Progress ShareFile customers face a forced shutdown with no CVE, no threat actor, and no restart timeline — while JADEPUFFER autonomous AI ransomware gets a second look and Samsung rushes out 57 fixes for spyware-exploited flaws. Today's briefing covers the stories that matter most to security teams right now.
Audio is available on Spreaker — see link below.
Progress Software told its ShareFile customers to shut down on July tenth. Not patch.
While that story develops without answers, a separate development this week puts the broader threat environment in sharper relief. A ransomware operation called JADEPUFFER, which unfolded in late June, has been documented as the first end-to-end autonomous AI ransomware campaign.
The same AI-driven capability that enables JADEPUFFER is also, right now, finding vulnerabilities before attackers do. Anthropic's Claude Mythos, operating through an authorized security research program called Project Glasswing, identified a critical memory leak in Squid web proxy that had gone undetected for twenty-nine years.
Samsung pushed a fifty-seven vulnerability security update to Galaxy Z Fold seven and Z Flip seven on July ninth. The critical fixes address Adobe DNG image-parsing flaws that commercial spyware operators had already weaponized in real-world campaigns back in November twenty twenty-four.
A threat actor using the name eight-eight-eight claimed a July breach of Accenture, alleging thirty-five gigabytes of data stolen including source code, Azure tokens, and RSA and SSH keys. Accenture acknowledged the incident and said it's fully remediated, while downplaying the scope.
The watchpoints coming out of today's briefing are clear. Progress ShareFile customers need to know when a safe restart is possible and whether any unauthorized access occurred.
Chapter summary auto-generated from the verified script. Listen to the full episode for the complete content.