<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0"
     xmlns:content="http://purl.org/rss/1.0/modules/content/"
     xmlns:dc="https://purl.org/dc/elements/1.1/"
     xmlns:dcterms="http://purl.org/dc/terms/"
     xmlns:media="http://search.yahoo.com/mrss/"
     xmlns:atom="http://www.w3.org/2005/Atom"
>
    <channel>
                    <atom:link rel="alternate" hreflang="en-SG"
                       href="https://www.techradar.com/sg/feeds/tag/cyber-security"
                       type="application/rss+xml"/>
                            <title><![CDATA[ Latest from TechRadar SG in Cyber-security ]]></title>
                <link>https://www.techradar.com/sg/computing/computing-security/cyber-security</link>
        <description><![CDATA[ All the latest cyber-security content from the TechRadar  SG team ]]></description>
                                    <lastBuildDate>Thu, 02 Jul 2026 17:05:00 +0000</lastBuildDate>
                            <language>en</language>
                                <item>
                                                            <title><![CDATA[ 81 million login attempts hit Microsoft 365 accounts as hackers try password-spraying to force entry using stolen credentials and OAuth to bypass authentication ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/81-million-login-attempts-hit-microsoft-365-accounts-as-hackers-try-password-spraying-to-force-entry-using-stolen-credentials-and-oauth-to-bypass-authentication</link>
                                                                            <description>
                            <![CDATA[ The attack abused misconfigured conditional access policies to bypass multi-factor authentication protections. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">d8vfHgQqzay2L4VV6dTngh</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/9dJG7jH8XprNiB4jnuuD2M-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 02 Jul 2026 17:05:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Cyber Crime]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                                                                <author><![CDATA[ benedict.collins@futurenet.com (Benedict Collins) ]]></author>                    <dc:creator><![CDATA[ Benedict Collins ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/jEvqGv8wvH7PWZ4XPURyyB.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Benedict is a Senior Security Writer at TechRadar Pro, where he has specialized in covering the intersection of geopolitics, cyber-warfare, and business security.&lt;/p&gt;&lt;p&gt;Benedict provides detailed analysis on state-sponsored threat actors, APT groups, and the protection of critical national infrastructure, with his reporting bridging the gap between technical threat intelligence and B2B security strategy.&lt;/p&gt;&lt;p&gt;Benedict holds an MA (Distinction) in Security, Intelligence, and Diplomacy from the University of Buckingham Centre for Security and Intelligence Studies (BUCSIS), with his specialization providing him with an elite academic framework for deconstructing complex international conflicts and intelligence operations. He also holds a BA in Politics with Journalism, providing him with a strong investigative nature and the ability to translate complex security data into clear, actionable insights.&lt;/p&gt;&lt;p&gt;When he isn’t analyzing the latest data breach or security threats, Benedict enjoys running and cycling throughout the UK countryside.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/9dJG7jH8XprNiB4jnuuD2M-1280-80.jpg">
                                                            <media:credit><![CDATA[Microsoft]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Microsoft 365]]></media:description>                                                            <media:text><![CDATA[Microsoft 365]]></media:text>
                                <media:title type="plain"><![CDATA[Microsoft 365]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/9dJG7jH8XprNiB4jnuuD2M-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>A password-spraying attack successfully breached Microsoft 365 accounts</strong></li><li><strong>The hackers abused improperly configured conditional access policies to bypass MFA</strong></li><li><strong>Many organizations targeted had no MFA implemented</strong></li></ul><p>Hackers have used previously leaked credentials to target Microsoft 365 accounts in a password-spraying attack that resulted in over 81 million login attempts during a two-week period.</p><p>The attackers then abused the improperly implemented Conditional Access policies within the Resource Owner Password Credentials (ROPC) OAuth mechanism using Azure command-line interface (CLI), allowing the hackers to bypass authentication altogether when a matching username and password was discovered.</p><p>Cybersecurity company <a href="https://www.huntress.com/blog/lshiy-password-spray-attack" target="_blank">Huntress</a> observed the attack campaign as it targeted customers and noted that 78 Microsoft accounts across 64 organizations were compromised between June 12 and 26 2026.</p><h2 id="hackers-access-365-accounts-without-authentication">Hackers access 365 accounts without authentication</h2><p>The success of the attack ultimately came down to how well organizations had implemented Conditional Access policies relating to multi-factor authentication. </p><p>“Many of the compromised businesses had implemented multi-factor authentication (MFA) via a Conditional Access Policy (CAP), but the MFA was not configured to cover this specific flow that attackers used,” Huntress explained, referring to the exploitation of ROPC.</p><p>“ROPC is considered problematic for several reasons, but one of those reasons is that it doesn't offer support for modern auth flows like MFA or SSO. That means, as we saw in this campaign, ROPC sends the password straight to the /token endpoint with no interactive MFA prompt.”</p><p>Several of the organizations that were breached did not enforce an MFA policy at all, with others only applying MFA for specific user groups such as administrators. In other cases, a login attempt only required MFA when the traffic was coming from an untrusted location, meaning that MFA was not enforced if the connection was coming from a trusted IP address. Additionally, some organizations had only enforced MFA in report-only mode, meaning that the MFA policies were never actually applied.</p><p>In order to protect against attacks of this kind of attack, Huntress recommended the following mitigations:</p><ul><li>Organizations should implement MFA for All Users, All Cloud Apps, and All Client App types</li><li>The Azure CLI application should be restricted from use by non-admin users</li><li>Response to the attack should be made on credential validity, rather than spray volume</li></ul><p>Via <a href="https://www.bleepingcomputer.com/news/security/hackers-target-microsoft-365-accounts-with-81-million-login-attempts/" target="_blank"><em>BleepingComputer</em></a></p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ ‘100% of Hide My Email addresses were exploitable’: Apple’s security feature can be duped into supplying the real contact info — and the bug has remained unpatched for over a year ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/100-percent-of-hide-my-email-addresses-were-exploitable-apples-security-feature-can-be-duped-into-supplying-the-real-contact-info-and-the-bug-has-remained-unpatched-for-over-a-year</link>
                                                                            <description>
                            <![CDATA[ The bug was reported to Apple over a year ago, but still nothing has been done. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">8zAuVdPwPxYpCY6BAjr9eN</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/NhJKejfFerSum2SW4TXEkX-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 02 Jul 2026 13:57:57 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Cyber Crime]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                                                                <author><![CDATA[ benedict.collins@futurenet.com (Benedict Collins) ]]></author>                    <dc:creator><![CDATA[ Benedict Collins ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/jEvqGv8wvH7PWZ4XPURyyB.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Benedict is a Senior Security Writer at TechRadar Pro, where he has specialized in covering the intersection of geopolitics, cyber-warfare, and business security.&lt;/p&gt;&lt;p&gt;Benedict provides detailed analysis on state-sponsored threat actors, APT groups, and the protection of critical national infrastructure, with his reporting bridging the gap between technical threat intelligence and B2B security strategy.&lt;/p&gt;&lt;p&gt;Benedict holds an MA (Distinction) in Security, Intelligence, and Diplomacy from the University of Buckingham Centre for Security and Intelligence Studies (BUCSIS), with his specialization providing him with an elite academic framework for deconstructing complex international conflicts and intelligence operations. He also holds a BA in Politics with Journalism, providing him with a strong investigative nature and the ability to translate complex security data into clear, actionable insights.&lt;/p&gt;&lt;p&gt;When he isn’t analyzing the latest data breach or security threats, Benedict enjoys running and cycling throughout the UK countryside.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/NhJKejfFerSum2SW4TXEkX-1280-80.jpg">
                                                            <media:credit><![CDATA[Apple / 9to5Mac]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[A screenshot showing Hide My Email in the Mail app]]></media:description>                                                            <media:text><![CDATA[A screenshot showing Hide My Email in the Mail app]]></media:text>
                                <media:title type="plain"><![CDATA[A screenshot showing Hide My Email in the Mail app]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/NhJKejfFerSum2SW4TXEkX-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>Apple Hide My Email can reveal a user's authentic email address</strong></li><li><strong>The bug puts users at risk of identification, experts warned</strong></li><li><strong>It has been unpatched for over a year</strong></li></ul><p>A bug in Apple’s ‘Hide My Email’ feature allows for those with knowledge of the vulnerability to identify the real email address hidden behind the anonymous email address.</p><p>The bug was discovered by EasyOptOuts co-founder, Tyler Murphy, who shared the exploit with <a href="https://www.404media.co/apple-hide-my-email-vulnerability-reveals-peoples-real-email-addresses/" target="_blank"><em>404 Media</em></a> after notifying Apple multiple times that the feature could be actively exploited.</p><p>“We reported the issue and replication instructions to Apple over a year ago. We don't know why it hasn't been fixed, but we don't feel comfortable waiting any longer,” Murphy said.</p><h2 id="hide-my-email-can-be-actively-exploited">Hide My Email can be actively exploited</h2><p>As the bug still hasn’t been patched, the details of how the exploit works have not been shared. </p><p>Apple’s Hide My Email feature was designed to anonymize email addresses, helping to prevent a user’s real email address from being leaked in a data breach, or to prevent a user’s email address from being linked to them personally in a way that could reveal their identity.</p><p>There lies the crux of the issue. By being able to identify the real email address by exploiting the bug, a malicious actor could uncover the real identity of the anonymized email.</p><p>“Free, publicly accessible people-search sites make it easy to link an email address to other personal details, so people relying on Hide My Email for safety may be at risk,” Murphy said. “We don't know the full scope of the issue, but in our limited tests with volunteers, 100% of Hide My Email addresses were exploitable.”</p><p>Users concerned about being identified via people-search sites can use a <a href="https://www.techradar.com/pro/best-data-removal-services-of-year" target="_blank">data removal service</a> to have their data scrubbed from these sites, but the process can take a few days.</p><p>The issue was first reported to Apply by Murphy in June 2025, with Apple replying a month later that it was looking into the cause of the issue. Earlier this year, in March, Apple said that it had “addressed the reported issue in a recent system change,” but Murphy found that the bug could still be exploited.</p><p>Again, Murphy notified Apple, who replied in May 2026, stating, “We are still investigating this issue. To avoid placing our customers at risk, we would appreciate you not disclosing this information until our investigation is complete. We appreciate your assistance in helping us to maintain and improve the security of our products."</p><p>Later in the same month, Apply said a fix was “expected in the coming weeks."</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ That free VPN Chrome and Firefox extension may be reading your clipboard every half a second, researchers warn ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/vpn/vpn-privacy-security/that-free-vpn-chrome-and-firefox-extension-may-be-reading-your-clipboard-every-half-a-second-researchers-warn</link>
                                                                            <description>
                            <![CDATA[ Researchers at Socket found two "VPN Go" browser extensions for Chrome and Firefox that posed as free VPNs while quietly stealing clipboard data through later updates. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">drttgaXd7xBrBjVNgZ6gbP</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/5pmsJs3KfnrtbsM98UsnG9-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 01 Jul 2026 13:22:10 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[VPN Privacy &amp; Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[VPN]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                                                                <author><![CDATA[ monicajwrites@gmail.com (Monica J. White) ]]></author>                    <dc:creator><![CDATA[ Monica J. White ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/6AQ4y5nzk8kQ47Yp69GERj.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Monica is a journalist with over a decade of experience in covering technology.&lt;/p&gt;&lt;p&gt;She writes about the latest developments in computing, which means anything from computer chips made out of paper to cutting-edge desktop processors. Her coverage includes CPUs, GPUs, and everything else that goes into a PC or a laptop, but also peripherals.&lt;/p&gt;&lt;p&gt;GPUs are Monica’s main area of interest, and nothing thrills her quite like that time every couple of years when new graphics cards hit the market. She’s always keeping tabs on the latest from Nvidia, AMD, and Intel, including both the hardware and the software that powers our PCs.&lt;/p&gt;&lt;p&gt;As an avid gamer, her focus is always on the consumer and whether something works well and provides adequate value for the money. She believes that PC building can be intimidating, so her goal is to explain complex concepts in an approachable manner while still digging into the technical nitty-gritty we all love to learn more about.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/5pmsJs3KfnrtbsM98UsnG9-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock]]></media:credit>
                                                                                                                                                                        <media:description><![CDATA[Malware kan ställa till med oreda]]></media:description>                                                            <media:text><![CDATA[Android phone malware]]></media:text>
                                <media:title type="plain"><![CDATA[Android phone malware]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/5pmsJs3KfnrtbsM98UsnG9-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>Researchers found "VPN Go" extensions for Chrome and Firefox secretly harvesting copied text</strong></li><li><strong>The clipboard theft was not there at launch and arrived through a later update</strong></li><li><strong>Anything copied while the extension was active should now be treated as exposed</strong></li></ul><p>Security researchers at Socket found two browser extensions distributed under the "VPN Go: Free VPN" branding, one listed on the Chrome Web Store and one on Firefox Add-ons, to secretly harvest copied text. </p><p>Both present themselves as free VPN tools with working proxy features. Underneath, <a href="https://socket.dev/blog/chrome-and-firefox-extensions-free-vpns-add-clipboard-stealers" target="_blank" rel="nofollow">Socket says</a>, both also run a clipboard stealer that continuously watches copied text and sends it to infrastructure controlled by the attacker.</p><p>According to Socket, the clipboard theft was not present when the extensions first appeared. It was added later, through an ordinary-looking update, after the extensions had already built up a base of trusting users. That staged approach is exactly what makes this kind of threat so hard to spot, and why even a fairly cautious user can end up exposed.</p><p>For anyone weighing up a no-cost privacy tool, it is worth knowing that not every free option behaves like this, and the <a href="https://www.techradar.com/vpn/best-vpn">best VPN</a> services are tested precisely so you do not have to take this kind of gamble. But this case shows how thin the line can be between a useful free extension and a data-harvesting one.</p><h2 id="what-socket-s-research-uncovered">What Socket's research uncovered</h2><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:1213px;"><p class="vanilla-image-block" style="padding-top:56.22%;"><img id="7b3ucMmXHaTYWRvoZbT8T9" name="VPN Go" alt="VPN Go in Chrome Web Store" src="https://cdn.mos.cms.futurecdn.net/7b3ucMmXHaTYWRvoZbT8T9.png" mos="" align="middle" fullscreen="" width="1213" height="682" attribution="" endorsement="" class="inline"></p></div></div><figcaption itemprop="caption description" class=" inline-layout"><span class="credit" itemprop="copyrightHolder">(Image credit: Chrome)</span></figcaption></figure><p>Socket says the earliest analyzed builds behaved like ordinary proxy extensions, with no confirmed clipboard theft. </p><p>On <a href="https://www.techradar.com/reviews/google-chrome">Chrome</a>, that changed with version 1.1, when the extension added a script that reads the clipboard and ships those chunks off to a hardcoded address. The <a href="https://www.techradar.com/reviews/mozilla-firefox">Firefox</a> version followed the same path slightly later, moving the same theft loop into its background script.</p><p>Once active, the monitoring is relentless. The Chrome content script checks the clipboard roughly every half a second, according to Socket's analysis, while the Firefox build polls every 1.5 seconds. </p><p>Each newly copied value is tagged with a session identifier so it can be reassembled on the other end, then sent out over plain HTTP. All of this was happening while the two apps' privacy policies stated that the tools did not collect, store, or share user data and did not keep activity logs.</p><p>TechRadar has reached out to VPN Go for comment, but both email addresses bounced, and both extensions have since been pulled from their stores.</p><h2 id="why-clipboard-stealers-are-dangerous-for-users">Why clipboard stealers are dangerous for users</h2><p>The reason clipboard theft is so effective is that it abuses something completely routine. People copy and paste sensitive information all day, and it's not careless to do so. Password managers rely on exactly that: copying long, unique passwords into your accounts.</p><p>An extension that can silently read the clipboard has access to all of this information; it just has to wait for you to copy the right thing. If you have used either of the two extensions in question, you should treat any information you've copied during that time as exposed.</p><p>Researchers have repeatedly found free VPN extensions doing things their users never agreed to. Recent reporting has covered a <a href="https://www.techradar.com/vpn/vpn-privacy-security/this-free-chrome-vpn-extension-found-to-spy-on-its-100k-users-uninstall-it-now">free Chrome VPN extension caught taking screenshots</a> of every page its users visited, and a <a href="https://www.techradar.com/vpn/vpn-privacy-security/malicious-free-vpn-extension-makes-a-comeback">malicious free VPN extension that resurfaced</a> after being removed, returning in a more evasive form. </p><p>The pattern is consistent enough that it is worth treating any unknown free VPN extension with caution by default. That caution matters: TechRadar's own polling found that <a href="https://www.techradar.com/vpn/vpn-privacy-security/to-pay-or-not-to-pay-nearly-1-in-4-techradar-readers-say-they-use-free-vpns-despite-the-risks">nearly 1 in 4 readers use free VPNs</a> despite knowing the risks.</p><h2 id="how-to-stay-safe">How to stay safe</h2><p>If you want the protection a VPN offers without rolling the dice, stick to providers with a track record and independent testing behind them. </p><p>A reputable paid service, or one of the carefully vetted <a href="https://www.techradar.com/vpn/best-free-vpn">best free VPN</a> options, is a far safer bet than an unknown extension promising unlimited access for nothing. As the saying goes, when the product is free, there is a decent chance that you are the product.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ This new tool can let you ask Claude if that 'too good to be true' online offer is actually a scam ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/this-new-tool-can-let-you-ask-claude-if-that-too-good-to-be-true-online-offer-is-actually-a-scam</link>
                                                                            <description>
                            <![CDATA[ Norton's scam detection will let you ask Claude whether an email or online deal looks suspicious without leaving the AI chatbot. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">oiyS6nwHQLbUz3BVKzPJj6</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/QEWeUa835nVFaBLaYmYfN-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 01 Jul 2026 12:20:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[AI Platforms &amp; Assistants]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Craig Hale ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/GV8qRsHBkpSAQxiYKjTt6H.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/QEWeUa835nVFaBLaYmYfN-1280-80.jpg">
                                                            <media:credit><![CDATA[Norton]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Norton Genie in Claude]]></media:description>                                                            <media:text><![CDATA[Norton Genie in Claude]]></media:text>
                                <media:title type="plain"><![CDATA[Norton Genie in Claude]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/QEWeUa835nVFaBLaYmYfN-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>Norton's scam detection tools are now available in Claude and ChatGPT</strong></li><li><strong>Users can ask their preferred AI chatbot about the legitimacy of an email, text, website</strong></li><li><strong>Most threats consumers face now come from scams, phishing and fake ads</strong></li></ul><p>Claude is the latest AI assistant to get access to <a href="https://www.techradar.com/vpn/vpn-services/nordvpns-new-tool-helps-you-spot-online-scams-and-its-free-for-everyone">Norton's Genie scam detection tool</a> following its available for ChatGPT customers earlier this year.</p><p>Available across all Claude subscription tiers, Genie gives users access to scam detection capabilities and other cyber safety tips and advice.</p><p>Norton says its tool can analyze suspicious emails, texts, messages, images and links using its "multi-layered" detection intelligence.</p><h2 id="norton-scam-detection-now-available-in-claude-chatgpt">Norton scam detection now available in Claude, ChatGPT</h2><p>"AI assistants are becoming part of how people make decisions and evaluate information online," Head of Products and Portfolios Travis Witteveen noted, hinting that the increased prevalence of AI assistants.</p><p>"By bringing Norton Genie into even more AI platforms like Claude and ChatGPT, we’re making trusted Cyber Safety intelligence available directly in those moments to help people make more confident decisions in real time."</p><p>The company explained that Genie looks for language patterns, social engineering tactics, urgency cues, impersonation attempts, and requests for sensitive information. It also checks URLs and analyzes domains to confirm whether a user should click on the link.</p><p>When the tool launched for ChatGPT in March 2026, Norton described it as the "world's first AI-powered scam detector." Users can start conversations by tagging @Norton and asking questions like whether an email looks legit or if an online offer looks like a scam.</p><p>The company's own reporting reveals that nine in 10 threats targeting people in 2025 came from scams, phishing and fake advertisements.</p><p>So far, Norton looks to be the only security company offering direct AI chatbot integration to provide accurate insights into threat detection.</p><figure class="van-image-figure pull-right inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:676px;"><p class="vanilla-image-block" style="padding-top:31.51%;"><img id="diM9tpwF2Lz85R8q85CT78" name="tr-g_news" alt="Google logo on a black background next to text reading 'Click to follow TechRadar'" src="https://cdn.mos.cms.futurecdn.net/diM9tpwF2Lz85R8q85CT78.jpg" mos="" align="right" fullscreen="" width="676" height="213" attribution="" endorsement="" class="pull-rightinline"></p></div></div></figure>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Who decides when a cyber AI tool is safe to deploy? ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/who-decides-when-a-cyber-ai-tool-is-safe-to-deploy</link>
                                                                            <description>
                            <![CDATA[ As AI cyber threats grow, organizations need trained teams, not just stronger tools. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">vMsnJXdsYP8jwJDqFuSBhV</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/XbZCTEpjtunPvMj9ySXmWU-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 01 Jul 2026 10:45:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Pro]]></category>
                                                                                                                    <dc:creator><![CDATA[ Phil Chapman ]]></dc:creator>                                                                                                        <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/XbZCTEpjtunPvMj9ySXmWU-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[A file and folder transferring data with a red warning mark indicating malware.]]></media:description>                                                            <media:text><![CDATA[A file and folder transferring data with a red warning mark indicating malware.]]></media:text>
                                <media:title type="plain"><![CDATA[A file and folder transferring data with a red warning mark indicating malware.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/XbZCTEpjtunPvMj9ySXmWU-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>OpenAI and Anthropic are publicly disagreeing about whether their new <a href="https://www.techradar.com/best/best-ai-tools">AI</a> cyber tools should be shared with European regulators. </p><p>OpenAI has offered Brussels access to its model. Anthropic is holding back, with Commission talks described as being at a different stage. Both have framed their position as the responsible one, and both arguments have merit.</p><p>But whether openness or restriction is the right call is ultimately a policy question and one that will take time to resolve. For organizations managing cyber risk today, the more immediate question is whether the teams are equipped to handle what these tools can already do.</p><p>AI systems can now autonomously carry out multi-step cyberattack tasks in controlled environments. Anthropic's Mythos completed a 32-step simulated corporate attack in testing. </p><p>Before it existed, no AI had ever done that in this type of full-chain simulation. Regulatory access to that kind of model matters for policy development. But the organizations that will be on the receiving end of attacks it enables are not waiting for that process to conclude.</p><p>The question of who decides when a powerful cyber tool is safe to deploy is important. But responsible deployment cannot just mean responsible release. It also means ensuring the organizations expected to defend against these capabilities actually have the people and skills to do so. </p><h2 id="most-organizations-are-underprepared">Most organizations are underprepared</h2><p>Recent UK survey data found that only 27% of UK organizations are fully prepared for AI-powered attacks. Seven in ten are operating with partial or no AI-specific readiness, even though the vast majority of senior leaders already recognize that AI is increasing their risk. The awareness is there. The preparation is not keeping pace with it.</p><p>Part of the issue is that <a href="https://www.techradar.com/best/best-online-cyber-security-courses">cyber security</a> has long been treated as a technical problem with a technical solution. Buy the right tools, run the right software and you are covered. AI fundamentally changes that assumption. </p><p>When attack tools can learn, adapt and probe defenses continuously, finding weaknesses, failing and trying again without getting tired, the humans on the other side need to be able to keep up. That requires expertise, not just familiarity with a dashboard.</p><h2 id="the-skills-gap-is-an-operational-risk">The skills gap is an operational risk</h2><p>AI identifying a vulnerability is only the first part of the problem. Someone still needs to understand what they are looking at, assess how serious it is, prioritize it against everything else on their plate and act quickly. That judgement does not come from a tool. </p><p>It comes from trained, experienced people who have built that capability over time. This is especially important as AI-generated attacks become harder to distinguish from legitimate activity. Threat recognition at speed requires pattern-matching built through experience and training, not simply access to the right <a href="https://www.techradar.com/best/best-small-business-software">software</a>. </p><p>The data supports this. Among organizations that have invested in ongoing certification training, 86% report a measurable reduction in cyber risk, with an average reduction of nearly 48%. Certified teams also recover faster when something goes wrong. </p><p>Nearly half of UK organizations surveyed experienced at least one attack in the past 12 months, with the financial cost most commonly landing between £100,000 and £199,999 once recovery, downtime, regulatory fines and reputational damage are factored in. </p><h2 id="regulation-is-moving-but-slowly">Regulation is moving, but slowly</h2><p>This is also where the governance question gets more practical. Giving regulators access to frontier AI models is useful for understanding what they are dealing with. But that access is only meaningful if the organizations it is meant to protect have the capability to act on what those models can do. A policy framework built around tools most security teams are not yet equipped to respond to does not close the gap. </p><p>AI <a href="https://www.techradar.com/news/best-internet-security-suites">security</a> standards are still being written. Most security teams have limited awareness of what frameworks even exist, let alone what is coming. The EU AI Act, NIS2 (Network and Information Security Directive 2) and emerging sector-specific guidance are all moving targets. Organizations that build continuous training into how they operate will be better placed to keep up as those requirements take shape.</p><h2 id="the-fix-is-known">The fix is known</h2><p>For most organizations, the question of whether they have the skills in their people to respond when it matters is the gap between awareness of risk and readiness to manage it. </p><p>The investment in trained and certified security professionals has a measurable impact on an organization's ability to deal with attacks. It also builds the kind of internal capability that makes it easier to maintain regulatory compliance as requirements evolve. This isn’t a glamorous answer but the evidence for it is consistent.</p><p>Organizations that view training as a core part of managing cyber risk, rather than something to be revisited after a breach, are generally in a much better place. The tools and the threats will evolve all the time. It is the difference between resilience and vulnerability.</p><p><a href="https://www.techradar.com/vpn/best-vpn"><em>Connect securely online with the best VPN service</em></a><em>.</em></p><p><em>This article was produced as part of </em><a href="https://www.techradar.com/pro/perspectives" target="_blank"><em>TechRadar Pro Perspectives</em></a><em>, our channel to feature the best and brightest minds in the technology industry today.</em></p><p><em>The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: </em><a href="https://www.techradar.com/news/submit-your-story-to-techradar-pro" target="_blank"><em>https://www.techradar.com/pro/perspectives-how-to-submit</em></a></p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ US Secret Service personnel are putting the lives of America’s VIPs at risk by refusing to use government-issued phones — but they might not be up to the job in the first place ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/us-secret-service-personnel-are-putting-the-lives-of-americas-vips-at-risk-by-refusing-to-use-government-issued-phones-but-they-might-not-be-up-to-the-job-in-the-first-place</link>
                                                                            <description>
                            <![CDATA[ The Secret Service isn't abiding by its own guidance, and it could be putting lives at risk. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">4PKFD4i7pkjQkzmdZJyAPg</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/SHauH7QzUXn8NpPvDQvopF-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 30 Jun 2026 21:05:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                                                                <author><![CDATA[ benedict.collins@futurenet.com (Benedict Collins) ]]></author>                    <dc:creator><![CDATA[ Benedict Collins ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/jEvqGv8wvH7PWZ4XPURyyB.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Benedict is a Senior Security Writer at TechRadar Pro, where he has specialized in covering the intersection of geopolitics, cyber-warfare, and business security.&lt;/p&gt;&lt;p&gt;Benedict provides detailed analysis on state-sponsored threat actors, APT groups, and the protection of critical national infrastructure, with his reporting bridging the gap between technical threat intelligence and B2B security strategy.&lt;/p&gt;&lt;p&gt;Benedict holds an MA (Distinction) in Security, Intelligence, and Diplomacy from the University of Buckingham Centre for Security and Intelligence Studies (BUCSIS), with his specialization providing him with an elite academic framework for deconstructing complex international conflicts and intelligence operations. He also holds a BA in Politics with Journalism, providing him with a strong investigative nature and the ability to translate complex security data into clear, actionable insights.&lt;/p&gt;&lt;p&gt;When he isn’t analyzing the latest data breach or security threats, Benedict enjoys running and cycling throughout the UK countryside.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/SHauH7QzUXn8NpPvDQvopF-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[MARIETTA, GA- SEPTEMBER 25, 2020: President Donald Trump arrives on Air Force One at Dobbins Air Reserve Base with a Cobb County Police vehicle assembling in position for the motorcade.]]></media:description>                                                            <media:text><![CDATA[MARIETTA, GA- SEPTEMBER 25, 2020: President Donald Trump arrives on Air Force One at Dobbins Air Reserve Base with a Cobb County Police vehicle assembling in position for the motorcade.]]></media:text>
                                <media:title type="plain"><![CDATA[MARIETTA, GA- SEPTEMBER 25, 2020: President Donald Trump arrives on Air Force One at Dobbins Air Reserve Base with a Cobb County Police vehicle assembling in position for the motorcade.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/SHauH7QzUXn8NpPvDQvopF-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>US Secret Service personnel are using personal devices while conducting official business</strong></li><li><strong>Personal devices are not secured against the threats faced by Secret Service members</strong></li><li><strong>But government-issued devices aren't equipped for the needs of Secret Service members either</strong></li></ul><p>The Department of Homeland Security inspector general has released a new report which claims the US Secret Service is refusing to use government-furnished equipment (GFE), such as smartphones, because they are not suitable for mission operations. </p><p>The <a href="https://www.oig.dhs.gov/sites/default/files/assets/2026-06/OIG-26-09-Jun26.pdf" target="_blank">report</a> states GFE fails to “ensure real-time, continuous protection from cyberattacks by foreign adversaries or individuals” with the equipment found to contain multiple third-party apps with security vulnerabilities that could expose communications.</p><p>In order to be able to perform effectively, Secret Service members are using personal devices to communicate with law enforcement and each other during missions, but many personal devices are not secured against the threats faced during the protection of America’s VIPs.</p><h2 id="us-government-struggles-to-secure-issued-phones">US government struggles to secure issued phones</h2><p>But using personal devices in professional operations is also highly unsecure. These devices often contain the whereabouts of Secret Service personnel and the targets they are protecting during missions at home and abroad.</p><p>Furthermore, the devices only have the consumer level of cyber protections. As they are not managed or operated by the US government, there is very little protection against commercially available spyware or malware. </p><p>In some cases, personnel used their personal devices as a hotspot for their GFE, or used their personal devices to access websites otherwise blocked on their GFE.</p><p>The report explains: “If a personal device is jailbroken, infected with malicious code, or not up to date on security software, an adversary could intercept device communication. Outdated and vulnerable apps could enable malicious actors to conduct surveillance, track locations, or record employees’ communications. Connecting to unsecured networks may also allow cybercriminals to access data or install malware.”</p><p>The main culprit behind Secret Service personnel choosing not to use GFEs was found to be the Secret Service’s Office of the Chief Information Officer (OCIO). According to the report, “GFE mobile devices lacked mission-critical capabilities because Secret Service OCIO’s process for assessing and approving requests did not always correctly identify operational needs.”</p><p>Additionally, the expected protocol for most Secret Service members was to use personal devices, so many avoided navigating the bureaucracy of requesting access to communications apps on their GFE, which in return created a blindspot for the OCIO who were not aware these apps were already being used at such a scale.</p><p>The report further found that no Secret Service GFE was equipped with Mobile Threat Defense software until August 2025, leaving them exposed to “malicious software,</p><p>cyberattacks, and other vulnerabilities.” Critical data was also retained on GFE devices after operatives returned from missions abroad, despite policy stating that devices should be wiped within 24 hours of returning to the US.</p><p>Ultimately, the report makes five key recommendations to the Secret Service in order to improve the security of its operators:</p><ul><li>Introduce a formal policy that ensures all GFE are issued with the required capabilities and software for each mission</li><li>Ensure all employees complete the required cybersecurity training</li><li>Ensure the Secret Service OCIO clearly communicates its guidance that personal devices are forbidden from use during official business</li><li>Ensure controls are implemented to wipe devices in line with OCIO policy for returning personnel</li><li>Subject all GFE mobile app code to an updated vulnerability testing policy</li></ul>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Microsoft takes down over 100 malicious Edge extensions hiding malware in images and fonts ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/microsoft-takes-down-over-100-malicious-edge-extensions-hiding-malware-in-images-and-fonts</link>
                                                                            <description>
                            <![CDATA[ Microsoft says the 119 malicious extensions were downloaded a total of 2.6 million times since 2021. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">bnhci9nDQycibFqBVf6SpU</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/exZsfKfKExQC2DhBKP5jbK-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 30 Jun 2026 15:15:00 +0000</pubDate>                                                                                                                                <updated>Wed, 01 Jul 2026 13:07:58 +0000</updated>
                                                                                                                                            <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Craig Hale ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/GV8qRsHBkpSAQxiYKjTt6H.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/exZsfKfKExQC2DhBKP5jbK-1280-80.jpg">
                                                            <media:credit><![CDATA[Zulfugar Karimov on Unsplash]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[A smartphone showing an App Store page for the Microsoft Edge web browser.]]></media:description>                                                            <media:text><![CDATA[A smartphone showing an App Store page for the Microsoft Edge web browser.]]></media:text>
                                <media:title type="plain"><![CDATA[A smartphone showing an App Store page for the Microsoft Edge web browser.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/exZsfKfKExQC2DhBKP5jbK-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>119 malicious Edge extensions flew under the radar</strong></li><li><strong>They installed harmful code days after extension installation</strong></li><li><strong>It's proof that static code review is no longer sufficient</strong></li></ul><p>Microsoft <a href="https://microsoftedge.github.io/edgevr/posts/Inside-StegoAd-How-We-Disrupted-a-Massive-Malicious-Extension-Campaign/" target="_blank">says</a> it has taken down 119 malicious extensions from the Edge Add-ons store after "proactive threat hunting" revealed a campaign that's been dubbed StegoAd.</p><p>As part of the program, the company also had to suspend more than 90 developer accounts associated with the dodgy activity.</p><p>Believed to have been active since at least 2021, it's believed that the malicious browser extensions had been downloaded a total of 2.6 million times.</p><h2 id="microsoft-removes-119-stegoad-malicious-extensions">Microsoft removes 119 'StegoAd' malicious extensions</h2><p>The campaign was so broad that the extensions didn't just occupy one category: ad blockers, VPNs, video downloaders, translators and utility tools like PDF exporters were all ploys for the malicious extensions.</p><p>This particular campaign got its name from the type of tactic used – steganography is the name given to hiding malicious code inside seemingly harmless files. PNG images, SVG graphics and font files had hidden JavaScript embedded inside to bypass traditional antivirus tools and web filtering.</p><p>Once installed, Microsoft says they remained dormant for three to five days to avoid detection before going on to steal browser credentials, redirect users to malicious websites, manipulate affiliate links for financial gain, download additional malicious code and even communicate with C2 servers for updated instructions.</p><p>"The StegoAd campaign demonstrates that browser extensions remain a potent and evolving attack surface," Microsoft wrote, admitting that even its own safeguards had missed these dodgy extensions.</p><p>The report also concludes that static code review alone is no longer sufficient, because extensions and other installations can download malicious code long after they were first installed.</p><p>For developers themselves, Microsoft recommends being as clear as possible by not obscuring code, requesting only the necessary permissions to build trust, and report any suspected impersonation.</p><figure class="van-image-figure pull-right inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:676px;"><p class="vanilla-image-block" style="padding-top:31.51%;"><img id="diM9tpwF2Lz85R8q85CT78" name="tr-g_news" alt="Google logo on a black background next to text reading 'Click to follow TechRadar'" src="https://cdn.mos.cms.futurecdn.net/diM9tpwF2Lz85R8q85CT78.jpg" mos="" align="right" fullscreen="" width="676" height="213" attribution="" endorsement="" class="pull-rightinline"></p></div></div></figure>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Nearly 400 illegal World Cup 2026 streaming sites taken offline by US DOJ ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/nearly-400-illegal-world-cup-2026-streaming-sites-taken-offline-by-us-doj</link>
                                                                            <description>
                            <![CDATA[ Operation Offsides was a coordinated takedown of sites illegal streaming World Cup games. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">Bb9zwqtckkZobw2ECG6Aq6</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/2TTaVZdSSeLQizvYPKXnck-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 30 Jun 2026 13:35:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Streaming]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Cyber Crime]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                                                                <author><![CDATA[ benedict.collins@futurenet.com (Benedict Collins) ]]></author>                    <dc:creator><![CDATA[ Benedict Collins ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/jEvqGv8wvH7PWZ4XPURyyB.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Benedict is a Senior Security Writer at TechRadar Pro, where he has specialized in covering the intersection of geopolitics, cyber-warfare, and business security.&lt;/p&gt;&lt;p&gt;Benedict provides detailed analysis on state-sponsored threat actors, APT groups, and the protection of critical national infrastructure, with his reporting bridging the gap between technical threat intelligence and B2B security strategy.&lt;/p&gt;&lt;p&gt;Benedict holds an MA (Distinction) in Security, Intelligence, and Diplomacy from the University of Buckingham Centre for Security and Intelligence Studies (BUCSIS), with his specialization providing him with an elite academic framework for deconstructing complex international conflicts and intelligence operations. He also holds a BA in Politics with Journalism, providing him with a strong investigative nature and the ability to translate complex security data into clear, actionable insights.&lt;/p&gt;&lt;p&gt;When he isn’t analyzing the latest data breach or security threats, Benedict enjoys running and cycling throughout the UK countryside.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/2TTaVZdSSeLQizvYPKXnck-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images / Michael Regan - FIFA]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[FIFA World Cup 2026 in Washington DC]]></media:description>                                                            <media:text><![CDATA[FIFA World Cup 2026 in Washington DC]]></media:text>
                                <media:title type="plain"><![CDATA[FIFA World Cup 2026 in Washington DC]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/2TTaVZdSSeLQizvYPKXnck-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>US DOJ has seized nearly 400 domains</strong></li><li><strong>The sites were being used to illegally stream World Cup games</strong></li><li><strong>Users of the sites were exposed to malware, data theft, and other threats</strong></li></ul><p>Almost 400 domains have been seized as part of Operation Offsides - a coordinated global effort to take down sites illegally streaming the FIFA World Cup 2026.</p><p>The sites were seized by the US Justice Department's Criminal Division for violating copyright and intellectual property law.</p><p>The takedowns were coordinated by members of the International Computer Hacking and Intellectual Property (ICHIP) network.</p><h2 id="us-and-friends-enforce-the-offside-rule">US and friends enforce the offside rule</h2><p>Many of the seized domains now display a banner explaining that the website was seized as part of Operation Offsides. “This action was taken to protect consumers and enforce intellectual property rights worldwide,” the banner states.</p><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:628px;"><p class="vanilla-image-block" style="padding-top:60.83%;"><img id="wSkc22iLD5oCmHtsdaH9MZ" name="seizure_banner_fifa_world_cup" alt="A screenshot of the banner uploaded to domains seized by the US DOJ that were illegal streaming 2026 FIFA World Cup games." src="https://cdn.mos.cms.futurecdn.net/wSkc22iLD5oCmHtsdaH9MZ.webp" mos="" align="middle" fullscreen="" width="628" height="382" attribution="" endorsement="" class="inline"></p></div></div><figcaption itemprop="caption description" class=" inline-layout"><span class="credit" itemprop="copyrightHolder">(Image credit: U.S. Justice Department)</span></figcaption></figure><p>Back in May 2026, the FBI warned that thousands of domains were being registered ahead of the World Cup, with most set up with the intention to scam fans looking for cheap tickets, access to streaming services, and those looking for discounted merchandise. It appears that Operation Offside was focused on disrupting streaming sites in particular, rather than taking down the wider scam networks associated with these domains.</p><p>“We have seized hundreds of domains, used to illegally stream World Cup matches for profit, to disrupt the international networks that profit from the global popularity of the World Cup,” said Assistant Attorney General A. Tysen Duva of the Justice Department’s Criminal Division.</p><p>“This operation illustrates the Department’s respect for intellectual property rights and the responsibility of the United States as a host nation to protect the FIFA World Cup from criminals. The Criminal Division will continue to disrupt and, where appropriate, seek to prosecute these sites and the subjects responsible for this criminal activity.”</p><p>In many cases, the networks of fake domains offering cheap or free access to streaming services are run by cybercriminals deliberately operating at a loss in order to attract users to their services. In return for accessing the streaming site, the domain will use the user’s local network as an exit node for the cybercriminal network, obscuring their traffic and making it appear legitimate.</p><p>Unfortunately for the user, who may think they have just found <a href="https://www.techradar.com/how-to-watch/football/world-cup-2026-free-anywhere">free access to every World Cup game</a>, their network and IP address could be used to distribute malware, cybercriminal communications, and illegal content such as stolen data and exploitative materials - including child sex abuse material.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ FBI warns of Russian Intelligence phishing campaign abusing Signal support services to target VIPs and high-value government and military targets — this is how to secure your account ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/fbi-warns-of-russian-intelligence-phishing-campaign-abusing-signal-support-services-to-target-vips-and-high-value-government-and-military-targets-this-is-how-to-secure-your-account</link>
                                                                            <description>
                            <![CDATA[ Russian Intelligence are trying to hijack Signal accounts by tricking users into sending their Backup Recovery Keys ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">NFHSVuh7G9qYjTamC5fMmJ</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/zjaJ25xrgFNLKEHr8bjVcY-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 29 Jun 2026 18:25:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Cyber Crime]]></category>
                                                    <category><![CDATA[Email &amp; Messaging]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                    <category><![CDATA[Internet]]></category>
                                                                                                <author><![CDATA[ benedict.collins@futurenet.com (Benedict Collins) ]]></author>                    <dc:creator><![CDATA[ Benedict Collins ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/jEvqGv8wvH7PWZ4XPURyyB.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Benedict is a Senior Security Writer at TechRadar Pro, where he has specialized in covering the intersection of geopolitics, cyber-warfare, and business security.&lt;/p&gt;&lt;p&gt;Benedict provides detailed analysis on state-sponsored threat actors, APT groups, and the protection of critical national infrastructure, with his reporting bridging the gap between technical threat intelligence and B2B security strategy.&lt;/p&gt;&lt;p&gt;Benedict holds an MA (Distinction) in Security, Intelligence, and Diplomacy from the University of Buckingham Centre for Security and Intelligence Studies (BUCSIS), with his specialization providing him with an elite academic framework for deconstructing complex international conflicts and intelligence operations. He also holds a BA in Politics with Journalism, providing him with a strong investigative nature and the ability to translate complex security data into clear, actionable insights.&lt;/p&gt;&lt;p&gt;When he isn’t analyzing the latest data breach or security threats, Benedict enjoys running and cycling throughout the UK countryside.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/zjaJ25xrgFNLKEHr8bjVcY-1280-80.jpg">
                                                            <media:credit><![CDATA[Michele Ursi / Shutterstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[WhatsApp and Signal app icons]]></media:description>                                                            <media:text><![CDATA[WhatsApp and Signal app icons]]></media:text>
                                <media:title type="plain"><![CDATA[WhatsApp and Signal app icons]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/zjaJ25xrgFNLKEHr8bjVcY-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>Russian Intelligence are targeting Signal accounts of officials based in Ukraine</strong></li><li><strong>They pose as Signal support services and ask users to submit their Backup Recovery Keys</strong></li><li><strong>Using these keys, the hackers can hijack the users account and any other accounts created using the same mobile phone number</strong></li></ul><p>The FBI has warned Russian Intelligence Services are posing as commercial messaging application support services in order to steal Backup Recovery Keys belonging to targets of high value in the military and government of the US, Europe, and Ukraine.</p><p>In a <a href="https://www.ic3.gov/PSA/2026/PSA260626" target="_blank">joint warning</a> alongside the CISA and the Security Service of Ukraine (SSU), the FBI outlined the new phishing campaign which seeks to access messaging accounts in order to perform intelligence gathering of secret information.</p><p>Specifically, the FBI provided sample phishing lures targeting users of the Signal messaging app. If the hackers successfully lure a victim into sharing their Backup Recovery Key, they can access the account's message history, private and group messages, and fully take over the victim's account.</p><h2 id="russian-intelligence-pose-as-signal-support-services">Russian Intelligence pose as Signal support services</h2><p>In the FBI warning, the phishing techniques are further detailed. The Russian Federal Security Service (FSB) are targeting government officials, military personnel, political figures, journalists, and key officials from the US and Europe located in Ukraine.</p><p>The attackers send emails that appear to be automated messages from Signal, asking users to turn on their message backup using their Backup Recovery Key. Victims are provided with false instructions that instead send the Backup Recovery Key to the attacker, who can then use the key to take over the victim’s account.</p><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:777px;"><p class="vanilla-image-block" style="padding-top:108.62%;"><img id="JoZ4UqwN8LL25f5u4bEqvH" name="Screenshot 2026-06-29 131941" alt="Example phishing messages used by Russian Intelligence, supplied by the FBI" src="https://cdn.mos.cms.futurecdn.net/JoZ4UqwN8LL25f5u4bEqvH.png" mos="" align="middle" fullscreen="" width="777" height="844" attribution="" endorsement="" class="inline"></p></div></div><figcaption itemprop="caption description" class=" inline-layout"><span class="caption-text">Example phishing messages used by Russian Intelligence to obtain Backup Recovery Keys </span><span class="credit" itemprop="copyrightHolder">(Image credit: FBI)</span></figcaption></figure><p>In order to establish urgency and trust that the message is legitimate, the attackers posed the phishing message as a protection against recent hacking attempts from “Iran and post-Soviet countries.” In another sample message, the attacker's message says that the victim’s account data “is at risk of permanent loss due to a sync issue.”</p><p>If a victim shares their unique Backup Recovery Key, it allows the attacker to hijack their current Signal account alongside any subsequent accounts made with the same phone number.</p><p>For users who may fear their Backup Recovery Key has been compromised, users are instructed to use Signal settings to create a new Backup Recovery Key. This new key will invalidate all previous Backup Recovery Keys and prevent account takeover if the previous key was leaked.</p><p>In order to avoid falling victim to phishing messages, there are several ways to stay safe:</p><ul><li>Support services will generally only communicate with users via an official company email address. Always carefully check communications from the legitimate email address.</li><li>Customer support will never request that you supply your Backup Recovery Key via the application</li><li>You will never be asked to verify or restore your account via an automated customer support message</li></ul><p>In order to further protect your Signal account, or other accounts, against phishing, users should consider the following:</p><ul><li>Use a passkey wherever possible. This will use your device’s built in biometric verification methods to authenticate your login.</li><li>Use phishing resistant multi-factor authentication where possible</li><li>Always double check messages and emails are legitimate, and are using an official company email</li><li>Never supply your Backup Recovery Keys unless you are actively attempting to regain access to your account via a legitimate service</li></ul>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Over 14 million login credentials leaked from six ISPs in major data breach — here’s what we know ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/over-14-million-login-credentials-leaked-from-six-isps-in-major-data-breach-heres-what-we-know</link>
                                                                            <description>
                            <![CDATA[ The credentials were exposed via an attack on third-party software. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">q3LqdS6SNsXmNzrsX9V2tX</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/BUi4eir3JnCCT2MRGt3weS-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 29 Jun 2026 17:20:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Email &amp; Messaging]]></category>
                                                    <category><![CDATA[Software &amp; Services]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Cyber Crime]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                    <category><![CDATA[Internet]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                                                                <author><![CDATA[ benedict.collins@futurenet.com (Benedict Collins) ]]></author>                    <dc:creator><![CDATA[ Benedict Collins ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/jEvqGv8wvH7PWZ4XPURyyB.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Benedict is a Senior Security Writer at TechRadar Pro, where he has specialized in covering the intersection of geopolitics, cyber-warfare, and business security.&lt;/p&gt;&lt;p&gt;Benedict provides detailed analysis on state-sponsored threat actors, APT groups, and the protection of critical national infrastructure, with his reporting bridging the gap between technical threat intelligence and B2B security strategy.&lt;/p&gt;&lt;p&gt;Benedict holds an MA (Distinction) in Security, Intelligence, and Diplomacy from the University of Buckingham Centre for Security and Intelligence Studies (BUCSIS), with his specialization providing him with an elite academic framework for deconstructing complex international conflicts and intelligence operations. He also holds a BA in Politics with Journalism, providing him with a strong investigative nature and the ability to translate complex security data into clear, actionable insights.&lt;/p&gt;&lt;p&gt;When he isn’t analyzing the latest data breach or security threats, Benedict enjoys running and cycling throughout the UK countryside.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/BUi4eir3JnCCT2MRGt3weS-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Back View of Young Black Man Walking and Looking at Big Digital Screens Glitching While Displaying Code Lines. Professional Hacker Breaking Through Cybersecurity Protection System, Changing Code]]></media:description>                                                            <media:text><![CDATA[Back View of Young Black Man Walking and Looking at Big Digital Screens Glitching While Displaying Code Lines. Professional Hacker Breaking Through Cybersecurity Protection System, Changing Code]]></media:text>
                                <media:title type="plain"><![CDATA[Back View of Young Black Man Walking and Looking at Big Digital Screens Glitching While Displaying Code Lines. Professional Hacker Breaking Through Cybersecurity Protection System, Changing Code]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/BUi4eir3JnCCT2MRGt3weS-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>Tens of millions of credentials may have been leaked following an attack on one of Japan's largest ISPs</strong></li><li><strong>The attack leveraged a vulnerability in a third-party software used by KDDI</strong></li><li><strong>Five other ISPs were also affected in the attack</strong></li></ul><p>A data breach that has potentially exposed the email and password combinations for over 14 million customers across six internet service providers (ISPs) has been disclosed by Japanese telecoms provider KDDI Corporation.</p><p>According to the company, hackers exploited a vulnerability in a third-party software to access the database of credentials. KDDI said that it immediately blocked the hackers' access after discovering the intrusion on June 17, 2026.</p><p>“Although technical defensive measures have already been implemented for the system, there remains a possibility that customers' email addresses and passwords were obtained by unauthorized third parties as a result of the incident,” the company said in a <a href="https://newsroom.kddi.com/news/assets/2026/kddi_nr_s-71_4593/kddi_nr_s-71_4593_pdf_01.pdf" target="_blank" rel="nofollow">statement</a>.</p><h2 id="millions-of-credentials-exposed">Millions of credentials exposed</h2><p>Unfortunately, the breach was not confined to just KDDI. The email services of five other ISPs were also affected by the breach:</p><ul><li>STNet, Inc.</li><li>JCOM Co., Ltd.</li><li>Chubu Telecommunications C., Inc.</li><li>NIFTY Corporation</li><li>BIGLOBE Inc.</li></ul><p>KDDI is yet to finish a formal investigation into the attack, but said that the hacker may have gained access to the emails addresses and passwords for 14.22 million current and former customers. The company also said that some of the passwords were stored in an encrypted format, and so will be inaccessible for the hackers, but the company did not say how many were stored in this manner.</p><p>Since discovering the breach, KDDI has also been working alongside the affected ISPs to secure systems and put in place mitigation measures to counter the abuse of exposed account credentials.</p><p>In order to stay protected, customers have been advised to change their account passwords and implement two-factor authentication.</p><p>Breaches such as these are particularly dangerous because they expose email and password combinations. As most people will have either one or two email addresses across their accounts, it increases the likelihood that hackers can attempt to use the exposed email and password combinations to try and access other accounts created with the same email.</p><p>This is especially true if the same password (or a variant thereof) is used across multiple accounts. Hackers can use brute force techniques to try hundreds of password combinations in a very short amount of time in order to crack weak or reused passwords.</p><p>When creating or updating a password for any account, no matter how infrequently it is used, always create a strong unique password. <a href="https://www.techradar.com/best/password-manager" target="_blank">Password managers</a> can create and suggest strong passwords, securely store them, and automatically fill login forms to take the hassle out of remembering passwords. </p><p>Alternatively, some services offer the ability to login using a <a href="https://www.techradar.com/pro/passwords-out-passkeys-in-the-future-of-secure-authentication" target="_blank">passkey</a>, which utilizes the built-in biometric authentication mechanisms of your device such as a facial scan or fingerprint. These login methods not only remove the need to type in passwords, but also reduce the possibility of hackers accessing your account through phishing attacks.</p><p><em>Via </em><a href="https://www.bleepingcomputer.com/news/security/data-breach-exposes-up-to-142-million-email-logins-at-six-isps/" target="_blank"><em>BleepingComputer</em></a></p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Watch out — that income tax form could actually be dangerous malware ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/watch-out-that-income-tax-form-could-actually-be-dangerous-malware</link>
                                                                            <description>
                            <![CDATA[ Researchers uncovered a fake tax notice campaign that delivered remote-access malware via staged downloads and encrypted communications. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">qR5LQKebhB7ovBuobVQom</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/AAnrrKYFEkWSGnT672jgVH-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Sun, 28 Jun 2026 16:10:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Cyber Crime]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Efosa Udinmwen ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/nwRLdPUNG4rWu4Y6nthHDV.png ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Efosa has been writing about technology for over 7 years, initially driven by curiosity but now fueled by a strong passion for the field. He holds both a Master&#039;s and a PhD in sciences, which provided him with a solid foundation in analytical thinking. Efosa developed a keen interest in technology policy, specifically exploring the intersection of privacy, security, and politics. His research delves into how technological advancements influence regulatory frameworks and societal norms, particularly concerning data protection and cybersecurity.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/AAnrrKYFEkWSGnT672jgVH-1280-80.jpg">
                                                            <media:credit><![CDATA[financialcrimeacademy]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Income tax fraud]]></media:description>                                                            <media:text><![CDATA[Income tax fraud]]></media:text>
                                <media:title type="plain"><![CDATA[Income tax fraud]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/AAnrrKYFEkWSGnT672jgVH-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>Fake tax notices are becoming delivery vehicles for sophisticated remote access malware</strong></li><li><strong>Attackers hide malicious code behind convincing government branding and legal references</strong></li><li><strong>The malware quietly establishes encrypted communication with servers outside the country</strong></li></ul><p>A new phishing campaign is using fake income tax assessment notices to deliver dangerous malware to unsuspecting victims across India.</p><p>Researchers at <a href="https://www.cyfirma.com/research/an-income-tax-assessment-notice-phishing-campaign-delivering-malware/" target="_blank">CYFIRMA</a> identified the operation, which relies on a fraudulent website built to resemble official communication from the Indian Income Tax Department closely.</p><p>The fake portal, hosted on a recently registered domain, presents a convincing assessment order complete with legal references, financial penalties, and urgent compliance language designed to pressure recipients into acting quickly.</p><h2 id="how-the-infection-unfolds">How the infection unfolds</h2><p>Victims who interact with the fake notice are prompted to download a ZIP archive disguised as official assessment documentation and supporting calculations.</p><p>Once extracted, that archive reveals a disk image file functioning as a container for the actual malicious payload.</p><p>Inside sits a loader program that quietly triggers a second component, a DLL file disguised to resemble a legitimate Windows service.</p><p>Researchers found that this loader uses reflection-based techniques specifically built to make automated detection and analysis considerably more difficult.</p><p>Both files were obfuscated using a known protection tool, further complicating efforts by security teams to inspect the code.</p><p>Once active, the payload behaves like a Remote Access Trojan, granting attackers persistent, encrypted access to the infected machine.</p><p>It can collect system details, monitor user activity, check which security software is installed, and silently load additional malicious components on command.</p><p>Communication with the attacker's server happens over an encrypted channel, using a hardcoded address traced to infrastructure based in Hong Kong.</p><p>These capabilities point toward a financially motivated operation, rather than one focused on immediate damage or disruption, and they closely resemble traits associated with known commodity RAT families such as XWorm.</p><p>However, researchers note that conclusive attribution to a specific threat actor remains unconfirmed at this stage.</p><h2 id="why-this-campaign-matters">Why this campaign matters</h2><p>This is not an isolated phishing attempt but part of a broader pattern of attackers exploiting tax season anxiety to bypass user caution entirely.</p><p>CYFIRMA's findings show the same loader-and-payload architecture has previously been linked to <a href="https://www.techradar.com/best/best-ransomware-protection">ransomware</a> operators, suggesting this infrastructure may serve more than one type of attack depending on the victim.</p><p>Up-to-date <a href="https://www.techradar.com/best/best-antivirus">antivirus software</a> with behavioral detection remains one practical defence against this kind of staged, multi-component <a href="https://www.techradar.com/best/best-malware-removal">malware</a> delivery.</p><p>Security researchers recommend that individuals verify any tax-related correspondence directly through official government channels rather than clicking embedded links.</p><p>Organizations are advised to restrict the execution of unknown files arriving through archives or disk images, since this campaign relies heavily on that exact delivery method to succeed.</p><figure class="van-image-figure pull-right inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:676px;"><p class="vanilla-image-block" style="padding-top:31.51%;"><img id="diM9tpwF2Lz85R8q85CT78" name="tr-g_news" alt="Google logo on a black background next to text reading 'Click to follow TechRadar'" src="https://cdn.mos.cms.futurecdn.net/diM9tpwF2Lz85R8q85CT78.jpg" mos="" align="right" fullscreen="" width="676" height="213" attribution="" endorsement="" class="pull-rightinline"></p></div></div></figure>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ GTA VI fans beware — experts warn 'a new wave of scam websites' is offering early access, but just stealing your bank details instead ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/gta-vi-fans-beware-experts-warn-a-new-wave-of-scam-websites-is-offering-early-access-but-just-stealing-your-bank-details-instead</link>
                                                                            <description>
                            <![CDATA[ Cybercriminals are exploiting GTA VI anticipation with fake beta programmes designed to steal money, credentials, and personal information. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">RkCkYdUg2ZHeUHU4pa3vaS</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/EweZxK8eSVuvCSALvxaDL5-1280-80.png" type="image/png" length="0"></enclosure>
                                                                        <pubDate>Sat, 27 Jun 2026 23:10:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Cyber Crime]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Efosa Udinmwen ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/nwRLdPUNG4rWu4Y6nthHDV.png ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Efosa has been writing about technology for over 7 years, initially driven by curiosity but now fueled by a strong passion for the field. He holds both a Master&#039;s and a PhD in sciences, which provided him with a solid foundation in analytical thinking. Efosa developed a keen interest in technology policy, specifically exploring the intersection of privacy, security, and politics. His research delves into how technological advancements influence regulatory frameworks and societal norms, particularly concerning data protection and cybersecurity.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/png" url="https://cdn.mos.cms.futurecdn.net/EweZxK8eSVuvCSALvxaDL5-1280-80.png">
                                                            <media:credit><![CDATA[Malwarebytes]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[GTA VI fake websites are now everywhere — be warned]]></media:description>                                                            <media:text><![CDATA[GTA VI fake websites are now everywhere — be warned]]></media:text>
                                <media:title type="plain"><![CDATA[GTA VI fake websites are now everywhere — be warned]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/EweZxK8eSVuvCSALvxaDL5-1280-80.png" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>Fake GTA VI beta keys are already draining cryptocurrency wallets worldwide</strong></li><li><strong>AI-generated scam websites now imitate Rockstar branding with alarming accuracy</strong></li><li><strong>Malware hidden inside fake game downloads can expose banking credentials instantly</strong></li></ul><p>Grand Theft Auto VI is not due on consoles until November 19 2026, but official preorders open soon, and cybersecurity researchers have warned criminals are already exploiting the wait with a coordinated wave of fraudulent websites.</p><p>Malwarebytes and NordVPN have both flagged sites promising "VIP early access" or exclusive beta keys to one of gaming's most anticipated releases.</p><p>The schemes ask victims to hand over money, personal information, or both, often before any real product changes hands.</p><h2 id="how-the-scam-works">How the scam works</h2><p>Some fraudulent sites ask players to pay a few hundred dollars in cryptocurrency for a so-called VIP beta key. This method makes refunds or fraud reports practically impossible once the payment clears.</p><p>According to Stefan Dasic of Malwarebytes, GTA VI is "the perfect bait" that can be used by cybercriminals.</p><p>The franchise sold hundreds of millions of copies and went 13 years without a new entry — conditions that make hype, and therefore impatience, unusually intense.</p><p>Gerald Kasulis of NordVPN said scammers now use AI to mimic Rockstar's official branding so convincingly that polished emails and websites slip past a gamer's usual scepticism.</p><p>Some pages invoke the phrase "help us build Vice City," a reference to the game's fictional setting, to create a false sense of insider access.</p><p>Victims are sometimes directed to download software branded as an early build, including one fake file called GTA Mobile 6.</p><p>According to researchers, this file contains <a href="https://www.techradar.com/best/best-malware-removal">malware</a> capable of letting fraudsters remotely access the victim's device, often bypassing <a href="https://www.techradar.com/best/best-antivirus">antivirus</a> software.</p><p>NordVPN has separately traced some of these fraudulent domains to a wider network with a documented history of spreading banking trojans, infostealers, and <a href="https://www.techradar.com/best/best-ransomware-protection">ransomware</a>.</p><p>Other variants simply harvest names, addresses, dates of birth, or existing GTA login credentials, data that can then be resold.</p><p>Several of these scam sites even target PC and Android users, despite Rockstar never confirming that those versions exist yet.</p><h2 id="who-is-being-targeted">Who is being targeted?</h2><p>The typical victim tends to be someone too young, too eager, or simply underinformed, and primarily driven by a desire to be first in line for the game.</p><p>However, Malwarebytes' assessment of the scam wave reveals that the trick itself is rarely sophisticated, yet it consistently fools people regardless of age.</p><p>The character of those falling for these scams goes beyond simple naivety, since urgency and curiosity are what scammers are really exploiting across these campaigns.</p><p>Younger players and newcomers to online gaming appear especially exposed, given their relative unfamiliarity with how official preorder and beta access processes normally function.</p><p>Neither company has data on exactly how many people have visited these sites or lost money so far.</p><p>Rockstar Games has not responded to requests for comment on the ongoing scam wave or its impact on players.</p><p>Security researchers are urging anyone tempted by claims of early GTA VI access to pause and verify the source before entering any personal or financial details.</p><p>Players who have already entered credentials or payment information are advised to change their passwords immediately.</p><p>They should also contact their bank without delay, since cryptocurrency payments in particular cannot be reversed once sent. </p><p>Via <a href="https://www.pcgamer.com/games/grand-theft-auto/grand-theft-auto-6-vip-early-access-scam-sites-are-already-popping-up-malwarebytes-warns/" target="_blank" rel="nofollow">PCGAMER</a></p><figure class="van-image-figure pull-right inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:676px;"><p class="vanilla-image-block" style="padding-top:31.51%;"><img id="diM9tpwF2Lz85R8q85CT78" name="tr-g_news" alt="Google logo on a black background next to text reading 'Click to follow TechRadar'" src="https://cdn.mos.cms.futurecdn.net/diM9tpwF2Lz85R8q85CT78.jpg" mos="" align="right" fullscreen="" width="676" height="213" attribution="" endorsement="" class="pull-rightinline"></p></div></div></figure>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ NAIC confirms data breach with ShinyHunters claiming 3.1TB of data stolen in Oracle zero-day attack ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/naic-confirms-data-breach-with-shinyhunters-claiming-3-1tb-of-data-stolen-in-oracle-zero-day-attack</link>
                                                                            <description>
                            <![CDATA[ Insurer regulatory filing documents, customer bulk orders, and more, stolen in a major zero-day supply chain attack ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">rq7YhrojSragNBymdm8FYn</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/VGPtSi99Vy7pCWeNLEcT5c-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 26 Jun 2026 18:00:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                                                                                    <dc:creator><![CDATA[ Sead Fadilpašić ]]></dc:creator>                                                                                                        <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/VGPtSi99Vy7pCWeNLEcT5c-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[hacker hands at work with  interface around]]></media:description>                                                            <media:text><![CDATA[hacker hands at work with  interface around]]></media:text>
                                <media:title type="plain"><![CDATA[hacker hands at work with  interface around]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/VGPtSi99Vy7pCWeNLEcT5c-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>NAIC confirmed a cyberattack exploiting an Oracle PeopleSoft zero‑day, with ShinyHunters claiming theft of 3.1TB of data</strong></li><li><strong>Stolen cache allegedly includes insurer filings, credit rating files, AWS logs, configs, and PII; NAIC says only financial reports and technical data were taken</strong></li><li><strong>Incident spotted June 11, disclosed June 17; files leaked online suggest NAIC did not pay ransom, as ShinyHunters continues exploiting the zero‑day across 100+ organizations</strong></li></ul><p>The National Association of Insurance Commissioners (NAIC) confirmed suffering a cyberattack that resulted in the stolen data being leaked on the dark web. While the company did not name the group responsible, or mentioned the size of the stolen cache, the infamous ShinyHunters claimed responsibility and stated they snatched around 3.1TB of information.</p><p>In a security notice published on the NAIC website, it was explained that the attackers managed to exploit a <a href="https://www.techradar.com/best/best-malware-removal" target="_blank">zero-day vulnerability</a> in Oracle PeopleSoft. This is an <a href="https://www.techradar.com/best/best-erp-software" target="_blank">enterprise resource planning</a> (ERP) software suite, designed to help businesses manage employees, finances, supply chains, and more. Citing Google Mandiant, Cybernews says ShinyHunters first started exploiting the zero-day on May 27, and managed to compromise more than 100 organizations and 300 individuals, before Oracle finally pushed an emergency update on June 10.</p><p>Among the victims, as we now know, is NAIC, whose PeopleSoft environment was compromised, and used to obtain credentials and move laterally to internal data storage locations. </p><h2 id="shinyhunters-step-forward">ShinyHunters step forward</h2><p>Based on NAIC’s investigation, the stolen information includes publicly available statutory financial reports, insurer investment credit rating data, and some technical information such as outdated logs and configuration files. There is no evidence that personal information, banking information, or payment data was accessed, it said.</p><p>NAIC spotted the attack on June 11 and immediately launched its incident response protocol, which includes notifying law enforcement, blocking malicious actors, and bringing in third-party security experts. The Commission disclosed the incident on June 17, a day before ShinyHunters went public. </p><p>The notorious ransomware gang claims to have taken more than 264,000 insurer regulatory filing documents, 2,000 customer and bulk orders containing personally identifiable information, some 45,000 files from major credit rating agencies, statutory annual and quarterly financial statements submitted by insurers, production AWS infrastructure logs, cloud configuration files, and workload automation data, and SQL scripts.</p><p>Since the files were seemingly leaked online, it’s safe to assume that NAIC did not (want to) pay the ransom demand.</p><p><em>Via </em><a href="https://cybernews.com/news/naic-breach-shinyhunters-3tb-insurance-systems-data/" target="_blank"><em>Cybernews</em></a></p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Prediction market giant Polymarket hit by cyberattack, with company confirming user funds stolen — here is what we know ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/prediction-market-giant-polymarket-hit-by-cyberattack-with-company-confirming-user-funds-stolen-here-is-what-we-know</link>
                                                                            <description>
                            <![CDATA[ Polymarket confirms user funds affected and says it's refunding them in full. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">3dpJ4Ku3eDTX7eCaCgqXRh</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/iPmVSVttBHUjRf7XWdoDTX-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 26 Jun 2026 17:00:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                                                                                    <dc:creator><![CDATA[ Sead Fadilpašić ]]></dc:creator>                                                                                                        <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/iPmVSVttBHUjRf7XWdoDTX-1280-80.jpg">
                                                            <media:credit><![CDATA[Omar Marques/SOPA Images/LightRocket via Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Polymarketlogo on smartphone, on laptop keyboard]]></media:description>                                                            <media:text><![CDATA[Polymarketlogo on smartphone, on laptop keyboard]]></media:text>
                                <media:title type="plain"><![CDATA[Polymarketlogo on smartphone, on laptop keyboard]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/iPmVSVttBHUjRf7XWdoDTX-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>Polymarket prediction platform was hacked via a compromised third‑party vendor dependency, injecting malicious scripts into its frontend</strong></li><li><strong>Around $3M in crypto stolen from ~11 users, according to PeckShield; Polymarket is refunding victims in full while removing the affected dependency</strong></li><li><strong>Community reactions on X were critical, with some blaming prior “taunting hackers”; one victim speculated the breach may have involved Xorek Cloud’s VPS</strong></li></ul><p>Polymarket, a prediction platform where people trade on the likelihood of different real-world events, got hacked and allegedly lost around $3 million in user funds. The company is now refunding the victims in full.</p><p>In a <a href="https://x.com/PolymarketTrade/status/2070155882906730671" target="_blank">short post</a> published on X earlier this week, Polymarket confirmed the news, saying it discovered that a third-party vendor had been compromised. Through that compromise, the attackers injected a malicious script “into our frontend for some users.”</p><p>Since then, Polymarket said it contained the incident and removed the affected dependency but did not say which dependency it was. It did not say which third-party vendor was compromised. Furthermore, it said it is currently contacting impacted users and refunding them in full, but did not state how many people were affected, or how much money is involved. </p><h2 id="context-dependent-vulnerabilities">Context-dependent vulnerabilities</h2><div class="see-more see-more--clipped"><blockquote class="twitter-tweet hawk-ignore" data-lang="en"><p lang="en" dir="ltr">This morning we discovered a 3rd party vendor had been compromised, injecting a malicious script into our frontend for some users. We've contained it & removed the affected dependency. We're contacting impacted users & refunding them in full.<a href="https://twitter.com/cantworkitout/status/2070155882906730671">June 25, 2026</a></p></blockquote><div class="see-more__filter"></div></div><p>In its write-up, TechCrunch cited blockchain monitoring firm PeckShield, which claims that around $3 million in cryptocurrency was stolen in the attack. The publication also reported that around 11 people were affected. Polymarket allows its users to be paid in crypto.</p><p>X users who left comments on Polymarket’s announcement seem utterly unsurprised by the breach. “I spent weeks telling you this and you ignored it,” one person said. “The next time l find a vulnerability, l will sell it to criminal gangs.” Three users suggested Polymarket deserved what had happened for “taunting hackers” in the past. One made a sly joke saying, “how did you not predict this?”</p><p>Polymarket did not say which third-party vendor was compromised, but one of the users who lost funds in this attack speculates it happened through Xorek Cloud’s <a href="https://www.techradar.com/news/best-vps-hosting" target="_blank">VPS</a>:</p><p>“I recently bought a VPS from Xorek Cloud and stored my private key on it,” <a href="https://x.com/ashgang51/status/2070105083891851364" target="_blank">they said on X</a>. “I'm not sure how the compromise happened, but that's the only possible security risk I can think of.”</p><p><em>Via </em><a href="https://techcrunch.com/2026/06/25/polymarket-says-hackers-stole-users-funds/" target="_blank"><em>TechCrunch</em></a></p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Less than one in ten of cybersecurity pros trust AI testing tools to find vulnerabilities, with over three-quarters say their AI vulnerability scanning tools missed critical flaws ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/less-than-one-in-ten-of-cybersecurity-pros-trust-ai-testing-tools-to-find-vulnerabilities-with-over-three-quarters-say-their-ai-vulnerability-scanning-tools-missed-critical-flaws</link>
                                                                            <description>
                            <![CDATA[ Fully automated testing is being replaced with a hybrid model, as "elite human expertise remains foundational". ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">NtCxDQSRi4raWmmtyYwyKQ</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/4d3FzfBhbeGTkD9mnMpEdM-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 26 Jun 2026 14:30:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                                                                                    <dc:creator><![CDATA[ Sead Fadilpašić ]]></dc:creator>                                                                                                        <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/4d3FzfBhbeGTkD9mnMpEdM-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[A close up of a person&#039;s eyes and face. They are wearing glasses and in one eye there&#039;s. a reflection of a digital brain]]></media:description>                                                            <media:text><![CDATA[A close up of a person&#039;s eyes and face. They are wearing glasses and in one eye there&#039;s. a reflection of a digital brain]]></media:text>
                                <media:title type="plain"><![CDATA[A close up of a person&#039;s eyes and face. They are wearing glasses and in one eye there&#039;s. a reflection of a digital brain]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/4d3FzfBhbeGTkD9mnMpEdM-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>Cobalt’s 2026 State of Pentesting Report shows confidence in fully automated AI testing collapsed from 29% in 2025 to 9% this year</strong></li><li><strong>78% of respondents saw automated tools miss critical vulnerabilities; LLM flaws proved complex, with MTTR rising from 19 to 36 days and most issues left unresolved</strong></li><li><strong>Hybrid models surged to 47% adoption, as experts stress automation should complement, not replace, elite human expertise in uncovering business logic risks</strong></li></ul><p>As the world praises <a href="https://www.techradar.com/pro/security/vulnerabilities-uncovered-in-secret-us-government-systems-and-software-during-testing-of-anthropic-mythos" target="_blank">Mythos</a>, and the Chinese rush to create <a href="https://www.techradar.com/pro/security/chinese-cybersecurity-company-360-unveils-chinas-version-of-mythos-and-yitianzhen-to-automate-cyber-defense" target="_blank">their own variant</a>, a report painting an entirely different picture comes from Cobalt. </p><p>The cybersecurity company just published the Cobalt State of Pentesting Report 2026, based on two comparative surveys, one in 2025 and one in 2026. Polling around 450 cybersecurity professionals, Cobalt wanted to see how confident the cybersecurity community is in automated AI testing for vulnerabilities and it turns out - not that much.</p><p>Last year, just below a third (29%) relied entirely on AI automation for testing. This year, the figure dropped to 9%. Cobalt suggests that the key reason for such a steep drop in confidence is the fact that 78% saw fully automated scanning tools missing critical vulnerabilities. Another key reason is the complexity of the AI attack surface the scanners are testing. </p><h2 id="context-dependent-vulnerabilities-2">Context-dependent vulnerabilities</h2><p>Roughly one in three findings from an AI pentest are rated “high-risk” - which is 2.7 times the average of conventional software, it was said. Also, at the time of analysis, less than two-fifths (38%) of LLM vulnerabilities were fixed, while 62% remained open. Mean time to resolve (MTTR) for AI/LLM security issues rose from 19 days to 36 days.</p><p>“LLM vulnerabilities are deeply context-dependent and invisible to tools that lack an architectural understanding of the application,” said Andrew Obadiaru, CISO of Cobalt. “To close the validation gap, automation should be deployed exactly where it excels, but elite human expertise remains foundational to uncovering and remediating the most complex business logic risks.” </p><p>It took the cybersecurity community less than a year to almost completely abandon fully automated <a href="https://www.techradar.com/best/best-ai-tools" target="_blank">AI testing</a> and replace it with a hybrid model - something around 47% said they now prefer. This model has surged 22% year-over-year, while the percentage of organizations using automation for low-risk environments also increased to 47%. </p><p>“While the industry is rightfully excited about the potential of Mythos-class tools, unguided algorithms are inherently prone to returning even more false positives and costly false negatives than the automated scanners we have today,” continued Obadiaru.</p><p><em>Via </em><a href="https://www.infosecurity-magazine.com/news/trust-ai-vulnerability-scanning/" target="_blank"><em>Infosecurity Magazine</em></a></p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Hackers are establishing persistence in hospitality and hotels by posing as guests with poisoned ZIP archives, but no one knows what their plan is ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/hackers-are-establishing-persistence-in-hospitality-and-hotels-by-posing-as-guests-with-poisoned-zip-archives-but-no-one-knows-what-their-plan-is</link>
                                                                            <description>
                            <![CDATA[ It looks like reconnaissance activity, possibly in preparation of a more destructive attack. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">uFvUz5mRvhqu4D8SqDToRo</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/sqGgDPxHyGtqunPo56h9cL-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 26 Jun 2026 14:05:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                                                                                    <dc:creator><![CDATA[ Sead Fadilpašić ]]></dc:creator>                                                                                                        <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/sqGgDPxHyGtqunPo56h9cL-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[A pink triangle with a red exclamation mark inside on a blue digital landscape]]></media:description>                                                            <media:text><![CDATA[A pink triangle with a red exclamation mark inside on a blue digital landscape]]></media:text>
                                <media:title type="plain"><![CDATA[A pink triangle with a red exclamation mark inside on a blue digital landscape]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/sqGgDPxHyGtqunPo56h9cL-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>Microsoft Threat Intelligence warns of a phishing campaign targeting hotel staff in Europe and Asia with guest complaint‑themed emails</strong></li><li><strong>Attackers abuse services like Calendly and Google redirects to bypass authentication checks, delivering photo‑themed ZIPs that install a persistent Node.js implant</strong></li><li><strong>Malware disables Defender, runs C2 beaconing, gathers system info, and forces shutdowns; signs include unusual PowerShell activity, Node.js execution, and suspicious registry entries</strong></li></ul><p>Hackers are establishing a foothold on hotels and hospitality organizations across Europe and Asia, but no one really knows what for, at least not yet.</p><p>This is according to Microsoft Threat Intelligence, who recently published a new report saying that since April, it’s been tracking an active phishing campaign. In this campaign, the unnamed attackers target front desk, reception, and reservations staff with emails about guest complaints, room conditions, bedbug infestations, booking inquiries, and similar.</p><p>The messages, sent in different languages (Danish, Dutch, Japanese), are not distributed directly. Instead, the crooks abuse legitimate services such as Calendly, and Google’s redirect infrastructure, which helps them pass SPF, DKIM, and DMARC authentication checks.</p><h2 id="tricking-defender">Tricking Defender</h2><p>This “authentication laundering”, as Microsoft puts it, results in photo-themed ZIP archives making their way directly to their victims. The archives contain a fake image shortcut (.LNK) files that, at a glance, appear to be harmless .PNG images. However, these files launch a sophisticated multi-stage infection chain that installs a persistent Node.js-based implant.</p><p>After being deployed, the <a href="https://www.techradar.com/best/best-malware-removal" target="_blank">malware</a> tweaks Microsoft Defender to exclude itself (and other, randomly named executables) from scanned processes, downloads additional payloads, and copies itself into different places. </p><p>On compromised systems, Microsoft observed the malware running command-and-control beaconing, gathering environmental information such as the victim's public IP details, launching headless browser sessions, and in some cases forcing immediate system shutdowns. While it could not say what the goal of the campaign is, it all points to a reconnaissance stage that usually comes before a more disruptive malware or ransomware attack. </p><p>Microsoft recommends organizations focus on detecting the campaign's behavior rather than individual indicators. Key signs include photo-themed ZIP archives, unusual PowerShell activity, unexpected Node.js execution from user profile directories, .NET compilation initiated by PowerShell, and Defender exclusion changes.</p><p>Furthermore, there are random executables running from temporary folders, suspicious Run and RunOnce registry entries, outbound connections on the campaign's non-standard ports, connections to newly registered .cfd domains, and combinations of headless browser activity followed by forced shutdown commands.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Unnamed hackers steal stolen data from Icarus hackers responsible for Klue supply chain hack — and yes, it's as confusing as it sounds ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/unnamed-hackers-steal-stolen-data-from-icarus-hackers-responsible-for-klue-supply-chain-hack-and-yes-its-as-confusing-as-it-sounds</link>
                                                                            <description>
                            <![CDATA[ Klue was hacked by Icarus, and then Icarus was hacked by another group. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">dn5yZH8XeXT5eSKjpEMKUe</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/y7GLevUTEjLYdujEYsv668-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 26 Jun 2026 13:27:16 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                    <category><![CDATA[Cyber Crime]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                                                                <author><![CDATA[ benedict.collins@futurenet.com (Benedict Collins) ]]></author>                    <dc:creator><![CDATA[ Benedict Collins ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/jEvqGv8wvH7PWZ4XPURyyB.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Benedict is a Senior Security Writer at TechRadar Pro, where he has specialized in covering the intersection of geopolitics, cyber-warfare, and business security.&lt;/p&gt;&lt;p&gt;Benedict provides detailed analysis on state-sponsored threat actors, APT groups, and the protection of critical national infrastructure, with his reporting bridging the gap between technical threat intelligence and B2B security strategy.&lt;/p&gt;&lt;p&gt;Benedict holds an MA (Distinction) in Security, Intelligence, and Diplomacy from the University of Buckingham Centre for Security and Intelligence Studies (BUCSIS), with his specialization providing him with an elite academic framework for deconstructing complex international conflicts and intelligence operations. He also holds a BA in Politics with Journalism, providing him with a strong investigative nature and the ability to translate complex security data into clear, actionable insights.&lt;/p&gt;&lt;p&gt;When he isn’t analyzing the latest data breach or security threats, Benedict enjoys running and cycling throughout the UK countryside.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/y7GLevUTEjLYdujEYsv668-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Back view of hooded internet criminal hacking laptop in the dark, stealing credit card details]]></media:description>                                                            <media:text><![CDATA[Back view of hooded internet criminal hacking laptop in the dark, stealing credit card details]]></media:text>
                                <media:title type="plain"><![CDATA[Back view of hooded internet criminal hacking laptop in the dark, stealing credit card details]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/y7GLevUTEjLYdujEYsv668-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>Klue recently suffered a cyber attack at the hands of Icarus</strong></li><li><strong>Icarus was apparently deleting the stolen customer data</strong></li><li><strong>An unnamed group claims to have stolen the data from Icarus, and is now extorting Klue customers directly</strong></li></ul><p>Earlier this month, market research provider Klue suffered a cyberattack with the knock-on effects <a href="https://www.techradar.com/pro/security/lastpass-confirms-data-breach-after-hacker-compromises-supply-chain-heres-what-we-know" target="_blank">hitting major companies such as LastPass</a>, Gong, Jamf, HackerOne, Huntress and others.</p><p>Klue has since revealed it is in contact with the Icarus ransomware group, who claim to have been in possession of stolen data and were threatening to leak the data in an attempt to extort the company.</p><p>But a second, unnamed group has emerged, which claims to have broken into a member of the Icarus group’s environment to steal the customer data stolen by Icarus from Klue. This second group is now apparently attempting to extort Klue customers directly, much to the annoyance of Icarus.</p><h2 id="hackers-hacked-by-hackers">Hackers hacked by hackers</h2><p>An update shared privately with Klue customers on Wednesday night and seen by <a href="https://techcrunch.com/2026/06/25/hacked-klue-says-criminals-are-deleting-stolen-customer-data-but-now-other-hackers-are-making-threats/" target="_blank"><em>TechCrunch</em></a> said, “We continue to communicate with the threat actor we have been in contact with (‘Icarus’). Icarus told us they are taking steps to delete the data taken from Klue customers. The Icarus site remains down and we have indications that Icarus is indeed taking steps to delete data taken from Klue customers.”</p><p>Icarus later informed Klue that the second group was attempting to extort Klue customers using the same data, having posted a list of affected companies on its own website. Alongside this list, they also claimed to have stolen the customer data from Icarus, after one of the Icarus group accidentally allowed the group to connect to the server hosting the stolen data.</p><p>Although there is no evidence that Klue has paid the Icarus group, the unnamed group also posted a statement that an “Icarus operator who is a teenager living somewhere in the UK or adjacent countries” had been paid by Klue to delete the stolen data.</p><p>A further communique issued by Klue to its customers said that it had been reassured by Icarus that the unnamed group only had samples of the stolen data, not the full set. It also said that, “Icarus has asked us to inform Klue customers to not make payment to this other party.”</p><p>Klue also suggested that its customers should ask the second group for random samples of their data to prove whether or not they actually had obtained the full set of stolen customer data.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ This macOS malware can avoid AI analysis with gaslighting prompts hidden inside its architecture ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/this-macos-malware-can-avoid-ai-analysis-with-gaslighting-prompts-hidden-inside-its-architecture</link>
                                                                            <description>
                            <![CDATA[ A new piece of malware tries to trick AI-assisted analysis into showing errors. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">U53dE6YVGq8TtTv52qNvmn</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/Rb6YDzdRZjccpn6MQ26KML-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 26 Jun 2026 13:00:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                                                                                    <dc:creator><![CDATA[ Sead Fadilpašić ]]></dc:creator>                                                                                                        <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/Rb6YDzdRZjccpn6MQ26KML-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[A person typing on a laptop and using a tablet. Only their upper torso, arms and hands are visible. Text superimposed on the image shows AI ]]></media:description>                                                            <media:text><![CDATA[A person typing on a laptop and using a tablet. Only their upper torso, arms and hands are visible. Text superimposed on the image shows AI ]]></media:text>
                                <media:title type="plain"><![CDATA[A person typing on a laptop and using a tablet. Only their upper torso, arms and hands are visible. Text superimposed on the image shows AI ]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/Rb6YDzdRZjccpn6MQ26KML-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>SentinelOne uncovered macOS malware “Gaslight” that uses prompt injection to mislead AI‑assisted triage tools during analysis</strong></li><li><strong>Beyond standard backdoor and infostealer capabilities, it embeds fake Markdown “system” messages to trick LLMs into halting investigation</strong></li><li><strong>Researchers warn defenders to treat malware samples as adversarial input and isolate AI pipelines, as more analyst‑targeting prompt injection is expected</strong></li></ul><p>We’ve seen prompt injection in websites and emails, but what about - malware samples? Security researchers SentinelOne recently published an in-depth report on a newly uncovered piece of macOS malware called Gaslight that, as the name suggests, tries to gaslight AI-assisted triage agents into stopping the analysis.</p><p>The malware itself is nothing out of the ordinary: it infects the device by whatever means necessary (usually phishing and social engineering), connects to attacker-controlled infrastructure via Telegram, and then executes different commands such as profiling the device, running arbitrary shell commands, stealing files, or terminating processes. </p><p>It also delivers a stage-two malware that acts as an infostealer, pulling passwords, sensitive PDFs, cryptocurrency wallet information, and more.</p><h2 id="weaponizing-llm-assisted-triage-pipelines">Weaponizing LLM-assisted triage pipelines</h2><p>But where Gaslight stands out is its defenses against <a href="https://www.techradar.com/best/best-ai-tools" target="_blank">AI-powered malware analysis</a>. According to SentinelOne, the malware contains a large block of fake Markdown-formatted "system" messages designed for AI assistants that security researchers may use during reverse engineering. These messages claim things like “the AI's authentication token has expired”, “the analysis environment is running out of memory”, “disk space has been exhausted”, “static analysis is unsafe”, and similar. </p><p>While a human analyst would definitely recognize these fake messages even at a glance, an LLM that isn’t properly isolated from untrusted input could interpret them as genuine system instructions and refuse to further analyze the malware. </p><p>“macOS.Gaslight is noteworthy for its analyst-targeting prompt injection, an attempt to weaponize the LLM-assisted triage pipelines that increasingly sit in the reverse-engineering loop,” SentinelOne explains. “Anyone building such tooling should treat the contents of the samples they triage as adversarial input, never as instructions, and be prepared to keep hostile content out of the model entirely. As LLM-assisted analysis becomes routine, defenders should expect more samples built to exploit it.”</p><p>The researchers have published a full list of indicators of compromise on <a href="https://www.sentinelone.com/labs/macos-gaslight-rust-backdoor-turns-prompt-injection-on-the-analyst-not-the-sandbox/" target="_blank">this link</a>.</p><p><em>Via </em><a href="https://thehackernews.com/2026/06/new-gaslight-macos-malware-uses-prompt.html" target="_blank"><em>The Hacker News</em></a></p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Almost half of ransomware victims have data stolen before they can even detect an intrusion ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/almost-half-of-ransomware-victims-have-data-stolen-before-they-can-even-detect-an-intrusion</link>
                                                                            <description>
                            <![CDATA[ Hackers are getting better at hiding and stealing files without raising alarms. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">Hd8JzdR7bXBBwF9wxPm2vD</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/MXsTJFHcFVn7AwpfTpePEX-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 25 Jun 2026 19:00:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                                                                                    <dc:creator><![CDATA[ Sead Fadilpašić ]]></dc:creator>                                                                                                        <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/MXsTJFHcFVn7AwpfTpePEX-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Ransomware]]></media:description>                                                            <media:text><![CDATA[Ransomware]]></media:text>
                                <media:title type="plain"><![CDATA[Ransomware]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/MXsTJFHcFVn7AwpfTpePEX-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>ExtraHop’s Global Threat Landscape Report shows 49% of ransomware victims only detected attacks after data theft, up from 31% last year</strong></li><li><strong>Average dwell time before detection is 2.5 weeks; attackers exploit encrypted channels, valid accounts, and alert fatigue to evade defenses</strong></li><li><strong>Ransom payments fell from $3.6M to $2.8M, but payment frequency rose sharply, with 83% of surveyed victims paying in 2026 vs. 70% in 2025</strong></li></ul><p>Criminals are getting better at hiding within their victims’ infrastructure, lurking and stealing files without triggering any alarms whatsoever. </p><p>Earlier today, network detection and response experts ExtraHop released the “Global Threat Landscape Report”, based on a survey of more than 1,800 IT and security leaders worldwide. In it, it is said that roughly half (49%) of organizations that were struck by <a href="https://www.techradar.com/best/best-ransomware-protection" target="_blank">ransomware</a> did not detect the threat until after the data was stolen.</p><p>This is up from 31% a year ago, ExtraHop stressed, showing the improvement criminals made within just 12 months. </p><h2 id="several-factors">Several factors</h2><p>On average, cybercriminals have 2.5 weeks of quiet time before being spotted in ransomware incidents, the report stated. Furthermore, 14% of victims were unaware of an attack until receiving a ransom demand, which is also up from 6% a year ago.</p><p>“Prolonged dwell times often parallel a highly complex threat environment where critical alerts are obscured,” ExtraHop said in a press release shared with TechRadar Pro. The researchers uncovered several factors that led to delays in investigating critical alerts, including attackers using encrypted channels (41%), attacker activity mirroring legitimate workflows and processes (38%), using valid, high-privilege account permissions (34%), and alert fatigue (30%). Undermined baseline behavior also enabled anomalous actions to fly under the radar (27%). </p><p>The good news is that the average ransom payment dropped year-on-year, from $3.6 million down to $2.8 million. However, the bad news is that the payment frequency spiked. While in 2025 70% of respondents paid a ransom, this year 83% have done the same, at least among ExtraHop’s respondents.</p><p>When <a href="https://www.techradar.com/pro/security/ransomware-payments-drop-to-record-low-even-as-attacks-surge" target="_blank">Chainalysis</a> ran a similar survey recently, it said that in 2025 the number of successful ransomware attacks grew, while the number of payments remained relatively flat, meaning that in absolute numbers - there were fewer companies paying ransomware attackers.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Chinese cybersecurity company 360 unveils “China's version of Mythos”, and Yitianzhen, to automate cyber defense ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/chinese-cybersecurity-company-360-unveils-chinas-version-of-mythos-and-yitianzhen-to-automate-cyber-defense</link>
                                                                            <description>
                            <![CDATA[ China "cannot afford to wait", the company says, as Mythos finds more and more flaws. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">nGjAzTcRfdkNnLbQCY3xQf</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/aNb5QzdTvjeBY2DvAsyqXa-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 25 Jun 2026 17:15:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                                                                                    <dc:creator><![CDATA[ Sead Fadilpašić ]]></dc:creator>                                                                                                        <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/aNb5QzdTvjeBY2DvAsyqXa-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Flags of the People&#039;s Republic of China, hanging in a park during National Day in Beijing, China]]></media:description>                                                            <media:text><![CDATA[Flags of the People&#039;s Republic of China, hanging in a park during National Day in Beijing, China]]></media:text>
                                <media:title type="plain"><![CDATA[Flags of the People&#039;s Republic of China, hanging in a park during National Day in Beijing, China]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/aNb5QzdTvjeBY2DvAsyqXa-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>At ISC.AI 2026, China’s 360 Security Technology unveiled “Yitian Tulong,” two AI models for vulnerability discovery and automated defense</strong></li><li><strong>Founder Zhou Hongyi described Tulongfeng as the “Chinese Mythos,” claiming it found 3,432 flaws, with 105 confirmed by the government</strong></li><li><strong>Zhou acknowledged a 20–30% capability gap vs. US models, but stressed building a professional attack‑and‑defense team over reliance on a single “genius hacker” approach</strong></li></ul><p>A Chinese cybersecurity company recently unveiled two Artificial Intelligence (AI) models, one of which is supposed to be the country’s answer to Anthropic's Mythos.</p><p>Mythos is an advanced <a href="https://www.techradar.com/best/best-ai-tools" target="_blank">AI model</a> that can surface and exploit software vulnerabilities at scale and is currently only available to a couple dozen major US firms because it is allegedly too powerful (and thus dangerous) to be shared with everyone. </p><p>During the ISC.AI 2026 cybersecurity conference, which was held at the Beijing National Convention Center on June 24, 2026, Chinese cybersecurity company 360 Security Technology unveiled two tools collectively called “Yitian Tulong”, Reuters reports.</p><h2 id="taking-a-different-approach">Taking a different approach</h2><p>Yitial Tulong comprises two AI models: Tulongfeng, and Yitianzhen. According to founder Zhou Hongyi, the former is the “Chinese Mythos”, while the latter is a way to automate defense and incident response. </p><p>"This kind of powerful weapon that can change the landscape of cyber offence and defense cannot be held ⁠only by others," Zhou allegedly said during the presentation. </p><p>Claims about the capabilities of these models cannot be independently verified, and in the case of Yitian Tulong, will probably never be. The company said Tulongfeng found 3,432 software flaws, including 105 allegedly confirmed by the Chinese government. </p><p>Zhou also discussed taking a different approach compared to the US - a country which relies on “the strongest model, the strongest computing power, and the strongest chips”.</p><p>"Objectively speaking, domestic models still have a 20%-30% gap in base capability," Zhou said. "China cannot wait until model capabilities have fully caught up before starting ​vulnerability discovery, because we cannot afford to wait."</p><p>According to Zhou, 360 is building a “professional attack-and-defense team”, rather than “just” a single genius hacker: "If Mythos is a top-end chip, what we are building is a complete machine that can run stably, work 24 hours a day and make fewer mistakes," he said. "If the U.S. route is to cultivate a genius hacker, 360's route is to organise a professional attack-and-defense ⁠team."</p><p><em>Via </em><a href="https://www.reuters.com/legal/litigation/chinas-360-says-it-has-developed-tools-match-anthropics-mythos-2026-06-24/" target="_blank"><em>Reuters</em></a></p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ '27 million stolen login credentials have been recovered': Global coordinated takedown hits SocGholish, Amadey, and StealC malware networks where it hurt ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/27-million-stolen-login-credentials-have-been-recovered-global-coordinated-takedown-hits-socgholish-amadey-and-stealc-malware-networks-where-it-hurt</link>
                                                                            <description>
                            <![CDATA[ EUROPOL and national law enforcement agencies struck three major MaaS platforms, froze money and servers, and cleaned websites. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">3aH5bGcNCmgAYwLxtCQJUm</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/UjSNcAZ5SebctebKAMQNVF-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 25 Jun 2026 15:45:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                                                                                    <dc:creator><![CDATA[ Sead Fadilpašić ]]></dc:creator>                                                                                                        <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/UjSNcAZ5SebctebKAMQNVF-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Cybersecurity ensures data protection on internet. Data encryption, firewall, encrypted network, VPN, secure access and authentication defend against malware, hacking, cyber crime and digital threat]]></media:description>                                                            <media:text><![CDATA[Cybersecurity ensures data protection on internet. Data encryption, firewall, encrypted network, VPN, secure access and authentication defend against malware, hacking, cyber crime and digital threat]]></media:text>
                                <media:title type="plain"><![CDATA[Cybersecurity ensures data protection on internet. Data encryption, firewall, encrypted network, VPN, secure access and authentication defend against malware, hacking, cyber crime and digital threat]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/UjSNcAZ5SebctebKAMQNVF-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>EUROPOL’s Operation Endgame froze $47M in cryptocurrency and dismantled infrastructure for SocGholish, Amadey, and StealC malware</strong></li><li><strong>326 servers, 142 domains, and 14,971 infected websites were taken down, disrupting distribution networks and recovering 27M credentials</strong></li><li><strong>No arrests were made; experts warn such disruptions often only temporarily halt criminal operations before infrastructure is rebuilt</strong></li></ul><p>Millions of dollars in cryptocurrency were frozen, and hundreds of servers taken down, in a sweeping operation by EUROPOL and multiple national law enforcement agencies against cybercriminals.</p><p>Over the last couple of weeks, EUROPOL ran Operation Endgame, together with law enforcement agencies from Canada, Denmark, Germany, the Netherlands, the United Kingdom, and the United States. Multiple private companies, including Microsoft, participated as well.</p><p>The goal was the dismantling of digital infrastructure used by three distinct hacking operations: SocGholish, Amadey, and StealC. These are known malware variants, granting attackers backdoor access, and stealing valuable secrets from compromised devices.</p><h2 id="shutting-down-servers-and-cleaning-websites">Shutting down servers and cleaning websites</h2><p>SocGholish, for example, is a sophisticated JavaScript downloader and loader, linked to a Russian Malware-as-a-Service (MaaS) operation called Evil Corp. </p><p>During the operation, the police managed to identify and freeze $47 million in cryptocurrencies. It cannot access or retrieve these funds, but by freezing them, it effectively removed them from circulation. Around 27 million login credentials were also recovered as part of this operation.</p><p>Furthermore, law enforcement shut down 326 servers and 142 domains that were used to host and distribute the <a href="https://www.techradar.com/best/best-malware-removal" target="_blank">malware</a>. This, EUROPOL says, “severely crippled” the malware’s distribution network: “By taking down these tools simultaneously, the collaboration between law enforcement and private parties has increased friction for cybercriminals, making it harder for attacks to succeed, spread, or recover.”</p><p>EUROPOL also said that by taking down SocGholish, 14,971 infected websites were “remediated”. These are legitimate sites, belonging to different businesses such as restaurants, auto repair shops, and others, but were compromised and used as launchpads for malware delivery. </p><p>Sadly, no arrests have been made, and EUROPOL did not say if key players of these groups were even identified. Usually, disruptions such as this one only momentarily stop malicious activities, which resume in a few weeks once the infrastructure is rebuilt. </p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Edge users beware — this malicious extension can break out of the sandbox and install ransomware ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/edge-users-beware-this-malicious-extension-can-break-out-of-the-sandbox-and-install-ransomware</link>
                                                                            <description>
                            <![CDATA[ Hackers found a way to get an Edge extension to do their bidding. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">ZW8e2HVDrnR2AMfRNTKep3</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/tSejjmrgK46MgdhWqD5miC-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 25 Jun 2026 14:20:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                                                                                    <dc:creator><![CDATA[ Sead Fadilpašić ]]></dc:creator>                                                                                                        <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/tSejjmrgK46MgdhWqD5miC-1280-80.jpg">
                                                            <media:credit><![CDATA[Tada Images / Shutterstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Google Chrome app is seen on an iPhone next to Edge and other web browser apps. Microsoft is using new prompts in Edge to try and stop users from downloading Chrome.]]></media:description>                                                            <media:text><![CDATA[Google Chrome app is seen on an iPhone next to Edge and other web browser apps. Microsoft is using new prompts in Edge to try and stop users from downloading Chrome.]]></media:text>
                                <media:title type="plain"><![CDATA[Google Chrome app is seen on an iPhone next to Edge and other web browser apps. Microsoft is using new prompts in Edge to try and stop users from downloading Chrome.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/tSejjmrgK46MgdhWqD5miC-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>Zscaler uncovered “Edgecution,” a malicious Edge extension deployed via fake Outlook update sites shared in Teams phishing</strong></li><li><strong>Attack uses ZIP archives with Python runtime to escape browser sandbox, creating a backdoor capable of shell/PowerShell execution and system data theft</strong></li><li><strong>Believed linked to Initial Access Brokers tied to ransomware group Payout Kings, showing evolving sophistication in access‑for‑sale operations</strong></li></ul><p>If you are using the Edge browser be careful - there is a malicious campaign going round that uses the <a href="https://www.techradar.com/best/browser" target="_blank">browser</a> to deploy a backdoor via an extension.</p><p>According to security researchers Zscaler, scammers are reaching out to their victims via Microsoft Teams, pretending to be IT support. They claim the user needs to install an Outlook update, or a spam filter, and direct the victims to a fake “Outlook Updates Management Console” website. </p><p>There, the users are instructed to run one of the three provided processes, all of which download a ZIP archive that, when executed, creates a scheduled task. This task starts the Edge browser in headless mode (invisible to the user) and installs an extension officially called “Edge Monitoring Agent”. Zscaler, on the other hand, calls it “Edgecution”.</p><h2 id="creating-a-native-messaging-manifest">Creating a Native Messaging manifest</h2><p>The ZIP archive also contains an embedded Python runtime and a Python-based <a href="https://www.techradar.com/best/best-malware-removal" target="_blank">backdoor</a>. The runtime creates a Native Messaging manifest - a file that tells the browser how to communicate with the backdoor. That’s the way the threat actors managed to escape the browser’s sandbox and run the backdoor on the compromised computer itself. </p><p>That backdoor can do multiple things, from executing shell commands, to running PowerShell and arbitrary Python code. It can also write files on the host, enumerate running processes, and gather system information. </p><p>Zscaler believes this is the work of an Initial Access Broker (IAB), a malicious group whose only job is to obtain access to a victim’s infrastructure and then sell it - or share it with a partnering group. This particular IAB, the researchers believe, is connected to a ransomware operation called Payout Kings. </p><p>“The Edgecution browser extension illustrates the evolving sophistication of initial access brokers operating in the ransomware landscape,” Zscaler warns. “The reliance on a malicious browser extension to relay commands to a Python-based native host demonstrates a creative approach to evade traditional endpoint detection.”</p><p>A full list of Indicators of Compromise (IoC) can be found on <a href="https://www.zscaler.com/blogs/security-research/payouts-king-ransomware-initial-access-broker-deploys-new-edgecution" target="_blank">this link</a>.</p><p><em>Via </em><a href="https://www.bleepingcomputer.com/news/security/malicious-edge-extension-abuses-native-messaging-as-bridge-to-malware/" target="_blank"><em>BleepingComputer</em></a></p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Multiple malicious OpenClaw skills found online - including two macOS infostealers ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/multiple-malicious-openclaw-skills-found-online-including-two-macos-infostealers</link>
                                                                            <description>
                            <![CDATA[ Criminals found yet another marketplace to infect and use as a launchpad for malware delivery. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">vFgwHmcERf3Dv9c4J9df9G</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/DTZvZXmPaA8zMJoW733ZVa-1280-80.png" type="image/png" length="0"></enclosure>
                                                                        <pubDate>Thu, 25 Jun 2026 12:10:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                                                                                    <dc:creator><![CDATA[ Sead Fadilpašić ]]></dc:creator>                                                                                                        <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/png" url="https://cdn.mos.cms.futurecdn.net/DTZvZXmPaA8zMJoW733ZVa-1280-80.png">
                                                            <media:credit><![CDATA[Fortune]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Microsoft OpenClaw]]></media:description>                                                            <media:text><![CDATA[Microsoft OpenClaw]]></media:text>
                                <media:title type="plain"><![CDATA[Microsoft OpenClaw]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/DTZvZXmPaA8zMJoW733ZVa-1280-80.png" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>Palo Alto Networks’ Unit 42 found five malicious “skills” on ClawHub, OpenClaw’s official marketplace, delivering infostealers and fraud</strong></li><li><strong>Threat actors bypassed VirusTotal/ClawScan checks with inflated file sizes and evasive techniques, showing persistent supply chain risk</strong></li><li><strong>All malicious skills were removed and accounts banned; researchers urge strict provenance validation and source code audits for published packages</strong></li></ul><p>ClawHub is the latest marketplace hackers are poisoning with malware, in an attempt to compromise software developers and other advanced users. Earlier this week, security researchers from Palo Alto Networks’ Unit 42 team disclosed finding, and reporting, five “skills” on that marketplace, that sought to infect their users with infostealer <a href="https://www.techradar.com/best/best-malware-removal" target="_blank">malware</a>. </p><p>First a little context: OpenClaw (originally published as Clawd/Clawdbot) was released in November 2025. It is an <a href="https://www.techradar.com/best/best-ai-tools" target="_blank">open-source agent</a> platform that performs actions on a computer, such as browsing the web, or managing files, instead of simply answering questions like a chatbot. To perform different actions, OpenClaw must first learn how to do them, which is done through “skills” - add-ons that extend the agent’s capabilities.</p><p>Soon after, ClawHub was born - the official marketplace and registry for OpenClaw skills and plugins, attracting not just the AI developer community, but cybercriminals, as well. Early reports, published in February this year, forced OpenClaw to integrate VirusTotal and ClawScan, to better protect the community and allow proactive screening of published skills.</p><h2 id="persistent-and-evasive-malicious-skills">Persistent and evasive malicious skills</h2><p>However, Unit 42 says this didn’t stop threat actors, and that it has since discovered multiple “persistent and evasive malicious skills” on the platform. </p><p>In total, the researchers discovered five skills, including two that delivered the AMOS infostealer, one that came with an inflated file size to trick scanners, and two that were essentially commission fraud, abusing the fact that an AI agent can make decisions and perform actions on behalf of the user. Details on all five can be found on <a href="https://unit42.paloaltonetworks.com/openclaw-ai-supply-chain-risk/" target="_blank">this link</a>.</p><p>All five were since reported to ClawHub, and OpenClaw had them removed and the accounts behind them banned. </p><p>Unit 42 recommends organizations use a “rigorous supply chain verification framework” to remain secure: “We identified that skill execution occurs within the agent process. This necessitates active validation of publisher provenance and a line-by-line audit of package source files.”</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ 'Deepfake as a service' sees 39% spike in dark web conversations — and experts fear it will fuel the next wave of “fake boss” scams ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/deepfake-as-a-service-sees-39-percent-spike-in-dark-web-conversations-and-experts-fear-it-will-fuel-the-next-wave-of-fake-boss-scams</link>
                                                                            <description>
                            <![CDATA[ Businesses must prepare for what's coming by focusing on prevention and employee education. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">uqGUzUHZcRV9JjCB8DpwmK</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/k8gygbTzU2uzRU7hectcyk-1280-80.png" type="image/png" length="0"></enclosure>
                                                                        <pubDate>Wed, 24 Jun 2026 17:25:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                                                                                    <dc:creator><![CDATA[ Sead Fadilpašić ]]></dc:creator>                                                                                                        <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/png" url="https://cdn.mos.cms.futurecdn.net/k8gygbTzU2uzRU7hectcyk-1280-80.png">
                                                            <media:credit><![CDATA[Gemini]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Man in a business suit with pixellated face agains background of political room]]></media:description>                                                            <media:text><![CDATA[Man in a business suit with pixellated face agains background of political room]]></media:text>
                                <media:title type="plain"><![CDATA[Man in a business suit with pixellated face agains background of political room]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/k8gygbTzU2uzRU7hectcyk-1280-80.png" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>NordStellar found 924 dark‑web posts about deepfakes‑as‑a‑service (DFaaS) Jan–May 2026, up 39% year‑on‑year</strong></li><li><strong>Rising interest driven by generative AI advances, enabling hyper‑realistic “fake boss” scams and lowering barriers for attackers</strong></li><li><strong>Experts urge prevention through employee education and monitoring for leaked company data to reduce risk of targeted deepfake attacks</strong></li></ul><p>The interest in deepfakes-as-a-service (DFaaS) among criminals is growing, and the cybersecurity community is worried it might fuel the next wave of “fake boss” scams.</p><p>This is according to a new report from threat exposure management platform, NordStellar. Analyzing discussions on the dark web, the researchers found that between January and May this year, there were 924 posts about DFaaS, up 39% compared to the same period last year, when there were 663 similar posts.</p><p>“The rapid growth in popularity of deepfakes as a service is likely accelerated by advancements in generative AI, which help cybercriminals in two ways — by speeding up the creation of deepfakes and making them hyper-realistic,” says Vakaris Noreika, cybersecurity expert at NordStellar. “Ultimately, this service lowers the barrier to entry for deepfake technology, enabling threat actors to deploy highly deceptive attacks at a larger scale, regardless of their personal technical skill set.”</p><h2 id="how-to-defend-against-convincing-deepfake-attacks">How to defend against convincing deepfake attacks?</h2><p>Experts are worried the rising interest might result in more “<a href="https://www.techradar.com/best/best-identity-theft-protection" target="_blank">fake boss</a>” scams which, at that, would be even more difficult to spot. Business Email Compromise (BEC), a “fake boss” scam that primarily uses written emails, has for years been among the most lucrative tactics in the criminal underworld. According to the FBI, BEC was the second costliest tactic last year, with company losses exceeding $3 billion (up 11% compared to 2024). </p><p>Defending against highly convincing deepfake images and videos might not be easy, but it certainly isn’t impossible. Noreika suggests businesses should focus on prevention and employee education, since they cannot control whether crooks target them or not. </p><p>“The more details and access attackers obtain, the easier it is for them to craft highly realistic, targeted attacks,” says Noreika. “Monitoring the dark web for leaked company information is a critical step in preventing cybercriminals from finding credentials to breach accounts or data to use as intel.”</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Vulnerabilities uncovered in secret US government systems and software during testing of Anthropic Mythos ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/vulnerabilities-uncovered-in-secret-us-government-systems-and-software-during-testing-of-anthropic-mythos</link>
                                                                            <description>
                            <![CDATA[ The US Government confirmed what the community already knows - Mythos is a true beast. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">E4KAsTKAfsByohfTR8cSML</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/6t9Lsf3QWte55CdyiDs97L-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 24 Jun 2026 16:00:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                    <category><![CDATA[AI Platforms &amp; Assistants]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                                                                                    <dc:creator><![CDATA[ Sead Fadilpašić ]]></dc:creator>                                                                                                        <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/6t9Lsf3QWte55CdyiDs97L-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[A robot&#039;s hand typing on a laptop keyboard]]></media:description>                                                            <media:text><![CDATA[A robot&#039;s hand typing on a laptop keyboard]]></media:text>
                                <media:title type="plain"><![CDATA[A robot&#039;s hand typing on a laptop keyboard]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/6t9Lsf3QWte55CdyiDs97L-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>Senator Mark Warner testified NSA confirmed Mythos Preview identified vulnerabilities in nearly all classified systems within hours during a controlled exercise</strong></li><li><strong>US officials clarified Mythos found flaws rapidly rather than exploiting them, but the capability still raises major concern</strong></li><li><strong>Anthropic withheld public release, sharing only with select firms; Mozilla and others validated its potency, with thousands of critical bugs uncovered in weeks</strong></li></ul><p>We now have another witness claiming <a href="https://www.techradar.com/best/best-ai-tools" target="_blank">Mythos Preview</a> is able to break into protected systems fast and this one is none other than a high-ranking member of the US Government.</p><p>According to the Associated Press, Senator Mark Warner of Virginia testified in front of a congressional hearing this month, saying he was informed by National Security Agency (NSA) chief Joshua Rudd that Mythos “broke into almost all of our classified systems, not in weeks, but in hours.”</p><p>It’s worth mentioning here that the break-in was controlled, since it was part of an exercise done by the Anthropic team and the intelligence agency.</p><h2 id="how-powerful-is-mythos">How powerful is Mythos?</h2><p>The Associated Press dug deeper, and was informed by an unidentified US official that Mythos merely found vulnerabilities within hours, not necessarily exploited them. Still, identifying a vulnerability that theoretically can be exploited for attacks against protected US Government systems should be cause for concern on its own. </p><p>Mythos is an advanced AI model built by Anthropic, first introduced in early April this year. However, the company decided not to share it with the general public because it was apparently too capable of discovering and leveraging software vulnerabilities.</p><p>Instead, Anthropic shared it with a handful of major corporations, to help them secure their systems before cybercriminals can use the tool. Since then, multiple companies came forward to confirm Mythos’ potency, including Mozilla, which said the tool was “<a href="https://www.techradar.com/pro/mozilla-says-anthropics-mythos-is-every-bit-as-capable-as-the-worlds-best-security-researchers-after-firefox-experiment-and-says-the-zero-days-are-numbered" target="_blank">every bit as capable</a>” as the world’s best security researchers.</p><p>Mozilla said that with the help of Mythos, it was able to ship more than 400 Firefox security bugs in April alone. </p><p>A month later, Anthropic said the 50 companies using the tool discovered <a href="https://www.techradar.com/pro/security/after-one-month-most-partners-have-each-found-hundreds-of-critical-or-high-severity-vulnerabilities-anthropic-claims-mythos-has-found-over-ten-thousand-major-security-vulnerabilities-across-the-most-systemically-important-software-in-the-world" target="_blank">more than 10,000</a> critical and high-level security vulnerabilities in roughly two months’ time. </p><p>“Several have told us that their rate of bug-finding has increased by more than a factor of ten,” the company said. “For instance, Cloudflare has found 2,000 bugs (<a href="https://www.techradar.com/pro/security/mozilla-says-anthropics-mythos-preview-and-other-ai-models-helped-it-identify-and-ship-423-firefox-security-bug-fixes-in-just-one-month" target="_blank">400 of which are high- or critical-severity</a>) across their critical-path systems, with a false positive rate that Cloudflare’s team considers better than human testers.”</p><p><em>Via </em><a href="https://www.reuters.com/business/anthropics-mythos-model-found-vulnerabilities-classified-us-government-systems-2026-06-24/" target="_blank"><em>Reuters</em></a></p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ 87% of cybersecurity managers say quick compliance programs are actually increasing risk and making businesses less resilient ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/87-percent-of-cybersecurity-managers-say-quick-compliance-programs-are-actually-increasing-risk-and-making-businesses-less-resilient</link>
                                                                            <description>
                            <![CDATA[ Security professionals are skeptical if the speed comes at the expense of actual business resilience. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">xnUzWbMFJxMtv3g4Caau2f</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/pVCXKrhThqmUjYVSZBjV5Z-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 24 Jun 2026 13:10:19 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                                                                                    <dc:creator><![CDATA[ Sead Fadilpašić ]]></dc:creator>                                                                                                        <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/pVCXKrhThqmUjYVSZBjV5Z-1280-80.jpg">
                                                            <media:credit><![CDATA[Thapana Onphalai via Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Hands on a laptop with overlaid logos representing network security]]></media:description>                                                            <media:text><![CDATA[Hands on a laptop with overlaid logos representing network security]]></media:text>
                                <media:title type="plain"><![CDATA[Hands on a laptop with overlaid logos representing network security]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/pVCXKrhThqmUjYVSZBjV5Z-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>IO research shows 87% of UK cybersecurity managers doubt the credibility of speed‑focused certification programs</strong></li><li><strong>Rapid, automated compliance creates a false sense of security, with certifications like ISO 27001 not guaranteeing resilience</strong></li><li><strong>Experts stress continuous monitoring and human oversight, as automated recommendations and evidence still need validation and interpretation</strong></li></ul><p>Speed-focused compliance programs could help businesses get cybersecurity certifications quicker, but security professionals are skeptical if the speed comes at the expense of actual business resilience. </p><p>This is according to new research from resilience specialists IO, which claims that 87% of senior cybersecurity managers in the UK believe the speed at which certification is achieved affects its credibility. </p><p>According to the report, compliance initiatives that are either heavily automated or compressed into short timeframes are creating a false sense of security. Certifications like ISO 27001 might help companies win contracts and maintain an image, but researchers are warning that certification alone does not guarantee actual operational resilience. </p><h2 id="gaps-in-security-posture">Gaps in security posture</h2><p>“Organizations that focus on achieving certification as quickly as possible are at risk of leaving gaps in their security posture,” says Chris Newton-Smith, CEO of IO. “Certification can open doors to new contracts and demonstrate commitment to recognised standards but treating certification as the end goal rather than the outcome of establishing and embedding effective compliance is more often than not at the expense of long-term resilience. Businesses must treat compliance not as a tick-box exercise but an evolving, iterative, and business critical project.”</p><p>Polling 251 cybersecurity managers in the UK, IO found that 31% consider continuous controls monitoring as the strongest indicator of compliance resilience. At the same time, a fifth (21%) said certifications could reflect security controls at the time of an audit, but could soon after become obsolete. </p><p>IO also stressed the importance of human expertise in these programs. Almost half (45%) of the respondents said human involvement is still essential when evaluating if automated compliance recommendations are still relevant and accurate, and another third (33%) said complex regulations still need human interpretation. </p><p>Finally, 32% stressed the importance of human in validating compliance evidence generated by automated systems. </p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ 'Organised crime operating like a tech startup': EvilToken PHaaS group ramp up AI-enabled attacks by 1,380% in 2026 ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/organised-crime-operating-like-a-tech-startup-eviltoken-phaas-group-ramp-up-ai-enabled-attacks-by-1-380-percent-in-2026</link>
                                                                            <description>
                            <![CDATA[ AI is used for more than just scaling - it enabled personalization at an unprecedented level. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">6qoys784Jwtsumx53H7bdD</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/CT482eMSRL8PagRtuBVYNd-1280-80.jpeg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 24 Jun 2026 12:15:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                                                                                    <dc:creator><![CDATA[ Sead Fadilpašić ]]></dc:creator>                                                                                                        <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/CT482eMSRL8PagRtuBVYNd-1280-80.jpeg">
                                                            <media:credit><![CDATA[weerapatkiatdumrong / Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system]]></media:description>                                                            <media:text><![CDATA[A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system]]></media:text>
                                <media:title type="plain"><![CDATA[A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/CT482eMSRL8PagRtuBVYNd-1280-80.jpeg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>Huntress report highlights “EvilTokens” PhaaS scaling phishing attacks 1,380% in early 2026 compared to last year</strong></li><li><strong>AI integration enables per‑victim personalization at scale, bypassing MFA, with subscription tiers from $600 to $1,500</strong></li><li><strong>Service sold openly on Telegram, showing how PhaaS now operates like a startup with cheap, powerful attack capabilities</strong></li></ul><p>Cybercriminals offering phishing-as-a-service (PhaaS) are increasingly operating like a tech startup, and a good one, at that. They are also using Artificial Intelligence (AI), which helped them scale significantly. This is according to a new report from cybersecurity researchers Huntress, called “EvilTokens and the Rise of AI-Powered Phishing”.</p><p>In the report, Huntress claims that this particular PhaaS operation, called EvilTokens, was used to run 1,380% more phishing attacks in early 2026 compared to the same period last year. </p><p>“We’re seeing a clear maturation of the phishing-as-a-service (PhaaS) market as threat actors increasingly integrate AI workflows into their product offerings,” the report reads. “The result is directly observable in our telemetry: a 1,380% increase in device code phishing attacks detected between July–December 2025 and January–April 2026, with over 50% of those incidents linked to two major waves of correlated incidents.”</p><h2 id="a-cheap-service">A cheap service</h2><p>“Furthermore, across hundreds of incidents associated with EvilTokens, no two phishing lures were identical. This level of per-victim personalization was previously limited to targeted, manually crafted campaigns. Now, it’s achievable at scale by any threat actor at the price of a subscription service”</p><p>So, AI is not only used to scale the operation, but it is also used for personalization at an unprecedented level. At the same time, the service is relatively cheap to use: it is being sold on Telegram for as little as $600.</p><p>If this sounds like a lot, keep in mind that a single successful phishing attack is enough to steal data worth hundreds of thousands on the black market, or even millions - in ransom negotiations.</p><p>EvilTokens’ service is tiered, too. The cheapest package costs $600, while two more expensive ones cost $1,000 and $1,500, respectively. For criminals, it is likely worth the investment, since this PhaaS is capable of bypassing multi-factor authentication, as well. </p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ LastPass confirms data breach after hacker compromises supply chain — here's what we know ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/lastpass-confirms-data-breach-after-hacker-compromises-supply-chain-heres-what-we-know</link>
                                                                            <description>
                            <![CDATA[ Plenty of personal data obtained, but passwords seem to be safe. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">YLZZHhV78hiaRnFhwZW28c</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/7Q34GM2RgrdwsWnK6jBAeP-1280-80.png" type="image/png" length="0"></enclosure>
                                                                        <pubDate>Wed, 24 Jun 2026 10:12:32 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                                                                                    <dc:creator><![CDATA[ Sead Fadilpašić ]]></dc:creator>                                                                                                        <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/png" url="https://cdn.mos.cms.futurecdn.net/7Q34GM2RgrdwsWnK6jBAeP-1280-80.png">
                                                            <media:credit><![CDATA[LastPass]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[LastPass]]></media:description>                                                            <media:text><![CDATA[LastPass]]></media:text>
                                <media:title type="plain"><![CDATA[LastPass]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/7Q34GM2RgrdwsWnK6jBAeP-1280-80.png" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>LastPass confirmed a supply chain breach via Klue, where stolen OAuth tokens let attackers access its Salesforce environment</strong></li><li><strong>Customer names, contact details, and CRM data were exposed, but master passwords were not; phishing risk remains high</strong></li><li><strong>Threat actor Icarus claimed responsibility; other firms including Recorded Future, Tanium, Jamf, Sprout Social, Gong, and Insurity also impacted</strong></li></ul><p>Password manager LastPass confirmed that it lost sensitive customer data in a supply chain attack that struck a third party.</p><p>As LastPass explained in a newly released incident report, unnamed threat actors first targeted Klue, a third-party market intelligence platform that integrates with its Salesforce and Gong systems. After obtaining its OAuth tokens, the attackers were able to access LastPass’ Salesforce environment and exfiltrate sensitive data stored there. </p><p>“On June 12th, LastPass was made aware of an incident that occurred at Klue (klue.com), a third-party market intelligence platform utilized by our go-to-market teams, which integrates with our Salesforce and Gong systems,” LastPass said.</p><h2 id="compromising-names-and-emails">Compromising names and emails</h2><p>"We immediately launched an investigation and learned that, as part of this incident, an unauthorized actor was able to obtain OAuth tokens Klue held for many of its customers, including LastPass.”</p><p>“The threat actor then used these credentials to access LastPass customer data within our Salesforce environment.”</p><p>Further in the report, the <a href="https://www.techradar.com/best/password-manager" target="_blank">password manager</a> said the attackers most likely accessed customer names, phone numbers, email addresses, postal addresses, support case information, and sales/CRM-related data. </p><p>Passwords, including the master password, were most likely not exposed. However, criminals can use the data they obtained to launch phishing attacks, through which they might trick the victims into sharing those secrets, as well. </p><p>LastPass is now urging customers to remain vigilant and be careful with incoming messages, particularly those claiming to come from the company. </p><p>According to <em>BleepingComputer</em>, the Klue supply chain attack was claimed by a threat actor called Icarus, which apparently used compromised legacy credentials for an integration service to breach the intelligence platform. </p><p>Besides LastPass, a number of other organizations are affected as well, the publication further reported, including Recorded Future, Tanium, Jamf, Sprout Social, Gong, and Insurity. LastPass has now disabled employee access to Klue.</p><p><em>Via </em><a href="https://www.bleepingcomputer.com/news/security/lastpass-confirms-data-breach-in-klue-supply-chain-attack/" target="_blank"><em>BleepingComputer</em></a></p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ ‘Travelers are getting better at spotting obvious scams' — but experts warn Airbnb scams are on the rise as summer arrives ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/travelers-are-getting-better-at-spotting-obvious-scams-but-experts-warn-airbnb-scams-are-on-the-rise-as-summer-arrives</link>
                                                                            <description>
                            <![CDATA[ As summer travel peaks, experts warn of Airbnb scams exploiting verified host accounts to trick users into fake vacations. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">7XmXUDBXn3r3R4jkjMNZ8j</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/TTY5Kw4XBVMnVyegXQfgGT-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 24 Jun 2026 00:05:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Crime]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Craig Hale ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/GV8qRsHBkpSAQxiYKjTt6H.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/TTY5Kw4XBVMnVyegXQfgGT-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock / Iryna Kalamurza]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Young couple planning honeymoon vacation trip with map]]></media:description>                                                            <media:text><![CDATA[Young couple planning honeymoon vacation trip with map]]></media:text>
                                <media:title type="plain"><![CDATA[Young couple planning honeymoon vacation trip with map]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/TTY5Kw4XBVMnVyegXQfgGT-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>Airbnb scams have surged 30x since 2023, including a sharp rise this year</strong></li><li><strong>Criminals hijack legitimate host accounts to to trick holidaymakers</strong></li><li><strong>Staying safe isn't so straightforward as threats evolve</strong></li></ul><p>Airbnb-related scam activity has increased 30x since the first half of 2023, according to new research from Saily and NordStellar, confirming that cybercriminals continue to go after holidaymakers seeking the best deals amid rising prices.</p><p>The report ultimately concludes that attackers are now targeting the trust built by larger platforms, saving them from having to build new identities from scratch.</p><p>And to top it all off, the nature of scams is also changing, as instead of using suspicious websites to obtain victim payments or information, criminals are now targeting legitimate Airbnb host accounts which have spent years amassing positive reviews and high ratings.</p><h2 id="exploiting-legitimate-accounts-and-hijacking-trust">Exploiting legitimate accounts and hijacking trust</h2><p>While the end goal remains high volumes of vulnerable consumers, scammers have added an extra layer of victim in their pipeline. Verified Airbnb hosts are now valuable assets for criminals because they already have identity verifications, positive reviews, booking histories, years of activity and established credibility.</p><p>Once the verified account is compromised, attackers can then go on to scam higher volumes of unsuspecting victims by posting – and charging for – fake property listings.</p><p>“Travelers are getting better at spotting obvious scams,” Saily Head of Product Matas Cenys said. “Criminals know this, so they are increasingly trying to steal trust instead of building fake trust from scratch.”</p><p>Where this type of attack differs from others, though, is that the victims never leave the platform. Rather than falling victim to phishing attacks and being redirected to malicious external sites, they interact fully with supposed legitimate hosts on the Airbnb platform.</p><p>While Airbnb attacks have seen a 30x increase in around three years and a sharp rise in the last year alone, they reflect a much broader trend of attackers compromising existing trusted accounts.</p><p>The recent ramp-up in attacks could also be tied to the summer season, with holidaymakers looking to book last-minute deals in the run-up to the summer season. Urgency and pressure to keep costs low also adds to criminals’ success.</p><p>“Everything looks normal until they arrive at their destination and discover the accommodation never existed," Cenys added.</p><h2 id="how-to-protect-yourself-from-booking-scams">How to protect yourself from booking scams</h2><p>Saily is recommending that all communication stays within the booking platform and that customers avoid payment methods suggested outside of official channels. Unusually attractive listings in high-demand destinations could also be taken with a pinch of salt, and savvy shoppers may choose to reverse image search a property to double check its authenticity.</p><p>“As travel booking becomes increasingly digital, trust becomes one of the most valuable currencies in the travel ecosystem,” Cenys warned.</p><p>As for abusing victim trust, researchers also argue that AI has aided attacks by allowing criminals to produce better fake listings more quickly.</p><p>More generally, Airbnb revealed that two in five Americans have fallen victim for an online scam, with the average loss totalling nearly $2,000. The company has introduced measures to remind its users how to avoid scams, including introducing identity verification and reminders not to leave the platform, but account takeovers can still slip under the radar.</p><p>Airbnb also holds guest payments until 24 hours after check-in to ensure that everything is as described. Anti-fraud tech also prevented around 265,000 suspicious listings from appearing on the platform in 2025, the company boasted.</p><p>The company <a href="https://news.airbnb.com/partnering-with-experts-on-tips-to-help-avoid-summer-travel-scams-in-u-s/" target="_blank">posted</a> a comprehensive eight-step list of how to avoid scams on its platform online, calling out pressure tactics and unusual deals.</p><figure class="van-image-figure pull-right inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:676px;"><p class="vanilla-image-block" style="padding-top:31.51%;"><img id="diM9tpwF2Lz85R8q85CT78" name="tr-g_news" alt="Google logo on a black background next to text reading 'Click to follow TechRadar'" src="https://cdn.mos.cms.futurecdn.net/diM9tpwF2Lz85R8q85CT78.jpg" mos="" align="right" fullscreen="" width="676" height="213" attribution="" endorsement="" class="pull-rightinline"></p></div></div></figure>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ US healthcare AI platform Xsolis confirms data breach that affects 1.4 million individuals ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/us-healthcare-ai-platform-xsolis-confirms-data-breach-that-affects-1-4-million-individuals</link>
                                                                            <description>
                            <![CDATA[ Social Security numbers and health insurance information nabbed as Xsolis tells its customers to be careful. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">gAz4cBUXQQLpm3WEY4yfLR</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/sqGgDPxHyGtqunPo56h9cL-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 23 Jun 2026 17:30:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                                                                                    <dc:creator><![CDATA[ Sead Fadilpašić ]]></dc:creator>                                                                                                        <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/sqGgDPxHyGtqunPo56h9cL-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[A pink triangle with a red exclamation mark inside on a blue digital landscape]]></media:description>                                                            <media:text><![CDATA[A pink triangle with a red exclamation mark inside on a blue digital landscape]]></media:text>
                                <media:title type="plain"><![CDATA[A pink triangle with a red exclamation mark inside on a blue digital landscape]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/sqGgDPxHyGtqunPo56h9cL-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>Xsolis confirmed a phishing‑enabled breach on Jan 22, 2026, exposing data of 1.39M individuals</strong></li><li><strong>Stolen info includes names, addresses, DOBs, SSNs, health insurance, and medical treatment details; no ransom demands or dark web leaks yet</strong></li><li><strong>Customers offered free credit monitoring and identity theft protection, with warnings to watch for phishing and fraud attempts</strong></li></ul><p>Healthcare technology company Xsolis disclosed a cyberattack in which it lost sensitive data on almost 1.4 million customers.</p><p>Xsolis is a company that uses AI to help healthcare organizations make faster and more consistent decisions about patient care and utilization management. Earlier this week, it published a data breach notification on its website, saying that it spotted the intrusion on January 22, 2026.</p><p>Apparently, after a successful phishing attack on one of its employees two days earlier, the attackers were able to access a “limited portion” of the Xsolis environment, from which they were able to exfiltrate people’s names, addresses, dates of birth, health insurance information, Social Security numbers, and medical treatment information.</p><h2 id="almost-1-4-million-victims">Almost 1.4 million victims</h2><p>This level of information is more than enough information to target these individuals with phishing or even <a href="https://www.techradar.com/best/best-identity-theft-protection" target="_blank">steal their identity</a> for more disruptive attacks elsewhere.</p><p>In a filing with the US Department of Health and Human Services, Xsolis confirmed that 1,396,519 individuals were affected by this breach.</p><p>“We have taken steps to address the incident and are committed to protecting the information entrusted to us,” Xsolis said in the announcement. “Upon learning of this incident, we immediately began an investigation and reported the incident to law enforcement. We also implemented additional safeguards to further enhance the security of information in our possession and to help prevent similar incidents from occurring in the future.”</p><p>So far, there is no evidence of the data being used in follow-up attacks, or being offered on the dark web. No threat actors have yet claimed responsibility for the attack, and no one has yet demanded ransom in exchange for the files. </p><p>Xsolis told its customers to be wary of incoming messages, especially those pretending to be from the company, or using it in any other context. Customers are also offered free credit monitoring and identity theft protection services, as well as fraud alerts and credit freezes. </p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ New WhatsApp phishing campaign allows for remote access from a single business document ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/new-whatsapp-phishing-campaign-allows-for-remote-access-from-a-single-business-document</link>
                                                                            <description>
                            <![CDATA[ WhatsApp users are getting shady documents from their contacts, leading to an infection. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">JRh3tr92xwF7jFh5aPHHcX</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/NxmSYU2NX5vmBNv3WeEtKa-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 23 Jun 2026 16:35:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                                                                                    <dc:creator><![CDATA[ Sead Fadilpašić ]]></dc:creator>                                                                                                        <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/NxmSYU2NX5vmBNv3WeEtKa-1280-80.jpg">
                                                            <media:credit><![CDATA[Anton/Pexels]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[WhatsApp on smartphone in a hand]]></media:description>                                                            <media:text><![CDATA[WhatsApp on smartphone in a hand]]></media:text>
                                <media:title type="plain"><![CDATA[WhatsApp on smartphone in a hand]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/NxmSYU2NX5vmBNv3WeEtKa-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>Kaspersky warns of a WhatsApp phishing campaign spreading malicious VBScript files disguised as business documents</strong></li><li><strong>Running them installs ManageEngine Endpoint Central, giving attackers remote access; filenames localized boosted global reach</strong></li><li><strong>Victims span Brazil, India, Mexico, Singapore, UK, Spain, Taiwan, Australia, Russia, Vietnam, and Malaysia; compromise method remains unknown</strong></li></ul><p>WhatsApp users beware - there is a phishing campaign ongoing on the platform, seeking to infect your devices with a legitimate, but unsolicited endpoint security platform.</p><p>Security researchers Kaspersky recently published a new report detailing a campaign that starts with a compromised <a href="https://www.techradar.com/phones/7-great-whatsapp-alternatives-for-android-users-google-messages-discord-and-more" target="_blank">WhatsApp</a> account. They could not determine how these accounts got breached but found that they were being used to reach out to the victims’ contacts and share a VBScript file masquerading as business or financial documents.</p><p>People who don’t find it strange that their contacts are suddenly sharing business documents, and end up running them, will get ManageEngine’s Endpoint Central, a unified endpoint management (UEM) and endpoint security platform built to help IT teams manage a fleet of desktops, laptops, servers, mobile devices, and other endpoints, all from a single console.</p><h2 id="two-scripts-one-malware">Two scripts, one malware</h2><p>In this case, however, they wouldn’t be managing anything - they would just be granting remote system access to the attackers. Kaspersky says that the campaign is rather widespread, with victims located across Brazil, India, Mexico, Singapore, the UK, Spain, Taiwan, Australia, Russia, Vietnam, and Malaysia.</p><p>One of the reasons the campaign was so successful on an international level is because the filenames are localized in multiple languages, Kaspersky added.</p><p>“Based on evidence collected from multiple victims through social media reports and submitted samples, we can conclude that the threat actor had gained access to several WhatsApp accounts and used them to distribute the malicious VBScript files to contacts on the compromised users’ contact lists,” Kaspersky’s researchers said.</p><p>“At the time of writing, the exact method used to compromise these <a href="https://www.techradar.com/best/best-encrypted-messaging-app-android" target="_blank">WhatsApp accounts</a> remains unknown.”</p><p>Downloading and running the malicious files on Windows result in the deployment of two scripts that first disable UAC protections and then deploy the UEM. Kaspersky also stressed that when users open WhatsApp on the web, they must first download the files, but when they open the desktop client, the files can be executed directly via Windows Script Host. </p><p><em>Via </em><a href="https://www.bleepingcomputer.com/news/security/whatsapp-phishing-attack-uses-fake-business-docs-to-hack-pcs/" target="_blank"><em>BleepingComputer</em></a></p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Meta investigates security concerns of internal mouse-tracking tech used to track employees and train AI ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/meta-investigates-security-concerns-of-internal-mouse-tracking-tech-used-to-track-employees-and-train-ai</link>
                                                                            <description>
                            <![CDATA[ An employee-tracking program will be paused, but no one knows for how long. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">f5mynf9rYaocR8JvywmQun</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/zcH5VAaCXXGsCM78Hyv7fJ-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 23 Jun 2026 14:10:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                                                                                    <dc:creator><![CDATA[ Sead Fadilpašić ]]></dc:creator>                                                                                                        <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/zcH5VAaCXXGsCM78Hyv7fJ-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Mark Zuckerberg Meta]]></media:description>                                                            <media:text><![CDATA[Mark Zuckerberg Meta]]></media:text>
                                <media:title type="plain"><![CDATA[Mark Zuckerberg Meta]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/zcH5VAaCXXGsCM78Hyv7fJ-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>Meta paused its internal Model Capability Initiative (MCI) after an employee flagged exposure of sensitive data from mouse movement and activity tracking</strong></li><li><strong>Program allegedly collected prompts, private conversations, performance data, and even tax/medical info in unencrypted form</strong></li><li><strong>Meta says no improper access confirmed but is investigating; some employees still see the program running during the pause</strong></li></ul><p>Meta is pausing an employee-tracking program after one of the employees flagged it as exposing sensitive data.</p><p>The company behind Facebook, Instagram, and WhatsApp, was apparently running an internal program that was tracking employee mouse movements and digital activity. Called Model Capability Initiative (MCI), this program allegedly started in April with the goal of training <a href="https://www.techradar.com/best/best-ai-tools" target="_blank">Meta’s AI models</a> through employee behavior recordings. </p><p>According to a memo released on launch, the purpose of the program was to improve the company’s AI models in areas where they struggled to replicate how humans interacted with computers, such as picking from a dropdown menu, or using different keyboard shortcuts.</p><h2 id="personal-tax-and-medical-information-exposed">Personal tax and medical information exposed?</h2><p>"This is where all Meta employees can help our models get better simply by doing their daily work," the memo said at the time.</p><p>Reuters reported that an employee filed a high-priority security incident report (SEV) over the program’s exposure of employee data, including "full ​prompts and transcriptions, private ​conversations, people & performance ⁠data, DSS sensitivity ratings (1-4)." The same publication also said the program was collecting “more information than initially described” and stored it in unencrypted form. </p><p>"I have accessed both personal tax and medical information through ⁠my ​work computer, as have many thousands of employees,” the employee allegedly said. “​We were told this data would be protected and only used for valid business purposes after aggressive ​filtering."</p><p>Now, Meta confirmed pausing the program to investigate these claims. </p><p>"We have carefully designed this program ​with privacy safeguards and while we have no indication at this time that ​any data was improperly accessed by Meta employees, we're pausing it while we investigate," company spokesperson Tracy Clayton was cited saying. The company did not say for how long the program will be paused but stressed that it would take time to stop it for everyone, so some employees might still see it running. </p><p>As of Monday afternoon, the program was still running for some people, Reuters confirmed. </p><p><em>Via </em><a href="https://www.reuters.com/sustainability/boards-policy-regulation/meta-start-capturing-employee-mouse-movements-keystrokes-ai-training-data-2026-04-21/" target="_blank"><em>Reuters</em></a></p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Tata Electronics confirm data breach, with hackers claiming 200,000 Apple, Tesla files stolen ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/tata-electronics-confirm-data-breach-with-hackers-claiming-200-000-apple-tesla-files-stolen</link>
                                                                            <description>
                            <![CDATA[ World Leaks shared a large database allegedly stolen from Tata Electronics, containing sensitive Apple and Tesla files. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">2XSZSFFFTPASzShW26qViV</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/AsscCgZRnWXMPyCxtEfpkK-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 23 Jun 2026 13:28:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                                                                                    <dc:creator><![CDATA[ Sead Fadilpašić ]]></dc:creator>                                                                                                        <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/AsscCgZRnWXMPyCxtEfpkK-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[An email symbol inside a red square warning sign, surrounded by red triangles with exclamation marks inside them, superimposed on someone typing on a laptop]]></media:description>                                                            <media:text><![CDATA[An email symbol inside a red square warning sign, surrounded by red triangles with exclamation marks inside them, superimposed on someone typing on a laptop]]></media:text>
                                <media:title type="plain"><![CDATA[An email symbol inside a red square warning sign, surrounded by red triangles with exclamation marks inside them, superimposed on someone typing on a laptop]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/AsscCgZRnWXMPyCxtEfpkK-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>Tata Electronics confirmed a cyberattack but said operations remain unaffected, despite threat actor World Leaks claiming 630GB of alleged data</strong></li><li><strong>Archive reportedly includes Apple/Tesla schematics, passport scans, and proprietary files; researchers found references to Pegatron, Foxconn, and Qualcomm too</strong></li><li><strong>Reuters noted Tata is being extorted, though ransom details remain unclear; leaked files suggest sensitive manufacturing and engineering data exposure</strong></li></ul><p>Tata Electronics, the electronics and semiconductor manufacturing arm of the Tata Group conglomerate, confirmed suffering a cyberattack, but said it did not affect its operations. The scale of the breach, however, could be rather extensive.</p><p>"A few weeks ago, Tata Electronics identified a cybersecurity incident on some of our systems,” the company said in a statement to Reuters. “Our response protocols were deployed immediately, and the incident has had no impact on our operations across businesses, which remain unaffected," it said, without going into details.</p><p>This statement came almost two weeks after a threat actor called World Leaks posted a large database on its data leak site, claiming to have come from Tata Electronics, and affecting companies such as Apple and Tesla. </p><h2 id="sensitive-files-confirmed">Sensitive files confirmed</h2><p>According to Reuters, roughly a third of all iPhone production in India is done by Tata Electronics. The company supplies Apple with back panels, enclosures, and circuit board parts, among other things. For Tesla, it’s been supplying it with chips, circuit board assemblies, and vehicle motor controller units, since 2025.</p><p><a href="https://www.techradar.com/best/best-ransomware-protection" target="_blank">World Leaks</a> uploaded an archive of 204,341 files, weighing 630.4GB. Allegedly, it contains numerous confidential and proprietary data, including Apple and Tesla schematics, passport scans, and other sensitive files. </p><p>Reuters said Tata was being extorted for the files but did not say how much money the threat actors were demanding, or if the negotiations were progressing in any way. </p><p>Some security researchers analyzed the leaked files and said that they contained information about manufacturing and engineering processes from these two companies. Among the researchers were Cybernews, who claim to have seen “hundreds of references to Apple and Tesla”, a folder named “com.apple.factorydata”, as well as documents labeled as proprietary or confidential. </p><p>Cybernews also found files referencing other companies, too: Pegatron, Foxconn, and Qualcomm, to name a few. However, there is no evidence that any of these companies had been breached.</p><p><em>Via </em><a href="https://cybernews.com/security/tata-electronics-breach-apple-tesla-secret-files/" target="_blank"><em>Cybernews</em></a></p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ 'Act now': Five Eyes warns that AI models specialized for cyber attacks are only months away ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/act-now-five-eyes-warns-that-ai-models-specialized-for-cyber-attacks-are-only-months-away</link>
                                                                            <description>
                            <![CDATA[ A whole-of-organisation and whole-of-society response is required, Five Eyes is saying, as AI's capabilities grow stronger. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">yJsC8RDCgAwDbwu3tQLLAf</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/6t9Lsf3QWte55CdyiDs97L-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 23 Jun 2026 10:54:15 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                                                                                    <dc:creator><![CDATA[ Sead Fadilpašić ]]></dc:creator>                                                                                                        <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/6t9Lsf3QWte55CdyiDs97L-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[A robot&#039;s hand typing on a laptop keyboard]]></media:description>                                                            <media:text><![CDATA[A robot&#039;s hand typing on a laptop keyboard]]></media:text>
                                <media:title type="plain"><![CDATA[A robot&#039;s hand typing on a laptop keyboard]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/6t9Lsf3QWte55CdyiDs97L-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>Five Eyes alliance warned frontier GenAI models will enable advanced cyberattacks against businesses and governments within months</strong></li><li><strong>Statement stressed cyber risk is now a leadership and business continuity issue, requiring whole‑of‑society response</strong></li><li><strong>Comes amid concerns over Anthropic’s Mythos Preview and other models already showing offensive potential despite guardrails</strong></li></ul><p>In just a few months, high-end Generative Artificial Intelligence models (<a href="https://www.techradar.com/best/best-ai-tools" target="_blank">GenAI</a>) will be capable of running cyberattacks on big businesses and government organizations, Five Eyes is warning.</p><p>The Five Eyes is an intelligence-sharing alliance between the United States, United Kingdom, Canada, Australia, and New Zealand. Formed after the Second World War, it allows the five countries to closely cooperate on intelligence and matters of national security. </p><p>Earlier this week, Five Eyes issued a new warning, saying that AI will help improve cyber defense over time, but will also accelerate the speed, scale, and sophistication, of threats: “Frontier AI models are anticipated to exceed current industry expectations, fundamentally transforming both offensive and defensive cyber capabilities. The timeline is not years, it is months,” the warning reads. “In this environment, cyber resilience is integral to advancing business continuity, market confidence, and long-term value.”</p><h2 id="all-hands-on-deck">All hands on deck</h2><p>Five Eyes is now saying that the industry needs all hands on deck to address what’s increasingly becoming a burning issue: </p><p>“A whole-of-organisation and whole-of-society response is required,” it said. “Cyber risk can no longer be treated as a purely technical issue. This is a core business risk and leadership responsibility.”</p><p>In early April, news broke that Anthropic’s latest AI model, Mythos Preview, was so good at exploiting software vulnerabilities, that the company could not release it to the public. Instead, it only shared it with a handful of US enterprises, to give them a head start against threat actors.</p><p>While skeptics said it was nothing more than a publicity stunt, similar to what OpenAI pulled off with ChatGPT 2.0, companies that used it (for example, Mozilla), confirmed that it was, indeed, powerful enough that it needs to be kept in check. </p><p>Even models available today, despite all the guardrails, are being regularly leveraged by bad actors in different cyberattack scenarios. </p><p><em>Via </em><a href="https://www.theguardian.com/technology/2026/jun/22/anthropic-claude-fable-ai-model-artificial-intelligence-national-security" target="_blank"><em>The Guardian</em></a></p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ New lightweight, self-propagating crypto stealing malware delivered by USB spotted by Microsoft researchers – Crypto Clipper script-based stealer hunts for vulnerable wallets ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/new-lightweight-self-propagating-crypto-stealing-malware-delivered-by-usb-spotted-by-microsoft-researchers-crypto-clipper-script-based-stealer-hunts-for-vulnerable-wallets</link>
                                                                            <description>
                            <![CDATA[ Microsoft details a newly discovered wormlike infostealer called Crypto Clipper. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">GaqMuUuMNrgQhbzMPLJ9SN</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/VnoVVXTmAmxSBYBe4LUwVW-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 22 Jun 2026 18:15:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                                                                                    <dc:creator><![CDATA[ Sead Fadilpašić ]]></dc:creator>                                                                                                        <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/VnoVVXTmAmxSBYBe4LUwVW-1280-80.jpg">
                                                            <media:credit><![CDATA[vjkombajn/Pixabay]]></media:credit>
                                                                                                                                                                        <media:description><![CDATA[Image credit: Pixabay/vjkombajn]]></media:description>                                                            <media:text><![CDATA[Cryptocurrencies]]></media:text>
                                <media:title type="plain"><![CDATA[Cryptocurrencies]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/VnoVVXTmAmxSBYBe4LUwVW-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>Microsoft warns of “Crypto Clipper,” a worm spreading via malicious .LNK files on USB drives</strong></li><li><strong>Malware maintains persistence, connects to Tor C2, enables remote code execution, and steals clipboard crypto data</strong></li><li><strong>It swaps wallet addresses, exfiltrates seed phrases/private keys, and uploads screenshots to assess target value</strong></li></ul><p>Microsoft is warning of an ongoing campaign targeting cryptocurrency owners with a clipboard-jacking worm.</p><p>In a new in-depth report published late last week, Microsoft’s security researchers explained that they recently analyzed a thumb drive that contained seemingly normal documents (Word files, Excel spreadsheets). However, the documents were replaced with Windows shortcut (.LNK) files which actually launched a piece of malware called Crypto Clipper. </p><p>This malware does a couple of things. First, it spreads by creating malicious .LNK files on USB drives and other removable media. It also sets up scheduled tasks to maintain persistence and automatically infect newly connected USB devices. Second, it behaves like a backdoor by regularly contacting a C2 server over the Tor network and receiving commands from the attacker. The server can also send commands to have the malware download and execute attacker-supplied code on the infected system, as well. </p><h2 id="stealing-wallet-data">Stealing wallet data</h2><p>Finally, Crypto Clipper acts as a clipboard clipper by monitoring the Windows clipboard for cryptocurrency wallet addresses, seed phrases, and private keys. If it spots a wallet address, it can replace it with a different one, owned by the attackers, so that any tokens sent by the victim go to the attacker, instead. It can also steal and exfiltrate copied seed phrases and private keys, which can be used to load a victim's crypto wallet on a separate device. </p><p>To help attackers assess the value of a target, the <a href="https://www.techradar.com/best/best-malware-removal" target="_blank">malware</a> periodically captures screenshots of the victim's screen and uploads them through the Tor network.</p><p>“This malware family shows how lightweight, script-based stealers can deliver outsized impact when paired with anonymized communications and runtime tasking,” Microsoft said. “The combination of Tor-routed C2, clipboard targeting, screenshot capture, and remote code execution gives attackers both immediate monetization paths and continued control over compromised devices.”</p><p>Microsoft did not say if the malware targeted any specific countries or regions, nor did it discuss the number of victims.</p><p><em>Via </em><a href="https://arstechnica.com/security/2026/06/microsoft-spots-new-self-propagating-malware-for-stealing-cryptocurrency/" target="_blank"><em>Ars Technica</em></a></p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Almost 7000 Amazon Prime Day scam domains have been registered before the big sale – here's how to shop safely this Amazon Prime Day ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/almost-7000-amazon-prime-day-scam-domains-have-been-registered-before-the-big-sale-heres-how-to-shop-safely-this-amazon-prime-day</link>
                                                                            <description>
                            <![CDATA[ Hackers are in pole position weeks before the big day, looking to steal data and money. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">mYYdVevb8dMQHYjNToTnJe</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/EtfqnyK6fTx3i9G5AxmZGk-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 22 Jun 2026 16:20:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                                                                                    <dc:creator><![CDATA[ Sead Fadilpašić ]]></dc:creator>                                                                                                        <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/EtfqnyK6fTx3i9G5AxmZGk-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock / Ken Stocker]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[A person holding a phone looking at a text with warning signs]]></media:description>                                                            <media:text><![CDATA[A person holding a phone looking at a text with warning signs]]></media:text>
                                <media:title type="plain"><![CDATA[A person holding a phone looking at a text with warning signs]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/EtfqnyK6fTx3i9G5AxmZGk-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>Check Point Research warns Prime Day (June 23–26, 2026) is fueling a surge in malicious Amazon‑themed domains</strong></li><li><strong>6,843 domains registered Dec–May; nearly 10% flagged malicious/suspicious, with June showing 1 in 13 domains risky</strong></li><li><strong>Shoppers urged to avoid Google searches for Amazon, verify URLs, and treat “too good to be true” deals with caution</strong></li></ul><p>Thousands of new domains were registered in the weeks and months leading up to <a href="https://www.techradar.com/seasonal-sales/amazon-has-quietly-released-its-most-popular-prime-day-deals-65-percent-off-fire-tvs-blink-cameras-kindle-ring-doorbells-echo-speakers-and-more" target="_blank">Amazon Prime Day</a>, most of which are malicious and created to steal consumer data and possibly money. This is according to a new report from Check Point Research (CPR), in which the security outfit warns about Prime Day being the perfect storm for every cybercriminal.</p><p>Amazon’s Prime Day is set to take place between June 23 and 26, 2026. During these four days, thousands of retailers in 25 countries will offer great deals on their goods and services, creating one of the biggest retail events on the planet. Consequently, they’ll also be creating one of the biggest cyberattack events on the planet, as well: </p><p>“Major retail moments bring together the three ingredients’ attackers exploit most: a globally trusted brand, time-limited urgency, and massive purchase intent at scale,” CPR warns, adding that phishing emails, fake websites, fraudulent offers, and account takeover attempts all surge during this period.</p><h2 id="how-to-defend-against-prime-day-scams">How to defend against Prime Day scams</h2><p>For events such as this one, crooks prepare months in advance. CPR found that between December 2025 and May 2026, there were 6,843 new Amazon-themed domains registered worldwide, most of which were set up in April (1,446). May 2026 added another 1,267 domains.</p><p>Obviously, not all of them will be malicious, but CPR said that almost one in ten (9.2%) were already classified as either malicious or suspicious, and in the first week of June, one in every thirteen was labeled the same way. </p><p>“This pattern reflects a broader build-up of malicious infrastructure ahead of the event, with multiple Amazon-themed domains designed to exploit brand trust, urgency, and high purchase intent at scale,” the researchers warned. </p><p>To stay safe this Amazon Prime Day, always double-check the website you’re visiting, always go to Amazon's legitimate domain (https://www.amazon.com/) rather than relying on Google search results, and remember - if something is too good to be true, it most likely is.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ A newbie hacker used "vague, low-skill prompts" in Claude and Codex to breach 14 companies, and the AI Agents did all the legwork ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/a-newbie-hacker-used-vague-low-skill-prompts-in-claude-and-codex-to-breach-14-companies-and-the-ai-agents-did-all-the-legwork</link>
                                                                            <description>
                            <![CDATA[ A newbie hacker is still a newbie hacker, though, and this one left a few gaping holes in his work. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">VMRSV9yYEZbm4Lkvnzczmn</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/Thi6y93AMWrCXJAEiHDQbL-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 22 Jun 2026 14:35:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                                                                                    <dc:creator><![CDATA[ Sead Fadilpašić ]]></dc:creator>                                                                                                        <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/Thi6y93AMWrCXJAEiHDQbL-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[A robot in front of a digital screen, touching some of the symbols with its outstretched finger]]></media:description>                                                            <media:text><![CDATA[A robot in front of a digital screen, touching some of the symbols with its outstretched finger]]></media:text>
                                <media:title type="plain"><![CDATA[A robot in front of a digital screen, touching some of the symbols with its outstretched finger]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/Thi6y93AMWrCXJAEiHDQbL-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>OALABS analyzed a novice attacker’s full working directory showing 14 breaches carried out with Claude Code and Codex agents</strong></li><li><strong>Attacker used vague prompts; AI agents handled reconnaissance, exploit writing, and data harvesting, bypassing guardrails with ease</strong></li><li><strong>Logs revealed attacker’s identity and location in Addis Ababa, Ethiopia</strong></li></ul><p>A newbie cybercriminal managed to break into 14 organizations and steal sensitive data, just by using Anthropic’s Claude Code and OpenAI’s Codex agents. This is according to cybersecurity researchers OALABS, who recovered and analyzed the attacker’s entire working directory.</p><p>The researchers used this news as yet another proof that advanced Generative Artificial Intelligence (<a href="https://www.techradar.com/best/best-ai-tools" target="_blank">GenAI</a>) models are significantly lowering the barrier for entry into cybercrime, and to sound the alarm that the security community needs to step up.</p><p>“In many cases, the attacker supplied only vague, low-skill prompts and allowed Claude to fill in the gaps: researching exposed services, identifying possible vulnerabilities, writing exploit code, validating access, and harvesting data,” the researchers said. “The attacker did not need to be an expert operator; they simply had to use the correct framing for their prompts. The agent supplied much of the structure and technical execution that the attacker appeared to lack.”</p><h2 id="doxxing-the-attacker">Doxxing the attacker</h2><p>OALABS could not find evidence that the stolen data was monetized in any way, either by being sold on the dark web, or by extorting the victim companies. They did, however, find numerous pieces of evidence about the attacker’s identity and whereabouts.</p><p>According to the researchers, the attacker did not run the AI agents on his own infrastructure, but rather on a third-party server, and when that third party discovered malicious activity, they downloaded the entire working directory and shared it with the researchers.</p><p>“Because the agents were local to the host, their full session logs were recovered, including the attacker’s prompts, the tools used, the internal monologue of the large language model (LLM), and any policy violations recorded during the sessions,” the researchers said.</p><p>OALABS was thus able to analyze more than 1,000 agent sessions, seeing how the attacker was able, with ease, to bypass most of the agents’ guardrails. Among the sessions were also the threat actor’s CV with his full name, location, education history, and LinkedIn profile, as well as his IP address which showed that he was located in Addis Ababa, Ethiopia.</p><p><em>Via </em><a href="https://www.helpnetsecurity.com/2026/06/17/ai-agents-offensive-cyber-operations-claude-codex/" target="_blank"><em>Helpnet Security</em></a></p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Thousands of D-Link and QNAP NAS routers compromised by fast-moving AryStinger malware that turns unsecured devices into a malicious proxy botnet ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/thousands-of-d-link-and-qnap-nas-routers-compromised-by-fast-moving-arystinger-malware-that-turns-unsecured-devices-into-a-malicious-proxy-botnet</link>
                                                                            <description>
                            <![CDATA[ More than 4,000 routers have been compromised so far, while the number of poisoned NAS devices remains unknown. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">P8KFdsr77m4i24xC9tFPEK</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/2FFajuvJVK8i7Her8gD4aD-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 22 Jun 2026 12:15:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                                                                                    <dc:creator><![CDATA[ Sead Fadilpašić ]]></dc:creator>                                                                                                        <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/2FFajuvJVK8i7Her8gD4aD-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Abstract image of robots working in an office environment including creating blueprint of robot arm, making a phone call, and typing on a keyboard]]></media:description>                                                            <media:text><![CDATA[Abstract image of robots working in an office environment including creating blueprint of robot arm, making a phone call, and typing on a keyboard]]></media:text>
                                <media:title type="plain"><![CDATA[Abstract image of robots working in an office environment including creating blueprint of robot arm, making a phone call, and typing on a keyboard]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/2FFajuvJVK8i7Her8gD4aD-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>QiAnXin XLab uncovered “AryStinger,” malware exploiting old D-Link/Linksys router flaws (CVE‑2013‑3307, CVE‑2016‑5681) to build a proxy/reconnaissance network</strong></li><li><strong>So far 4,300 routers infected, mostly in South Korea (48%) and China (32%), with QNAP NAS devices also targeted via CVE‑2025‑11837</strong></li><li><strong>Compromised devices enable scanning, tunneling, and covert control; researchers advise monitoring logs, binaries in /tmp/bin, and suspicious processes like </strong><em><strong>syswapd0h</strong></em><strong> or </strong><em><strong>syswapd0w</strong></em></li></ul><p>Cybersecurity researchers QiAnXin XLab are warning about an ongoing campaign to create a distributed reconnaissance and proxy network out of people’s <a href="https://www.techradar.com/news/networking/routers-storage/best-router-9-top-wireless-routers-on-test-1090523" target="_blank">routers</a> and NAS devices. </p><p>The campaign targets outdated and unsupported routers (mostly D-Link and Linksys), powered by Realtek’s RTL819X chips which were a popular choice between 2012 and 2015. The attackers are leveraging two (ancient) vulnerabilities, CVE-2013-3307 in Linksys models and CVE-2016-5681 in D-Link ones, to infect the devices with a previously undetected piece of malware called AryStinger.</p><p>According to the researchers, AryStinger is used during the reconnaissance and planning stages of a more serious cyberattack. Devices infected with this malware can scan the internet, fingerprint services, enumerate subdomains, tunnel traffic, and run commands on demand, all while hiding the location (and true identity) of the attackers.</p><h2 id="targeting-nas-devices">Targeting NAS devices</h2><p>“Once compromised by malware like AryStinger that possesses reconnaissance and covert control capabilities, it is equivalent to a hacker placing a permanent "invisible listening device" and "attack springboard" within your network,” the researchers said.</p><p>QiAnXin’s XLab says that So far, AryStinger infected 4,300 routers, but stresses that this is not the final number and with the campaign ongoing, will rise even more.</p><p>The majority of the victims are located in South Korea (48%) and China (32%), with notable mentions being Sweden, Malaysia, and Singapore. </p><p>AryStinger also targets QNAP’s <a href="https://www.techradar.com/news/the-10-best-nas-devices-reviewed" target="_blank">NAS devices</a>, leveraging a code injection flaw in the device’s Malware Remover. This flaw, tracked as CVE-2025-11837, was first discovered during last year’s Pwn2Own event, and was patched in November 2025. The researchers don’t know how many of these devices are currently infected, and say the 4,300 figure only relates to routers.</p><p>The researchers did not attribute this attack to any particular threat actor.</p><p>To defend against AryStinger, the researchers recommend monitoring the logs for any outbound connections to the C2 and download domains (found <a href="https://blog.xlab.qianxin.com/arystinger-botnet-hijacks-legacy-routers-for-global-attacks-en/" target="_blank">here</a>), checking /tmp/bin for unrecognized binaries, and looking for processes named syswapd0h or syswapd0w.</p><p><em>Via </em><a href="https://thehackernews.com/2026/06/arystinger-malware-infects-4300-legacy.html" target="_blank"><em>The Hacker News</em></a></p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ ‘I barely slept last night’: Hackers sent an ‘extreme’ alert to millions of Brazilians using the government’s own tools, and that’s a huge concern ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/computing/cyber-security/i-barely-slept-last-night-hackers-sent-an-extreme-alert-to-millions-of-brazilians-using-the-governments-own-tools-and-thats-a-huge-concern</link>
                                                                            <description>
                            <![CDATA[ Hackers breached government systems in Brazil to send millions of people a mysterious ‘extreme’ alert. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">xzHZArtxfXsF9o77iA4yhc</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/ui7eDjrVhqovuAQCCWrpkF-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 22 Jun 2026 11:56:22 +0000</pubDate>                                                                                                                                <updated>Mon, 22 Jun 2026 11:59:00 +0000</updated>
                                                                                                                                            <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                                                                <author><![CDATA[ alexblake.techradar@gmail.com (Alex Blake) ]]></author>                    <dc:creator><![CDATA[ Alex Blake ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/gwmVRU4zMGnDYsGVAFvRmL.png ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Alex Blake has been fooling around with computers since the early 1990s, and since that time he&#039;s learned a thing or two about tech. No more than two things, though. That&#039;s all his brain can hold. As well as TechRadar, Alex writes for iMore, Digital Trends and Creative Bloq, among others. He was previously commissioning editor at MacFormat magazine. That means he mostly covers the world of Apple and its latest products, but also Windows, computer peripherals, mobile apps, and much more beyond. When not writing, you can find him hiking the English countryside and gaming on his PC.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/ui7eDjrVhqovuAQCCWrpkF-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Two hands holding a phone showing the Brazil flag and X]]></media:description>                                                            <media:text><![CDATA[Two hands holding a phone showing the Brazil flag and X]]></media:text>
                                <media:title type="plain"><![CDATA[Two hands holding a phone showing the Brazil flag and X]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/ui7eDjrVhqovuAQCCWrpkF-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>Millions of Brazilians received an unauthorized government alert</strong></li><li><strong>The text simply read ‘misanthropi4’ and it’s unknown who sent it</strong></li><li><strong>The government has denied it was responsible, pointing towards hackers</strong></li></ul><p>If you’re based in the US, you might know about AMBER alerts, also known as <a href="https://www.techradar.com/phones/android/your-android-phone-just-got-better-at-saving-your-life-heres-how">Wireless Emergency Alerts</a>, which are mass-broadcast messages sent to every <a href="https://www.techradar.com/news/best-phone">smartphone</a> in a designated area. Several other nations have similar platforms in place, including Brazil — but many Brazilians recently learned that their emergency alert system wasn’t quite as secure as they might have hoped.</p><p>In the early hours of Saturday morning, millions of Brazilians were jolted awake by a mysterious message from the country’s alert system. The alert level was classified as “extreme,” and concerningly, it’s thought it was the work of <a href="https://www.techradar.com/pro/security/experts-warn-hackers-are-hiding-malware-inside-googles-own-ad-systems-heres-what-we-know">hackers</a> rather than any official body. </p><p>The message, which was sent to civilians in the southern state of Paraná and the cities of São Paulo and Rio de Janeiro, among others, simply read “misantropi4.” That’s an approximation of the Portuguese word “misanthropia,” (with the final A swapped for a 4). As with the English word “misanthropy,” it means a hatred or distrust of humanity. </p><p>The message was accompanied by a loud alarm sound normally reserved for particularly severe thunderstorms. Since the text was sent shortly after midnight local time, it ensured that many people were woken up in the middle of the night. </p><p>Brazilian authorities said that the emergency message system was taken offline after a probable hacker attack, suggesting that this was more than just a simple text sent out in error by the government. Indeed, there was no event or natural disaster serious enough to warrant the alert being activated at the time, which further points towards bad actors being responsible.</p><h2 id="a-potentially-devastating-attack">A potentially devastating attack</h2><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:738px;"><p class="vanilla-image-block" style="padding-top:56.23%;"><img id="3yJ4ZzG7h8cwpxdMsAJVqf" name="Brazil hackers alert system by BrazilianSwainSimp" alt="An alert sent by hackers to users in Brazil." src="https://cdn.mos.cms.futurecdn.net/3yJ4ZzG7h8cwpxdMsAJVqf.jpg" mos="" align="middle" fullscreen="" width="738" height="415" attribution="" endorsement="" class="inline"></p></div></div><figcaption itemprop="caption description" class=" inline-layout"><span class="caption-text">An example of the text sent by hackers to Brazilian civilians. </span><span class="credit" itemprop="copyrightHolder">(Image credit: BrazilianSwainSimp on Reddit)</span></figcaption></figure><p>The fact that hackers were able to breach a government system that has the potential to communicate with every mobile device in a given area of the country has worrying implications, both for the ways civilians could be manipulated and for the security of government institutions as a whole. </p><p>A text from a known government source is likely to be trusted more than one from an unknown number. With access to Brazil’s emergency broadcast system, hackers could potentially send out fraudulent messages that might have a larger impact than normal. That opens the door for all kinds of nefarious activities. </p><p>For now, this attack seems to have had a relatively minor impact. For many Brazilians posting on social media, the text was confusing more than anything else. </p><p><a href="https://www.reddit.com/r/mildlyinfuriating/comments/1uay1mi/comment/ossr3lj/" target="_blank">Last-Educator3947 on Reddit</a>, for example, said “I live in the town where the alert was first sent. It happened five minutes after the Brazil x Haiti <a href="https://www.techradar.com/how-to-watch/football/world-cup-2026-free">World Cup</a> game. My anxious brain associated misanthropy with a violent attack on the people celebrating in the streets after the game. I thought it was an incel <a href="https://www.techradar.com/computing/social-media/discord-just-made-your-voice-and-video-calls-more-private-and-secure-than-ever-but-age-verification-privacy-concerns-havent-been-dispelled">Discord</a> hacker sending a message to start a ‘The Purge’-style attack.” They then added: “I’m laughing now but I barely slept last night.” </p><p>Reddit user <a href="https://www.reddit.com/r/mildlyinfuriating/comments/1uay1mi/comment/osrt6os/" target="_blank">Magnon</a>, meanwhile, summed up the situation by saying that it, “Sounds like an anime villain just spawned.” </p><p>According to the <a href="https://x.com/IntCyberDigest/status/2068633434591830290" target="_blank">International Cyber Digest newsletter</a> on X, this breach could be linked to a previous hack of a Brazilian government employee who was infected with an <a href="https://www.techradar.com/pro/security/mac-users-beware-this-devious-new-infostealer-malware-disguises-itself-as-official-apple-tools-to-lure-in-victims">infostealer</a>. International Cyber Digest claims that stolen credentials included government logins, emails, developmental and staging environments, and more. </p><p>Whether or not this is what gave hackers access to the Brazilian government’s alert system isn’t yet known. Either way, it demonstrates the power that hackers can accrue if they find a way into supposedly secure governmental systems. While this alert saga turned out to be relatively harmless, that might not be the case next time.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ 'Password reuse only sharpens this problem': Browser-based password storage isn't as safe as you think – these top tips from the experts show how it should be done ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/password-reuse-only-sharpens-this-problem-browser-based-password-storage-isnt-as-safe-as-you-think-these-top-tips-from-the-experts-show-how-it-should-be-done</link>
                                                                            <description>
                            <![CDATA[ Many users store their passwords exclusively in the browser, creating a huge opportunity for threat actors. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">HduDFteHAvRg2y52uHNwtR</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/sdX9zemjZm28VpG7phLCAA-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 22 Jun 2026 11:00:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                                                                                    <dc:creator><![CDATA[ Sead Fadilpašić ]]></dc:creator>                                                                                                        <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/sdX9zemjZm28VpG7phLCAA-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Collage of a web browser, with a laptop computer with a search bar and cut-out hands pointing at it]]></media:description>                                                            <media:text><![CDATA[Collage of a web browser, with a laptop computer with a search bar and cut-out hands pointing at it]]></media:text>
                                <media:title type="plain"><![CDATA[Collage of a web browser, with a laptop computer with a search bar and cut-out hands pointing at it]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/sdX9zemjZm28VpG7phLCAA-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>NordPass survey of 7,800+ users found 40–50% still store passwords in browsers for convenience</strong></li><li><strong>This practice leaves credentials exposed to malware, account compromise, or device theft, especially with password reuse</strong></li><li><strong>Experts urge switching to passkeys or dedicated password managers with zero‑knowledge encryption for stronger protection</strong></li></ul><p>Most consumers still store their passwords in the <a href="https://www.techradar.com/best/browser" target="_blank">browser</a>, despite the cybersecurity community’s repeated cries over the risky practice.</p><p>Recently NordPass, a company building a <a href="https://www.techradar.com/best/password-manager" target="_blank">password manager</a>, polled 7,861 people in Australia, Canada, France, Germany, Italy, Spain, the UK, and the US, on their password storing habits, and learned that the vast majority (between 40% and 50%) save their secrets just in their browser. </p><p>"Convenience and ease of use dominate as the top two drivers, confirming that browser password saving is overwhelmingly a comfort-driven behavior — with cost and passive auto-save prompts playing a secondary but consistent role," says Karolis Arbaciauskas, head of product at NordPass and its parent organization, Nord Security.</p><h2 id="password-managers-are-a-better-option">Password managers are a better option</h2><p>Whenever a user creates, or types in a password, the browser would offer the option to store it. However, if the device is infected with malware, if the browser account gets compromised, or if someone gains access to the computer, these passwords can easily be stolen. </p><p>To make matters worse, NordPass says that many users set the same passwords across numerous services, creating a “digital house of cards that collapses if just one account is breached.”</p><p>For years now, the cybersecurity community has been recommending either the use of passkeys, or a password manager for more secure storage. NordPass says that a small percentage of respondents combine between browsers and password managers, in which the latter is more used as a backup option. However, that backup will do little good if the browser is compromised. </p><p>"Browser-based password managers are certainly a better choice than simply reusing or slightly altering the same password everywhere. However, dedicated password managers offer distinct advantages, such as encryption based on zero-knowledge architecture. This means all data is encrypted on your device before it ever leaves your computer or smartphone, ensuring that not even the developers can access your passwords — let alone anyone else," says Arbaciauskas.</p><h2 id="how-to-store-passwords-securely">How to store passwords securely</h2><ul><li>Use a dedicated password manager</li><li>Secure your password manager using two-factor authentication</li><li>Make use of security checkup features to check for reused or weak passwords</li><li>Always use a strong, unique password for each account</li><li>Use dark web monitoring to check for leaked usernames, email addresses, and passwords</li></ul>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Popular free VPN, streaming apps bombard business networks with 'laundered' traffic used by criminals to 'blend into normal consumer noise' — here's how to keep safe ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/popular-free-vpn-streaming-apps-bombard-business-networks-with-laundered-traffic-used-by-criminals-to-blend-into-normal-consumer-noise-heres-how-to-keep-safe</link>
                                                                            <description>
                            <![CDATA[ Residential proxies are both a boon for threat actors and a detriment for their victims, and many of them exist due to a lack of awareness ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">sN48RwKcpTQidqtP4GpSWX</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/BsnMKVyyNGEZMWVUsFD6vn-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Sun, 21 Jun 2026 18:40:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                                                                <author><![CDATA[ Rahimnoorali11@gmail.com (Rahim Amir) ]]></author>                    <dc:creator><![CDATA[ Rahim Amir ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/9xKZFBamtEZKSChRvywbPB.png ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Rahim Amir is a UAE-based tech writer who enjoys building PCs as much as he enjoys writing about them. He has been professionally writing about PC hardware since 2023, focusing on buyer’s guides, hardware reviews, and sponsored content and features related to tech.&lt;br&gt;&lt;br&gt;Having built hundreds of gaming PCs and being an avid gamer in his spare time, Rahim tends to have stronger opinions about hardware than most. This is particularly on display when he gets his way with powerful, but minimalistic RGB builds even as Small Form Factor (SFF) PCs come a close second.&lt;br&gt;&lt;br&gt;In addition to his contributions to TechRadar, Rahim’s work has also been featured on Game Rant and financial news websites.&lt;br&gt;&lt;br&gt;When he’s not working, you can find him playing DotA with friends or schmoozing to take the world over in Civilization. Alternatively, you can find him binging through the entirety of the Lord of The Rings universe with extended editions in play where applicable.&lt;br&gt;&lt;br&gt;You can currently catch Rahim grinding Path of Exile 2, complaining about his (extremely low) unique loot drop rate, or actively participating in one of the numerous (and heated) debates centered around Tolkien&#039;s universe on multiple forums daily.&lt;br&gt;&lt;br&gt;If you have a PC build or a Satisfactory playthrough in progress, he is likely to have some advice to send your way, especially regarding verticality being key for the latter. For the former, Rahim enjoys all aspects of the process including researching the components he will eventually use, benchmarking the latest and greatest hardware he can get his hands on, and somewhat surprisingly, cable management once he gets his latest build to POST.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/BsnMKVyyNGEZMWVUsFD6vn-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Proactive Cybersecurity Service That Neutralizes Threats Within a Digital Network - Conceptual Illustration]]></media:description>                                                            <media:text><![CDATA[Proactive Cybersecurity Service That Neutralizes Threats Within a Digital Network - Conceptual Illustration]]></media:text>
                                <media:title type="plain"><![CDATA[Proactive Cybersecurity Service That Neutralizes Threats Within a Digital Network - Conceptual Illustration]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/BsnMKVyyNGEZMWVUsFD6vn-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>Infoblox Threat Intel finds 65%+ of its cloud customers made DNS queries to residential-proxy domains in 2026</strong></li><li><strong>Residential proxies could result in legal exposure or reputational damage if threat actors abuse them</strong></li><li><strong>While not all residential proxies are illegal, abusers take advantage of anonymity coupled with cheap, unauthorized residential proxies to perform tasks that may be unethical, if not outright illegal at times</strong></li></ul><p>Users installing free VPNs, streaming apps, and even productivity apps might be unaware that they are often unintentionally the product themselves.</p><p>The old adage about there being no free lunch rings true here with many of these 'free' services essentially renting out the identity of an unsuspecting victim's network to strangers, many of which use it for malicious reasons.</p><p>The practice, which is considered fair game by many such applications has security and privacy implications in addition to users being flagged for fraud or extra verification as IP reputation systems at datacenters account for requests seemingly originating from a victim's network.</p><h2 id="blending-in-for-a-reason">Blending in for a reason</h2><p>The service being used here is called a 'residential proxy,' and while legitimate providers may exist, many of the sources are dubious to say the least. This is because demand for 'clean' residential proxies is both tremendous and consistent.</p><p>Research from <a href="https://www.infoblox.com/blog/threat-intelligence/residential-proxies-in-the-wild/" target="_blank">Infoblox Threat Intel</a> indicates that the situation is more dire than previously assumed, as nearly two thirds (65%) of its Threat Defense Cloud customers made DNS queries to domains used to access or orchestrate residential proxy networks in 2026, totaling over 500 billion such queries per month.</p><p>This is different from anonymizers like Tor or <a href="https://www.techradar.com/vpn/best-vpn" target="_blank">commercial VPNs</a>, which produce anonymized traffic via voluntary nodes for the former and datacenter IPs for the latter. It leverages existing hardware on one's residential network, such as home routers, phones, IoT gadgets, or anything else that can essentially run a proxy service.</p><p>The kicker is that most of these services never obtain permission from a 'host' or bury such clauses deep in their End-User License Agreement (EULA), often leading unsuspecting victims to 'help' with malicious activities such as fraud, unpermitted data scraping, and even streaming services that bypass regional limitations.</p><p>Victims suffer because not only do such services essentially freeload on their existing connections, slowing down their internet, but it could also result in their IP addresses or networks being marked as untrustworthy or even fraudulent if the occurrences remain regular. This could open them up to legal trouble: It is hard, time-consuming, and sometimes downright impossible to prove that you were the conduit rather than the perpetrator for said activities.</p><p>Avoiding this is easier said than done, but there are ways to reduce susceptibility to this kind of abuse. A software audit should be your first line of defense. Knowing what runs on all your devices and whether it is trustworthy or not is key to preventing exposure.</p><p>One should pay particular attention to free VPNs, cheap IoT devices from dubious manufacturers, streaming software, and even browser extensions, all of which can expose one to threat actors. <a href="https://www.techradar.com/news/networking/routers-storage/best-router-9-top-wireless-routers-on-test-1090523" target="_blank">Investing in a router</a> or software service that blocks such requests would also go a long way, as would leveraging Protective DNS to monitor your network.</p><p>To start, users can also use services to monitor and check their IP's risk profile, allowing them to determine whether they are already a victim of abuse.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Nintendo confirms data stolen via third-party cyberattack — but sadly no big secrets were revealed ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/nintendo-confirms-data-stolen-via-third-party-cyberattack-but-sadly-no-big-secrets-were-revealed</link>
                                                                            <description>
                            <![CDATA[ Shadowbyt3$ is asking for $2 million in exchange for the data, but Nintendo seemingly turned the offer down. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">8c7uJ5AYVUc4PHnVYx3BLT</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/wKC5gGHE5CWcks5iMRR96o-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Sat, 20 Jun 2026 12:05:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                                                                                    <dc:creator><![CDATA[ Sead Fadilpašić ]]></dc:creator>                                                                                                        <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/wKC5gGHE5CWcks5iMRR96o-1280-80.jpg">
                                                            <media:credit><![CDATA[Nintendo / Future]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Nintendo Switch 2 live coverage.]]></media:description>                                                            <media:text><![CDATA[Nintendo Switch 2 live coverage.]]></media:text>
                                <media:title type="plain"><![CDATA[Nintendo Switch 2 live coverage.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/wKC5gGHE5CWcks5iMRR96o-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>Shadowbyt3$ claims Nintendo of America breach, stealing ~1GB of employee data from TinyPulse survey platform and demanding $2M ransom</strong></li><li><strong>Nintendo confirmed third‑party TinyPulse compromise, stressing no customer or financial data affected and most info dated years back</strong></li><li><strong>Hackers later leaked alleged employee messages; authenticity unverified, suggesting failed negotiations or pressure tactics</strong></li></ul><p>Nintendo of America has confirmed suffering a third-party data breach incident, but played down its severity.</p><p>An “<a href="https://www.techradar.com/best/best-ransomware-protection" target="_blank">extortion-as-a-service</a>” hacking group called Shadowbyt3$ recently claimed to have breached Nintendo of America, a subsidiary of the Japanese gaming giant, operating in the United States, Canada, and some Latin America countries, and exfiltrated sensitive data on its employees.</p><p>The crooks said they stole almost 1GB of internal data, which included personal details belonging to the company’s employees, and gave Nintendo of America 48 hours to engage in negotiations before leaking the files and demanded $2 million in ransom.</p><h2 id="what-is-tinypulse">What is TinyPulse?</h2><p>The group claims to have nabbed people’s names, email addresses, analytics and survey data, bank statements, and W-9 forms containing employee IDs, progress plans, and reports between 2016 and 2026. They later added that the breach didn’t affect the company’s gaming department, but rather employees who used TinyPulse.</p><p>TinyPulse is an employee engagement and feedback platform companies use to measure how employees feel about their workplace. It is best known for sending short, frequent "pulse surveys” to collect honest feedback from staff.</p><p>In a statement given to <em>BleepingComputer</em>, Nintendo of America confirmed the third-party data breach. </p><p>“We are aware of an issue involving TinyPulse, a third-party service used for internal employee surveys at Nintendo of America,” the company told the publication. “Nintendo’s systems have not been compromised, and no personal customer or financial data has been accessed."</p><p>"The data involved is limited to internal survey content comprising a small subset of our employees, and most of the information dates back several years,” the company stressed, adding that it is now “working with the service provider to address the issue”.</p><p>Shadowbyt3$ later shared a link to a data set allegedly containing direct messages and conversations between employees. This either means the negotiations broke down, or that the crooks were simply trying to put Nintendo under more pressure. No analysts yet confirmed the authenticity of the leaked information. </p><p><em>Via </em><a href="https://www.bleepingcomputer.com/news/security/nintendo-confirms-data-stolen-in-webmd-subsidiary-cyberattack/" target="_blank"><em>BleepingComputer</em></a></p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Apple has fixed a security flaw in Beats Studio Buds which let hackers spy on conversations ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/apple-has-fixed-a-security-flaw-in-beats-studio-buds-which-let-hackers-spy-on-conversations</link>
                                                                            <description>
                            <![CDATA[ A Beats Studio Buds bug finally gets a patch after a year, which will be deployed next time users connect their headphones. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">ckUS3ZZ4GmSZzX9EBEntmK</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/cPvmHYPfTEXCqtPLtgK4Bc-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Sat, 20 Jun 2026 10:05:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                                                                                    <dc:creator><![CDATA[ Sead Fadilpašić ]]></dc:creator>                                                                                                        <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/cPvmHYPfTEXCqtPLtgK4Bc-1280-80.jpg">
                                                            <media:credit><![CDATA[Beats]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[A woman wearing the beats studio buds in white]]></media:description>                                                            <media:text><![CDATA[A woman wearing the beats studio buds in white]]></media:text>
                                <media:title type="plain"><![CDATA[A woman wearing the beats studio buds in white]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/cPvmHYPfTEXCqtPLtgK4Bc-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>Apple patches CVE‑2025‑20701, a high‑severity Bluetooth flaw in Beats Studio Buds enabling eavesdropping within range</strong></li><li><strong>Researchers showed attackers could chain related bugs to hijack headphones, issue phone commands, and read/write device memory</strong></li><li><strong>Fixed in Beats Firmware Update 1B211, auto‑installed when pairing with iPhone, iPad, or Mac</strong></li></ul><p>Apple has fixed a high-severity vulnerability in its Beats Studio Buds <a href="https://www.techradar.com/audio/earbuds-airpods/the-best-earbuds" target="_blank">wireless earbuds </a>that allowed threat actors to eavesdrop on people’s conversations if they were in Bluetooth range.</p><p>The vulnerability was discovered in 2025 by security researchers Dennis Heinze and Frieder Steinmetz of ERNW. It has been assigned CVE-2025-20701 and was given a severity score of 8.8/10 (high). </p><p>The researchers explained it stemmed from a missing authentication weakness in the Bluetooth BR/EDR radio, and also published a proof-of-concept (PoC) exploit that showed how malicious actors might initiate a call and listen in on people’s conversations, as long as they were within Bluetooth range.</p><h2 id="issuing-a-patch">Issuing a patch</h2><p>"In most cases, these vulnerabilities allow attackers to fully take over the headphones via Bluetooth. No authentication or pairing is required," they said. "The vulnerabilities can be triggered via Bluetooth BR/EDR or Bluetooth Low Energy (BLE). Being in Bluetooth range is the only precondition. It is possible to read and write the device’s RAM and flash."</p><p>They also managed to pull the call history, stored contacts, and even succeeded in calling a number, after extracting the Bluetooth link keys from a vulnerable device’s memory. </p><p>"The range of available commands depends on the mobile operating system, but all major platforms support at least initiating and receiving calls," they said, but added that "real attacks are complex to perform" and should likely target only high-value targets because they require technical sophistication and physical proximity.</p><p>The team also showed it was possible to chain this vulnerability with two other ones impacting the same component (CVE-2025-20700 and CVE-2025-20702), to use the Bluetooth Hands-Free Profile (HFP) to issue commands to the phone.</p><p>Apple has now released a new security advisory, confirming it released a fix for the flaw.</p><p>“An attacker within Bluetooth range may be able to listen through the microphone of a device which is not yet paired and actively seeking pair requests,” the advisory reads. “This is a vulnerability in open-source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party.”</p><p>Apple fixed the bug in Beats Firmware Update 1B211, which will be automatically installed next time users pair their headphones with their iPhone, iPad, or mac devices.</p><p><em>Via </em><a href="https://www.bleepingcomputer.com/news/security/apple-fixes-beats-studio-buds-flaw-that-let-hackers-spy-on-conversations/" target="_blank"><em>BleepingComputer</em></a></p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Microsoft warns AI agents are being 'AutoJack'-ed to deliver RCE payloads by browsing untrusted websites ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/microsoft-warns-ai-agents-are-being-autojack-ed-to-deliver-rce-payloads-by-browsing-untrusted-websites</link>
                                                                            <description>
                            <![CDATA[ Three minor vulnerabilities chained together can cause a lot of trouble but Microsoft fixed it on time. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">YRgqMAyooCn52GJJzZi7in</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/qP76MS2BAb7kSuWrvJXXYL-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 19 Jun 2026 15:20:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                                                                                    <dc:creator><![CDATA[ Sead Fadilpašić ]]></dc:creator>                                                                                                        <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/qP76MS2BAb7kSuWrvJXXYL-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Hands typing on a tablet with AI superimposed in text in front]]></media:description>                                                            <media:text><![CDATA[Hands typing on a tablet with AI superimposed in text in front]]></media:text>
                                <media:title type="plain"><![CDATA[Hands typing on a tablet with AI superimposed in text in front]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/qP76MS2BAb7kSuWrvJXXYL-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>Microsoft’s Defender Security Research Team discloses “AutoJack,” a vulnerability chain in AutoGen Studio enabling RCE via malicious websites</strong></li><li><strong>Flaws included localhost channel misuse, skipped login checks, and arbitrary code execution, letting agents run attacker‑supplied programs</strong></li><li><strong>Issue existed only in early GitHub builds, fixed before release; highlights need for strict authentication and isolation of local control planes</strong></li></ul><p>Microsoft's Defender Security Research Team has disclosed a vulnerability chain in AutoGen Studio that lets a single malicious website achieve remote code execution (RCE) on a device running an <a href="https://www.techradar.com/best/best-ai-tools" target="_blank">AI agent</a>. </p><p>AutoGen Studio is a program built by Microsoft Research for developing AI agents. The vulnerability chain was dubbed <a href="https://www.microsoft.com/en-us/security/blog/2026/06/18/autojack-single-page-rce-host-running-ai-agent/" target="_blank">“AutoJack”</a>, and it consists of three flaws which, when looked at separately, aren’t particularly troubling. Chained together, however, is a whole different story. </p><p>“The technique, which we call AutoJack, jacks the agent into becoming the attacker’s last-mile delivery vehicle by crossing the localhost trust boundary that many developer tools rely on,” Microsoft explained in its report.</p><h2 id="patching-the-bugs">Patching the bugs</h2><p>First, AutoGen Studio had a local control channel that only accepted connections from “localhost”, which is a good way to block outside attackers. </p><p>However, an AI agent's web browser also counts as “localhost”, meaning these connections would get accepted, too. Then, for this particular channel, login checks were skipped. </p><p>The app had several ways to require a username and password, but the part of the code handling this specific local channel was left wide open. </p><p>Finally, the channel would run almost anything it was told to run. Microsoft’s researchers managed to get an arbitrary program running, meaning threat actors could do the same, albeit with malicious code, instead. </p><p>In theory, the attack would work like this: the victim would instruct their AI agent to summarize a specific website. By doing so, the agent would be told to download and run malicious code which could be anything from backdoor malware to infostealers. </p><p>The good news is that Microsoft found this issue and reported it before the bug ever reached regular users. The official downloadable version of AutoGen Studio never had this problem, since it only existed in an early, in-development version on GitHub. The AutoGen team managed to fix it since then.</p><p>“If an agent can browse untrusted pages and also talk to privileged local services, loopback can become an attack surface and control planes must be authenticated, authorized, and isolated,” Microsoft concluded.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Apple users told to watch out for 'unpatchable' iPhone security issues - here's what we know ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/apple-users-told-to-watch-out-for-unpatchable-iphone-security-issues-heres-what-we-know</link>
                                                                            <description>
                            <![CDATA[ The bug is physical and also very difficult to exploit. Still, it can help jailbreak the device and snoop on the data inside. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">bLoEPVn6m93xx8qMp99hna</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/9zX5gTfFfZvM8w7JYtGwkL-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 19 Jun 2026 14:05:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                                                                                    <dc:creator><![CDATA[ Sead Fadilpašić ]]></dc:creator>                                                                                                        <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/9zX5gTfFfZvM8w7JYtGwkL-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Apple A12X]]></media:description>                                                            <media:text><![CDATA[Apple A12X]]></media:text>
                                <media:title type="plain"><![CDATA[Apple A12X]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/9zX5gTfFfZvM8w7JYtGwkL-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>Paradigm Shift discovered “usbliter8,” a hardware flaw in A12/A13 iPhone and S4/S5 Apple Watch chips allowing jailbreak via USB data handling</strong></li><li><strong>Exploitation requires physical access and Raspberry Pi, but enables bypassing iOS restrictions and deep system compromise</strong></li><li><strong>Apple cannot patch; only unaffected models (pre‑A12 or A14+) are secure, making device replacement the sole mitigation</strong></li></ul><p>Security researchers Paradigm Shift have discovered a vulnerability in older <a href="https://www.techradar.com/news/best-iphone" target="_blank">iPhone</a> and <a href="https://www.techradar.com/news/wearables/best-smart-watches-what-s-the-best-wearable-tech-for-you-1154074" target="_blank">Apple Watch</a> models which can be used to jailbreak the devices. What makes this vulnerability special is the fact that there is no fix for it - the only way to really be secure is to replace the device with a newer model.</p><p>The good news is that exploiting the flaw isn’t that simple. It cannot be done remotely since the attacker needs to have physical access to the device, and needs to hook it up to a Raspberry Pi.</p><p>It is still an important finding, and one which puts stolen iPhones (or those confiscated by law enforcement) at risk.</p><h2 id="handling-incoming-data">Handling incoming data</h2><p>The researchers dubbed the bug <a href="https://ps.tc/pages/blog-usbliter8.html" target="_blank">usbliter8</a>, and say it affects iPhone XS's A12 chip, the Apple Watch Series 4's S4 chip, and the iPhone 11's A13 SoC. Furthermore, the S5 (powering the Apple Watch Series 5, first-generation SE, and HomePod mini), was said to be vulnerable as well</p><p>The vulnerability stems from how these chips’ USB controllers handle incoming data. They don’t properly reset memory addresses between data transfers, letting the attacker place unauthorized code into the chip’s protected memory. </p><p>Therefore, according to Paradigm Shift, the bug can be abused for jailbreaking the device, meaning attackers could bypass iOS security restrictions entirely, install software at the deepest level of the system, and potentially extract data stored on the device. </p><p>Since this is a physical hardware design flaw, rather than a software bug, Apple can’t fix it with an update, and the only way to really remain secure is to move to a different model which isn’t affected by usbliter8. That includes either earlier SoCs (older than A12), or A14 and newer chips. </p><p>Paradigm Shift said it notified Apple of its findings, and thanked the company for its “prompt response, constructive engagement, and cooperation throughout the disclosure process”.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Experts warns AI toy apps for kids are tracking users and collecting personal data ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/experts-warns-ai-toy-apps-for-kids-are-tracking-users-and-collecting-personal-data</link>
                                                                            <description>
                            <![CDATA[ In a recent study by Cybernews, applications tied to 10 different toys each requested permissions and privileges categorized as 'dangerous'. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">adyaTHdN3tUswWwB8q9q9N</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/5BWVmrQN45jERQzFXpAivi-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 18 Jun 2026 21:05:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                                                                <author><![CDATA[ Rahimnoorali11@gmail.com (Rahim Amir) ]]></author>                    <dc:creator><![CDATA[ Rahim Amir ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/9xKZFBamtEZKSChRvywbPB.png ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Rahim Amir is a UAE-based tech writer who enjoys building PCs as much as he enjoys writing about them. He has been professionally writing about PC hardware since 2023, focusing on buyer’s guides, hardware reviews, and sponsored content and features related to tech.&lt;br&gt;&lt;br&gt;Having built hundreds of gaming PCs and being an avid gamer in his spare time, Rahim tends to have stronger opinions about hardware than most. This is particularly on display when he gets his way with powerful, but minimalistic RGB builds even as Small Form Factor (SFF) PCs come a close second.&lt;br&gt;&lt;br&gt;In addition to his contributions to TechRadar, Rahim’s work has also been featured on Game Rant and financial news websites.&lt;br&gt;&lt;br&gt;When he’s not working, you can find him playing DotA with friends or schmoozing to take the world over in Civilization. Alternatively, you can find him binging through the entirety of the Lord of The Rings universe with extended editions in play where applicable.&lt;br&gt;&lt;br&gt;You can currently catch Rahim grinding Path of Exile 2, complaining about his (extremely low) unique loot drop rate, or actively participating in one of the numerous (and heated) debates centered around Tolkien&#039;s universe on multiple forums daily.&lt;br&gt;&lt;br&gt;If you have a PC build or a Satisfactory playthrough in progress, he is likely to have some advice to send your way, especially regarding verticality being key for the latter. For the former, Rahim enjoys all aspects of the process including researching the components he will eventually use, benchmarking the latest and greatest hardware he can get his hands on, and somewhat surprisingly, cable management once he gets his latest build to POST.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/5BWVmrQN45jERQzFXpAivi-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock ID 1756081616]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Kid wearing large headphones while writing in a notebook giving thumbs up]]></media:description>                                                            <media:text><![CDATA[Kid wearing large headphones while writing in a notebook giving thumbs up]]></media:text>
                                <media:title type="plain"><![CDATA[Kid wearing large headphones while writing in a notebook giving thumbs up]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/5BWVmrQN45jERQzFXpAivi-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>Cybernews analyzed 10 Android companion apps for kids' AI/robotic toys and reported half of all declared permissions are considered dangerous by Android guidelines</strong></li><li><strong>The investigation found 3rd party trackers in 7 out of the 10 applications they examined</strong></li><li><strong>Researchers also detected two advertising, two profiling and one location tracker as part of their investigation</strong></li></ul><p>With AI toys becoming increasingly adopted by families, security firms are ringing the alarm about what this means for privacy in a post-LLM world.</p><p>Modern AI toys incorporate LLM models, allowing users, including children, to talk to and otherwise interact with them, and granting unprecedented access and permissions that enable them to harvest sensitive data with ease if a bad actor were involved.</p><p><a href="https://cybernews.com/privacy/ai-toy-apps-for-children-request-dangerous-permissions-and-include-third-party-trackers/" target="_blank"><em>Cybernews</em></a> recently examined 10 toys from various brands and found that many had excessive permissions at the application level, which could expose them to abuse or data harvesting.</p><h2 id="why-is-an-ai-toy-also-a-privacy-concern">Why is an AI toy also a privacy concern?</h2><p>Most users tend to grant permissions to Android applications on a whim without reading the fine print, but that might have extended to another frontier altogether: AI toy apps.</p><p><em>Cybernews'</em> recent study, which focused on 10 different Android companion apps for children (Loona, Dash & Dot, Sphero, mBlock, Miko, Eilik, SPIKE™ LEGO® Education, Ozobot Evo, Petoi, and AIBI Pocket), found that all of them asked for permissions classified as 'dangerous' by Android.</p><p>All 10 applications required precise location access, which isn't concerning on its own, since these do need it to search for their corresponding toys using Bluetooth Low Energy (LE), but the permission requirements go much further than that.</p><p>As many as six required access to microphones, five requested camera access, and eight requested Bluetooth scanning capabilities. One could argue that these are required by some of the toys to function, but some of these are used in some capacity against the regulation updates made to the <a href="https://www.ftc.gov/news-events/news/press-releases/2025/01/ftc-finalizes-changes-childrens-privacy-rule-limiting-companies-ability-monetize-kids-data">Children’s Online Privacy Protection Rule</a> by the FTC.</p><p>The rules that strengthened "key protections for kids’ privacy online," as per the then-FTC chair, Lina M. Khan, limited data retention, required opt-in consent for targeted advertising to children, and required disclosures to prevent data abuse.</p><p>This has not stopped AI toys from building behavioral profiles of their target users, as Cybernews found trackers in 7 of the 10 applications it analyzed. While most of these were crash reporting and analytics-related, two of the applications had advertising and profiling trackers, and one of them (Loona) also had a location tracker.</p><p>This might run contrary to data minimization regulations at a time when the world is already grappling with a <a href="https://www.techradar.com/computing/social-media/how-will-the-uks-social-media-ban-actually-work-heres-the-full-list-of-affected-apps-and-5-things-you-need-to-know">social media ban for children under 16</a> in the UK, following Australia's footsteps.</p><p>"Data minimization for children's apps is essential. Responsibility falls both on developers to request fewer permissions and minimize sensitive trackers, and on parents to take greater control over the technology available to their children," the researchers said. </p><p>"Unlike adults, children are less likely to understand what data is being collected, how it may be used, or the privacy implications of sharing it.”</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ 'Better tighten your World Cup security' — Iran-linked hackers claim massive FBI drone breach, threaten FPV attacks ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/better-tighten-your-world-cup-security-iran-linked-hackers-claim-massive-fbi-drone-breach-threaten-fpv-attacks</link>
                                                                            <description>
                            <![CDATA[ Iran-linked hackers claimed access to FBI drone surveillance systems and warned about World Cup security, though evidence remains disputed. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">J6VdvjXGUpzGMXGrDZQbDT</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/xCPckocVAs9NPBpSXKFpd8-1280-80.png" type="image/png" length="0"></enclosure>
                                                                        <pubDate>Thu, 18 Jun 2026 20:15:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Efosa Udinmwen ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/nwRLdPUNG4rWu4Y6nthHDV.png ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Efosa has been writing about technology for over 7 years, initially driven by curiosity but now fueled by a strong passion for the field. He holds both a Master&#039;s and a PhD in sciences, which provided him with a solid foundation in analytical thinking. Efosa developed a keen interest in technology policy, specifically exploring the intersection of privacy, security, and politics. His research delves into how technological advancements influence regulatory frameworks and societal norms, particularly concerning data protection and cybersecurity.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/png" url="https://cdn.mos.cms.futurecdn.net/xCPckocVAs9NPBpSXKFpd8-1280-80.png">
                                                            <media:credit><![CDATA[Modified with AI]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Iranian hackers in the World Cup]]></media:description>                                                            <media:text><![CDATA[Iranian hackers in the World Cup]]></media:text>
                                <media:title type="plain"><![CDATA[Iranian hackers in the World Cup]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/xCPckocVAs9NPBpSXKFpd8-1280-80.png" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>Iran-linked group claims prolonged access to sensitive FBI drone data</strong></li><li><strong>World Cup security enters spotlight after hackers issue public warning</strong></li><li><strong>Handala expands attention with claims involving American institutions recently</strong></li></ul><p>An Iran-linked hacking group has claimed access to FBI drone systems and issued threats referencing the ongoing <a href="https://www.techradar.com/how-to-watch/football/fifa-world-cup-2026-free-anywhere-vpn-deal">FIFA World Cup</a> in the United States.</p><p>Monitoring organization SITE Intelligence Group says the group known as Handala said it had maintained access to surveillance information gathered through FBI-operated drones for months.</p><p>The claim emerges amid heightened concerns over cyber activity linked to Iran following military developments involving the United States, Israel, and Tehran earlier this year.</p><h2 id="hackers-claim-access-to-fbi-drone-surveillance-systems">Hackers claim access to FBI drone surveillance systems</h2><p>Handala alleged that it obtained access to imagery and intelligence collected by first-person view <a href="https://www.techradar.com/cameras/drones/best-drone">drones</a> reportedly used in counterterrorism operations.</p><p>The group claimed those systems included capabilities such as facial recognition technology and license plate identification functions used during surveillance activities.</p><p>In a message cited by SITE, Handala warned authorities to strengthen security surrounding World Cup events while making references to FPV drone operations.</p><p>"Better tighten your World Cup security, we don't like some of those teams at all," the group said.</p><p>"Don't forget: FPVs are everywhere; you never know when one might end up right in your team's bus."</p><p>Those remarks have drawn attention because the FBI is already deploying drones around World Cup stadiums to monitor unauthorized aircraft activity.</p><p>Authorities have also imposed flight restrictions over stadiums hosting tournament matches and over related fan gathering locations.</p><p>However, questions remain regarding the accuracy of Handala's claims and the authenticity of the evidence released alongside its statements.</p><p>SITE reported that photographs and videos published by the group were described as material originating from compromised FBI drones.</p><p>One video cited as proof was later disputed by SITE, which said the footage had actually been produced in December 2024.</p><p>According to the monitoring organization, that video was created by a software company promoting technology used by a US police department during tornado damage assessment operations.</p><h2 id="previous-incidents-fuel-concerns-despite-disputed-evidence">Previous incidents fuel concerns despite disputed evidence</h2><p>Handala has attracted attention in recent months through a series of claims involving American and Israeli organizations.</p><p>In March, the group said it had compromised the email account of FBI Director Kash Patel before releasing personal photographs and additional material online.</p><p>More recently, it claimed to have breached California Water Service and even released a 5GB data dump as proof.</p><p>The organization is widely regarded as operating in alignment with Iranian interests, although public attribution remains a matter of ongoing assessment.</p><p>The Justice Department previously warned that Iranian actors could increase cyber operations following US and Israeli military strikes on Tehran in February.</p><p>Those developments contributed to a broader conflict across the Middle East and raised concerns about retaliatory activity against American institutions.</p><p><a href="https://www.techradar.com/best/firewall">Firewall</a> and <a href="https://www.techradar.com/best/best-antivirus">antivirus</a> protections remain important for organizations, although incidents involving surveillance systems often extend beyond enterprise defenses.</p><p>The State Department has offered rewards of up to $10 million for information leading to the identification of members connected to the group.</p><p>Via <a href="https://www.cbsnews.com/news/iran-linked-group-hack-fbi-drones-world-cup/" target="_blank" rel="nofollow">CBSNews</a></p><figure class="van-image-figure pull-right inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:676px;"><p class="vanilla-image-block" style="padding-top:31.51%;"><img id="diM9tpwF2Lz85R8q85CT78" name="tr-g_news" alt="Google logo on a black background next to text reading 'Click to follow TechRadar'" src="https://cdn.mos.cms.futurecdn.net/diM9tpwF2Lz85R8q85CT78.jpg" mos="" align="right" fullscreen="" width="676" height="213" attribution="" endorsement="" class="pull-rightinline"></p></div></div></figure>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ 'This marks a sophisticated evolution': Experts warn Claude feature hijacked by hackers to launch major malware campaign ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/this-marks-a-sophisticated-evolution-experts-warn-claude-feature-hijacked-by-hackers-to-launch-major-malware-campaign</link>
                                                                            <description>
                            <![CDATA[ Shared Chats is being abused to lend legitimacy to ClickFix campaigns targeting software developers. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">Qrgfr6SnCzHKpxsFgY9adW</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/UjSNcAZ5SebctebKAMQNVF-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 18 Jun 2026 18:40:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                                                                                    <dc:creator><![CDATA[ Sead Fadilpašić ]]></dc:creator>                                                                                                        <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/UjSNcAZ5SebctebKAMQNVF-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Cybersecurity ensures data protection on internet. Data encryption, firewall, encrypted network, VPN, secure access and authentication defend against malware, hacking, cyber crime and digital threat]]></media:description>                                                            <media:text><![CDATA[Cybersecurity ensures data protection on internet. Data encryption, firewall, encrypted network, VPN, secure access and authentication defend against malware, hacking, cyber crime and digital threat]]></media:text>
                                <media:title type="plain"><![CDATA[Cybersecurity ensures data protection on internet. Data encryption, firewall, encrypted network, VPN, secure access and authentication defend against malware, hacking, cyber crime and digital threat]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/UjSNcAZ5SebctebKAMQNVF-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>Trend Micro found criminals abusing Claude’s “Shared Chats” feature to spread infostealers via ClickFix and malvertising</strong></li><li><strong>Fake Apple Support chats on claude.ai, promoted through Google Ads, tricked macOS developers into pasting malicious commands</strong></li><li><strong>Anthropic banned the accounts and disabled malicious conversations, promising further abuse mitigations</strong></li></ul><p>Security researchers Trend Micro have detected criminals abusing a legitimate feature in Claude AI to trick software developers into downloading malware. The campaign also includes malvertising, as well as the tried-and-true ClickFix method.</p><p>The goal of the campaign is to infect software developers - primarily those building AI tools on macOS environment - with <a href="https://www.techradar.com/best/best-malware-removal" target="_blank">infostealers</a>. </p><p>Targets from Russian-speaking countries are spared, it seems, while the majority of the victims are located in Taiwan (30% of all traffic). This country is followed by Japan, Singapore, and the US.</p><h2 id="scam-accounts-banned">Scam accounts banned</h2><p>At the center of the attack is a feature called “Shared Claude Chats”, which allows users to create clickable links of previous conversations they’ve had with the AI. These chats can then be shared with other people via a public URL. Crooks created conversations showing fake Apple Support instructing the user how to install Claude Code (a command-line coding assistant). </p><p>However, the instructions are nothing but the standard ClickFix scam - they tell the user to bring up the Terminal and paste a command, which triggers a chain reaction resulting in an infostealer infection.</p><p>The second step is to advertise these URLs to the right target audience, which was being done via Google Ads. The miscreants were able to buy ads on Google’s network and set them up so that anyone searching for “Claude Code on Mac” (or similar keywords) would be shown these URLs as the first result.</p><p>Since the sites are hosted on the claude.ai domain, there was nothing seemingly suspicious about the links.</p><p>Trend Micro is not the first company to warn about this campaign. In mid-May this year, security researcher Berk Albayrak <a href="https://www.techradar.com/pro/security/mac-users-beware-scammers-are-hijacking-claude-chats-and-google-ads-to-push-malware" target="_blank">posted a new warning</a> on LinkedIn, detailing almost an identical campaign. Same approach, same targets and most importantly - same exclusions.</p><p>The researchers are saying Anthropic investigated and banned the accounts responsible and disabled the malicious shared conversations. The AI company is allegedly “implementing additional abuse mitigations”.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ 'These actors are no longer relying solely on traditional cybercrime': Experts uncover another massive North Korean fake IT worker scam network ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/these-actors-are-no-longer-relying-solely-on-traditional-cybercrime-experts-uncover-another-massive-north-korean-fake-it-worker-scam-network</link>
                                                                            <description>
                            <![CDATA[ Nisos uncovers a major IT worker scam operation - with North Koreans once again apparently at the helm. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">bNf435mGVHgDn3p6ms7uAM</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/PcYLLwL2xvYvPfjEXYpZrD-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 18 Jun 2026 17:10:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                                                                                    <dc:creator><![CDATA[ Sead Fadilpašić ]]></dc:creator>                                                                                                        <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/PcYLLwL2xvYvPfjEXYpZrD-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Hacker silhouette working on a laptop with North Korean flag on the background]]></media:description>                                                            <media:text><![CDATA[Hacker silhouette working on a laptop with North Korean flag on the background]]></media:text>
                                <media:title type="plain"><![CDATA[Hacker silhouette working on a laptop with North Korean flag on the background]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/PcYLLwL2xvYvPfjEXYpZrD-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>Nisos uncovers large DPRK employment fraud campaign embedding operatives in US tech firms</strong></li><li><strong>22 agents submitted 166k+ applications, landing 21k+ interviews and 76 job offers using stolen identities, AI tools, and local stand‑ins</strong></li><li><strong>Targets were mostly software/data roles; scheme blended deception and AI tactics to generate salaries and access systems for regime revenue</strong></li></ul><p>Security researchers have uncovered a massive North Korean operation aimed at getting state-sponsored operatives hired in US-based technology firms. </p><p>Nisos published an in-depth report detailing how the group used <a href="https://www.techradar.com/best/best-identity-theft-protection" target="_blank">stolen identities</a>, AI tools, remote access technologies, and even locals, to get hired.</p><p>Shockingly, the campaign resulted in 76 job offers, roughly 3.5 offers per agent.</p><h2 id="heavy-use-of-ai">Heavy use of AI</h2><p>Nisos said the investigation started when a suspected North Korean operative applied for a remote AI architect position with the company. </p><p>Working with law enforcement, the company uncovered a cell of 22 individuals who have, between December 2024 and September 2025, submitted at least 166,893 job applications, landing more than 21,645 interviews with US companies. </p><p>The operation was well organized, Nisos said, and had administrators, managers, team leads, operatives, and more. Members communicated via Discord, used performance-tracking dashboards, and identity brokers. </p><p>Each operative managed multiple employment personas at the same time, and tracked different metrics such as number of applications submitted, interviews completed and offers received. </p><p>To increase their legitimacy, the scammers relied heavily on <a href="https://www.techradar.com/best/best-ai-tools" target="_blank">AI</a>. They used AI-generated resumes, AI-assisted interview coaching, as well as real-time response generation during interviews. Furthermore, they used voice-training applications to improve their chances of securing the job, and when they were required to show up in person or go through onboarding sessions, they brought local stand-ins who were later paid in ERC20 cryptocurrency (Ethereum).</p><p>Most of the time, they targeted software engineering, development, and data-related roles (70%). Salaries for these positions ranged between $55,000 and $230,000.</p><p>“DPRK employment fraud has evolved into a highly organized and scalable operation that blends human deception, technical tradecraft, and AI-enabled tactics,” said Ryan LaSalle, CEO of Nisos. “What makes this threat particularly concerning is that these actors are no longer relying solely on traditional cybercrime. They are embedding themselves within organizations, collecting salaries, gaining access to systems and data, and generating revenue for the regime through seemingly legitimate employment.”</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ 'This creates a misleading impression of safety': Experts warn of hackers hijacking legitimate news websites and reviews to drum up publicity ]]></title>
                                                                                                                                                                                                <link>https://www.techradar.com/pro/security/this-creates-a-misleading-impression-of-safety-experts-warn-of-hackers-hijacking-legitimate-news-websites-and-reviews-to-drum-up-publicity</link>
                                                                            <description>
                            <![CDATA[ Fake reviews, news articles, and GitHub accounts are a potent mix for promoting malware. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">Xo8Z9cRdozJkgXcf8ntiQT</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/y7GLevUTEjLYdujEYsv668-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 18 Jun 2026 15:05:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Cyber Security]]></category>
                                                    <category><![CDATA[Computing Security]]></category>
                                                    <category><![CDATA[Pro]]></category>
                                                    <category><![CDATA[Computing]]></category>
                                                                                                                    <dc:creator><![CDATA[ Sead Fadilpašić ]]></dc:creator>                                                                                                        <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/y7GLevUTEjLYdujEYsv668-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Back view of hooded internet criminal hacking laptop in the dark, stealing credit card details]]></media:description>                                                            <media:text><![CDATA[Back view of hooded internet criminal hacking laptop in the dark, stealing credit card details]]></media:text>
                                <media:title type="plain"><![CDATA[Back view of hooded internet criminal hacking laptop in the dark, stealing credit card details]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/y7GLevUTEjLYdujEYsv668-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <ul><li><strong>Check Point Research uncovers PR‑style campaign distributing a Rust clipboard hijacker disguised as legitimate software</strong></li><li><strong>Attackers used phishing sites, GitHub/SourceForge projects, fake YouTube channels, and even newswire press releases to boost credibility</strong></li><li><strong>Malware swaps crypto wallet addresses from clipboard, with “Ghost Networks” manipulating reputation systems to evade detection</strong></li></ul><p>Hackers have launched a fully fledged, multi-platform PR campaign to trick people into thinking that the <a href="https://www.techradar.com/best/best-malware-removal" target="_blank">malware</a> they’re distributing is actually legitimate software, experts have warned.</p><p>A report from Check Point Research warned that even those doing regular due diligence might get tricked. </p><p>At the center of the campaign is a clipboard jacker - a piece of infostealer malware that monitors the victim’s clipboard for <a href="https://www.techradar.com/news/best-bitcoin-wallets" target="_blank">cryptocurrency wallet</a> strings. When it detects one, it replaces it with a different one belonging to the attackers. That way, when a victim tries to send money from one wallet to another, they end up paying the attackers instead. Both Windows and macOS users are at risk.</p><h2 id="abusing-newswire-sites">Abusing newswire sites</h2><p>“The threat actor uses multiple channels to promote and distribute a Rust clipboard hijacker, starting with a dedicated phishing page as the central hub and extending to GitHub and SourceForge projects promoted by fake accounts,” the company said. </p><p>“A dedicated YouTube channel, using AI‑generated narrators, suspicious view spikes, and highly positive (likely coordinated) comments, further reinforces the illusion of popularity and trustworthiness.”</p><p>To distribute the malware, the attackers ran a rather aggressive PR campaign: they set up a dedicated phishing page, multiple GitHub and SourceForge projects and accounts, as well as a fake YouTube channel. But the most surprising part is distributing news articles through newswire sites.</p><p>Newswire sites are services that distribute company press releases and announcements to media outlets, journalists, websites, and investors. Most newswire services allow anyone to submit and distribute press releases, usually for a fee, but they are generally seen as a legitimate source of trustworthy news.</p><p>At the same time, the hackers went the extra mile to make sure the clipboard jacker isn’t flagged as malware. By using numerous fake accounts (so called “Ghost Networks”) they’re manipulating reputation-driven systems like VirusTotal, tricking researchers and potential users into thinking the programs are a false positive. </p><p>“Even if this campaign is not primarily aimed at large enterprises, it shows that attackers no longer rely only on classic malware distribution techniques to reach victims,” the researchers concluded. “Instead, they can manipulate reputation systems, crowd‑sourced feedback, and cross‑platform promotion to lower suspicion and attract more users.”</p><p><em>Via </em><a href="https://thehackernews.com/2026/06/crypto-clipper-campaign-abuses-fake.html" target="_blank"><em>The Hacker News</em></a></p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
            </channel>
</rss>