Security Digest

First Agentic Ransomware, Four Nights Over Kyiv, Ankara Draws the Line

Issue 023 covers 4–11 July 2026: JadePuffer, the first documented fully agentic LLM-driven ransomware, arriving alongside a BeyondTrust critical auth bypass with 2,000 instances still exposed; Russia's four consecutive ballistic missile salvos on Kyiv killing 70+ in one week; the NATO Ankara summit committing $58 billion in new defence procurement with Norway signing onto Triton drones and a $922M South Korean MLRS deal; Norway rebuffing Trump on Greenland and removing China's stone lions from Svalbard; and the US-Iran exchange widening across the Gulf as the ceasefire was declared over.

Security Digest 023 — Audio

Listen to the audio version of this digest, voiced by Brian.

0:00 0:00

This Week in Brief

Issue 023 covers 4 through 11 July 2026, picking up from issue 022’s close on 4 July. Four stories defined the week. JadePuffer became the first documented fully autonomous LLM-driven ransomware, running every attack stage from recon to ransom note without a human operator steering it, and that changes the threat floor for every security team. Russia struck Kyiv with ballistic missiles on four separate nights, killing more than 70 people and prompting Zelenskyy to appear at the NATO Ankara summit requesting Patriot interceptors at every session. Thirty-two allies in Ankara committed $58 billion in new defence procurement, Norway signing on for Triton maritime drones and a South Korean MLRS deal, while Norwegian Defence Minister Sandvik directly rebuffed Trump’s Arctic ambitions. Simultaneously, the US-Iran exchange widened from tanker strikes in the Strait of Hormuz to 170+ cumulative US airstrikes on Iranian targets, halting Qatari LNG production and spiking crude globally.

The EU AI Act’s first enforcement deadline, covering prohibited AI system categories, falls on 2 August 2026. That is 22 days away. If your organisation has not completed a prohibited-use audit, the window is almost closed.

Security

JadePuffer: The First Fully Agentic LLM-Driven Ransomware

Researchers published findings on JadePuffer between 6 and 8 July: a ransomware campaign in which an LLM agent autonomously executed every post-access stage, reconnaissance, lateral movement, encryption, and ransom note delivery, without a human operator directing it. Multiple firms confirmed the campaign independently. Some reporting notes a human accomplice was still needed for the initial foothold; all sources agree the post-access campaign ran end to end without human steering (Dark Reading, ZDNet, TechRadar, Forbes, 6–8 July 2026).

The operational read is blunt. Any defence that relies on dwell-time detection, counting on attackers needing days to orient in an environment, is now insufficient. JadePuffer compresses the attacker timeline to whatever the model decides, measured in seconds, not days. Detection pipelines tuned to human-paced attack patterns will miss agentic sequences. The pressure shifts to endpoint telemetry, hard network segmentation, and automated containment triggered at initial access rather than at lateral movement.

CVE-2026-40138 / CVE-2026-40139: BeyondTrust, CVSS 9.2

Two critical authentication bypass flaws in BeyondTrust Remote Support and Privileged Remote Access were patched for cloud customers on 21 April 2026; self-hosted deployments must be on version 25.3.3 or later. As of 8 July, Shadowserver counted approximately 2,000 exposed instances still reachable online. H-ISAC issued a TLP:WHITE bulletin the same day flagging healthcare networks as highest risk: BeyondTrust is deeply integrated in hospital environments, and an unpatched deployment is potential HIPAA breach territory with direct care-disruption implications (BleepingComputer, The Hacker News, AHA/H-ISAC, 8 July 2026). If you are running self-hosted RS or PRA and have not applied the rollup, stop reading and patch now.

Void Blizzard / Laundry Bear: Denis Obrezko Pleads Not Guilty in Boston

Denis Obrezko, 36, a Russian national formerly employed by the FSB and tech firm Yutek-NN, pleaded not guilty on 9 July in Boston federal court to charges of conspiring to commit computer fraud. The indictment places him inside the Void Blizzard and Laundry Bear campaigns, which targeted US and European companies, NATO-aligned government agencies, and organisations supporting Ukraine’s resistance since at least 2023. A separate Russian suspect detained in Thailand is also allegedly linked to Void Blizzard (Reuters, The Record, 9–10 July 2026).

Also This Week in Security

Canada’s Communications Security Establishment disclosed three state-authorised offensive cyber operations conducted in 2024: disrupting a fentanyl ingredient supply network, targeting an extremist group ahead of planned violence, and hitting a ransomware-as-a-service operation responsible for 25+ attacks against Canadian critical sectors (The Globe and Mail, ~7 July 2026). A Reuters exclusive published 6 July reports CISA’s Attack Surface Evaluation team is running Anthropic’s AI model “Mythos” across government software repositories and has already surfaced a large number of exploitable flaws; the deployment followed a court ruling that blocked an earlier Trump administration decision barring Anthropic from defence supply chains (corroborated by SecurityWeek). A US bankruptcy judge approved the $46.75 million settlement for the 2023 23andMe breach affecting 6.9 million customers on 7 July (Reuters, The Record). AssuranceAmerica, an Atlanta-based managing general agency, disclosed a phishing-initiated breach affecting 6.9 million people with driver’s licence numbers among the exposed data; the intrusion ran from 16 March 2026 undetected for several months (BleepingComputer, TechCrunch, 8 July). A backdoor in multiple Tenda router firmware versions provides full administrative access without credentials; no patch is available at time of writing (BleepingComputer, ZDNet, 7–9 July). A ransomware attack on Tata Electronics, Apple’s key Indian manufacturing partner, leaked 630GB including iPhone 18 Pro schematics confirming a US/international modem split: Qualcomm mmWave 5G for the US market, Apple’s C2 modem for international; Indian authorities opened a criminal probe (India TV News, TechRadar, 1–7 July). ReliaQuest’s Q2 2026 report names ClickFix the most prevalent initial access technique this quarter, displacing attachment phishing, with Qilin, DragonForce, and Akira among the leading ransomware families (Cyberdaily.au, single-source reporting of ReliaQuest data).

Norway and the Nordics

NATO Ankara Summit: $58 Billion in Procurement and Nordic Deals

Thirty-two NATO allies met in Ankara on 7–8 July. Secretary General Rutte announced members increased defence spending by $37 billion in one year. The summit’s defence industry forum produced $50–58 billion in new procurement: a Norway/Finland/Germany/Denmark letter of intent for five MQ-4C Triton maritime drones at $2.7 billion; Kongsberg joint strike missiles for Canada’s Royal Navy; Lockheed/Rheinmetall ATACMS coproduction in Germany; and a $5 billion GlobalEye aircraft buy replacing the ageing E3A fleet. A $40 billion counter-drone commitment over five years was also announced. Five members are projected to reach the 3.5% GDP defence spending floor; Trump pushed for 5% by 2035 (Forbes, Breaking Defense, Reuters, 7–9 July 2026). On the summit sidelines, Norwegian PM Støre and South Korean President Lee Jae Myung announced expanded defence industrial cooperation anchored by a recently signed $922 million Hanwha Aerospace contract for Chunmoo multiple launch rocket systems, with nuclear power cooperation also on the agenda (Anadolu Agency, 8 July 2026). Støre and Lithuanian President Nauseda both appeared on CNBC during the summit, emphasising European defence self-reliance as a structural goal independent of US political cycles.

Norway Rebuffs Trump; China Loses Its Lions in Svalbard

Norwegian Defence Minister Tore Sandvik directly rejected Trump’s calls for US control of Greenland at Ankara on 8 July, stating Norway and its allies are already responsible for Arctic security (Politico EU). Separately, CNN confirmed on 10 July that Norway removed the granite stone lions marking China’s Yellow River Station research facility in Ny-Ålesund, Svalbard; Beijing described the removal as unlikely “to be appreciated,” and The Barents Observer confirmed the move independently. Danish PM Mette Frederiksen reaffirmed at Ankara that Greenland’s future is determined by Greenlanders, not foreign governments; Trump, speaking at RAF Mildenhall on 9 July, conditioned continued US troop presence in Europe on Danish Greenland concessions and European support for US Iran operations (Politico EU, New Indian Express). The Nordic arc for the week is clear: Norway hardened its Arctic posture on two fronts simultaneously.

Russia conducted more warplane flights near Norwegian airspace in the first half of 2026 than in all of 2025, per Norway’s military; Tu-160 strategic bombers with MiG-31 escorts flew Arctic patrols over the Barents and Norwegian Seas during the window, and the UK Royal Air Force intercepted a Russian aircraft that “repeatedly approached” UK airspace in the Arctic on 6 July (Newsweek, UK Defence Journal). Ukraine announced development of a domestic ballistic missile interceptor named Freya, targeting approximately $700,000 per interceptor as a Patriot alternative, with around eight European nations providing production support and a coalition meeting scheduled in France (Euromaidanpress, Defense News, 9–10 July 2026).

Regulatory and Policy

The European Commission proposed five large-scale cross-border defence projects on 3 July under the European Defence Industry Programme, covering drone and counter-drone systems across 26 EU countries plus Norway and Ukraine, air and missile defence, integrated maritime and seabed surveillance, an Eastern Flank intelligence-sharing system, and space-based defence; total estimated investment for the drone component alone reaches €3.5–5 billion by 2033 (Reuters, 3 July 2026).

Trump declared the Iran interim accord “null and void” on 9 July and reimposed full oil sales sanctions. By that date, CENTCOM had struck more than 80 Iranian air defence and missile sites on 7 July following Iran’s attack on three commercial tankers in the Strait of Hormuz; cumulative US strikes passed 170 Iranian targets; Iran fired 10 ballistic missiles at a US base in Jordan, all intercepted; the US struck Chabahar port in the first strike there. A Qatari LNG tanker took a projectile hit and caught fire off Oman, prompting Qatar to halt rapid LNG production; crude surged; the S&P 500 and Dow dropped. Pakistan, Qatar, and Oman began mediation efforts (NBC News, Reuters, CNN, 9 July 2026).

The International Institute for Strategic Studies documented a 144-incident Russian drone campaign targeting 13 NATO countries between August 2024 and February 2026, including nuclear-sharing sites and France’s SSBN base, launched from commercial vessels near European ports; a Russian-origin drone jammed near the carrier Charles de Gaulle in February 2026 (UK Defence Journal, single-source reporting of IISS data).

Epstein

(Presumption of innocence applies to all named individuals. All items from named public outlets.)

AG Pam Bondi appeared before a House committee on 9 July and refused to answer lawmakers’ questions about the Epstein files. Politico reported the same day that the House investigation shows no signs of concluding, with sustained congressional pressure for full file release remaining the story’s throughline (Politico, 9 July 2026).

A new DOJ batch was released during the window, with 33,000 pages reportedly posted. WION reported Trump’s name appears “multiple times” in the documents; Spectrum Local News reported Les Wexner testified he was “duped” by Epstein. Both the Trump name claim and the Wexner characterisation are single-source at time of writing and should be treated as unverified pending broader coverage from Tier 1 outlets.

Conflicts

Four Nights Over Kyiv

Russia struck Kyiv four times in one week. On 3 July, Ukrainian officials called it the deadliest single attack on the capital this year: at least 27 killed, 91 injured. Ukraine retaliated on 4 July with 73 drones targeting the St Petersburg oil terminal in Kirovsky district and the Kronstadt naval base; Russia intercepted 72 of 73. On 6 July, the night before the NATO summit opened, 29 Russian ballistic missiles struck Kyiv, killing 21; all hit their targets, overwhelming Patriot coverage. On 7 July, a third salvo killed 24. On 8 July, a fourth round struck storage areas across the city; Ukrainian drones simultaneously hit 12 shadow-fleet tankers delivering fuel to Crimea in the Sea of Azov. The four-strike toll in Kyiv alone exceeds 70 dead; Zelenskyy requested additional Patriot interceptors at every Ankara session, and Ukraine announced a new long-range impact command for targeting Russian energy infrastructure on 11 July (LA Times, The Guardian, ABC Australia, Reuters, 3–11 July 2026).

On 6–7 July, Ukrainian FP-1 drones from manufacturer Fire Point struck Russia’s Omsk oil refinery in Siberia at roughly 3,000 kilometres from Ukrainian territory, near the Kazakhstan border, hitting the ELOU-AVT-11 primary crude processing unit, which handles more than 21 million tons per year. Overnight on 7 July, Ukraine launched more than 400 drones into Russia in a single operation; Zelenskyy called it “a new chapter.” Russia banned diesel exports in response to cumulative refinery damage (The Guardian, Kyiv Post, 6–7 July 2026).

Russian casualty figures from the Ukrainian Ministry of Defence put June 2026 losses at approximately 39,490 and cumulative losses since February 2022 at over 2 million; these are Ukrainian government estimates and have not been independently verified (single-source, contested estimates). UNICEF reported more than 300 children killed or injured in Sudan’s war in six months, mostly from RSF drone strikes; total war deaths exceed 59,000 since April 2023, with 30 million people requiring humanitarian aid (Canon City Daily Record/UNICEF, 6 July 2026).

Also This Week

The US Department of War published its fourth PURSUE UAP disclosure batch on 10 July at war.gov/ufo: roughly 40 items across documents, videos, and audio from the Pentagon, CIA, FBI, and Department of Energy. Two-thirds is archival paper already known to historians; each infrared clip carries a disclaimer that the description “reflects no analytical judgment.” The most militarily interesting page in the release is 77 years old: the 1948 joint USAF/ONI intelligence estimate (Study 203) anchors the entire US flying-saucer wave to the 1946 Scandinavian ghost rockets, read at the time as a Soviet psychological-warfare demonstration timed to the US campaign for Nordic political alignment. Grey-zone hybrid-threat logic on Norway’s doorstep, before the term existed (The Hill, CBS News, NewsNation, 10 July 2026).

By the Numbers

Figure Context
22 days Until EU AI Act prohibited-use enforcement deadline, 2 August 2026
9.2 CVSS, CVE-2026-40138 / CVE-2026-40139 (BeyondTrust)
2,000 Unpatched BeyondTrust instances online as of 8 July (Shadowserver)
6.9M Victims, AssuranceAmerica breach (driver’s licence numbers)
$46.75M 23andMe breach settlement, court-approved 7 July 2026
630GB Stolen Tata Electronics data, including iPhone 18 Pro schematics
$58B NATO Ankara summit new defence procurement commitments
$2.7B Norway/Finland/Germany/Denmark MQ-4C Triton drone letter of intent
$922M Norway–South Korea Chunmoo MLRS contract (Hanwha Aerospace)
144 Russian drone incidents targeting NATO countries, Aug 2024–Feb 2026 (IISS, single-source)
70+ Confirmed dead in Kyiv across four Russian strikes, 3–8 July
3,000km Approximate range of Ukraine’s Omsk oil refinery strike
170+ Cumulative US strikes on Iranian targets as of 9 July 2026

What to Do This Week

  1. Patch BeyondTrust now. Self-hosted RS and PRA must be on version 25.3.3 or later. CVSS 9.2 with 2,000 instances still exposed as of 8 July. No excuse for being number 2,001.
  2. Complete your EU AI Act prohibited-use audit. Enforcement starts 2 August 2026, 22 days from today. Primary prohibited categories: emotion recognition in workplaces, biometric categorisation from scraped images, real-time public biometric surveillance systems.
  3. Isolate or replace Tenda routers. No patch exists. Assume any Tenda device on your network can be accessed remotely by anyone who knows the backdoor. Isolate from sensitive segments or replace hardware.
  4. Test ClickFix detection coverage. If your EDR rules are tuned for email attachment delivery, they will miss ClickFix chains where users manually execute the payload via trusted system dialogues. Run a tabletop and update detection logic.
  5. Review LNG and fuel cost exposure. Qatar LNG halt, Omsk refinery damage, Russia’s diesel export ban, and US-Iran escalation are all hitting fuel markets simultaneously. If your operations carry energy-cost dependencies, this is the week to check hedging and supply alternatives.
  6. Track the Epstein file release. The 33,000-page batch and Bondi’s refusal to testify are keeping congressional pressure live. The Trump name claim and Wexner characterisation remain single-source at time of writing; verify against Tier 1 outlets when coverage broadens.

Researched and compiled using open-source reporting cross-checked against named outlets, verified directly against the local SearXNG instance. Single-source and contested claims are marked throughout. Presumption of innocence applies throughout the Epstein coverage.

Sources this issue: BleepingComputer, The Hacker News, Dark Reading, ZDNet, TechRadar, Forbes, Reuters, The Record, SecurityWeek, The Globe and Mail, Politico, Politico EU, The Guardian, LA Times, ABC Australia, Kyiv Post, Euromaidanpress, Defense News, Breaking Defense, UK Defence Journal, Newsweek, The Barents Observer, CNN, NBC News, India TV News, TechRepublic, TechCrunch, Canon City Daily Record, The Hill, CBS News, NewsNation, Anadolu Agency, WION, Spectrum Local News. Single-source claims (ReliaQuest Q2 data via Cyberdaily.au; IISS drone campaign via UK Defence Journal; Epstein Trump name claim via WION; Russian casualty estimates via Ukrainian MoD) are noted in text.

Issue 023, weeks 27–28, 11 July 2026

AI disclosure

This article is generated by an automated pipeline that handles source collection, summarisation, and drafting end-to-end. Human review is light-touch and limited to publication gating. Editorial responsibility: Thomas A. Kleppestø.

Pipeline stages: fetch, summarise, draft.