Back to Feed
Threat IntelligenceJul 10, 2026

In Other News: DHS Database Hacked, Adobe Boosts Patch Cadence, Canada Disrupts Ransomware Ops

Multiple cybersecurity incidents reported including DHS database hack, ransomware disruptions, and data breaches.

Summary

This roundup covers several significant cybersecurity events, including an Armenian national pleading guilty in the US for ransomware attacks, the emergence of a new multi-platform RAT called QuimaRAT v2.0, and Canada's intelligence agency disrupting ransomware operations. Additionally, it notes a data breach at AssuranceAmerica affecting 7 million people and a vulnerability in Writer AI that allowed data exfiltration.

Full text

SecurityWeek’s weekly cybersecurity news roundup offers a concise overview of important developments that may not receive full standalone coverage but remain relevant to the broader threat landscape. This curated summary highlights key stories across vulnerability disclosures, emerging attack methods, policy updates, industry reports, and other noteworthy events to help readers maintain a well-rounded awareness of the evolving cybersecurity environment. Here are this week’s highlights: Armenian man pleads guilty in the US to ransomware attacks Karen Serobovich Vardanyan, a 34-year-old Armenian national extradited to the United States last year for his role in Ruyk ransomware attacks, has pleaded guilty to conspiracy and computer fraud. Vardanyan (who appears to have been a ransomware affiliate) and his accomplices received more than $15 million in ransom payments, the DOJ said. The man has agreed to pay $1.1 million in restitution. Advertisement. Scroll to continue reading. QuimaRAT targets Windows, macOS, Linux A subscription-based remote access trojan (RAT) platform named QuimaRAT v2.0 is actively being advertised on dark web forums with multi-architecture binaries targeting Windows, macOS, and Linux. Built using Apache Maven, the modular malware implements virtualization checks and native library loading to execute fileless payloads and run dozens of embedded commands. Security researchers discovered that the threat actor operates under a malware-as-a-service (MaaS) framework, offering lifetime access for $1,200 alongside cheaper short-term tiers. Canadian intelligence service disrupted ransomware operations Canada’s Communications Security Establishment (CSE) disclosed that it actively hacked into the infrastructure of ransomware operations, drug traffickers, and extremist organizations over the past year. Operating under its foreign cyber operations mandate, the agency disrupted the command-and-control operations of these threat networks to mitigate global criminal campaigns. CSE said the operations successfully degraded the criminal syndicates’ technological capabilities. Enterprise security firm rejects Anthropic’s trademark infringement claims Abnormal AI publicly refuted a lawsuit brought by Anthropic that alleges trademark infringement, unfair competition, and intentional brand duplication designed to mislead enterprise customers. The security firm clarified that its slash-based wordmark was independently designed back in April 2021, prior to the commercialization of Claude AI. Fraudsters unmasked behind deceptive offensive security firm A clandestine exploit brokering startup operating under the moniker IRIS C2 was exposed as a front managed by fraudsters and convicted felons Jacob Wohl and Jack Burkman, according to an investigation by Brian Krebs. Registered under a company called Calvexa Group, the outfit publicly dangled million-dollar payouts on social media platforms to attract engineering talent and purchase zero-day vulnerabilities. The company claims to sell phone-hacking services to the government but does not appear to have any government contracts. Writer AI vulnerability exposed data A security researcher has uncovered a critical vulnerability dubbed WriteOut in Writer AI that allows a threat actor to completely bypass sandbox restrictions. The cross-tenant flaw allowed unauthorized users to break structural isolation controls, read proprietary workspace data, and systematically access information belonging to other corporate tenants. Writer AI has since deployed patches to permanently seal the sandbox escape path. AssuranceAmerica data breach affects 7 million people Hackers targeted US insurance company AssuranceAmerica and stole information belonging to nearly 7 million people, including names, contact information, and driver’s license numbers. The breach was discovered in March, and the company’s investigation was completed in June. NSA brings back TAO The NSA has officially revived its iconic Tailored Access Operations (TAO) nomenclature for its premier network exploitation unit, effectively reversing the changes of the 2016 NSA21 initiative. Led by Deputy Director Tim Kosiba, the structural shift consolidates exploit developers and operators under a unified command structure. The specialized unit is slated to occupy a dedicated campus facility next month. FBI issues TeamPCP alert The FBI published an alert outlining malicious operations orchestrated by a cybercrime syndicate known as TeamPCP. The threat group successfully trojanized critical development dependencies and DevOps security tools (including Trivy, KICS, LiteLLM, and the Telnyx Python SDK) to drop credential-harvesting implants like CanisterWorm and SandClock. The FBI warns that the group is using stolen cloud tokens and Kubernetes secrets to carry out extortion campaigns. DHS database hacked An unidentified threat actor breached the Homeland Security Information Network (HSIN), a sensitive but unclassified database used by federal, state, and private partners for interagency communication. A damage assessment by the DHS Office of Intelligence and Analysis revealed that the hackers targeted servers and SharePoint infrastructure. The department isolated the network and launched a forensic probe, but found no evidence that classified networks were impacted. Adobe transitions to accelerated security update cadence Adobe announced that it will begin publishing security bulletins and critical patch disclosures twice a month, on the second and fourth Tuesdays. The shift is a direct response to adversaries leveraging AI to rapidly discover vulnerabilities. By shortening the release window, the vendor aims to compress the time window available to attackers between initial public disclosure and active enterprise exploitation. Related: In Other News: Chinese Mythos-Like AI, Tata Electronics Breach, Snyk Layoffs Related: In Other News: Canadian Hacker Jailed, Open Source Zero-Days, Two Sentenced for ATM Jackpotting Written By SecurityWeek News Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights. More from SecurityWeek News Webinar Today: Why Email Security Keeps FailingIn Other News: Canadian Hacker Jailed, Open Source Zero-Days, Two Sentenced for ATM JackpottingIn Other News: Chinese Mythos-Like AI, Tata Electronics Breach, Snyk LayoffsPhilip Martin Joins Uber as Chief Information Security OfficerWebinar Today: Modern Exposure Validation in the AI EraIn Other News: Apple Patches Beats Eavesdropping Flaw, DOT Closes Delta CrowdStrike Probe, AWS ContinuumWebinar Today: How Modern Breaches Bypass MFA and Evade DetectionEndpoint Security Startup Ent Emerges From Stealth With $100 Million Seed Round Latest News Third US Security Expert Sentenced to Prison for Helping Ransomware GangChina, India-Linked Hackers Both Targeted Same Pakistani Police ForceOkta Warns of Vishing Attacks Targeting Microsoft 365 CustomersGigaWiper Combines Multiple Malware for System-Level Sabotage‘HalluSquatting’ Turns AI Hallucinations Into Botnet Delivery MechanismNetwork of 200 GitHub Repositories Used for Malware InfectionQIZ Security Raises $17 Million for Cryptographic Governance PlatformUK Government Rolls Out Agentic AI Defense Plan Alongside Industry Pledge Trending Daily Briefing NewsletterSubscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: Why Email Security Keeps Failing (And What Has to Change) July 8, 2026 Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more. Register Virtual Event: 2026 Cloud Security Summit July 16, 2026 This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly

Indicators of Compromise

  • malware — QuimaRAT v2.0
  • malware — Ruyk

Entities

Jacob Wohl (threat_actor)Jack Burkman (threat_actor)QuimaRAT v2.0 (product)Writer AI (product)AssuranceAmerica (vendor)Abnormal AI (vendor)