Weekly Cyber Briefing 10.07.2026
Weekly Cyber Update: 10 July 2026
A new agentic ransomware discovery; a maximum severity ColdFusion bug to patch; a government push for Cyber Essentials across the supply chain; and a new NCSC plan for cyber defence
Weekly Cyber Briefing 10.07.2026
A new agentic ransomware discovery; a maximum severity ColdFusion bug to patch; a government push for Cyber Essentials across the supply chain; and a new NCSC plan for cyber defence
Security researchers have discovered what they claim to be the world’s first ransomware campaign carried out end to end by an “agentic threat actor” (ATA). “JadePuffer” autonomously exploited a vulnerability in Langflow, mapped the environment, harvested credentials, moved laterally, stole and encrypted data, and left a ransom note.
The ATA didn’t demonstrate any novel TTPs, but JadePuffer highlights that the barrier to entry for prospective ransomware actors has now fallen significantly. It also marks out AI infrastructure like Langflow as an increasingly popular target, because it provides a wealth of stored credentials and API keys. CISA has ordered federal agencies to patch the flaw exploited in the attack.
The encryption used in the attack was built to be unrecoverable because the agent, rather than its human master, decided so. That adds an extra element of unpredictability to ATA-powered ransomware.
Monitor for the IoCs released by Sysdig. And patch CVE-2025-3248 in Langflow, if using the framework. Beyond that, best practice rules apply to reduce the attack surface. That means network segmentation, phishing-resistant MFA and least privilege, and runtime threat detection. Focus on boosting resilience in the event of a compromise by practising incident response and ensuring recovery capabilities are regularly tested and fit for purpose.
Threat actors are exploiting a maximum severity vulnerability in Adobe ColdFusion, according to reports. CVE-2026-48282 is a remote code execution flaw in the popular web app development platform that can be exploited by attackers without privileges. It has a CVSS score of 10.0. The ShadowServer Foundation claims hundreds of instances may be exposed globally.
US and Canadian authorities have released guidance urging immediate patching. Exploitation could give threat actors a foothold in enterprise systems for broader compromise, including corporate data theft and even ransomware. The flaw was exploited just hours after Adobe released patches, proving once again the traditional exploitation window has virtually disappeared for some CVEs.
Audit for impacted and internet-facing ColdFusion instances and patch in line with vendor guidance. Review logs for signs of exploitation.
The government has officially launched a new initiative whereby organisations voluntarily commit to demonstrate board-level cyber governance and supply chain security. Over 60 organisations and 20 government suppliers have signed up to the Cyber Resilience Pledge. It requires them to register for the NCSC’s free Early Warning service, audit Cyber Essentials coverage across the supply chain, implement the Cyber Governance Code of Practice, and ensure all board members complete NCSC Cyber Governance Training, among other things.
The most consequential impact could be across the supply chain. Founding signatories include organisations with significant supplier ecosystems. Even without a legal mandate, their Cyber Essentials audit requirements will generate downstream pressure on suppliers who haven’t engaged with Cyber Essentials.
Be prepared for a call re: Cyber Essentials compliance. There’s a 60-day deadline for resilience pledge signatories to audit their supply chains. If this is the direction of travel for larger organisations, it would make commercial sense to start the Cyber Essentials accreditation process now.
The National Cyber Security Centre (NCSC) and Department for Science, Innovation and Technology (DSIT) have published plans for a sovereign cyber-defence capability using agentic AI to identify, reduce and resolve cyber risk across critical national infrastructure. The architecture involves interconnected “red” and “blue” AI agents. Red agents will autonomously scan critical UK IP ranges for exposed vulnerabilities at machine speed. Blue agents will defend against threats in real time.
The NCSC acknowledged in its blog post that AI is not necessarily creating novel challenges for network defenders but rather accelerating the speed and scale of threats. It is best practice corporate security failings that enable the technology to cause so much damage. And, the NCSC warns, once AI is able to operate across the full attack lifecycle, it will soon overwhelm defenders.
Follow the NCSC’s guidance. Get the basics right by patching high-risk vulnerabilities at speed, reducing reliance on unsupported systems, and adopting secure-by-design technologies. Incorporate AI into cyber defence by using agentic AI to spot and mitigate exposed vulnerabilities, and detect and contain incidents.