• NAIC confirmed a cyberattack exploiting an Oracle PeopleSoft zero‑day, with ShinyHunters claiming theft of 3.1TB of data
• Stolen cache allegedly includes insurer filings, credit rating files, AWS logs, configs, and PII; NAIC says only financial reports and technical data were taken
• Incident spotted June 11, disclosed June 17; files leaked online suggest NAIC did not pay ransom, as ShinyHunters continues exploiting the zero‑day across 100+ organizations

The National Association of Insurance Commissioners (NAIC) confirmed suffering a cyberattack that resulted in the stolen data being leaked on the dark web. While the company did not name the group responsible, or mentioned the size of the stolen cache, the infamous ShinyHunters claimed responsibility and stated they snatched around 3.1TB of information.

In a security notice published on the NAIC website, it was explained that the attackers managed to exploit a zero-day vulnerability in Oracle PeopleSoft. This is an enterprise resource planning (ERP) software suite, designed to help businesses manage employees, finances, supply chains, and more. Citing Google Mandiant, Cybernews says ShinyHunters first started exploiting the zero-day on May 27, and managed to compromise more than 100 organizations and 300 individuals, before Oracle finally pushed an emergency update on June 10.

Among the victims, as we now know, is NAIC, whose PeopleSoft environment was compromised, and used to obtain credentials and move laterally to internal data storage locations.

ShinyHunters step forward

Based on NAIC’s investigation, the stolen information includes publicly available statutory financial reports, insurer investment credit rating data, and some technical information such as outdated logs and configuration files. There is no evidence that personal information, banking information, or payment data was accessed, it said.

NAIC spotted the attack on June 11 and immediately launched its incident response protocol, which includes notifying law enforcement, blocking malicious actors, and bringing in third-party security experts. The Commission disclosed the incident on June 17, a day before ShinyHunters went public.

The notorious ransomware gang claims to have taken more than 264,000 insurer regulatory filing documents, 2,000 customer and bulk orders containing personally identifiable information, some 45,000 files from major credit rating agencies, statutory annual and quarterly financial statements submitted by insurers, production AWS infrastructure logs, cloud configuration files, and workload automation data, and SQL scripts.

Since the files were seemingly leaked online, it’s safe to assume that NAIC did not (want to) pay the ransom demand.

Via Cybernews

• Polymarket prediction platform was hacked via a compromised third‑party vendor dependency, injecting malicious scripts into its frontend
• Around $3M in crypto stolen from ~11 users, according to PeckShield; Polymarket is refunding victims in full while removing the affected dependency
• Community reactions on X were critical, with some blaming prior “taunting hackers”; one victim speculated the breach may have involved Xorek Cloud’s VPS

Polymarket, a prediction platform where people trade on the likelihood of different real-world events, got hacked and allegedly lost around $3 million in user funds. The company is now refunding the victims in full.

In a short post published on X earlier this week, Polymarket confirmed the news, saying it discovered that a third-party vendor had been compromised. Through that compromise, the attackers injected a malicious script “into our frontend for some users.”

Since then, Polymarket said it contained the incident and removed the affected dependency but did not say which dependency it was. It did not say which third-party vendor was compromised. Furthermore, it said it is currently contacting impacted users and refunding them in full, but did not state how many people were affected, or how much money is involved.

Context-dependent vulnerabilities

In its write-up, TechCrunch cited blockchain monitoring firm PeckShield, which claims that around $3 million in cryptocurrency was stolen in the attack. The publication also reported that around 11 people were affected. Polymarket allows its users to be paid in crypto.

X users who left comments on Polymarket’s announcement seem utterly unsurprised by the breach. “I spent weeks telling you this and you ignored it,” one person said. “The next time l find a vulnerability, l will sell it to criminal gangs.” Three users suggested Polymarket deserved what had happened for “taunting hackers” in the past. One made a sly joke saying, “how did you not predict this?”

Polymarket did not say which third-party vendor was compromised, but one of the users who lost funds in this attack speculates it happened through Xorek Cloud’s VPS:

“I recently bought a VPS from Xorek Cloud and stored my private key on it,” they said on X. “I'm not sure how the compromise happened, but that's the only possible security risk I can think of.”

Via TechCrunch

• Cobalt’s 2026 State of Pentesting Report shows confidence in fully automated AI testing collapsed from 29% in 2025 to 9% this year
• 78% of respondents saw automated tools miss critical vulnerabilities; LLM flaws proved complex, with MTTR rising from 19 to 36 days and most issues left unresolved
• Hybrid models surged to 47% adoption, as experts stress automation should complement, not replace, elite human expertise in uncovering business logic risks

As the world praises Mythos, and the Chinese rush to create their own variant, a report painting an entirely different picture comes from Cobalt.

The cybersecurity company just published the Cobalt State of Pentesting Report 2026, based on two comparative surveys, one in 2025 and one in 2026. Polling around 450 cybersecurity professionals, Cobalt wanted to see how confident the cybersecurity community is in automated AI testing for vulnerabilities and it turns out - not that much.

Last year, just below a third (29%) relied entirely on AI automation for testing. This year, the figure dropped to 9%. Cobalt suggests that the key reason for such a steep drop in confidence is the fact that 78% saw fully automated scanning tools missing critical vulnerabilities. Another key reason is the complexity of the AI attack surface the scanners are testing.

Context-dependent vulnerabilities

Roughly one in three findings from an AI pentest are rated “high-risk” - which is 2.7 times the average of conventional software, it was said. Also, at the time of analysis, less than two-fifths (38%) of LLM vulnerabilities were fixed, while 62% remained open. Mean time to resolve (MTTR) for AI/LLM security issues rose from 19 days to 36 days.

“LLM vulnerabilities are deeply context-dependent and invisible to tools that lack an architectural understanding of the application,” said Andrew Obadiaru, CISO of Cobalt. “To close the validation gap, automation should be deployed exactly where it excels, but elite human expertise remains foundational to uncovering and remediating the most complex business logic risks.”

It took the cybersecurity community less than a year to almost completely abandon fully automated AI testing and replace it with a hybrid model - something around 47% said they now prefer. This model has surged 22% year-over-year, while the percentage of organizations using automation for low-risk environments also increased to 47%.

“While the industry is rightfully excited about the potential of Mythos-class tools, unguided algorithms are inherently prone to returning even more false positives and costly false negatives than the automated scanners we have today,” continued Obadiaru.

Via Infosecurity Magazine

• Microsoft Threat Intelligence warns of a phishing campaign targeting hotel staff in Europe and Asia with guest complaint‑themed emails
• Attackers abuse services like Calendly and Google redirects to bypass authentication checks, delivering photo‑themed ZIPs that install a persistent Node.js implant
• Malware disables Defender, runs C2 beaconing, gathers system info, and forces shutdowns; signs include unusual PowerShell activity, Node.js execution, and suspicious registry entries

Hackers are establishing a foothold on hotels and hospitality organizations across Europe and Asia, but no one really knows what for, at least not yet.

This is according to Microsoft Threat Intelligence, who recently published a new report saying that since April, it’s been tracking an active phishing campaign. In this campaign, the unnamed attackers target front desk, reception, and reservations staff with emails about guest complaints, room conditions, bedbug infestations, booking inquiries, and similar.

The messages, sent in different languages (Danish, Dutch, Japanese), are not distributed directly. Instead, the crooks abuse legitimate services such as Calendly, and Google’s redirect infrastructure, which helps them pass SPF, DKIM, and DMARC authentication checks.

Tricking Defender

This “authentication laundering”, as Microsoft puts it, results in photo-themed ZIP archives making their way directly to their victims. The archives contain a fake image shortcut (.LNK) files that, at a glance, appear to be harmless .PNG images. However, these files launch a sophisticated multi-stage infection chain that installs a persistent Node.js-based implant.

After being deployed, the malware tweaks Microsoft Defender to exclude itself (and other, randomly named executables) from scanned processes, downloads additional payloads, and copies itself into different places.

On compromised systems, Microsoft observed the malware running command-and-control beaconing, gathering environmental information such as the victim's public IP details, launching headless browser sessions, and in some cases forcing immediate system shutdowns. While it could not say what the goal of the campaign is, it all points to a reconnaissance stage that usually comes before a more disruptive malware or ransomware attack.

Microsoft recommends organizations focus on detecting the campaign's behavior rather than individual indicators. Key signs include photo-themed ZIP archives, unusual PowerShell activity, unexpected Node.js execution from user profile directories, .NET compilation initiated by PowerShell, and Defender exclusion changes.

Furthermore, there are random executables running from temporary folders, suspicious Run and RunOnce registry entries, outbound connections on the campaign's non-standard ports, connections to newly registered .cfd domains, and combinations of headless browser activity followed by forced shutdown commands.

• Klue recently suffered a cyber attack at the hands of Icarus
• Icarus was apparently deleting the stolen customer data
• An unnamed group claims to have stolen the data from Icarus, and is now extorting Klue customers directly

Earlier this month, market research provider Klue suffered a cyberattack with the knock-on effects hitting major companies such as LastPass, Gong, Jamf, HackerOne, Huntress and others.

Klue has since revealed it is in contact with the Icarus ransomware group, who claim to have been in possession of stolen data and were threatening to leak the data in an attempt to extort the company.

But a second, unnamed group has emerged, which claims to have broken into a member of the Icarus group’s environment to steal the customer data stolen by Icarus from Klue. This second group is now apparently attempting to extort Klue customers directly, much to the annoyance of Icarus.

Hackers hacked by hackers

An update shared privately with Klue customers on Wednesday night and seen by TechCrunch said, “We continue to communicate with the threat actor we have been in contact with (‘Icarus’). Icarus told us they are taking steps to delete the data taken from Klue customers. The Icarus site remains down and we have indications that Icarus is indeed taking steps to delete data taken from Klue customers.”

Icarus later informed Klue that the second group was attempting to extort Klue customers using the same data, having posted a list of affected companies on its own website. Alongside this list, they also claimed to have stolen the customer data from Icarus, after one of the Icarus group accidentally allowed the group to connect to the server hosting the stolen data.

Although there is no evidence that Klue has paid the Icarus group, the unnamed group also posted a statement that an “Icarus operator who is a teenager living somewhere in the UK or adjacent countries” had been paid by Klue to delete the stolen data.

A further communique issued by Klue to its customers said that it had been reassured by Icarus that the unnamed group only had samples of the stolen data, not the full set. It also said that, “Icarus has asked us to inform Klue customers to not make payment to this other party.”

Klue also suggested that its customers should ask the second group for random samples of their data to prove whether or not they actually had obtained the full set of stolen customer data.

• SentinelOne uncovered macOS malware “Gaslight” that uses prompt injection to mislead AI‑assisted triage tools during analysis
• Beyond standard backdoor and infostealer capabilities, it embeds fake Markdown “system” messages to trick LLMs into halting investigation
• Researchers warn defenders to treat malware samples as adversarial input and isolate AI pipelines, as more analyst‑targeting prompt injection is expected

We’ve seen prompt injection in websites and emails, but what about - malware samples? Security researchers SentinelOne recently published an in-depth report on a newly uncovered piece of macOS malware called Gaslight that, as the name suggests, tries to gaslight AI-assisted triage agents into stopping the analysis.

The malware itself is nothing out of the ordinary: it infects the device by whatever means necessary (usually phishing and social engineering), connects to attacker-controlled infrastructure via Telegram, and then executes different commands such as profiling the device, running arbitrary shell commands, stealing files, or terminating processes.

It also delivers a stage-two malware that acts as an infostealer, pulling passwords, sensitive PDFs, cryptocurrency wallet information, and more.

Weaponizing LLM-assisted triage pipelines

But where Gaslight stands out is its defenses against AI-powered malware analysis. According to SentinelOne, the malware contains a large block of fake Markdown-formatted "system" messages designed for AI assistants that security researchers may use during reverse engineering. These messages claim things like “the AI's authentication token has expired”, “the analysis environment is running out of memory”, “disk space has been exhausted”, “static analysis is unsafe”, and similar.

While a human analyst would definitely recognize these fake messages even at a glance, an LLM that isn’t properly isolated from untrusted input could interpret them as genuine system instructions and refuse to further analyze the malware.

“macOS.Gaslight is noteworthy for its analyst-targeting prompt injection, an attempt to weaponize the LLM-assisted triage pipelines that increasingly sit in the reverse-engineering loop,” SentinelOne explains. “Anyone building such tooling should treat the contents of the samples they triage as adversarial input, never as instructions, and be prepared to keep hostile content out of the model entirely. As LLM-assisted analysis becomes routine, defenders should expect more samples built to exploit it.”

The researchers have published a full list of indicators of compromise on this link.

Via The Hacker News

• ExtraHop’s Global Threat Landscape Report shows 49% of ransomware victims only detected attacks after data theft, up from 31% last year
• Average dwell time before detection is 2.5 weeks; attackers exploit encrypted channels, valid accounts, and alert fatigue to evade defenses
• Ransom payments fell from $3.6M to $2.8M, but payment frequency rose sharply, with 83% of surveyed victims paying in 2026 vs. 70% in 2025

Criminals are getting better at hiding within their victims’ infrastructure, lurking and stealing files without triggering any alarms whatsoever.

Earlier today, network detection and response experts ExtraHop released the “Global Threat Landscape Report”, based on a survey of more than 1,800 IT and security leaders worldwide. In it, it is said that roughly half (49%) of organizations that were struck by ransomware did not detect the threat until after the data was stolen.

This is up from 31% a year ago, ExtraHop stressed, showing the improvement criminals made within just 12 months.

Several factors

On average, cybercriminals have 2.5 weeks of quiet time before being spotted in ransomware incidents, the report stated. Furthermore, 14% of victims were unaware of an attack until receiving a ransom demand, which is also up from 6% a year ago.

“Prolonged dwell times often parallel a highly complex threat environment where critical alerts are obscured,” ExtraHop said in a press release shared with TechRadar Pro. The researchers uncovered several factors that led to delays in investigating critical alerts, including attackers using encrypted channels (41%), attacker activity mirroring legitimate workflows and processes (38%), using valid, high-privilege account permissions (34%), and alert fatigue (30%). Undermined baseline behavior also enabled anomalous actions to fly under the radar (27%).

The good news is that the average ransom payment dropped year-on-year, from $3.6 million down to $2.8 million. However, the bad news is that the payment frequency spiked. While in 2025 70% of respondents paid a ransom, this year 83% have done the same, at least among ExtraHop’s respondents.

When Chainalysis ran a similar survey recently, it said that in 2025 the number of successful ransomware attacks grew, while the number of payments remained relatively flat, meaning that in absolute numbers - there were fewer companies paying ransomware attackers.

• At ISC.AI 2026, China’s 360 Security Technology unveiled “Yitian Tulong,” two AI models for vulnerability discovery and automated defense
• Founder Zhou Hongyi described Tulongfeng as the “Chinese Mythos,” claiming it found 3,432 flaws, with 105 confirmed by the government
• Zhou acknowledged a 20–30% capability gap vs. US models, but stressed building a professional attack‑and‑defense team over reliance on a single “genius hacker” approach

A Chinese cybersecurity company recently unveiled two Artificial Intelligence (AI) models, one of which is supposed to be the country’s answer to Anthropic's Mythos.

Mythos is an advanced AI model that can surface and exploit software vulnerabilities at scale and is currently only available to a couple dozen major US firms because it is allegedly too powerful (and thus dangerous) to be shared with everyone.

During the ISC.AI 2026 cybersecurity conference, which was held at the Beijing National Convention Center on June 24, 2026, Chinese cybersecurity company 360 Security Technology unveiled two tools collectively called “Yitian Tulong”, Reuters reports.

Taking a different approach

Yitial Tulong comprises two AI models: Tulongfeng, and Yitianzhen. According to founder Zhou Hongyi, the former is the “Chinese Mythos”, while the latter is a way to automate defense and incident response.

"This kind of powerful weapon that can change the landscape of cyber offence and defense cannot be held ⁠only by others," Zhou allegedly said during the presentation.

Claims about the capabilities of these models cannot be independently verified, and in the case of Yitian Tulong, will probably never be. The company said Tulongfeng found 3,432 software flaws, including 105 allegedly confirmed by the Chinese government.

Zhou also discussed taking a different approach compared to the US - a country which relies on “the strongest model, the strongest computing power, and the strongest chips”.

"Objectively speaking, domestic models still have a 20%-30% gap in base capability," Zhou said. "China cannot wait until model capabilities have fully caught up before starting ​vulnerability discovery, because we cannot afford to wait."

According to Zhou, 360 is building a “professional attack-and-defense team”, rather than “just” a single genius hacker: "If Mythos is a top-end chip, what we are building is a complete machine that can run stably, work 24 hours a day and make fewer mistakes," he said. "If the U.S. route is to cultivate a genius hacker, 360's route is to organise a professional attack-and-defense ⁠team."

Via Reuters

• EUROPOL’s Operation Endgame froze $47M in cryptocurrency and dismantled infrastructure for SocGholish, Amadey, and StealC malware
• 326 servers, 142 domains, and 14,971 infected websites were taken down, disrupting distribution networks and recovering 27M credentials
• No arrests were made; experts warn such disruptions often only temporarily halt criminal operations before infrastructure is rebuilt

Millions of dollars in cryptocurrency were frozen, and hundreds of servers taken down, in a sweeping operation by EUROPOL and multiple national law enforcement agencies against cybercriminals.

Over the last couple of weeks, EUROPOL ran Operation Endgame, together with law enforcement agencies from Canada, Denmark, Germany, the Netherlands, the United Kingdom, and the United States. Multiple private companies, including Microsoft, participated as well.

The goal was the dismantling of digital infrastructure used by three distinct hacking operations: SocGholish, Amadey, and StealC. These are known malware variants, granting attackers backdoor access, and stealing valuable secrets from compromised devices.

Shutting down servers and cleaning websites

SocGholish, for example, is a sophisticated JavaScript downloader and loader, linked to a Russian Malware-as-a-Service (MaaS) operation called Evil Corp.

During the operation, the police managed to identify and freeze $47 million in cryptocurrencies. It cannot access or retrieve these funds, but by freezing them, it effectively removed them from circulation. Around 27 million login credentials were also recovered as part of this operation.

Furthermore, law enforcement shut down 326 servers and 142 domains that were used to host and distribute the malware. This, EUROPOL says, “severely crippled” the malware’s distribution network: “By taking down these tools simultaneously, the collaboration between law enforcement and private parties has increased friction for cybercriminals, making it harder for attacks to succeed, spread, or recover.”

EUROPOL also said that by taking down SocGholish, 14,971 infected websites were “remediated”. These are legitimate sites, belonging to different businesses such as restaurants, auto repair shops, and others, but were compromised and used as launchpads for malware delivery.

Sadly, no arrests have been made, and EUROPOL did not say if key players of these groups were even identified. Usually, disruptions such as this one only momentarily stop malicious activities, which resume in a few weeks once the infrastructure is rebuilt.

• Zscaler uncovered “Edgecution,” a malicious Edge extension deployed via fake Outlook update sites shared in Teams phishing
• Attack uses ZIP archives with Python runtime to escape browser sandbox, creating a backdoor capable of shell/PowerShell execution and system data theft
• Believed linked to Initial Access Brokers tied to ransomware group Payout Kings, showing evolving sophistication in access‑for‑sale operations

If you are using the Edge browser be careful - there is a malicious campaign going round that uses the browser to deploy a backdoor via an extension.

According to security researchers Zscaler, scammers are reaching out to their victims via Microsoft Teams, pretending to be IT support. They claim the user needs to install an Outlook update, or a spam filter, and direct the victims to a fake “Outlook Updates Management Console” website.

There, the users are instructed to run one of the three provided processes, all of which download a ZIP archive that, when executed, creates a scheduled task. This task starts the Edge browser in headless mode (invisible to the user) and installs an extension officially called “Edge Monitoring Agent”. Zscaler, on the other hand, calls it “Edgecution”.

Creating a Native Messaging manifest

The ZIP archive also contains an embedded Python runtime and a Python-based backdoor. The runtime creates a Native Messaging manifest - a file that tells the browser how to communicate with the backdoor. That’s the way the threat actors managed to escape the browser’s sandbox and run the backdoor on the compromised computer itself.

That backdoor can do multiple things, from executing shell commands, to running PowerShell and arbitrary Python code. It can also write files on the host, enumerate running processes, and gather system information.

Zscaler believes this is the work of an Initial Access Broker (IAB), a malicious group whose only job is to obtain access to a victim’s infrastructure and then sell it - or share it with a partnering group. This particular IAB, the researchers believe, is connected to a ransomware operation called Payout Kings.

“The Edgecution browser extension illustrates the evolving sophistication of initial access brokers operating in the ransomware landscape,” Zscaler warns. “The reliance on a malicious browser extension to relay commands to a Python-based native host demonstrates a creative approach to evade traditional endpoint detection.”

A full list of Indicators of Compromise (IoC) can be found on this link.

Via BleepingComputer

• Palo Alto Networks’ Unit 42 found five malicious “skills” on ClawHub, OpenClaw’s official marketplace, delivering infostealers and fraud
• Threat actors bypassed VirusTotal/ClawScan checks with inflated file sizes and evasive techniques, showing persistent supply chain risk
• All malicious skills were removed and accounts banned; researchers urge strict provenance validation and source code audits for published packages

ClawHub is the latest marketplace hackers are poisoning with malware, in an attempt to compromise software developers and other advanced users. Earlier this week, security researchers from Palo Alto Networks’ Unit 42 team disclosed finding, and reporting, five “skills” on that marketplace, that sought to infect their users with infostealer malware.

First a little context: OpenClaw (originally published as Clawd/Clawdbot) was released in November 2025. It is an open-source agent platform that performs actions on a computer, such as browsing the web, or managing files, instead of simply answering questions like a chatbot. To perform different actions, OpenClaw must first learn how to do them, which is done through “skills” - add-ons that extend the agent’s capabilities.

Soon after, ClawHub was born - the official marketplace and registry for OpenClaw skills and plugins, attracting not just the AI developer community, but cybercriminals, as well. Early reports, published in February this year, forced OpenClaw to integrate VirusTotal and ClawScan, to better protect the community and allow proactive screening of published skills.

Persistent and evasive malicious skills

However, Unit 42 says this didn’t stop threat actors, and that it has since discovered multiple “persistent and evasive malicious skills” on the platform.

In total, the researchers discovered five skills, including two that delivered the AMOS infostealer, one that came with an inflated file size to trick scanners, and two that were essentially commission fraud, abusing the fact that an AI agent can make decisions and perform actions on behalf of the user. Details on all five can be found on this link.

All five were since reported to ClawHub, and OpenClaw had them removed and the accounts behind them banned.

Unit 42 recommends organizations use a “rigorous supply chain verification framework” to remain secure: “We identified that skill execution occurs within the agent process. This necessitates active validation of publisher provenance and a line-by-line audit of package source files.”

• NordStellar found 924 dark‑web posts about deepfakes‑as‑a‑service (DFaaS) Jan–May 2026, up 39% year‑on‑year
• Rising interest driven by generative AI advances, enabling hyper‑realistic “fake boss” scams and lowering barriers for attackers
• Experts urge prevention through employee education and monitoring for leaked company data to reduce risk of targeted deepfake attacks

The interest in deepfakes-as-a-service (DFaaS) among criminals is growing, and the cybersecurity community is worried it might fuel the next wave of “fake boss” scams.

This is according to a new report from threat exposure management platform, NordStellar. Analyzing discussions on the dark web, the researchers found that between January and May this year, there were 924 posts about DFaaS, up 39% compared to the same period last year, when there were 663 similar posts.

“The rapid growth in popularity of deepfakes as a service is likely accelerated by advancements in generative AI, which help cybercriminals in two ways — by speeding up the creation of deepfakes and making them hyper-realistic,” says Vakaris Noreika, cybersecurity expert at NordStellar. “Ultimately, this service lowers the barrier to entry for deepfake technology, enabling threat actors to deploy highly deceptive attacks at a larger scale, regardless of their personal technical skill set.”

How to defend against convincing deepfake attacks?

Experts are worried the rising interest might result in more “fake boss” scams which, at that, would be even more difficult to spot. Business Email Compromise (BEC), a “fake boss” scam that primarily uses written emails, has for years been among the most lucrative tactics in the criminal underworld. According to the FBI, BEC was the second costliest tactic last year, with company losses exceeding $3 billion (up 11% compared to 2024).

Defending against highly convincing deepfake images and videos might not be easy, but it certainly isn’t impossible. Noreika suggests businesses should focus on prevention and employee education, since they cannot control whether crooks target them or not.

“The more details and access attackers obtain, the easier it is for them to craft highly realistic, targeted attacks,” says Noreika. “Monitoring the dark web for leaked company information is a critical step in preventing cybercriminals from finding credentials to breach accounts or data to use as intel.”

• Senator Mark Warner testified NSA confirmed Mythos Preview identified vulnerabilities in nearly all classified systems within hours during a controlled exercise
• US officials clarified Mythos found flaws rapidly rather than exploiting them, but the capability still raises major concern
• Anthropic withheld public release, sharing only with select firms; Mozilla and others validated its potency, with thousands of critical bugs uncovered in weeks

We now have another witness claiming Mythos Preview is able to break into protected systems fast and this one is none other than a high-ranking member of the US Government.

According to the Associated Press, Senator Mark Warner of Virginia testified in front of a congressional hearing this month, saying he was informed by National Security Agency (NSA) chief Joshua Rudd that Mythos “broke into almost all of our classified systems, not in weeks, but in hours.”

It’s worth mentioning here that the break-in was controlled, since it was part of an exercise done by the Anthropic team and the intelligence agency.

How powerful is Mythos?

The Associated Press dug deeper, and was informed by an unidentified US official that Mythos merely found vulnerabilities within hours, not necessarily exploited them. Still, identifying a vulnerability that theoretically can be exploited for attacks against protected US Government systems should be cause for concern on its own.

Mythos is an advanced AI model built by Anthropic, first introduced in early April this year. However, the company decided not to share it with the general public because it was apparently too capable of discovering and leveraging software vulnerabilities.

Instead, Anthropic shared it with a handful of major corporations, to help them secure their systems before cybercriminals can use the tool. Since then, multiple companies came forward to confirm Mythos’ potency, including Mozilla, which said the tool was “every bit as capable” as the world’s best security researchers.

Mozilla said that with the help of Mythos, it was able to ship more than 400 Firefox security bugs in April alone.

A month later, Anthropic said the 50 companies using the tool discovered more than 10,000 critical and high-level security vulnerabilities in roughly two months’ time.

“Several have told us that their rate of bug-finding has increased by more than a factor of ten,” the company said. “For instance, Cloudflare has found 2,000 bugs (400 of which are high- or critical-severity) across their critical-path systems, with a false positive rate that Cloudflare’s team considers better than human testers.”

Via Reuters

• IO research shows 87% of UK cybersecurity managers doubt the credibility of speed‑focused certification programs
• Rapid, automated compliance creates a false sense of security, with certifications like ISO 27001 not guaranteeing resilience
• Experts stress continuous monitoring and human oversight, as automated recommendations and evidence still need validation and interpretation

Speed-focused compliance programs could help businesses get cybersecurity certifications quicker, but security professionals are skeptical if the speed comes at the expense of actual business resilience.

This is according to new research from resilience specialists IO, which claims that 87% of senior cybersecurity managers in the UK believe the speed at which certification is achieved affects its credibility.

According to the report, compliance initiatives that are either heavily automated or compressed into short timeframes are creating a false sense of security. Certifications like ISO 27001 might help companies win contracts and maintain an image, but researchers are warning that certification alone does not guarantee actual operational resilience.

Gaps in security posture

“Organizations that focus on achieving certification as quickly as possible are at risk of leaving gaps in their security posture,” says Chris Newton-Smith, CEO of IO. “Certification can open doors to new contracts and demonstrate commitment to recognised standards but treating certification as the end goal rather than the outcome of establishing and embedding effective compliance is more often than not at the expense of long-term resilience. Businesses must treat compliance not as a tick-box exercise but an evolving, iterative, and business critical project.”

Polling 251 cybersecurity managers in the UK, IO found that 31% consider continuous controls monitoring as the strongest indicator of compliance resilience. At the same time, a fifth (21%) said certifications could reflect security controls at the time of an audit, but could soon after become obsolete.

IO also stressed the importance of human expertise in these programs. Almost half (45%) of the respondents said human involvement is still essential when evaluating if automated compliance recommendations are still relevant and accurate, and another third (33%) said complex regulations still need human interpretation.

Finally, 32% stressed the importance of human in validating compliance evidence generated by automated systems.

• Huntress report highlights “EvilTokens” PhaaS scaling phishing attacks 1,380% in early 2026 compared to last year
• AI integration enables per‑victim personalization at scale, bypassing MFA, with subscription tiers from $600 to $1,500
• Service sold openly on Telegram, showing how PhaaS now operates like a startup with cheap, powerful attack capabilities

Cybercriminals offering phishing-as-a-service (PhaaS) are increasingly operating like a tech startup, and a good one, at that. They are also using Artificial Intelligence (AI), which helped them scale significantly. This is according to a new report from cybersecurity researchers Huntress, called “EvilTokens and the Rise of AI-Powered Phishing”.

In the report, Huntress claims that this particular PhaaS operation, called EvilTokens, was used to run 1,380% more phishing attacks in early 2026 compared to the same period last year.

“We’re seeing a clear maturation of the phishing-as-a-service (PhaaS) market as threat actors increasingly integrate AI workflows into their product offerings,” the report reads. “The result is directly observable in our telemetry: a 1,380% increase in device code phishing attacks detected between July–December 2025 and January–April 2026, with over 50% of those incidents linked to two major waves of correlated incidents.”

A cheap service

“Furthermore, across hundreds of incidents associated with EvilTokens, no two phishing lures were identical. This level of per-victim personalization was previously limited to targeted, manually crafted campaigns. Now, it’s achievable at scale by any threat actor at the price of a subscription service”

So, AI is not only used to scale the operation, but it is also used for personalization at an unprecedented level. At the same time, the service is relatively cheap to use: it is being sold on Telegram for as little as $600.

If this sounds like a lot, keep in mind that a single successful phishing attack is enough to steal data worth hundreds of thousands on the black market, or even millions - in ransom negotiations.

EvilTokens’ service is tiered, too. The cheapest package costs $600, while two more expensive ones cost $1,000 and $1,500, respectively. For criminals, it is likely worth the investment, since this PhaaS is capable of bypassing multi-factor authentication, as well.

• LastPass confirmed a supply chain breach via Klue, where stolen OAuth tokens let attackers access its Salesforce environment
• Customer names, contact details, and CRM data were exposed, but master passwords were not; phishing risk remains high
• Threat actor Icarus claimed responsibility; other firms including Recorded Future, Tanium, Jamf, Sprout Social, Gong, and Insurity also impacted

Password manager LastPass confirmed that it lost sensitive customer data in a supply chain attack that struck a third party.

As LastPass explained in a newly released incident report, unnamed threat actors first targeted Klue, a third-party market intelligence platform that integrates with its Salesforce and Gong systems. After obtaining its OAuth tokens, the attackers were able to access LastPass’ Salesforce environment and exfiltrate sensitive data stored there.

“On June 12th, LastPass was made aware of an incident that occurred at Klue (klue.com), a third-party market intelligence platform utilized by our go-to-market teams, which integrates with our Salesforce and Gong systems,” LastPass said.

Compromising names and emails

"We immediately launched an investigation and learned that, as part of this incident, an unauthorized actor was able to obtain OAuth tokens Klue held for many of its customers, including LastPass.”

“The threat actor then used these credentials to access LastPass customer data within our Salesforce environment.”

Further in the report, the password manager said the attackers most likely accessed customer names, phone numbers, email addresses, postal addresses, support case information, and sales/CRM-related data.

Passwords, including the master password, were most likely not exposed. However, criminals can use the data they obtained to launch phishing attacks, through which they might trick the victims into sharing those secrets, as well.

LastPass is now urging customers to remain vigilant and be careful with incoming messages, particularly those claiming to come from the company.

According to BleepingComputer, the Klue supply chain attack was claimed by a threat actor called Icarus, which apparently used compromised legacy credentials for an integration service to breach the intelligence platform.

Besides LastPass, a number of other organizations are affected as well, the publication further reported, including Recorded Future, Tanium, Jamf, Sprout Social, Gong, and Insurity. LastPass has now disabled employee access to Klue.

Via BleepingComputer

• Airbnb scams have surged 30x since 2023, including a sharp rise this year
• Criminals hijack legitimate host accounts to to trick holidaymakers
• Staying safe isn't so straightforward as threats evolve

Airbnb-related scam activity has increased 30x since the first half of 2023, according to new research from Saily and NordStellar, confirming that cybercriminals continue to go after holidaymakers seeking the best deals amid rising prices.

The report ultimately concludes that attackers are now targeting the trust built by larger platforms, saving them from having to build new identities from scratch.

And to top it all off, the nature of scams is also changing, as instead of using suspicious websites to obtain victim payments or information, criminals are now targeting legitimate Airbnb host accounts which have spent years amassing positive reviews and high ratings.

Exploiting legitimate accounts and hijacking trust

While the end goal remains high volumes of vulnerable consumers, scammers have added an extra layer of victim in their pipeline. Verified Airbnb hosts are now valuable assets for criminals because they already have identity verifications, positive reviews, booking histories, years of activity and established credibility.

Once the verified account is compromised, attackers can then go on to scam higher volumes of unsuspecting victims by posting – and charging for – fake property listings.

“Travelers are getting better at spotting obvious scams,” Saily Head of Product Matas Cenys said. “Criminals know this, so they are increasingly trying to steal trust instead of building fake trust from scratch.”

Where this type of attack differs from others, though, is that the victims never leave the platform. Rather than falling victim to phishing attacks and being redirected to malicious external sites, they interact fully with supposed legitimate hosts on the Airbnb platform.

While Airbnb attacks have seen a 30x increase in around three years and a sharp rise in the last year alone, they reflect a much broader trend of attackers compromising existing trusted accounts.

The recent ramp-up in attacks could also be tied to the summer season, with holidaymakers looking to book last-minute deals in the run-up to the summer season. Urgency and pressure to keep costs low also adds to criminals’ success.

“Everything looks normal until they arrive at their destination and discover the accommodation never existed," Cenys added.

How to protect yourself from booking scams

Saily is recommending that all communication stays within the booking platform and that customers avoid payment methods suggested outside of official channels. Unusually attractive listings in high-demand destinations could also be taken with a pinch of salt, and savvy shoppers may choose to reverse image search a property to double check its authenticity.

“As travel booking becomes increasingly digital, trust becomes one of the most valuable currencies in the travel ecosystem,” Cenys warned.

As for abusing victim trust, researchers also argue that AI has aided attacks by allowing criminals to produce better fake listings more quickly.

More generally, Airbnb revealed that two in five Americans have fallen victim for an online scam, with the average loss totalling nearly $2,000. The company has introduced measures to remind its users how to avoid scams, including introducing identity verification and reminders not to leave the platform, but account takeovers can still slip under the radar.

Airbnb also holds guest payments until 24 hours after check-in to ensure that everything is as described. Anti-fraud tech also prevented around 265,000 suspicious listings from appearing on the platform in 2025, the company boasted.

The company posted a comprehensive eight-step list of how to avoid scams on its platform online, calling out pressure tactics and unusual deals.

• Xsolis confirmed a phishing‑enabled breach on Jan 22, 2026, exposing data of 1.39M individuals
• Stolen info includes names, addresses, DOBs, SSNs, health insurance, and medical treatment details; no ransom demands or dark web leaks yet
• Customers offered free credit monitoring and identity theft protection, with warnings to watch for phishing and fraud attempts

Healthcare technology company Xsolis disclosed a cyberattack in which it lost sensitive data on almost 1.4 million customers.

Xsolis is a company that uses AI to help healthcare organizations make faster and more consistent decisions about patient care and utilization management. Earlier this week, it published a data breach notification on its website, saying that it spotted the intrusion on January 22, 2026.

Apparently, after a successful phishing attack on one of its employees two days earlier, the attackers were able to access a “limited portion” of the Xsolis environment, from which they were able to exfiltrate people’s names, addresses, dates of birth, health insurance information, Social Security numbers, and medical treatment information.

Almost 1.4 million victims

This level of information is more than enough information to target these individuals with phishing or even steal their identity for more disruptive attacks elsewhere.

In a filing with the US Department of Health and Human Services, Xsolis confirmed that 1,396,519 individuals were affected by this breach.

“We have taken steps to address the incident and are committed to protecting the information entrusted to us,” Xsolis said in the announcement. “Upon learning of this incident, we immediately began an investigation and reported the incident to law enforcement. We also implemented additional safeguards to further enhance the security of information in our possession and to help prevent similar incidents from occurring in the future.”

So far, there is no evidence of the data being used in follow-up attacks, or being offered on the dark web. No threat actors have yet claimed responsibility for the attack, and no one has yet demanded ransom in exchange for the files.

Xsolis told its customers to be wary of incoming messages, especially those pretending to be from the company, or using it in any other context. Customers are also offered free credit monitoring and identity theft protection services, as well as fraud alerts and credit freezes.

• Kaspersky warns of a WhatsApp phishing campaign spreading malicious VBScript files disguised as business documents
• Running them installs ManageEngine Endpoint Central, giving attackers remote access; filenames localized boosted global reach
• Victims span Brazil, India, Mexico, Singapore, UK, Spain, Taiwan, Australia, Russia, Vietnam, and Malaysia; compromise method remains unknown

WhatsApp users beware - there is a phishing campaign ongoing on the platform, seeking to infect your devices with a legitimate, but unsolicited endpoint security platform.

Security researchers Kaspersky recently published a new report detailing a campaign that starts with a compromised WhatsApp account. They could not determine how these accounts got breached but found that they were being used to reach out to the victims’ contacts and share a VBScript file masquerading as business or financial documents.

People who don’t find it strange that their contacts are suddenly sharing business documents, and end up running them, will get ManageEngine’s Endpoint Central, a unified endpoint management (UEM) and endpoint security platform built to help IT teams manage a fleet of desktops, laptops, servers, mobile devices, and other endpoints, all from a single console.

Two scripts, one malware

In this case, however, they wouldn’t be managing anything - they would just be granting remote system access to the attackers. Kaspersky says that the campaign is rather widespread, with victims located across Brazil, India, Mexico, Singapore, the UK, Spain, Taiwan, Australia, Russia, Vietnam, and Malaysia.

One of the reasons the campaign was so successful on an international level is because the filenames are localized in multiple languages, Kaspersky added.

“Based on evidence collected from multiple victims through social media reports and submitted samples, we can conclude that the threat actor had gained access to several WhatsApp accounts and used them to distribute the malicious VBScript files to contacts on the compromised users’ contact lists,” Kaspersky’s researchers said.

“At the time of writing, the exact method used to compromise these WhatsApp accounts remains unknown.”

Downloading and running the malicious files on Windows result in the deployment of two scripts that first disable UAC protections and then deploy the UEM. Kaspersky also stressed that when users open WhatsApp on the web, they must first download the files, but when they open the desktop client, the files can be executed directly via Windows Script Host.

Via BleepingComputer

• Meta paused its internal Model Capability Initiative (MCI) after an employee flagged exposure of sensitive data from mouse movement and activity tracking
• Program allegedly collected prompts, private conversations, performance data, and even tax/medical info in unencrypted form
• Meta says no improper access confirmed but is investigating; some employees still see the program running during the pause

Meta is pausing an employee-tracking program after one of the employees flagged it as exposing sensitive data.

The company behind Facebook, Instagram, and WhatsApp, was apparently running an internal program that was tracking employee mouse movements and digital activity. Called Model Capability Initiative (MCI), this program allegedly started in April with the goal of training Meta’s AI models through employee behavior recordings.

According to a memo released on launch, the purpose of the program was to improve the company’s AI models in areas where they struggled to replicate how humans interacted with computers, such as picking from a dropdown menu, or using different keyboard shortcuts.

Personal tax and medical information exposed?

"This is where all Meta employees can help our models get better simply by doing their daily work," the memo said at the time.

Reuters reported that an employee filed a high-priority security incident report (SEV) over the program’s exposure of employee data, including "full ​prompts and transcriptions, private ​conversations, people & performance ⁠data, DSS sensitivity ratings (1-4)." The same publication also said the program was collecting “more information than initially described” and stored it in unencrypted form.

"I have accessed both personal tax and medical information through ⁠my ​work computer, as have many thousands of employees,” the employee allegedly said. “​We were told this data would be protected and only used for valid business purposes after aggressive ​filtering."

Now, Meta confirmed pausing the program to investigate these claims.

"We have carefully designed this program ​with privacy safeguards and while we have no indication at this time that ​any data was improperly accessed by Meta employees, we're pausing it while we investigate," company spokesperson Tracy Clayton was cited saying. The company did not say for how long the program will be paused but stressed that it would take time to stop it for everyone, so some employees might still see it running.

As of Monday afternoon, the program was still running for some people, Reuters confirmed.

Via Reuters

• Tata Electronics confirmed a cyberattack but said operations remain unaffected, despite threat actor World Leaks claiming 630GB of alleged data
• Archive reportedly includes Apple/Tesla schematics, passport scans, and proprietary files; researchers found references to Pegatron, Foxconn, and Qualcomm too
• Reuters noted Tata is being extorted, though ransom details remain unclear; leaked files suggest sensitive manufacturing and engineering data exposure

Tata Electronics, the electronics and semiconductor manufacturing arm of the Tata Group conglomerate, confirmed suffering a cyberattack, but said it did not affect its operations. The scale of the breach, however, could be rather extensive.

"A few weeks ago, Tata Electronics identified a cybersecurity incident on some of our systems,” the company said in a statement to Reuters. “Our response protocols were deployed immediately, and the incident has had no impact on our operations across businesses, which remain unaffected," it said, without going into details.

This statement came almost two weeks after a threat actor called World Leaks posted a large database on its data leak site, claiming to have come from Tata Electronics, and affecting companies such as Apple and Tesla.

Sensitive files confirmed

According to Reuters, roughly a third of all iPhone production in India is done by Tata Electronics. The company supplies Apple with back panels, enclosures, and circuit board parts, among other things. For Tesla, it’s been supplying it with chips, circuit board assemblies, and vehicle motor controller units, since 2025.

World Leaks uploaded an archive of 204,341 files, weighing 630.4GB. Allegedly, it contains numerous confidential and proprietary data, including Apple and Tesla schematics, passport scans, and other sensitive files.

Reuters said Tata was being extorted for the files but did not say how much money the threat actors were demanding, or if the negotiations were progressing in any way.

Some security researchers analyzed the leaked files and said that they contained information about manufacturing and engineering processes from these two companies. Among the researchers were Cybernews, who claim to have seen “hundreds of references to Apple and Tesla”, a folder named “com.apple.factorydata”, as well as documents labeled as proprietary or confidential.

Cybernews also found files referencing other companies, too: Pegatron, Foxconn, and Qualcomm, to name a few. However, there is no evidence that any of these companies had been breached.

Via Cybernews

• Five Eyes alliance warned frontier GenAI models will enable advanced cyberattacks against businesses and governments within months
• Statement stressed cyber risk is now a leadership and business continuity issue, requiring whole‑of‑society response
• Comes amid concerns over Anthropic’s Mythos Preview and other models already showing offensive potential despite guardrails

In just a few months, high-end Generative Artificial Intelligence models (GenAI) will be capable of running cyberattacks on big businesses and government organizations, Five Eyes is warning.

The Five Eyes is an intelligence-sharing alliance between the United States, United Kingdom, Canada, Australia, and New Zealand. Formed after the Second World War, it allows the five countries to closely cooperate on intelligence and matters of national security.

Earlier this week, Five Eyes issued a new warning, saying that AI will help improve cyber defense over time, but will also accelerate the speed, scale, and sophistication, of threats: “Frontier AI models are anticipated to exceed current industry expectations, fundamentally transforming both offensive and defensive cyber capabilities. The timeline is not years, it is months,” the warning reads. “In this environment, cyber resilience is integral to advancing business continuity, market confidence, and long-term value.”

All hands on deck

Five Eyes is now saying that the industry needs all hands on deck to address what’s increasingly becoming a burning issue:

“A whole-of-organisation and whole-of-society response is required,” it said. “Cyber risk can no longer be treated as a purely technical issue. This is a core business risk and leadership responsibility.”

In early April, news broke that Anthropic’s latest AI model, Mythos Preview, was so good at exploiting software vulnerabilities, that the company could not release it to the public. Instead, it only shared it with a handful of US enterprises, to give them a head start against threat actors.

While skeptics said it was nothing more than a publicity stunt, similar to what OpenAI pulled off with ChatGPT 2.0, companies that used it (for example, Mozilla), confirmed that it was, indeed, powerful enough that it needs to be kept in check.

Even models available today, despite all the guardrails, are being regularly leveraged by bad actors in different cyberattack scenarios.

Via The Guardian

• Microsoft warns of “Crypto Clipper,” a worm spreading via malicious .LNK files on USB drives
• Malware maintains persistence, connects to Tor C2, enables remote code execution, and steals clipboard crypto data
• It swaps wallet addresses, exfiltrates seed phrases/private keys, and uploads screenshots to assess target value

Microsoft is warning of an ongoing campaign targeting cryptocurrency owners with a clipboard-jacking worm.

In a new in-depth report published late last week, Microsoft’s security researchers explained that they recently analyzed a thumb drive that contained seemingly normal documents (Word files, Excel spreadsheets). However, the documents were replaced with Windows shortcut (.LNK) files which actually launched a piece of malware called Crypto Clipper.

This malware does a couple of things. First, it spreads by creating malicious .LNK files on USB drives and other removable media. It also sets up scheduled tasks to maintain persistence and automatically infect newly connected USB devices. Second, it behaves like a backdoor by regularly contacting a C2 server over the Tor network and receiving commands from the attacker. The server can also send commands to have the malware download and execute attacker-supplied code on the infected system, as well.

Stealing wallet data

Finally, Crypto Clipper acts as a clipboard clipper by monitoring the Windows clipboard for cryptocurrency wallet addresses, seed phrases, and private keys. If it spots a wallet address, it can replace it with a different one, owned by the attackers, so that any tokens sent by the victim go to the attacker, instead. It can also steal and exfiltrate copied seed phrases and private keys, which can be used to load a victim's crypto wallet on a separate device.

To help attackers assess the value of a target, the malware periodically captures screenshots of the victim's screen and uploads them through the Tor network.

“This malware family shows how lightweight, script-based stealers can deliver outsized impact when paired with anonymized communications and runtime tasking,” Microsoft said. “The combination of Tor-routed C2, clipboard targeting, screenshot capture, and remote code execution gives attackers both immediate monetization paths and continued control over compromised devices.”

Microsoft did not say if the malware targeted any specific countries or regions, nor did it discuss the number of victims.

Via Ars Technica

• Check Point Research warns Prime Day (June 23–26, 2026) is fueling a surge in malicious Amazon‑themed domains
• 6,843 domains registered Dec–May; nearly 10% flagged malicious/suspicious, with June showing 1 in 13 domains risky
• Shoppers urged to avoid Google searches for Amazon, verify URLs, and treat “too good to be true” deals with caution

Thousands of new domains were registered in the weeks and months leading up to Amazon Prime Day, most of which are malicious and created to steal consumer data and possibly money. This is according to a new report from Check Point Research (CPR), in which the security outfit warns about Prime Day being the perfect storm for every cybercriminal.

Amazon’s Prime Day is set to take place between June 23 and 26, 2026. During these four days, thousands of retailers in 25 countries will offer great deals on their goods and services, creating one of the biggest retail events on the planet. Consequently, they’ll also be creating one of the biggest cyberattack events on the planet, as well:

“Major retail moments bring together the three ingredients’ attackers exploit most: a globally trusted brand, time-limited urgency, and massive purchase intent at scale,” CPR warns, adding that phishing emails, fake websites, fraudulent offers, and account takeover attempts all surge during this period.

How to defend against Prime Day scams

For events such as this one, crooks prepare months in advance. CPR found that between December 2025 and May 2026, there were 6,843 new Amazon-themed domains registered worldwide, most of which were set up in April (1,446). May 2026 added another 1,267 domains.

Obviously, not all of them will be malicious, but CPR said that almost one in ten (9.2%) were already classified as either malicious or suspicious, and in the first week of June, one in every thirteen was labeled the same way.

“This pattern reflects a broader build-up of malicious infrastructure ahead of the event, with multiple Amazon-themed domains designed to exploit brand trust, urgency, and high purchase intent at scale,” the researchers warned.

To stay safe this Amazon Prime Day, always double-check the website you’re visiting, always go to Amazon's legitimate domain (https://www.amazon.com/) rather than relying on Google search results, and remember - if something is too good to be true, it most likely is.

• OALABS analyzed a novice attacker’s full working directory showing 14 breaches carried out with Claude Code and Codex agents
• Attacker used vague prompts; AI agents handled reconnaissance, exploit writing, and data harvesting, bypassing guardrails with ease
• Logs revealed attacker’s identity and location in Addis Ababa, Ethiopia

A newbie cybercriminal managed to break into 14 organizations and steal sensitive data, just by using Anthropic’s Claude Code and OpenAI’s Codex agents. This is according to cybersecurity researchers OALABS, who recovered and analyzed the attacker’s entire working directory.

The researchers used this news as yet another proof that advanced Generative Artificial Intelligence (GenAI) models are significantly lowering the barrier for entry into cybercrime, and to sound the alarm that the security community needs to step up.

“In many cases, the attacker supplied only vague, low-skill prompts and allowed Claude to fill in the gaps: researching exposed services, identifying possible vulnerabilities, writing exploit code, validating access, and harvesting data,” the researchers said. “The attacker did not need to be an expert operator; they simply had to use the correct framing for their prompts. The agent supplied much of the structure and technical execution that the attacker appeared to lack.”

Doxxing the attacker

OALABS could not find evidence that the stolen data was monetized in any way, either by being sold on the dark web, or by extorting the victim companies. They did, however, find numerous pieces of evidence about the attacker’s identity and whereabouts.

According to the researchers, the attacker did not run the AI agents on his own infrastructure, but rather on a third-party server, and when that third party discovered malicious activity, they downloaded the entire working directory and shared it with the researchers.

“Because the agents were local to the host, their full session logs were recovered, including the attacker’s prompts, the tools used, the internal monologue of the large language model (LLM), and any policy violations recorded during the sessions,” the researchers said.

OALABS was thus able to analyze more than 1,000 agent sessions, seeing how the attacker was able, with ease, to bypass most of the agents’ guardrails. Among the sessions were also the threat actor’s CV with his full name, location, education history, and LinkedIn profile, as well as his IP address which showed that he was located in Addis Ababa, Ethiopia.

Via Helpnet Security

• QiAnXin XLab uncovered “AryStinger,” malware exploiting old D-Link/Linksys router flaws (CVE‑2013‑3307, CVE‑2016‑5681) to build a proxy/reconnaissance network
• So far 4,300 routers infected, mostly in South Korea (48%) and China (32%), with QNAP NAS devices also targeted via CVE‑2025‑11837
• Compromised devices enable scanning, tunneling, and covert control; researchers advise monitoring logs, binaries in /tmp/bin, and suspicious processes like syswapd0h or syswapd0w

Cybersecurity researchers QiAnXin XLab are warning about an ongoing campaign to create a distributed reconnaissance and proxy network out of people’s routers and NAS devices.

The campaign targets outdated and unsupported routers (mostly D-Link and Linksys), powered by Realtek’s RTL819X chips which were a popular choice between 2012 and 2015. The attackers are leveraging two (ancient) vulnerabilities, CVE-2013-3307 in Linksys models and CVE-2016-5681 in D-Link ones, to infect the devices with a previously undetected piece of malware called AryStinger.

According to the researchers, AryStinger is used during the reconnaissance and planning stages of a more serious cyberattack. Devices infected with this malware can scan the internet, fingerprint services, enumerate subdomains, tunnel traffic, and run commands on demand, all while hiding the location (and true identity) of the attackers.

Targeting NAS devices

“Once compromised by malware like AryStinger that possesses reconnaissance and covert control capabilities, it is equivalent to a hacker placing a permanent "invisible listening device" and "attack springboard" within your network,” the researchers said.

QiAnXin’s XLab says that So far, AryStinger infected 4,300 routers, but stresses that this is not the final number and with the campaign ongoing, will rise even more.

The majority of the victims are located in South Korea (48%) and China (32%), with notable mentions being Sweden, Malaysia, and Singapore.

AryStinger also targets QNAP’s NAS devices, leveraging a code injection flaw in the device’s Malware Remover. This flaw, tracked as CVE-2025-11837, was first discovered during last year’s Pwn2Own event, and was patched in November 2025. The researchers don’t know how many of these devices are currently infected, and say the 4,300 figure only relates to routers.

The researchers did not attribute this attack to any particular threat actor.

To defend against AryStinger, the researchers recommend monitoring the logs for any outbound connections to the C2 and download domains (found here), checking /tmp/bin for unrecognized binaries, and looking for processes named syswapd0h or syswapd0w.

Via The Hacker News

• Millions of Brazilians received an unauthorized government alert
• The text simply read ‘misanthropi4’ and it’s unknown who sent it
• The government has denied it was responsible, pointing towards hackers

If you’re based in the US, you might know about AMBER alerts, also known as Wireless Emergency Alerts, which are mass-broadcast messages sent to every smartphone in a designated area. Several other nations have similar platforms in place, including Brazil — but many Brazilians recently learned that their emergency alert system wasn’t quite as secure as they might have hoped.

In the early hours of Saturday morning, millions of Brazilians were jolted awake by a mysterious message from the country’s alert system. The alert level was classified as “extreme,” and concerningly, it’s thought it was the work of hackers rather than any official body.

The message, which was sent to civilians in the southern state of Paraná and the cities of São Paulo and Rio de Janeiro, among others, simply read “misantropi4.” That’s an approximation of the Portuguese word “misanthropia,” (with the final A swapped for a 4). As with the English word “misanthropy,” it means a hatred or distrust of humanity.

The message was accompanied by a loud alarm sound normally reserved for particularly severe thunderstorms. Since the text was sent shortly after midnight local time, it ensured that many people were woken up in the middle of the night.

Brazilian authorities said that the emergency message system was taken offline after a probable hacker attack, suggesting that this was more than just a simple text sent out in error by the government. Indeed, there was no event or natural disaster serious enough to warrant the alert being activated at the time, which further points towards bad actors being responsible.

A potentially devastating attack

The fact that hackers were able to breach a government system that has the potential to communicate with every mobile device in a given area of the country has worrying implications, both for the ways civilians could be manipulated and for the security of government institutions as a whole.

A text from a known government source is likely to be trusted more than one from an unknown number. With access to Brazil’s emergency broadcast system, hackers could potentially send out fraudulent messages that might have a larger impact than normal. That opens the door for all kinds of nefarious activities.

For now, this attack seems to have had a relatively minor impact. For many Brazilians posting on social media, the text was confusing more than anything else.

Last-Educator3947 on Reddit, for example, said “I live in the town where the alert was first sent. It happened five minutes after the Brazil x Haiti World Cup game. My anxious brain associated misanthropy with a violent attack on the people celebrating in the streets after the game. I thought it was an incel Discord hacker sending a message to start a ‘The Purge’-style attack.” They then added: “I’m laughing now but I barely slept last night.”

Reddit user Magnon, meanwhile, summed up the situation by saying that it, “Sounds like an anime villain just spawned.”

According to the International Cyber Digest newsletter on X, this breach could be linked to a previous hack of a Brazilian government employee who was infected with an infostealer. International Cyber Digest claims that stolen credentials included government logins, emails, developmental and staging environments, and more.

Whether or not this is what gave hackers access to the Brazilian government’s alert system isn’t yet known. Either way, it demonstrates the power that hackers can accrue if they find a way into supposedly secure governmental systems. While this alert saga turned out to be relatively harmless, that might not be the case next time.

• NordPass survey of 7,800+ users found 40–50% still store passwords in browsers for convenience
• This practice leaves credentials exposed to malware, account compromise, or device theft, especially with password reuse
• Experts urge switching to passkeys or dedicated password managers with zero‑knowledge encryption for stronger protection

Most consumers still store their passwords in the browser, despite the cybersecurity community’s repeated cries over the risky practice.

Recently NordPass, a company building a password manager, polled 7,861 people in Australia, Canada, France, Germany, Italy, Spain, the UK, and the US, on their password storing habits, and learned that the vast majority (between 40% and 50%) save their secrets just in their browser.

"Convenience and ease of use dominate as the top two drivers, confirming that browser password saving is overwhelmingly a comfort-driven behavior — with cost and passive auto-save prompts playing a secondary but consistent role," says Karolis Arbaciauskas, head of product at NordPass and its parent organization, Nord Security.

Password managers are a better option

Whenever a user creates, or types in a password, the browser would offer the option to store it. However, if the device is infected with malware, if the browser account gets compromised, or if someone gains access to the computer, these passwords can easily be stolen.

To make matters worse, NordPass says that many users set the same passwords across numerous services, creating a “digital house of cards that collapses if just one account is breached.”

For years now, the cybersecurity community has been recommending either the use of passkeys, or a password manager for more secure storage. NordPass says that a small percentage of respondents combine between browsers and password managers, in which the latter is more used as a backup option. However, that backup will do little good if the browser is compromised.

"Browser-based password managers are certainly a better choice than simply reusing or slightly altering the same password everywhere. However, dedicated password managers offer distinct advantages, such as encryption based on zero-knowledge architecture. This means all data is encrypted on your device before it ever leaves your computer or smartphone, ensuring that not even the developers can access your passwords — let alone anyone else," says Arbaciauskas.

How to store passwords securely

• Use a dedicated password manager
• Secure your password manager using two-factor authentication
• Make use of security checkup features to check for reused or weak passwords
• Always use a strong, unique password for each account
• Use dark web monitoring to check for leaked usernames, email addresses, and passwords

• Infoblox Threat Intel finds 65%+ of its cloud customers made DNS queries to residential-proxy domains in 2026
• Residential proxies could result in legal exposure or reputational damage if threat actors abuse them
• While not all residential proxies are illegal, abusers take advantage of anonymity coupled with cheap, unauthorized residential proxies to perform tasks that may be unethical, if not outright illegal at times

Users installing free VPNs, streaming apps, and even productivity apps might be unaware that they are often unintentionally the product themselves.

The old adage about there being no free lunch rings true here with many of these 'free' services essentially renting out the identity of an unsuspecting victim's network to strangers, many of which use it for malicious reasons.

The practice, which is considered fair game by many such applications has security and privacy implications in addition to users being flagged for fraud or extra verification as IP reputation systems at datacenters account for requests seemingly originating from a victim's network.

Blending in for a reason

The service being used here is called a 'residential proxy,' and while legitimate providers may exist, many of the sources are dubious to say the least. This is because demand for 'clean' residential proxies is both tremendous and consistent.

Research from Infoblox Threat Intel indicates that the situation is more dire than previously assumed, as nearly two thirds (65%) of its Threat Defense Cloud customers made DNS queries to domains used to access or orchestrate residential proxy networks in 2026, totaling over 500 billion such queries per month.

This is different from anonymizers like Tor or commercial VPNs, which produce anonymized traffic via voluntary nodes for the former and datacenter IPs for the latter. It leverages existing hardware on one's residential network, such as home routers, phones, IoT gadgets, or anything else that can essentially run a proxy service.

The kicker is that most of these services never obtain permission from a 'host' or bury such clauses deep in their End-User License Agreement (EULA), often leading unsuspecting victims to 'help' with malicious activities such as fraud, unpermitted data scraping, and even streaming services that bypass regional limitations.

Victims suffer because not only do such services essentially freeload on their existing connections, slowing down their internet, but it could also result in their IP addresses or networks being marked as untrustworthy or even fraudulent if the occurrences remain regular. This could open them up to legal trouble: It is hard, time-consuming, and sometimes downright impossible to prove that you were the conduit rather than the perpetrator for said activities.

Avoiding this is easier said than done, but there are ways to reduce susceptibility to this kind of abuse. A software audit should be your first line of defense. Knowing what runs on all your devices and whether it is trustworthy or not is key to preventing exposure.

One should pay particular attention to free VPNs, cheap IoT devices from dubious manufacturers, streaming software, and even browser extensions, all of which can expose one to threat actors. Investing in a router or software service that blocks such requests would also go a long way, as would leveraging Protective DNS to monitor your network.

To start, users can also use services to monitor and check their IP's risk profile, allowing them to determine whether they are already a victim of abuse.

• Shadowbyt3$ claims Nintendo of America breach, stealing ~1GB of employee data from TinyPulse survey platform and demanding $2M ransom
• Nintendo confirmed third‑party TinyPulse compromise, stressing no customer or financial data affected and most info dated years back
• Hackers later leaked alleged employee messages; authenticity unverified, suggesting failed negotiations or pressure tactics

Nintendo of America has confirmed suffering a third-party data breach incident, but played down its severity.

An “extortion-as-a-service” hacking group called Shadowbyt3$ recently claimed to have breached Nintendo of America, a subsidiary of the Japanese gaming giant, operating in the United States, Canada, and some Latin America countries, and exfiltrated sensitive data on its employees.

The crooks said they stole almost 1GB of internal data, which included personal details belonging to the company’s employees, and gave Nintendo of America 48 hours to engage in negotiations before leaking the files and demanded $2 million in ransom.

What is TinyPulse?

The group claims to have nabbed people’s names, email addresses, analytics and survey data, bank statements, and W-9 forms containing employee IDs, progress plans, and reports between 2016 and 2026. They later added that the breach didn’t affect the company’s gaming department, but rather employees who used TinyPulse.

TinyPulse is an employee engagement and feedback platform companies use to measure how employees feel about their workplace. It is best known for sending short, frequent "pulse surveys” to collect honest feedback from staff.

In a statement given to BleepingComputer, Nintendo of America confirmed the third-party data breach.

“We are aware of an issue involving TinyPulse, a third-party service used for internal employee surveys at Nintendo of America,” the company told the publication. “Nintendo’s systems have not been compromised, and no personal customer or financial data has been accessed."

"The data involved is limited to internal survey content comprising a small subset of our employees, and most of the information dates back several years,” the company stressed, adding that it is now “working with the service provider to address the issue”.

Shadowbyt3$ later shared a link to a data set allegedly containing direct messages and conversations between employees. This either means the negotiations broke down, or that the crooks were simply trying to put Nintendo under more pressure. No analysts yet confirmed the authenticity of the leaked information.

Via BleepingComputer

• Apple patches CVE‑2025‑20701, a high‑severity Bluetooth flaw in Beats Studio Buds enabling eavesdropping within range
• Researchers showed attackers could chain related bugs to hijack headphones, issue phone commands, and read/write device memory
• Fixed in Beats Firmware Update 1B211, auto‑installed when pairing with iPhone, iPad, or Mac

Apple has fixed a high-severity vulnerability in its Beats Studio Buds wireless earbuds that allowed threat actors to eavesdrop on people’s conversations if they were in Bluetooth range.

The vulnerability was discovered in 2025 by security researchers Dennis Heinze and Frieder Steinmetz of ERNW. It has been assigned CVE-2025-20701 and was given a severity score of 8.8/10 (high).

The researchers explained it stemmed from a missing authentication weakness in the Bluetooth BR/EDR radio, and also published a proof-of-concept (PoC) exploit that showed how malicious actors might initiate a call and listen in on people’s conversations, as long as they were within Bluetooth range.

Issuing a patch

"In most cases, these vulnerabilities allow attackers to fully take over the headphones via Bluetooth. No authentication or pairing is required," they said. "The vulnerabilities can be triggered via Bluetooth BR/EDR or Bluetooth Low Energy (BLE). Being in Bluetooth range is the only precondition. It is possible to read and write the device’s RAM and flash."

They also managed to pull the call history, stored contacts, and even succeeded in calling a number, after extracting the Bluetooth link keys from a vulnerable device’s memory.

"The range of available commands depends on the mobile operating system, but all major platforms support at least initiating and receiving calls," they said, but added that "real attacks are complex to perform" and should likely target only high-value targets because they require technical sophistication and physical proximity.

The team also showed it was possible to chain this vulnerability with two other ones impacting the same component (CVE-2025-20700 and CVE-2025-20702), to use the Bluetooth Hands-Free Profile (HFP) to issue commands to the phone.

Apple has now released a new security advisory, confirming it released a fix for the flaw.

“An attacker within Bluetooth range may be able to listen through the microphone of a device which is not yet paired and actively seeking pair requests,” the advisory reads. “This is a vulnerability in open-source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party.”

Apple fixed the bug in Beats Firmware Update 1B211, which will be automatically installed next time users pair their headphones with their iPhone, iPad, or mac devices.

Via BleepingComputer

• Microsoft’s Defender Security Research Team discloses “AutoJack,” a vulnerability chain in AutoGen Studio enabling RCE via malicious websites
• Flaws included localhost channel misuse, skipped login checks, and arbitrary code execution, letting agents run attacker‑supplied programs
• Issue existed only in early GitHub builds, fixed before release; highlights need for strict authentication and isolation of local control planes

Microsoft's Defender Security Research Team has disclosed a vulnerability chain in AutoGen Studio that lets a single malicious website achieve remote code execution (RCE) on a device running an AI agent.

AutoGen Studio is a program built by Microsoft Research for developing AI agents. The vulnerability chain was dubbed “AutoJack”, and it consists of three flaws which, when looked at separately, aren’t particularly troubling. Chained together, however, is a whole different story.

“The technique, which we call AutoJack, jacks the agent into becoming the attacker’s last-mile delivery vehicle by crossing the localhost trust boundary that many developer tools rely on,” Microsoft explained in its report.

Patching the bugs

First, AutoGen Studio had a local control channel that only accepted connections from “localhost”, which is a good way to block outside attackers.

However, an AI agent's web browser also counts as “localhost”, meaning these connections would get accepted, too. Then, for this particular channel, login checks were skipped.

The app had several ways to require a username and password, but the part of the code handling this specific local channel was left wide open.

Finally, the channel would run almost anything it was told to run. Microsoft’s researchers managed to get an arbitrary program running, meaning threat actors could do the same, albeit with malicious code, instead.

In theory, the attack would work like this: the victim would instruct their AI agent to summarize a specific website. By doing so, the agent would be told to download and run malicious code which could be anything from backdoor malware to infostealers.

The good news is that Microsoft found this issue and reported it before the bug ever reached regular users. The official downloadable version of AutoGen Studio never had this problem, since it only existed in an early, in-development version on GitHub. The AutoGen team managed to fix it since then.

“If an agent can browse untrusted pages and also talk to privileged local services, loopback can become an attack surface and control planes must be authenticated, authorized, and isolated,” Microsoft concluded.

• Paradigm Shift discovered “usbliter8,” a hardware flaw in A12/A13 iPhone and S4/S5 Apple Watch chips allowing jailbreak via USB data handling
• Exploitation requires physical access and Raspberry Pi, but enables bypassing iOS restrictions and deep system compromise
• Apple cannot patch; only unaffected models (pre‑A12 or A14+) are secure, making device replacement the sole mitigation

Security researchers Paradigm Shift have discovered a vulnerability in older iPhone and Apple Watch models which can be used to jailbreak the devices. What makes this vulnerability special is the fact that there is no fix for it - the only way to really be secure is to replace the device with a newer model.

The good news is that exploiting the flaw isn’t that simple. It cannot be done remotely since the attacker needs to have physical access to the device, and needs to hook it up to a Raspberry Pi.

It is still an important finding, and one which puts stolen iPhones (or those confiscated by law enforcement) at risk.

Handling incoming data

The researchers dubbed the bug usbliter8, and say it affects iPhone XS's A12 chip, the Apple Watch Series 4's S4 chip, and the iPhone 11's A13 SoC. Furthermore, the S5 (powering the Apple Watch Series 5, first-generation SE, and HomePod mini), was said to be vulnerable as well

The vulnerability stems from how these chips’ USB controllers handle incoming data. They don’t properly reset memory addresses between data transfers, letting the attacker place unauthorized code into the chip’s protected memory.

Therefore, according to Paradigm Shift, the bug can be abused for jailbreaking the device, meaning attackers could bypass iOS security restrictions entirely, install software at the deepest level of the system, and potentially extract data stored on the device.

Since this is a physical hardware design flaw, rather than a software bug, Apple can’t fix it with an update, and the only way to really remain secure is to move to a different model which isn’t affected by usbliter8. That includes either earlier SoCs (older than A12), or A14 and newer chips.

Paradigm Shift said it notified Apple of its findings, and thanked the company for its “prompt response, constructive engagement, and cooperation throughout the disclosure process”.

• Cybernews analyzed 10 Android companion apps for kids' AI/robotic toys and reported half of all declared permissions are considered dangerous by Android guidelines
• The investigation found 3rd party trackers in 7 out of the 10 applications they examined
• Researchers also detected two advertising, two profiling and one location tracker as part of their investigation

With AI toys becoming increasingly adopted by families, security firms are ringing the alarm about what this means for privacy in a post-LLM world.

Modern AI toys incorporate LLM models, allowing users, including children, to talk to and otherwise interact with them, and granting unprecedented access and permissions that enable them to harvest sensitive data with ease if a bad actor were involved.

Cybernews recently examined 10 toys from various brands and found that many had excessive permissions at the application level, which could expose them to abuse or data harvesting.

Why is an AI toy also a privacy concern?

Most users tend to grant permissions to Android applications on a whim without reading the fine print, but that might have extended to another frontier altogether: AI toy apps.

Cybernews' recent study, which focused on 10 different Android companion apps for children (Loona, Dash & Dot, Sphero, mBlock, Miko, Eilik, SPIKE™ LEGO® Education, Ozobot Evo, Petoi, and AIBI Pocket), found that all of them asked for permissions classified as 'dangerous' by Android.

All 10 applications required precise location access, which isn't concerning on its own, since these do need it to search for their corresponding toys using Bluetooth Low Energy (LE), but the permission requirements go much further than that.

As many as six required access to microphones, five requested camera access, and eight requested Bluetooth scanning capabilities. One could argue that these are required by some of the toys to function, but some of these are used in some capacity against the regulation updates made to the Children’s Online Privacy Protection Rule by the FTC.

The rules that strengthened "key protections for kids’ privacy online," as per the then-FTC chair, Lina M. Khan, limited data retention, required opt-in consent for targeted advertising to children, and required disclosures to prevent data abuse.

This has not stopped AI toys from building behavioral profiles of their target users, as Cybernews found trackers in 7 of the 10 applications it analyzed. While most of these were crash reporting and analytics-related, two of the applications had advertising and profiling trackers, and one of them (Loona) also had a location tracker.

This might run contrary to data minimization regulations at a time when the world is already grappling with a social media ban for children under 16 in the UK, following Australia's footsteps.

"Data minimization for children's apps is essential. Responsibility falls both on developers to request fewer permissions and minimize sensitive trackers, and on parents to take greater control over the technology available to their children," the researchers said.

"Unlike adults, children are less likely to understand what data is being collected, how it may be used, or the privacy implications of sharing it.”

• Iran-linked group claims prolonged access to sensitive FBI drone data
• World Cup security enters spotlight after hackers issue public warning
• Handala expands attention with claims involving American institutions recently

An Iran-linked hacking group has claimed access to FBI drone systems and issued threats referencing the ongoing FIFA World Cup in the United States.

Monitoring organization SITE Intelligence Group says the group known as Handala said it had maintained access to surveillance information gathered through FBI-operated drones for months.

The claim emerges amid heightened concerns over cyber activity linked to Iran following military developments involving the United States, Israel, and Tehran earlier this year.

Hackers claim access to FBI drone surveillance systems

Handala alleged that it obtained access to imagery and intelligence collected by first-person view drones reportedly used in counterterrorism operations.

The group claimed those systems included capabilities such as facial recognition technology and license plate identification functions used during surveillance activities.

In a message cited by SITE, Handala warned authorities to strengthen security surrounding World Cup events while making references to FPV drone operations.

"Better tighten your World Cup security, we don't like some of those teams at all," the group said.

"Don't forget: FPVs are everywhere; you never know when one might end up right in your team's bus."

Those remarks have drawn attention because the FBI is already deploying drones around World Cup stadiums to monitor unauthorized aircraft activity.

Authorities have also imposed flight restrictions over stadiums hosting tournament matches and over related fan gathering locations.

However, questions remain regarding the accuracy of Handala's claims and the authenticity of the evidence released alongside its statements.

SITE reported that photographs and videos published by the group were described as material originating from compromised FBI drones.

One video cited as proof was later disputed by SITE, which said the footage had actually been produced in December 2024.

According to the monitoring organization, that video was created by a software company promoting technology used by a US police department during tornado damage assessment operations.

Previous incidents fuel concerns despite disputed evidence

Handala has attracted attention in recent months through a series of claims involving American and Israeli organizations.

In March, the group said it had compromised the email account of FBI Director Kash Patel before releasing personal photographs and additional material online.

More recently, it claimed to have breached California Water Service and even released a 5GB data dump as proof.

The organization is widely regarded as operating in alignment with Iranian interests, although public attribution remains a matter of ongoing assessment.

The Justice Department previously warned that Iranian actors could increase cyber operations following US and Israeli military strikes on Tehran in February.

Those developments contributed to a broader conflict across the Middle East and raised concerns about retaliatory activity against American institutions.

Firewall and antivirus protections remain important for organizations, although incidents involving surveillance systems often extend beyond enterprise defenses.

The State Department has offered rewards of up to $10 million for information leading to the identification of members connected to the group.

Via CBSNews

• Trend Micro found criminals abusing Claude’s “Shared Chats” feature to spread infostealers via ClickFix and malvertising
• Fake Apple Support chats on claude.ai, promoted through Google Ads, tricked macOS developers into pasting malicious commands
• Anthropic banned the accounts and disabled malicious conversations, promising further abuse mitigations

Security researchers Trend Micro have detected criminals abusing a legitimate feature in Claude AI to trick software developers into downloading malware. The campaign also includes malvertising, as well as the tried-and-true ClickFix method.

The goal of the campaign is to infect software developers - primarily those building AI tools on macOS environment - with infostealers.

Targets from Russian-speaking countries are spared, it seems, while the majority of the victims are located in Taiwan (30% of all traffic). This country is followed by Japan, Singapore, and the US.

Scam accounts banned

At the center of the attack is a feature called “Shared Claude Chats”, which allows users to create clickable links of previous conversations they’ve had with the AI. These chats can then be shared with other people via a public URL. Crooks created conversations showing fake Apple Support instructing the user how to install Claude Code (a command-line coding assistant).

However, the instructions are nothing but the standard ClickFix scam - they tell the user to bring up the Terminal and paste a command, which triggers a chain reaction resulting in an infostealer infection.

The second step is to advertise these URLs to the right target audience, which was being done via Google Ads. The miscreants were able to buy ads on Google’s network and set them up so that anyone searching for “Claude Code on Mac” (or similar keywords) would be shown these URLs as the first result.

Since the sites are hosted on the claude.ai domain, there was nothing seemingly suspicious about the links.

Trend Micro is not the first company to warn about this campaign. In mid-May this year, security researcher Berk Albayrak posted a new warning on LinkedIn, detailing almost an identical campaign. Same approach, same targets and most importantly - same exclusions.

The researchers are saying Anthropic investigated and banned the accounts responsible and disabled the malicious shared conversations. The AI company is allegedly “implementing additional abuse mitigations”.

• Nisos uncovers large DPRK employment fraud campaign embedding operatives in US tech firms
• 22 agents submitted 166k+ applications, landing 21k+ interviews and 76 job offers using stolen identities, AI tools, and local stand‑ins
• Targets were mostly software/data roles; scheme blended deception and AI tactics to generate salaries and access systems for regime revenue

Security researchers have uncovered a massive North Korean operation aimed at getting state-sponsored operatives hired in US-based technology firms.

Nisos published an in-depth report detailing how the group used stolen identities, AI tools, remote access technologies, and even locals, to get hired.

Shockingly, the campaign resulted in 76 job offers, roughly 3.5 offers per agent.

Heavy use of AI

Nisos said the investigation started when a suspected North Korean operative applied for a remote AI architect position with the company.

Working with law enforcement, the company uncovered a cell of 22 individuals who have, between December 2024 and September 2025, submitted at least 166,893 job applications, landing more than 21,645 interviews with US companies.

The operation was well organized, Nisos said, and had administrators, managers, team leads, operatives, and more. Members communicated via Discord, used performance-tracking dashboards, and identity brokers.

Each operative managed multiple employment personas at the same time, and tracked different metrics such as number of applications submitted, interviews completed and offers received.

To increase their legitimacy, the scammers relied heavily on AI. They used AI-generated resumes, AI-assisted interview coaching, as well as real-time response generation during interviews. Furthermore, they used voice-training applications to improve their chances of securing the job, and when they were required to show up in person or go through onboarding sessions, they brought local stand-ins who were later paid in ERC20 cryptocurrency (Ethereum).

Most of the time, they targeted software engineering, development, and data-related roles (70%). Salaries for these positions ranged between $55,000 and $230,000.

“DPRK employment fraud has evolved into a highly organized and scalable operation that blends human deception, technical tradecraft, and AI-enabled tactics,” said Ryan LaSalle, CEO of Nisos. “What makes this threat particularly concerning is that these actors are no longer relying solely on traditional cybercrime. They are embedding themselves within organizations, collecting salaries, gaining access to systems and data, and generating revenue for the regime through seemingly legitimate employment.”

• Check Point Research uncovers PR‑style campaign distributing a Rust clipboard hijacker disguised as legitimate software
• Attackers used phishing sites, GitHub/SourceForge projects, fake YouTube channels, and even newswire press releases to boost credibility
• Malware swaps crypto wallet addresses from clipboard, with “Ghost Networks” manipulating reputation systems to evade detection

Hackers have launched a fully fledged, multi-platform PR campaign to trick people into thinking that the malware they’re distributing is actually legitimate software, experts have warned.

A report from Check Point Research warned that even those doing regular due diligence might get tricked.

At the center of the campaign is a clipboard jacker - a piece of infostealer malware that monitors the victim’s clipboard for cryptocurrency wallet strings. When it detects one, it replaces it with a different one belonging to the attackers. That way, when a victim tries to send money from one wallet to another, they end up paying the attackers instead. Both Windows and macOS users are at risk.

Abusing newswire sites

“The threat actor uses multiple channels to promote and distribute a Rust clipboard hijacker, starting with a dedicated phishing page as the central hub and extending to GitHub and SourceForge projects promoted by fake accounts,” the company said.

“A dedicated YouTube channel, using AI‑generated narrators, suspicious view spikes, and highly positive (likely coordinated) comments, further reinforces the illusion of popularity and trustworthiness.”

To distribute the malware, the attackers ran a rather aggressive PR campaign: they set up a dedicated phishing page, multiple GitHub and SourceForge projects and accounts, as well as a fake YouTube channel. But the most surprising part is distributing news articles through newswire sites.

Newswire sites are services that distribute company press releases and announcements to media outlets, journalists, websites, and investors. Most newswire services allow anyone to submit and distribute press releases, usually for a fee, but they are generally seen as a legitimate source of trustworthy news.

At the same time, the hackers went the extra mile to make sure the clipboard jacker isn’t flagged as malware. By using numerous fake accounts (so called “Ghost Networks”) they’re manipulating reputation-driven systems like VirusTotal, tricking researchers and potential users into thinking the programs are a false positive.

“Even if this campaign is not primarily aimed at large enterprises, it shows that attackers no longer rely only on classic malware distribution techniques to reach victims,” the researchers concluded. “Instead, they can manipulate reputation systems, crowd‑sourced feedback, and cross‑platform promotion to lower suspicion and attract more users.”

Via The Hacker News

• Researcher Bob Diachenko uncovers “FortiBleed,” a massive archive of 73,932 Fortinet/FortiGate VPN credentials from brute‑force and exploitation campaigns
• Data included plaintext usernames, emails, and passwords for major firms (Chevron, Samsung, Toyota, AT&T, NATO contractor, etc.), with billions of login attempts logged
• Fortinet says leak is a resharing of past incidents and brute‑forced data, urging password rotation and MFA to minimize risk

A database containing tens of thousands of login credentials for major global corporations was found sitting online, in one of the larger data leak incidents this year.

Security researcher Bob Diachenko posted a new report on LinkedIn, saying he discovered an archive of Fortinet and FortiGate VPN credentials, counting 73,932 firewall URLs.

"Massive Fortinet/FortiGate bruteforce/active exploitation campaign uncovered in action," he said.

Fortinet responds

Diachenko named the campaign “FortiBleed”, and said the archive contained usernames, email addresses, and passwords (in plaintext) for companies such as Chevron, Samsung, Foxconn, Comcast, AT&T, Mercedes-Benz, Toyota, Sinopec, and State Grid.

"Thousands of top vendor instances are listed in the files like this (see screenshot). This one alone has 21,634 domain names - from Chevron to Fortinet itself. All - with potentially working passwords to the FortiGate appliances obtained through various means."

Diachenko told BleepingComputer the archive was created by a Russian-speaking threat actor that’s been harvesting credentials for FortiGate SSL VPN instances. After analyzing the database, he concluded that the attackers brute-forced their way in, running more than 1.1 billion credential attempts against more than 320,000 FortiGate instances, as well as 2.1 billion attempts against 160,600+ Microsoft SQL Server systems.

Besides, they also nabbed SSL VPN authentication hashes which they later cracked and used to log into Active Directory environments.

Multiple organizations around the world were “fully compromised”, Dianchenko also said, stressing that a Turkish NATO defense contractor was among them. This organization allegedly lost classified documents thanks to this breach.

Multiple security outfits confirmed the authenticity of the leak, including Hudson Rock and security researcher Kevin Beaumont.

Fortinet told the publication that the database is not from a new breach, but rather a collection of secrets stolen in previous incidents.

"Based on our analysis, the data involved is a resharing of data from previous incidents, as well as bruteforcing of credentials, and is not related to any recent incident or advisory. Organizations that follow routine best practices, including regularly refreshing security credentials, as per guidance in this March blog, face minimal risk from credential compromise detail referenced in the reporting,” Fortinet said. Still, it wouldn’t hurt to rotate any Fortinet VPN passwords and set up MFA wherever it’s possible and missing.

"Fortinet continues to investigate these reports with the security of our customers as our top priority.”

Via BleepingComputer

• Microsoft confirms RoguePlanet as CVE‑2026‑50656, an elevation‑of‑privilege flaw in Defender’s Malware Protection Engine
• Disclosed by Chaotic Eclipse as a race‑condition zero‑day granting SYSTEM privileges on fully patched Windows 10/11
• Seventh exploit in their campaign; PoC validated by ThreatLocker, with Microsoft promising a fix despite ongoing feud

Microsoft has assigned a unique identifier for the recently-disclosed RoguePlanet vulnerability and confirmed it is now working on a fix.

"Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender publicly referred to as 'RoguePlanet,' the company said in a recently disclosed security advisory.

"We are working to provide a high quality security update that addresses this vulnerability. We will provide information in this CVE when the update is available."

Chaotic Eclipse's grudge

A security researcher with the alias Chaotic Eclipse recently disclosed a zero-day vulnerability in a fully patched Windows 11 device, just hours after Microsoft released its June Patch Tuesday cumulative update.

Chaotic Eclipse is waging a personal crusade against Microsoft, whom they’re accusing of being disrespectful and poorly handling vulnerability disclosures. RoguePlanet is the seventh zero-day exploit they disclosed in a matter of months. This bug, described as a “race condition vulnerability”, grants attackers SYSTEM privileges on fully patched Windows 10 and Windows 11 devices.

Before that, they also published BlueHammer, RedSun, GreenPlasma, MiniPlasma, YellowKey, and UnDefend flaws. Some of them affect Microsoft Defender, and some BitLocker and other Windows components.

They published a Proof-of-Concept (PoC) exploit in a self-hosted Git, after saying that both GitHub and GitLab repositories hosting earlier work got removed by Microsoft.

"The exploit is a race condition, so it's a hit or miss. I have managed to get a 100% success rate on some machines while it struggled to work on others," they explained. Security researchers ThreatLocker confirmed to the publication that the flaw works and even recorded a video to demonstrate how it works.

Microsoft now tracks RoguePlanet as CVE-2026-50656. Earlier it said it considered legal action when people engage in “malicious activity causing real harm to our customers”. Chaotic Eclipse seems unphased by these warnings, which some interpreted as threats.

Via BleepingComputer

• Researcher “BobDaHacker” found FIFA API flaw letting anyone hijack live TV streams and commentator feeds
• Bug stemmed from lack of authorization checks; FIFA patched quickly but did not credit the finder
• Experts warn it highlights CWE‑602 and the danger of confusing authentication with authorization

A bug in an internal FIFA system allowed anyone to modify what gets streamed to TV broadcasters, and what goes to TV commentators narrating the FIFA 2026 World Cup matches. Luckily for everyone, the bug was discovered by a white hat hacker and remedied before any malicious actors could leverage it.

Asecurity researcher with the alias BobDaHacker recently reported being able to take full control over the TV stream. They did it by registering as a player agent of FIFA’s official agent registration platform and then abusing a vulnerability in FIFA’s back-end API to access multiple internal platforms.

The vulnerability was that the API did not check the accounts for proper authorization - and as a result, they could control what people would see on their TVs during the matches, as well as what the commentators would see on their monitors.

Authentication is not authorization

“A single attacker could hijack every camera simultaneously. An attacker could have rickrolled the entire FIFA World Cup,” BobDaHacker said. We could have witnessed a “Dark Knight Rises” moment, too.

For Brett Winterford, Vice President at Okta Threat Intelligence, FIFA dodged a major bullet today: “The average global live audience of a FIFA WorldCup match is 175 million viewers. Imagine a person with the worst motivations discovers a bug that enables them to modify that livestream.”

“That bug happened. Thankfully a security researcher found it first.” Not everyone seems to be that thankful, though. According to TechCrunch, FIFA issued a fix mere hours after BobDaHacker reported it, but did not acknowledge them for their work.

Winterford believes the bug is yet another example of CWE-602: Client-Side Enforcement of Server-Side Security.

“It’s also another good reminder for developers: don’t treat authentication as authorization. Authentication deals with verifying a user is who they say they are, authorization deals with what the user is allowed to access.”

• Government filing triggered panic over alleged VRChat user data exposure
• VRChat denies any breach, calling the notice completely fabricated and misleading
• Notice claims millions of users affected through cloud system access

Confusion has emerged around claims that millions of VRChat users were affected by a major data security incident after an official publication of a breach notice.

The notice alleged that data linked to over 2.4 million users had been exposed following unauthorized access to the platform's cloud environment between May 10 and May 12 2026.

However, VRChat has disputed the report entirely, stating that it has no evidence that its systems, user data, or infrastructure were compromised.

VRChat disputes report describing exposure of 2.4 million users

The controversy began after a data incident notice appeared through the Maine Attorney General's office claiming that the information of 2,436,782 users had been leaked.

According to the notice, the exposed data includes usernames, email addresses, subscriber status, login histories, device details, hardware identifiers, IP addresses, and linked Steam or Meta account identifiers.

The document also stated that passwords, payment card information, financial records, and government identification documents used for age verification were unaffected.

The alleged incident attracted attention because VRChat is one of the largest social virtual reality platforms.

It serves millions of users who have created tens of millions of content items since launching in 2014.

However, VRChat has vehemently denied the authenticity of the report, calling it a “fake breach report.”

"VRChat did not submit this Notice of Data Incident, and the employee/email cited does not exist,” said Charles Tupper, VRChat's head of community.

“We have no reason to believe that our data or systems have been compromised. We are in the process of contacting the Maine Attorney General's office to have this removed."

Questions emerge over the authenticity of the government filing

Following the company's response, further scrutiny raised additional questions surrounding the reported breach and its origins.

Attempts to verify details listed within the notice encountered difficulties, including a phone number that was no longer operational and an email address that produced no response.

Investigations also reportedly failed to identify records linking the named employee cited within the filing to VRChat.

The company said it was working with the Maine Attorney General's office to have the notice removed while seeking clarification regarding how the report appeared.

Had the reported intrusion been genuine, it would have represented one of the larger disclosed incidents involving a virtual reality platform.

The alleged breach report also differed from many large-scale incidents because it did not mention identity theft monitoring or credit protection services commonly offered after major data exposures.

For now, the dispute leaves an unusual situation in which a government-published breach notice alleges a major compromise while the company named in the filing insists no attack occurred.

From VRChat’s rebuttal, this report seems to be an administrative error or a fabricated submission.

The latter is most likely because the perpetrators reportedly fabricated a fake notice that appeared to come from VRChat and was allegedly sent to users.

Intriguingly, the Office of the Maine Attorney General was later forced to pull its reporting portal offline after multiple fake disclosures ended up on the website - including the VRChat incident.

Another fraudulent disclosure impersonating Discord also ended up on the platform.

Via The Register

• Attackers are now targeting physical systems inside data center environments
• Power infrastructure vulnerabilities could shut down entire computing networks instantly
• Cooling system breaches may trigger overheating across server facilities

Modern data centers face a growing threat from cybercriminals who now target physical infrastructure components rather than just software systems, as attackers know compromising a single power device or climate control unit could trigger massive operational failures across entire computing facilities.

The financial stakes are extraordinarily high because downtime in these facilities often costs hundreds of thousands of dollars per hour.

Recent research from Claroty's Team82 has now uncovered severe vulnerabilities in two essential categories of data center equipment widely deployed across major facilities, raising concerns for users everywhere.

The silent risks hiding inside power and climate systems

The first set of problems affects Vertiv's Uninterruptible Power Supply (UPS) network cards, which maintain stable electricity during grid fluctuations or blackouts.

Any successful exploit of these flaws could effectively shut down every server and router depending on that power protection system.

The second discovery involves deeply buried weaknesses within Trane Tracer SC+ HVAC controllers that regulate temperatures in server rooms.

An attacker exploiting these issues could execute unauthenticated remote code and gain complete control over a building's environmental management systems without any prior access credentials.

Standard protections such as antivirus software may not fully cover these systems because they directly control physical infrastructure rather than just data.

This creates a risk where malware or targeted attacks could affect both digital services and the physical environment supporting them.

“Data centers must make a fundamental shift in how they redefine their cyber and operational resilience goals, given that a single cyber incident can lead to physical disruption, create safety hazards, or cause catastrophic downtime,” said Amir Preminger, CTO of Claroty and head of Team82.

“Our research shows that the risk to data center stability is very real and very present. Data center operators must move quickly to treat CPS protection as a business imperative to drive risk reduction and maintain operational uptime.”

Preminger also noted that increasing demand from cloud computing and AI is making these systems more critical than ever before.

The vulnerabilities were disclosed to manufacturers Trane and Vertiv, who worked with researchers to fix the issues before public release.

Data center operators need to act fast

The world now depends heavily on AI workloads running exclusively inside data centers that governments and industry increasingly treat as critical infrastructure.

Threat actors are simultaneously deploying AI-enabled attacks while targeting physical systems that sit outside traditional security perimeters.

A compromised UPS device cannot be fixed by rebooting a server because the power path itself becomes the attack surface.

Similarly, a weaponized HVAC controller could trigger automatic shutdowns across entire server rooms to prevent permanent hardware destruction.

Every data center operator must recognize that cyber-physical convergence means a single intrusion can cross from digital to physical domains almost instantly.

Securing power equipment and climate control panels against remote code execution is now just as critical as protecting customer databases.

No security team can afford to treat power gear and HVAC panels as secondary concerns behind firewalls and encryption protocols.

• Kali365 is a sophisticated phishing-as-a-service platform, also known as Octopi365 and Freedom365, that targets Microsoft accounts
• It was first detected by security firm Huntress in May 2026 when examining a slew of Microsoft 365 logins originating from China
• The FBI issues a warning detailing the process as part of a public service announcement

Phishing attacks are hardly new, with an estimated 3.4 billion malicious emails sent daily, accounting for a mammoth 1.2% of all email traffic.

Google alone blocks approximately 100 million phishing emails daily, as threat actors continue to evolve their approaches, using unique campaigns, AI-generated content, and, lately, QR codes to lure unsuspecting victims.

A recent phishing-as-a-service toolkit detected by cybersecurity company Huntress, however, stands out for its sophistication, scale, and success rate.

A sophisticated phishing service for hire

What makes Kali365 unique versus its peers is the scale at which it operates and the methods it uses. Unlike most phishing operations, it is a tool with at least 33 built-in templates that impersonate Microsoft products and services, 100 API endpoints, and role-based access control for phishing teams.

In addition to being an AI-enabled phishing, it also has a sophisticated payout pipeline, a crypto payment gateway integration, tiered access to the software suite, and, for those looking for a complete offering, a desktop application for operators.

Kali365 and its variants and clones, such as Octopi365 and Freedom365, do not, however, directly compromise or bypass MFA; instead, they use a set of highly legitimate emails and calls to action that then steal session cookies and OAuth tokens, allowing access to a victim's account.

The process itself is seamless; a potential victim sees a Microsoft website, an SSL certificate, and no warnings that they are effectively handing over access to a bad actor, who then uses their authenticated token to access their account. The AI-generated lures themselves are sophisticated, but as the FBI points out, they still require a user to be phished via email, with many impersonating "trusted cloud productivity and document-sharing services."

The more damning use of AI, however, is where Anthropic's Claude AI model is used to read intercepted email threads, score them for fraud potential, and draft convincing reply messages, complete with fabricated banking details and a manufactured sense of urgency, to be sent from the victim's own mailbox.

While the FBI's warning stands, it also somewhat acknowledges that this is not an easy phishing attempt to avoid, given the scale, the multitude of phishing attack vectors, and the "legitimate" look it has compared to most of its competition. Resolving this would require a change on Microsoft's end to close security loopholes that enable such authentication transfers, but for now, any affected individuals can only report their experiences here.

• Kaspersky found Steam Workshop wallpapers weaponized to deliver malware via Wallpaper Engine
• Dozens of malicious “application wallpapers” downloaded tens of thousands of times, spreading backdoors, infostealers, miners, and ransomware
• Valve removed the infected uploads, but users warned attackers could easily re‑upload new ones

Steam Workshop, a community platform built into Steam that allows users to share custom content, was being used to infect gamers with malware, researchers have claimed.

For at least half a year, gamers that used the platform to download certain wallpapers were being served various malware, Kaspersky recently explained.

This campaign has been running since at least late 2025, Kaspersky said - with some sources noting the majority of the victims are in Russia and China.

Dozens of malicious wallpapers

Steam is a hugely popular digital distribution platform for PC games, developed by a company called Valve. Baked into it is Workshop, a community tool where gamers can share mods, maps, skins, wallpapers, and other add-ons for games and applications.

Among other things, Steam Workshop allows gamers to use Wallpaper Engine, a desktop customization application that supports more than just “static” image wallpapers. With it, gamers can have videos, interactive animations, and even entire applications, displayed as a wallpaper.

And that is where the problem lies - hackers have been using application wallpapers as delivery mechanisms for different malware, including backdoors and cryptojackers.

"We discovered dozens of these malicious application wallpapers floating around Steam Workshop, and each one had already been downloaded thousands – or even tens of thousands – of times," Kaspersky said.

Looking deeper into the weaponized wallpapers, Kaspersky found that the malware is often either bundled in the package, or delivered inside a password-protected archive. The payload itself gets executed automatically the moment the user installs the wallpaper, it was said. In one example, Kaspersky was served a backdoor, and in another, an infostealer. Lumma and Vidar infostealers, cryptocurrency miners, botnet loaders, RanEngine, and even ransomware strains, were all being distributed this way.

Kaspersky disclosed its findings only after Steam identified and removed all of the malicious wallpaper applications. However, users should approach with caution, because there’s nothing stopping the threat actors from simply uploading new ones.

Via BleepingComputer

• Zimperium finds new Android banking trojan “Rokarolla” targeting 217 banking/crypto apps
• Distributed via spoofed sites, third‑party stores, and social media; dropper masquerades as Google Play Protect
• Steals credentials via invisible overlays, hides itself, and adds extra spying features like keystroke logging, call blocking, and screen recording

Security researchers Zimperium discovered Rokarolla, a powerful Android banking trojan capable of stealing login credentials and other valuable information from more than 200 banking and crypto applications.

Rokarolla is being distributed through standalone (spoofed) websites, third-party app stores, and social media. It was not found on the Google Play Store or other official Android repositories.

These malicious websites are advertising Google Chrome and TikTok apps, but when users download them, they first get a dropper that pretends to be Android’s built-in anti-malware solution Google Play Protect. This dropper then offers Chrome and TikTok, laden with malware.

How to spot Rokarolla

Upon installation, Rokarolla will do what most banking trojans do - ask for extensive permissions, including the Accessibility service permissions which are the usual malware red flag.

Other permissions that should be cause for concern include access to SMS and calls, as well as access to notifications.

If the victims grant all these permissions, Rokarolla will first profile the device and scan it for one of 217 banking and crypto apps.

After that, whenever the user brings up one of those apps, Rokarolla will display an invisible overlay to capture the login credentials, as well as PIN codes and unlock patterns. The trojan has numerous tricks up its sleeve to avoid scrutiny and remain hidden, including displaying fake installation screens, hiding the application icon from the app drawer, silencing audio and vibrations, and keeping the screen awake.

It can also extract contact information and WhatsApp contacts, grab keystrokes, record the screen, block incoming calls, and send screenshots.

Usually, banking trojans like Rokarolla target specific geographies and languages. Zimperium did not say which parts of the world were most at risk, or how many people were possibly infected. Those who only download apps from official repositories such as the Google Play Store or Galaxy Store are not at risk.

Via BleepingComputer

• Symantec confirms DragonForce ransomware operators used Microsoft Teams TURN relays for covert C2 traffic
• Custom Go‑based RAT “Backdoor.Turn” masked malicious activity as normal Teams communications
• First in‑the‑wild use of “Ghost Calls” technique; campaign shows highly sophisticated tradecraft with Scattered Spider links

Experts have warned cybercriminals are using Microsoft Teams relays as command-and-control (C2) infrastructure, blending malicious traffic with benign corporate communications.

In Microsoft Teams, a relay is a server that helps carry audio and video traffic when a direct connection between participants isn’t possible (for example, they’re on a corporate network or behind a firewall).

According to security researchers Symantec, in December 2025 ransomware operators DragonForce targeted a major US services company, likely abusing an unknown flaw in an SQL or MSSQL server to get a foothold on their target’s network and, among other things, deployed a custom backdoor malware called ‘Backdoor.Turn’.

Who is DragonForce?

Symantec says this backdoor abuses the Traversal Using Relays around NAT (TURN) protocol, a feature Teams uses when two (or more) participants cannot establish a direct connection. That way, defenders only see Teams traffic which isn’t usually scrutinized.

BleepingComputer says this technique was first demonstrated in 2025 by Praetorian, who dubbed it ‘Ghost Calls’, however this is the first time anyone’s actually used it in the wild.

“Backdoor.Turn, a Go-based RAT, is the first known malware to abuse Microsoft Teams' TURN relay servers to mask command-and-control traffic,” Symantec said.

DragonForce is an old group, by ransomware standards, first spotted back in 2023. It has been linked to the infamous Scattered Spider organization and, back in 2025, adopted a drug cartel model.

By offering a white-label affiliate model, it allows others to use their infrastructure and malware while branding attacks under their own name With this model, affiliates don’t need to manage the infrastructure and DragonForce takes care of negotiation sites, malware development and data leak sites.

Symantec said that the attackers running this campaign “use exceptionally sophisticated cyber tradecraft”. A full list of Indicators of Compromise (IoC) can be found on this link.

• Cybernews found exposed Elasticsearch database with 24 billion plaintext credentials from 36 sources
• Archive (~8TB) compiled infostealer logs, Telegram leaks, and prior breach data; regularly updated
• Owner unknown; mix of English/Russian sources, including 260M records tied to “Darkside” channels

A colossal database containing 24 billion records was found sitting on the internet, available to anyone who knew where to look, including usernames, passwords, and login URLs, all stored in plaintext.

The Elasticsearch database was discovered earlier this month by security researchers from Cybernews, who believe it is a compilation of different logs generated by various infostealers.

“The credential data leak is dangerous simply because of its enormous size,” Cybernews said. “Since the data leaked online, billions of affected accounts are at serious risk of takeovers, especially if they are not protected with multi-factor authentication.”

Identity unknown

The archive was locked down soon after being discovered, barring the Cybernews team from doing any deeper analysis - although they did manage to determine that the information came from 36 different sources, “varying from Telegram channels to combined data collections of previous data breaches and datasets exported directly from live target servers.”

The archive was more than eight terabytes in size makint it among the biggest archives ever discovered. Unfortunately, it is impossible to determine how many of the entries are duplicate, although it’s safe to assume that at least some of them are.

Cybernews also wasn’t able to determine the age of the findings but stressed that based on the February 2026 news article contained in the data leak, it could conclude that the cluster was being regularly updated.

The identity of the database’s owner remains a mystery. Most of the Telegram sources listed inside were in English, but some were also in Russian. Furthermore, around 260 million records came from Telegram channels with the work “Darkside” in them, referencing a now defunct ransomware group that was responsible for the catastrophic attack on Colonial Pipeline a few years ago.

Whoever it is, they seem to be actively monitoring the cybersecurity landscape and updating the collection frequently.

• Check Point Research warns summer vacation scams are surging, with hospitality/travel firms hit by 2,291 weekly attacks in May 2026 alone
• Attack volume doubled vs. May 2023; 47k+ new travel domains registered, 1 in 112 already flagged malicious
• Booking, Airbnb, and Skyscanner spoofed; travelers urged to verify domains before entering personal or payment data

Scams targeting people looking to book their summer vacations are spiking, researchers have claimed - and not only that, but the volume of attacks is significantly larger than last year, or the year before, indicating a growing problem.

Security experts Check Point Research found that in May 2026 alone, the hospitality, travel, and recreation sector recorded 2,291 average weekly cyberattacks per organization. The attacks rose 24% month-over-month, while the volume more than doubled compared to May 2023.

Cumulatively, over the last three years, the company found there has been a 122% increase in attacks on the industry.

Spoofed website

At the same time, the global year-over-year rise across all industries was just 2% which, CPR argues, means criminals are specifically targeting holiday-goers:

“This is not a general uptick in cyber crime that happens to touch travel. It is a deliberate, seasonal intensification targeting an industry that processes enormous volumes of personal and financial data precisely when people are distracted, rushing, and eager to secure a good deal."

A major part of these scams are phishing emails and fraudulent, spoofed websites, and these have shot up significantly. In May 2026alone, CPR says there were 47,318 new travel-related domains registered, which is up 33% from April and up 19% compared to May last year.

To make matters even worse, among these domains one in every 112 is already classified as either malicious, or suspicious. That doesn’t mean that the other 111 are legitimate, it simply means many others are laying dormant for now, waiting to be activated as summer traffic peaks.

If you are looking to book a flight, or accommodation, any time soon, make sure to double-check the domain you’re visiting, since major platforms like Booking, Airbnb, and Skyscanner, have already been spoofed thousands of times with fake websites stealing sensitive data and even money.

• Legitimate software is now the most dangerous weapon in a hacker's arsenal, HP warns
• Tax deadline phishing emails are opening doors that security scanners never flag
• Fake dating app downloads are delivering full remote access to attackers instantly

Cybercriminals are exploiting legitimate remote access applications such as LogMeIn and ScreenConnect to take control of victim devices without triggering standard security alerts, experts have warned.

HP's latest Threat Insights Report, covering January through March 2026, documents how attackers are deliberately blending malicious activity into normal IT behavior to avoid detection.

The report draws on data from millions of endpoints running HP Wolf Security across the period under review, and found the campaigns follow a consistent pattern built around social engineering rather than technical exploits.

How trust becomes the weapon

Legitimate software becomes the perfect disguise precisely because security tools are least likely to flag applications they already recognize and trust.

When an attacker controls a familiar remote access tool on a victim's device, nothing in the security stack raises an alarm.

That invisibility starts at the very first step — attackers used tax year-end phishing emails and fake desktop application downloads, including fraudulent dating website installers, to persuade users into installing remote access tools that they control.

Once installed, those tools gave attackers total device control while appearing indistinguishable from routine IT activity.

"What stands out in these campaigns is how easily legitimate remote access tools are being turned into entry points for attackers," said Patrick Schläpfer, Principal Threat Researcher at HP Security Lab.

"By combining trusted software with carefully designed social engineering — tied to events like the end of the tax year — it's getting even harder to distinguish what can and can't be trusted."

Separate campaigns uncovered in the same period used fake cryptocurrency wallet recovery tools distributed through code-sharing platforms and media download sites.

Those tools, rather than helping users recover lost wallets, harvested credentials, wallet data, and system information before packaging everything into archive files for exfiltration.

The emoji-heavy scripts used in these attacks showed characteristics consistent with AI-assisted coding.

This suggests that vibe coding tools are now lowering the barrier for building functional malware.

Malware hides in plain sight

HP's report also documented ClickFix campaigns disguising malware as audio files through convincing fake websites and realistic CAPTCHA prompts.

Victims unknowingly execute the malicious code in the background while believing they were completing routine security checks.

At least 11% of email threats identified by HP Wolf Security during the period bypassed one or more email gateway scanners entirely.

Executable files accounted for the largest share of malware delivery at 39%, followed by archive files at 38% and PDF documents at 10%.

"These attacks don't look like break-ins — they look like business as usual, blending in with normal IT activity and avoiding the warning signs associated with malware," said Alex Holland, Principal Threat Researcher at HP Security Lab

Holland added that organizations should restrict unnecessary privileges, control software installation, and isolate risky activity such as downloads and unknown links.

Enterprise security teams are advised to adjust their defenses to account for attacks that look legitimate, rather than suspicious.