Disrupts-Frozen-Food-Supply-1140x760.webp 1140w" sizes="(max-width: 1536px) 100vw, 1536px" title="Nichirei Cyberattack Hits KFC Japan, Disrupts Frozen Food Supply 20"></p>The Nichirei cyberattack has disrupted food deliveries across Japan after the frozen food and logistics provider confirmed its servers were compromised in a <a href="https://thecyberexpress.com/cyber-incident-shanghai-tunnel-engineering-co/" target="_blank" rel="noopener">cybersecurity incident </a>involving unauthorized access. The attack affected logistics operations supporting KFC Japan, forcing temporary service disruptions while the company investigates the incident and works to restore systems.

Nichirei Corporation said it detected system failures on July 13 and established an emergency response headquarters the same day. "Nichirei Corporation (the "Company") experienced system failures on July 13, 2026, and has since been investigating its cause. The Company hereby announces the facts identified through the investigation to date and the measures it plans to take going forward," reads notice issued by Nichirei.

An investigation later confirmed that company servers had been targeted in a <a class="wpil_keyword_link" href="https://cyble.com/knowledge-hub/what-is-a-cyber-attack/" target="_blank"  rel="noopener" title="cyberattack" data-wpil-keyword-link="linked"  data-wpil-monitor-id="28988">cyberattack</a>. While the company has not disclosed technical details to prevent further damage, it said recovery efforts are underway with the support of an external <a class="wpil_keyword_link" href="https://thecyberexpress.com/what-is-cybersecurity/"   title="cybersecurity" data-wpil-keyword-link="linked"  data-wpil-monitor-id="28987">cybersecurity</a> specialist.
<h3><strong>Nichirei Cyberattack Disrupts Logistics and Food Shipments</strong></h3>
Following the attack, Nichirei disconnected systems across the Nichirei Group to protect customer and business partner <a class="wpil_keyword_link" href="https://thecyberexpress.com/what-is-data/"   title="data" data-wpil-keyword-link="linked"  data-wpil-monitor-id="28986">data</a>. The decision disrupted inbound and outbound operations at Nichirei Logistics refrigerated warehouses and halted frozen food shipments handled by Nichirei Foods.

The company <a href="https://www.nichirei.co.jp/sites/default/files/inline-images/english/ir/pdf_file/news/20260716_e.pdf" target="_blank" rel="nofollow noopener">said</a> it plans to gradually resume affected operations from July 17 after implementing additional security measures.

Nichirei also confirmed that some affected servers contained personal information. As a precaution, it submitted an initial report to Japan's Personal Information Protection Commission regarding the possibility of a <a href="https://thecyberexpress.com/japan-mandatory-cybersecurity-reporting/" target="_blank" rel="noopener">personal information leak</a>.

The company emphasized that, as of its latest update, there is no confirmed evidence that personal information or customer data has been exposed externally. Investigations remain ongoing, and Nichirei said it will notify relevant parties if any data leakage is confirmed.
<h3><strong>Nichirei Cyberattack Impacts KFC Japan Store Operations</strong></h3>
The incident quickly spread beyond Nichirei's own operations, affecting KFC Japan, which relies on Nichirei Logistics to deliver ingredients to stores nationwide.

<a href="https://japan.kfc.co.jp/news_release/8160" target="_blank" rel="nofollow noopener">According to KFC Japan</a>, deliveries have been disrupted since July 14 following the unauthorized access at its logistics partner. As inventory levels fluctuate, customers may experience product shortages, limited menu availability, shortened operating hours, or temporary store closures.

The restaurant chain also temporarily suspended mobile orders, delivery services, coupons, and online ordering through its official website and mobile application.

KFC Japan said it is working closely with Nichirei Logistics and other partners to restore normal operations as quickly as possible. However, it has not provided an estimated timeline for full recovery.
<h3><strong>Investigation Continues Into Japan Cyberattack</strong></h3>
Nichirei said the financial impact of the incident is still being assessed. The company expects to release its first-quarter financial results for the fiscal year ending December 31, 2026, on August 7 as scheduled unless further developments require additional disclosure.

The company added that it will continue investigating the cyberattack on Nichirei and release additional information if material findings emerge.

The incident follows a series of recent <a href="https://thecyberexpress.com/?s=Japan" target="_blank" rel="noopener">Japan cyberattack </a>disclosures involving major organizations.

Earlier this week, <a href="https://thecyberexpress.com/" target="_blank" rel="noopener">The Cyber Express</a> reported that <a href="https://thecyberexpress.com/nihon-kotsu-cyberattack/" target="_blank" rel="noopener">Nihon Kotsu experienced a malware-related security incident</a> that disrupted taxi dispatch services after portions of its IT infrastructure were taken offline.

Earlier this month, The Cyber Express also <a href="https://thecyberexpress.com/japan-cyberattacks-expose-hidden-risks/" target="_blank" rel="noopener">reported cyber incidents</a> involving Aflac Japan, KDDI, Sapporo Holdings, and Nidec. While those cases affected different industries, attackers frequently gained access through subsidiaries, overseas operations, or third-party infrastructure rather than directly compromising corporate headquarters.

Separately<a href="https://thecyberexpress.com/asahi-cyberattack-japan-operations-crippled/" target="_blank" rel="noopener">, Asahi Group Holdings continues recovering</a> from a <a href="https://thecyberexpress.com/chipsoft-ransomware-incident/" target="_blank" rel="noopener">ransomware attack</a> that significantly disrupted online ordering and shipment operations, forcing the company to rely on manual processes.
<h3><strong>Supply Chain Risks Remain in Focus</strong></h3>
The Nichirei cyberattack highlights how attacks on logistics providers can quickly evolve into broader <a href="https://thecyberexpress.com/mercor-cyberattack/" target="_blank" rel="noopener">supply chain disruption </a>affecting downstream businesses and consumers.

Although Nichirei has begun restoring operations, investigations into the incident remain active. Authorities are also continuing to examine whether any personal information was compromised while the company works to return logistics services and KFC Japan operations to normal.

With multiple high-profile <a class="wpil_keyword_link" href="https://thecyberexpress.com/cyber-news/"   title="cyber" data-wpil-keyword-link="linked"  data-wpil-monitor-id="28985">cyber</a> incidents affecting Japanese organizations in recent weeks, the latest disruption highlight he growing operational impact of attacks targeting critical logistics and supply chain infrastructure.]]></content:encoded>
					
		
		
		<post-id xmlns="com-wordpress:feed-additions:1">113139</post-id>	<enclosure length="143156" type="application/pdf" url="https://www.nichirei.co.jp/sites/default/files/inline-images/english/ir/pdf_file/news/20260716_e.pdf"/><itunes:explicit>no</itunes:explicit><itunes:subtitle>The Nichirei cyberattack has disrupted food deliveries across Japan after the frozen food and logistics provider confirmed its servers were compromised in a cybersecurity incident involving unauthorized access. The attack affected logistics operations supporting KFC Japan, forcing temporary service disruptions while the company investigates the incident and works to restore systems. Nichirei Corporation said it detected system failures on July 13 and established an emergency response headquarters the same day. "Nichirei Corporation (the "Company") experienced system failures on July 13, 2026, and has since been investigating its cause. The Company hereby announces the facts identified through the investigation to date and the measures it plans to take going forward," reads notice issued by Nichirei. An investigation later confirmed that company servers had been targeted in a cyberattack. While the company has not disclosed technical details to prevent further damage, it said recovery efforts are underway with the support of an external cybersecurity specialist. Nichirei Cyberattack Disrupts Logistics and Food Shipments Following the attack, Nichirei disconnected systems across the Nichirei Group to protect customer and business partner data. The decision disrupted inbound and outbound operations at Nichirei Logistics refrigerated warehouses and halted frozen food shipments handled by Nichirei Foods. The company said it plans to gradually resume affected operations from July 17 after implementing additional security measures. Nichirei also confirmed that some affected servers contained personal information. As a precaution, it submitted an initial report to Japan's Personal Information Protection Commission regarding the possibility of a personal information leak. The company emphasized that, as of its latest update, there is no confirmed evidence that personal information or customer data has been exposed externally. Investigations remain ongoing, and Nichirei said it will notify relevant parties if any data leakage is confirmed. Nichirei Cyberattack Impacts KFC Japan Store Operations The incident quickly spread beyond Nichirei's own operations, affecting KFC Japan, which relies on Nichirei Logistics to deliver ingredients to stores nationwide. According to KFC Japan, deliveries have been disrupted since July 14 following the unauthorized access at its logistics partner. As inventory levels fluctuate, customers may experience product shortages, limited menu availability, shortened operating hours, or temporary store closures. The restaurant chain also temporarily suspended mobile orders, delivery services, coupons, and online ordering through its official website and mobile application. KFC Japan said it is working closely with Nichirei Logistics and other partners to restore normal operations as quickly as possible. However, it has not provided an estimated timeline for full recovery. Investigation Continues Into Japan Cyberattack Nichirei said the financial impact of the incident is still being assessed. The company expects to release its first-quarter financial results for the fiscal year ending December 31, 2026, on August 7 as scheduled unless further developments require additional disclosure. The company added that it will continue investigating the cyberattack on Nichirei and release additional information if material findings emerge. The incident follows a series of recent Japan cyberattack disclosures involving major organizations. Earlier this week, The Cyber Express reported that Nihon Kotsu experienced a malware-related security incident that disrupted taxi dispatch services after portions of its IT infrastructure were taken offline. Earlier this month, The Cyber Express also reported cyber incidents involving Aflac Japan, KDDI, Sapporo Holdings, and Nidec. While those cases affected different industries, attackers frequently gained access through subsidiaries, overseas operations, or third-party infrastructure rather than directly compromising corporate headquarters. Separately, Asahi Group Holdings continues recovering from a ransomware attack that significantly disrupted online ordering and shipment operations, forcing the company to rely on manual processes. Supply Chain Risks Remain in Focus The Nichirei cyberattack highlights how attacks on logistics providers can quickly evolve into broader supply chain disruption affecting downstream businesses and consumers. Although Nichirei has begun restoring operations, investigations into the incident remain active. Authorities are also continuing to examine whether any personal information was compromised while the company works to return logistics services and KFC Japan operations to normal. With multiple high-profile cyber incidents affecting Japanese organizations in recent weeks, the latest disruption highlight he growing operational impact of attacks targeting critical logistics and supply chain infrastructure.</itunes:subtitle><itunes:summary>The Nichirei cyberattack has disrupted food deliveries across Japan after the frozen food and logistics provider confirmed its servers were compromised in a cybersecurity incident involving unauthorized access. The attack affected logistics operations supporting KFC Japan, forcing temporary service disruptions while the company investigates the incident and works to restore systems. Nichirei Corporation said it detected system failures on July 13 and established an emergency response headquarters the same day. "Nichirei Corporation (the "Company") experienced system failures on July 13, 2026, and has since been investigating its cause. The Company hereby announces the facts identified through the investigation to date and the measures it plans to take going forward," reads notice issued by Nichirei. An investigation later confirmed that company servers had been targeted in a cyberattack. While the company has not disclosed technical details to prevent further damage, it said recovery efforts are underway with the support of an external cybersecurity specialist. Nichirei Cyberattack Disrupts Logistics and Food Shipments Following the attack, Nichirei disconnected systems across the Nichirei Group to protect customer and business partner data. The decision disrupted inbound and outbound operations at Nichirei Logistics refrigerated warehouses and halted frozen food shipments handled by Nichirei Foods. The company said it plans to gradually resume affected operations from July 17 after implementing additional security measures. Nichirei also confirmed that some affected servers contained personal information. As a precaution, it submitted an initial report to Japan's Personal Information Protection Commission regarding the possibility of a personal information leak. The company emphasized that, as of its latest update, there is no confirmed evidence that personal information or customer data has been exposed externally. Investigations remain ongoing, and Nichirei said it will notify relevant parties if any data leakage is confirmed. Nichirei Cyberattack Impacts KFC Japan Store Operations The incident quickly spread beyond Nichirei's own operations, affecting KFC Japan, which relies on Nichirei Logistics to deliver ingredients to stores nationwide. According to KFC Japan, deliveries have been disrupted since July 14 following the unauthorized access at its logistics partner. As inventory levels fluctuate, customers may experience product shortages, limited menu availability, shortened operating hours, or temporary store closures. The restaurant chain also temporarily suspended mobile orders, delivery services, coupons, and online ordering through its official website and mobile application. KFC Japan said it is working closely with Nichirei Logistics and other partners to restore normal operations as quickly as possible. However, it has not provided an estimated timeline for full recovery. Investigation Continues Into Japan Cyberattack Nichirei said the financial impact of the incident is still being assessed. The company expects to release its first-quarter financial results for the fiscal year ending December 31, 2026, on August 7 as scheduled unless further developments require additional disclosure. The company added that it will continue investigating the cyberattack on Nichirei and release additional information if material findings emerge. The incident follows a series of recent Japan cyberattack disclosures involving major organizations. Earlier this week, The Cyber Express reported that Nihon Kotsu experienced a malware-related security incident that disrupted taxi dispatch services after portions of its IT infrastructure were taken offline. Earlier this month, The Cyber Express also reported cyber incidents involving Aflac Japan, KDDI, Sapporo Holdings, and Nidec. While those cases affected different industries, attackers frequently gained access through subsidiaries, overseas operations, or third-party infrastructure rather than directly compromising corporate headquarters. Separately, Asahi Group Holdings continues recovering from a ransomware attack that significantly disrupted online ordering and shipment operations, forcing the company to rely on manual processes. Supply Chain Risks Remain in Focus The Nichirei cyberattack highlights how attacks on logistics providers can quickly evolve into broader supply chain disruption affecting downstream businesses and consumers. Although Nichirei has begun restoring operations, investigations into the incident remain active. Authorities are also continuing to examine whether any personal information was compromised while the company works to return logistics services and KFC Japan operations to normal. With multiple high-profile cyber incidents affecting Japanese organizations in recent weeks, the latest disruption highlight he growing operational impact of attacks targeting critical logistics and supply chain infrastructure.</itunes:summary><itunes:keywords>Cyber News, Firewall Daily, Ransomware News, cybersecurity incident, Japan cyberattack, KFC Japan, Nichirei Corporation, Nichirei cyberattack, Nichirei Logistics, personal information leak, ransomware attack, The Cyber Express, The Cyber Express News</itunes:keywords></item>
	</channel>
</rss>