Cyber security developments for Sunday the 12th of July 2026 covering articles added to the BlueTeamSec community on infosec.pub. Today we have 4 articles to cover. All attribution is by the article authors. All article analysis is automated.
ExtraHop have written up DarkSpectre, a Chinese state-sponsored actor that's been playing the long game by weaponising legitimate browser extensions after spending years building trust and verified publisher status. The campaign reached roughly nine million users through operations hosted on Alibaba Cloud, harvesting credentials and virtual meeting data β which is either impressively patient tradecraft or a reminder that extension stores need better ongoing review, depending on your perspective.
And staying with Russian activity, the Dutch government have reported a systematic espionage operation targeting internet-accessible IP cameras across NATO member states, including the Netherlands and Ukraine. The campaign exploits default passwords and outdated firmware to monitor military transport routes and weapons deliveries, with cameras along Dutch logistical corridors already compromised β one for anyone managing physical security infrastructure near sensitive sites.
The Australian Cyber Security Centre have flagged a large-scale exploitation campaign targeting unpatched content management systems and their plugins, primarily in the WordPress ecosystem but also affecting Craft, MaxSite, MetInfo, and Joomla. Successful exploitation leads to webshell installation and full server compromise β worth reviewing if you're running any public-facing CMS instances.
That concludes today's briefing.