๐Ÿ›ก๏ธ InfoSec Blue Team Briefing

Sunday, July 05, 2026

๐ŸŽง Audio Briefing

Download MP3

Cyber security developments for Sunday the 5th of July 2026 covering articles added to the BlueTeamSec community on infosec.pub. Today we have 4 articles to cover. All attribution is by the article authors. All article analysis is automated.

The Citizen Lab has confirmed that a former European Parliament member serving on the committee investigating spyware abuses was himself infected with NSO Group's Pegasus spyware twice in late 2022 and early 2023. The infections hit during the PEGA Committee's investigation into spyware use across Greece, Poland, and Hungary, potentially exposing confidential deliberations to whoever was operating the implant.

SpecterOps have demonstrated how large language models can automate the reverse engineering of endpoint detection products, drastically cutting the time needed to map and bypass security controls. Their agentic loop, called Day Shift, uses tools like Binary Ninja to iteratively decrypt and analyse components without needing backend access, which has rather obvious implications for the entire EDR market.

Following on from the ARToken story we covered earlier this week, Cisco Talos have published a deeper look at the platform's capabilities. It's a phishing-as-a-service setup that abuses OAuth device authorisation flows to bypass MFA on Microsoft 365 accounts, establishes refresh token persistence that survives password resets, and packages the whole lot into an all-in-one business email compromise toolkit. Worth a look if you're defending finance or HR inboxes in particular.

And finally, security researchers have released GadgetSniper, a tool that automates discovery of call-stack spoofing gadgets in 64-bit Windows libraries. It hunts for specific instruction sequences that let attackers fabricate stack frames, making malicious code appear to originate from signed, legitimate modules and evading products that rely on call-stack validation for detection.

That concludes today's briefing.

๐Ÿ“ฐ Articles Covered