Cyber News Bytes: What’s Happening in Cybersecurity This Week

This week's latest cybersecurity news and industry updates

It’s been a wild week for cyber breaches, zero-days, and more!

Before we get into this week's stories, a quick note for everyone who has been asking how to actually build hands-on experience.

My 5 Technical Cybersecurity Projects course walks you step by step through five resume-ready projects, including cloud Active Directory, an Azure GRC risk assessment, SIEM log analysis, Nmap scanning, and web app testing with OWASP ZAP.

Each one can be finished in a weekend, and it's only $29.

You can grab it right here: 5 Technical Cybersecurity Projects Course

Funny enough, this week's news is basically a live demonstration of why those exact skills matter.

Now let's get into it.

1. Microsoft rushes out emergency patch for the RoguePlanet Defender zero-day

Microsoft shipped an out-of-band patch on July 8 to close RoguePlanet, tracked as CVE-2026-50656, an elevation of privilege flaw in the Malware Protection Engine that powers Windows Defender.

The flaw was disclosed by a researcher going by "Nightmare Eclipse" as part of an ongoing public dispute with Microsoft over its bug bounty and disclosure practices, and it allows attackers to spawn a command prompt with SYSTEM privileges through a race condition.

It is the seventh zero-day this researcher has publicly disclosed since April, and the exploit works whether Defender's real-time protection is enabled, disabled, or running in passive mode.

Why it matters: A vulnerability inside the security product itself is gold for attackers who already have a foothold, because it turns your defenses into their weapon. If you manage Windows endpoints, verify that the Malware Protection Engine has updated to version 1.1.26060.3008 or later.

Read more at Dark Reading

2. Accenture confirms breach after hacker lists 35GB of stolen data for sale

Consulting giant Accenture confirmed it suffered a security breach after a threat actor known as "888" claimed to have stolen 35 GB of source code and other data and began offering it for sale on a cybercrime forum.

The hacker claims the stolen data includes Azure access keys and tokens, configuration files, RSA and SSH keys, and source code, and posted a screenshot of a private Azure DevOps repository as proof.

Accenture said it remediated the source of the incident and that there was no impact to operations or service delivery, but it has not confirmed what data was actually taken.

Why it matters: Source code, private keys, and cloud tokens are far more dangerous than a leaked customer list because they can unlock other systems downstream. When one of the largest consulting firms on the planet gets hit, every client in their supply chain has to start asking uncomfortable questions.

Read more at BleepingComputer

3. Deutsche Bank confirms third-party breach after ransomware gang posts "evidence"

The Unsafe ransomware group claimed it breached Deutsche Bank and posted alleged employee database records on a dark web leak site, and the bank confirmed a breach at a third-party service provider.

The leaked samples reportedly include employee email addresses, password hashes, physical addresses, and internal database records.

A bank spokesperson said the incident did not involve Deutsche Bank's own network but instead affected a third-party company, and researchers could not determine whether any customer information was compromised.

Why it matters: Even if not a single customer record was touched, stolen employee data is a launchpad for phishing, password cracking, and deeper attacks. This is also another loud reminder that your security is only as strong as your vendors, which is exactly why third-party risk keeps showing up in GRC job descriptions.

Read more at Cybernews

4. Researchers document the first ransomware attack run entirely by an AI agent

Sysdig's Threat Research Team captured what it assesses to be the first documented case of agentic ransomware, a complete extortion operation driven end-to-end by a large language model with no human at the keyboard.

The operation, dubbed JadePuffer, broke in through a known vulnerability in an internet-facing Langflow server, then autonomously harvested credentials, moved laterally, established persistence, and ran a destructive extortion playbook against a production database.

The AI agent even adapted to failures in real time like a human operator would, going from a failed login to a working fix in 31 seconds, and ultimately encrypted 1,342 configuration items before dropping a ransom note.

Why it matters: The skill floor for running ransomware just dropped dramatically, because an AI agent can chain together every stage of an attack without the operator having deep expertise in any of them. Defenders will need to detect and respond at machine speed, and notably, the entry point was still an unpatched, internet-exposed server, proving the fundamentals matter more than ever.

Read more at BleepingComputer

That's a wrap for this week.

Five stories, and almost every one of them traces back to the same fundamentals: a stolen credential, an unpatched flaw, or a third party nobody was watching closely enough.

And now AI is learning to exploit those same fundamentals on its own, which means the people who master them will only become more valuable.

If you want to be the person companies hire to prevent headlines like these, the best time to start building those skills was yesterday, and the second best time is this weekend.

Stay patched. Stay skeptical. Talk soon.

Cyber With Sandra | www.withcybersecurity.com