Since our last update, the theme is trust exploited at every layer: a file-sharing vendor’s own admin interface, a wave of GitHub repos wearing familiar brand names, a ransomware gang’s fabricated “proof,” and an AI browser extension that still can’t tell a real click from a scripted one. None of these are exotic zero-click exploits — they all lean on someone or something trusting input it shouldn’t. Here’s what changed.
Vulnerability watch: Progress Software orders emergency ShareFile shutdown over unpatched zero-day
Progress Software emailed ShareFile customers on July 10 telling them to manually power down any server hosting a Storage Zone Controller, citing a “credible” security threat with no patch yet available. The company has since confirmed the cause: a high-severity path traversal flaw in ShareFile Storage Zone Controller versions 5.x and 6.x that lets an authenticated administrative user read arbitrary files reachable by the application’s service account, write attacker-controlled content to arbitrary directories, or enumerate the server’s filesystem layout. Progress has now shipped fixed versions 5.12.5 and 6.0.2 and says it has found no evidence of unauthorized access to customer accounts or data. A CVE has been reserved but won’t be published for two weeks — Progress told BleepingComputer the delay is deliberate, to give customers a patching head start before technical details go public. BleepingComputer · The Hacker News · Help Net Security
If you run ShareFile Storage Zone Controller on-prem, this is a same-day patch: update to 5.12.5 or 6.0.2 now, and treat any Storage Zone Controller that was left running through the shutdown window as a machine you should review for unexpected file writes or unfamiliar admin sessions.
Malware watch: 292 fake GitHub repos impersonate security brands to spread BoryptGrab infostealer
Researchers uncovered a campaign, active since June 26 and still running, that has planted 292 fake GitHub repositories impersonating legitimate software — including security vendor Arctic Wolf — across categories spanning security tooling, fintech, crypto wallets, developer utilities, secure email clients, macOS apps, and game “cheat” tools. Each repo’s README links to a fake download page that delivers a trojanized libcurl.dll sideloaded through a signed WinGUP updater, ultimately dropping a variant of the BoryptGrab infostealer. That variant is notable for a previously undocumented capability: it bypasses Chrome’s App-Bound Encryption via direct code injection into the browser process, and it harvests data from more than 19 browsers and 32 cryptocurrency wallets plus messaging and social apps. Artifacts point to a Russian-speaking operator not yet tied to a known group. Help Net Security · Arctic Wolf · BleepingComputer
Brand-impersonating GitHub repos are cheap to spin up and hard for individual developers to vet, and a bypass for Chrome’s App-Bound Encryption meaningfully raises the value of a successful infection. If your engineers pull tools or “cheat”/utility software from GitHub outside your approved package registries, this is a good week to remind them to check star history, commit age, and org verification before running an installer.
Phishing watch: LastPass and Bitwarden users targeted with fake DocuSign compliance emails
LastPass began warning customers this week of an active phishing campaign sent from lookalike domains such as [email protected], notifying recipients of fake “service policy changes” — enhanced SaaS monitoring, admin master-password resets — and pushing them to a page at lastpasscompliance.com that impersonates DocuSign. Clicking through to “review terms” leads to a page prompting a Windows or macOS file download. BleepingComputer found Bitwarden users are being hit by the same pattern from [email protected], redirecting to bitwardencompliance[.]com. Both vendors say their own systems and infrastructure are uninvolved and uncompromised. BleepingComputer · LastPass · CyberInsider
Password manager admins are a high-value target precisely because a successful compromise can cascade into every credential a team stores. Block or flag the newsletter/compliance lookalike domains at your email gateway, and remind admins that legitimate vendor policy notices never arrive via a DocuSign-style “review and download” flow.
Ransomware watch: D1R’s Bosch “leak” evidence turns out to be a public manual
A previously unknown ransomware group calling itself D1R listed Bosch on its dark web leak site, claiming it exploited a logic flaw in a Synopsys registration form to pull a 40,000-entry corporate client database with no internal access required, then used that access to steal Bosch engineering data — giving the company 11 days to negotiate before publication. Synopsys investigated and found no evidence supporting the claim, says it has not been contacted by the group, and considers the unauthorized-access allegation unfounded. Independent review of the “proof” screenshot D1R provided found it was simply the first page of a publicly available Controller Area Network (CAN) user manual — a standard Bosch published document, not stolen data. D1R has only three victims listed on its leak site to date. SC Media · SecurityWeek · Cybernews
Not every leak-site claim is real, but “unverified” isn’t the same as “safe to ignore.” Treat a new extortion group’s claim as a trigger to check your own SaaS registration and self-service forms for the kind of logic flaw D1R described — an unauthenticated form that returns more than it should is a real class of bug regardless of whether this specific claim holds up.
AI security watch: unpatched Claude for Chrome flaw still lets rogue extensions read Gmail and Calendar
Researchers at Manifold Security disclosed that a vulnerability in Anthropic’s Claude for Chrome extension, first reported on May 21 against version 1.0.72, remains exploitable in version 1.0.80 — eight releases later. Any other browser extension with a content script on claude.ai can inject a DOM element and dispatch a synthetic click to trigger one of nine prompts that make Claude read the victim’s Gmail, Google Docs, and Calendar data, because the click handler never checks event.isTrusted to distinguish a real user click from a script-dispatched one. Manifold rates the flaw CVSS 7.7 (High) in Claude’s default “coerced approval” mode, rising to 9.6 (Critical) if a user has enabled “Act without asking.” Anthropic acknowledged the report the day after disclosure and marked it closed, but Manifold says the vulnerable code is byte-for-byte identical between the version first reported and the current release. SecurityWeek · The Hacker News · Manifold Security
AI browser agents are a fast-growing part of the attack surface, and this bug is a clean example of why: the extension trusts a synthetic DOM event the same as a real one. If Claude for Chrome or a similar AI browser extension is in use on any endpoint in your environment, disable “Act without asking” mode until this is genuinely fixed, and audit which other extensions have content-script access on claude.ai or equivalent AI-agent domains.
Also worth noting
Mozilla shipped Firefox 152.0.6 patching two critical flaws — CVE-2026-15718 (an invalid-pointer bug in the WebAssembly engine) and CVE-2026-15719 (a site isolation issue in DOM navigation) — for which Mozilla confirms public exploit code exists, though it has no evidence of in-the-wild attacks yet. Update Firefox fleet-wide regardless. SecurityWeek
Separately, TriWest Healthcare Alliance — the managed care contractor for the TRICARE West Region covering roughly 4 million military beneficiaries — notified about 11,844 individuals that an unauthorized party accessed and downloaded protected health information, including DoD Benefits Numbers and ZIP codes, during an intrusion that occurred back on April 16. Fewer than five records also included Social Security numbers, addresses, or dates of birth. Military Times
Final thought
Today’s stories share a common failure point: something downstream trusted input it should have verified — a ShareFile admin session, a GitHub README, a “compliance” email, a leak-site screenshot, a synthetic browser click. None of it required a novel exploit technique, which is exactly why detection has to focus on behavior, not just patch status: unexpected admin file access, installer downloads from unofficial sources, lookalike-domain traffic, and unusual extension permissions are the signals that catch this class of attack before it escalates. If you want help reviewing whether your current logging would actually surface any of these, see our guide to supply chain attacks against software companies or book a discovery call.