In partnership with

~7 MIN READ
Fact AI coding assistants like Cursor and GitHub Copilot hallucinate the same wrong package name in up to 85% of repository requests, and the same wrong skill name in 100% of installs, tested by researchers who then simply registered those exact names and waited. (HalluSquatting research, The Hacker News, July 2026)
The Signal
 
Nothing says "healthy incident response" like paying a ransom in secret and hoping nobody finds the receipts. This week's a reminder that the leak you should worry about isn't always the breach. Sometimes it's the negotiation transcript.

Secrecy is getting harder to maintain in cyber, whether you're a government agency hiding a ransom payment or an AI agent that can't tell a real GitHub Issue from an attacker's instructions. Here's what leaked, what broke, and what to actually do about it.

PS: Was this forwarded to you? Subscribe free at exzeccyber.com/subscribe

In this edition
  📌 Big Cyber News
  🚨 Can't Miss
  🤖 AI in Cyber
  🏛️ Privacy, Power & Policy
  🛠️ Tools & Tactics
  🧪 Strange Cyber
📌 Big Cyber News
 
DATA EXTORTION
💰 A County Paid $1 Million to Make an Extortion Gang Go Away. It Didn't Tell Anyone.
Intro
Leaked negotiation transcripts have exposed a secret ransom deal between a U.S. county government, believed to be Union County, Ohio, and a data-extortion gang called Kairos.
What Happened
After stealing roughly 2 terabytes of resident data, including Social Security numbers and medical records, Kairos opened negotiations at $3 million. The county countered at $100,000. Over several rounds the two sides settled at $1 million in Bitcoin, paid quietly and never publicly disclosed until a threat researcher obtained the chat logs this month.
Why It Matters
The county has no technical way to verify Kairos actually deleted the stolen data. It paid for a promise, not proof, and residents whose SSNs were in that stolen 2TB found out about the deal from a leaked transcript, not from their own government.
The Other Side
Negotiators argue quiet payment can be the least-bad option when the alternative is a full public dump of resident data with zero leverage to stop it.
 
👉 Takeaway
If your incident response plan includes a secret payment, plan for the transcript leaking too. Ransom deals age badly once they're not secret anymore.
TL;DR: A county paid $1 million to a data-extortion gang in secret. A leaked transcript just made it very public.
Further reading: The Register
🚨 Can't Miss
 
 
SUPPLY CHAIN
Attackers compromised a trusted maintainer's account on the Injective Labs blockchain SDK and pushed a malicious npm update disguised as telemetry code, quietly capturing wallet recovery phrases from 18 dependent packages before security firms caught it in under an hour. No funds were reported stolen, but the bad version was still downloaded 310 times.
One compromised maintainer account can poison an entire dependency tree in minutes. Pin your versions.
 
LAW ENFORCEMENT
Following an FBI tip, Spanish police arrested a man in Palencia accused of supporting CyberArmy of Russia Reborn, Z-Pentest, and NoName057(16), hacktivist groups known for DDoS attacks on NATO water, energy, and agriculture infrastructure. He allegedly helped a fellow member flee to Russia through Poland and Belarus.
These pro-Russia hacktivist groups increasingly share members and infrastructure. One arrest can expose several networks at once.
 
RANSOMWARE
The Alberta university discovered a ransomware attack on June 17 that deleted two file storage systems and exfiltrated employee and student records. A gang calling itself CMD Organization claims over 10 terabytes stolen and is demanding $1.9 million.
Universities keep landing in ransomware crosshairs because they hold sensitive records with famously underfunded IT security.

Dictate code. Wispr tags the files.

Speak your PR description, bug reproduction, or Cursor prompt. Wispr Flow auto-tags file names, preserves variable names, and formats everything for immediate paste into GitHub, Jira, or your editor.

No re-typing. No context gaps. No mangled syntax. Works natively inside Cursor, Warp, and every IDE at the system level.

4x faster than typing. 89% of messages sent with zero edits. Used by engineering teams at OpenAI, Vercel, and Clay.

🤖 AI in Cyber
 
 
AI SECURITY
Researchers at Noma Labs found a critical prompt injection flaw in GitHub Agentic Workflows requiring no credentials at all. An attacker just opens a public GitHub Issue with hidden instructions, and the AI agent, triggered on issue assignment, follows them, potentially leaking private repository contents as a public comment.
If your AI agents read anything the public can write, treat that content as untrusted input.
 
AI SECURITY
Researchers found that when AI assistants like Cursor, Copilot, and Gemini CLI invent a nonexistent package name, they tend to invent the same wrong name every time, up to 100% of the time for skill installs. Attackers just query the AI to learn its favorite hallucinations, register those names, and wait for the assistant to fetch and run their malware.
The fix isn't a firewall. It's making your AI agent verify a resource exists before it trusts it.
🏛️ Privacy, Power & Policy
 
 
POLICY
The European Commission referred Ireland, Spain, France, and the Netherlands to the EU's top court for missing the deadline to adopt NIS2, the bloc's cybersecurity law covering 18 critical sectors. After warnings in 2024 and 2025 went nowhere, the Commission now wants daily fines until each country implements the rules.
Cybersecurity law only works if it's enforced. The EU just showed what happens when deadlines are treated as optional.
 
PRIVACY
RentGrow will pay $2.25 million after the FTC found its tenant-screening reports duplicated criminal and eviction records, making applicants look far more troubled than they actually were, and misled renters about the outcome of their disputes.
If a background-check company denied you housing, you're entitled to dispute the report. Use it.
🛠️ Tools & Tactics
 
 
Practical play
Two stand out. DockSec combines multiple container scanners with AI-assisted analysis, returning a 0-100 security score for your Dockerfiles plus line-specific fixes. Agent Beacon normalizes telemetry across every AI agent runtime in your environment, so you get one consistent record of what each agent did instead of five different logging formats. Both are free and install in minutes.
Running AI agents or containers without dedicated visibility tooling? Start with whichever gap is bigger.

Why did one company's AI work, and another's didn't?

One had a dedicated owner. Resolution rate: 48.9%. One didn't: 0.38%. See the full breakdown.

🧪 Strange Cyber
 
Strange but real
🎽 The Fastest Way Into a Fortune 500 Building Is Apparently Saying "Yes, I'm Here for the Wi-Fi"
Intro
A professional red teamer walked into a Fortune 500 company's office, claimed he was there to fix the Wi-Fi, and walked out with a $250,000 championship trophy in his backpack.
What Happened
The building's wireless network was genuinely glitchy thanks to nearby construction, which gave the red teamer's team perfect cover to wander around with laptops and antennas. In the marketing department, he found one of the sponsor company's prize trophies sitting in its display case. When an employee spotted him removing it and asked if he was there to fix the Wi-Fi, he said yes. She let him walk out the door.
Why It Matters
He kept the trophy for two and a half weeks before anyone noticed it was gone, then revealed it during his security presentation to the company's executives.
The Other Side
The employee's instinct wasn't unreasonable. Someone who looks like they belong and offers a plausible explanation usually does belong. That's exactly the trust attackers exploit.
 
👉 Takeaway
Physical security fails the same way phishing does: people trust a confident story over a verified badge. Train employees to verify, not assume.
TL;DR: A red teamer said "yes" to a Wi-Fi question and walked out with a $250,000 trophy.
Further reading: The Register

Claude vs Gemini. OpenAI vs Anthropic. Which lab ships next? Real money on all of it. Kalshi is the CFTC-regulated prediction market for tech readers. Trade what you know.

Keep Reading