Weekly Cybersecurity Roundup: Dormant Code, Record Patches, and AI on Both Sides of Security
This weekly cybersecurity roundup highlights how both attackers and defenders are scaling activity, from dormant access to record patch volumes. Dutch and Belgian police disrupted an international investment fraud network staffed by more than 700 people across about 20 call centers, while attackers tested dormant capabilities and active exploitation as well as “trusted” features. In browser security, Google and Microsoft removed the ModHeader extension after researchers found a dormant data-collection mechanism embedded in a genuine, signed version; it had about 1.6 million combined Chrome and Edge installations before Microsoft removed it on July 3. Microsoft’s July Patch Tuesday addressed at least 570 security flaws, including nearly 60 rated critical and more than 250 privilege escalation issues, with three qualified zero-days in Active Directory Federation Services and SharePoint. Separate reporting also detailed the LabubaRAT Windows remote access trojan and its operator-controlled capabilities.





