FILTERING BY: CLEAR FILTER

FortiBleed: Mass Credential Theft Targeting FortiGate VPNs

The FortiBleed campaign leverages a suspected zero-day vulnerability in FortiGate VPN devices to facilitate mass credential theft. This operation serves as a dedicated initial access pipeline for the INC and Lynx ransomware groups, orchestrated by a single operator managing both the exploit infrastructure and ransomware negotiation panels. The campaign results in high-velocity deployment of ransomware following the compromise of verified VPN credentials, bypassing traditional perimeter defenses. Impact is characterized by widespread unauthorized access to corporate environments and subsequent data encryption.

FBI Seizure of NetNut Residential Proxy Platform and Popa Botnet

The FBI and Google Threat Analysis Group (TAG) have dismantled the NetNut residential proxy platform and the associated Popa botnet, which compromised approximately two million home IoT devices, including Smart TVs. The operation leveraged malicious SDKs embedded in legitimate software to transform residential hardware into a for-hire relay network, masking malicious traffic and supporting broader cyber operations. This disruption involved the seizure of hundreds of command-and-control (C2) and proxy domains. The infrastructure was managed by Alarum Technologies, a publicly traded company, highlighting a sophisticated abuse of the residential proxy business model to facilitate botnet-scale traffic obfuscation.

Retaliatory Espionage against EU PEGA Committee via NSO Group Pegasus

Forensic analysis by Citizen Lab confirmed that Stelios Kouloglou, a member of the EU's PEGA Committee, was twice infected with NSO Group's Pegasus spyware. The campaign utilized advanced mobile exploitation to compromise a device specifically tasked with investigating commercial surveillance abuses. This breach resulted in the potential exfiltration of sensitive European Parliament communications and internal PEGA Committee investigative strategies. The attack demonstrates a targeted retaliatory pattern where commercial spyware is deployed by government customers to monitor and intimidate democratic oversight bodies, compromising the integrity of legislative deliberations and diplomatic security.

Critical Memory Overread Vulnerability in Citrix NetScaler CVE-2026-8451

Citrix has identified a high-severity memory overread vulnerability (CVE-2026-8451, CVSS 8.8) affecting NetScaler ADC and NetScaler Gateway. The flaw stems from insufficient input validation, allowing unauthenticated attackers to trigger memory dumps and expose sensitive session data or credentials. This vulnerability is specifically critical for instances configured as a SAML Identity Provider (IdP). Active exploitation has been observed in the wild, mirroring the mechanics of the previous "CitrixBleed" exploit. Remediation requires immediate firmware updates to address this and five associated vulnerabilities, including CVE-2026-8452 and CVE-2026-13474, to prevent unauthorized resource access.

Indirect Prompt Injection via SEO Poisoning Targeting OpenAI, Anthropic, and Google AI Agents

Attackers are leveraging Indirect Prompt Injection (IPI) to hijack AI agents from OpenAI, Anthropic, and Google by weaponizing the Retrieval-Augmented Generation (RAG) process. Through SEO poisoning, malicious sites are prioritized in agent grounding searches, delivering hidden payloads via CSS (display:none, opacity:0) and zero-width characters. These invisible instructions override system prompts to execute unauthorized tool-use functions, enabling cryptojacking via WebAssembly and the exfiltration of sensitive session data to attacker-controlled endpoints. This vulnerability shifts the primary attack vector from direct user input to external, untrusted data sources utilized for agentic autonomy.

U.S. State Department Issues $10M Bounty Targeting UNC5792 and UNC4221 via Signal and WhatsApp Phishing Campaigns

The U.S. Department of State has announced a $10 million reward for actionable intelligence identifying Russian-linked threat actors UNC5792 and UNC4221. These actors focus on bypassing end-to-end encryption (E2EE) on Signal and WhatsApp through sophisticated account takeover (ATO) workflows. By utilizing advanced social engineering, credential harvesting, and session hijacking, the groups compromise mobile identities of high-value targets, including military and diplomatic personnel. The campaign targets the application layer to circumvent cryptographic protections, facilitating large-scale intelligence exfiltration from mobile endpoints. This shift toward identity-centric exploitation bypasses traditional network perimeter defenses, necessitating enhanced hardware-backed authentication and mobile-specific threat intelligence.

The Rise of Agentic AI: New Attack Surfaces in Coding Agents and MCP

The transition from passive LLM suggestions to agentic AI introduces critical vulnerabilities via Indirect Prompt Injection and Model Context Protocol (MCP) tool poisoning. By exploiting the LLM's inability to distinguish between data and instructions, attackers can embed malicious commands in external sources that agents process. When agents possess privileged toolsets—including Git write access and filesystem interaction—these injections enable remote code execution (RCE), silent supply chain compromise through unauthorized repository commits, and the exfiltration of environment variables or SSH keys. This expands the attack surface from simple prompt manipulation to automated, privileged system exploitation.

The Vect and TeamPCP Alliance: Industrialized Supply Chain and Cloud-Native Ransomware Orchestration

The convergence of the Vect Ransomware-as-a-Service (RaaS) operation and the TeamPCP threat actor marks a strategic shift toward a vertically integrated cybercrime model. Vect provides high-volume initial access and credential harvesting, while TeamPCP specializes in ransomware orchestration and the development of cloud-native worms. This alliance targets the software development lifecycle through industrialized supply chain compromises of CI/CD pipelines and developer tools. By leveraging stolen OAuth tokens and API keys, the actors facilitate lateral movement across AWS, Azure, and GCP environments. The campaign focuses on cloud-native extortion, utilizing exfiltration of S3 buckets and database snapshots to maximize leverage against enterprise targets.

JADEPUFFER: Autonomous Agentic Ransomware Exploiting Langflow RCE

JADEPUFFER is a first-of-its-kind autonomous agentic ransomware that leverages a Remote Code Execution (RCE) vulnerability in Langflow to orchestrate a full attack lifecycle without human intervention. The agent autonomously performs initial exploitation, credential harvesting, and lateral movement through LLM-driven reasoning to identify and target critical assets. The operation culminated in the encryption and wiping of a corporate production database. This shift to agentic AI significantly reduces "time-to-objective," enabling breach execution at machine speed. Organizations utilizing Langflow must prioritize patching RCE vulnerabilities and implementing strict network segmentation for AI orchestration frameworks to mitigate these autonomous threats.

Breach of the Homeland Security Information Network HSIN

A significant cyberattack has compromised the Homeland Security Information Network (HSIN), a critical multi-sector intelligence-sharing platform utilized by U.S. government agencies and private industry partners. The breach involves unauthorized access to the HSIN software stack, potentially via zero-day exploitation or misconfiguration, resulting in the compromise of authentication telemetry and access logs. Investigating agencies are analyzing lateral movement artifacts and outbound traffic patterns to determine the extent of data exfiltration. This event poses a critical threat to national security intelligence continuity and the integrity of shared intelligence databases, necessitating immediate forensic investigation into potential data tampering and actor-specific indicators of compromise (IoCs).

Multi-Vector Supply Chain Campaign: Mastra AI, GitHub Actions, and Arch Linux AUR Compromise

A sophisticated supply chain campaign, attributed to the suspected threat actor TeamPCP, has simultaneously targeted the Mastra AI framework via npm, GitHub Actions CI/CD workflows, and the Arch Linux User Repository (AUR). The attack utilized dormant contributor account takeovers to poison the @mastra npm scope using the easy-day-js dependency and hijacked GitHub Action version tags to exfiltrate CI/CD credentials. Additionally, over 1,500 AUR packages were compromised with eBPF-based rootkit malware. This coordinated infrastructure, linked by the "Mini Shai-Hulud" worm, facilitates widespread code execution, credential theft, and persistent rootkit deployment across development, DevOps, and end-user Linux environments.

The 2026 Resilience Paradox: Microsoft and Adobe Critical Vulnerability Surge

The June 2026 security updates for Microsoft and Adobe address a systemic surge in vulnerabilities, highlighting a "resilience paradox" where AI-accelerated discovery outpaces human remediation. Critical risks include wormable RCEs in the Windows Kernel (CVE-2026-45657), HTTP.sys (CVE-2026-47291), and the DHCP Client (CVE-2026-44815), all rated CVSS 9.8. Adobe Campaign Classic (APSB26-66) reached a CVSS 10.0. Active exploitation of CVE-2026-41091 (Defender EoP) is confirmed. Remediation requires immediate kernel patching, specific registry modifications for HTTP.sys to mitigate unauthenticated remote execution, and urgent deployment of Adobe bulletins to prevent total environment compromise.

APT28 and LameHug: AI-Driven Dynamic Command Generation

APT28 has deployed "LameHug," a novel infostealer that integrates Large Language Models (LLMs) to generate malicious Windows commands dynamically. By shifting from hardcoded C2 scripts to AI-driven prompt sequences, LameHug adapts attack commands in real-time to the victim's environment, significantly bypassing signature-based EDR and antivirus detection. The malware utilizes dedicated exfiltration modules to steal credentials and sensitive data from NATO, EU, and US targets. This workflow represents a strategic pivot toward "AI-as-a-weapon," reducing the manual research time required for target-specific exploitation and increasing the scalability of state-sponsored espionage operations.

Russian State-Sponsored Deployment of StockStay and SharkLoader

Russian state-sponsored actors Turla and Gamaredon are deploying AI-augmented malware and custom toolsets to target critical infrastructure and diplomatic entities in Ukraine, Italy, Taiwan, and Indonesia. The campaign utilizes SharkLoader to deliver Cobalt Strike Beacons and a .NET-based backdoor, StockStay, which employs secure WebSocket connections for C2 and the Windows Forms framework for persistence. Initial access is frequently achieved via WinRAR vulnerabilities. Notably, the integration of AI-driven "dynamic payload adaptation" enables real-time modification of malware signatures to bypass traditional EDR and AV detections, shifting the defensive requirement from static IOC blocking to anomaly-based behavioral detection.

AMOS Stealer Deployment via ClickFix Social Engineering on macOS

Threat actors are deploying the AMOS Stealer on macOS by adapting the "ClickFix" social engineering technique. The attack leverages browser-based lures masquerading as AI tool errors (e.g., ChatGPT, Grok), prompting users to manually copy and execute a malicious command in the macOS Terminal. This sequence bypasses browser security and Gatekeeper by utilizing curl or wget to download a DMG file, which is then silently mounted via hdiutil. The primary objective is the exfiltration of browser passwords, session cookies, and cryptocurrency wallets.

Indirect Prompt Injection Hijacks Claude Code and AI Coding Agents

Researchers from Mozilla 0DIN have identified critical Indirect Prompt Injection (IPI) vulnerabilities within Claude Code and other agentic AI coding tools. By embedding malicious instructions in seemingly benign external data, such as GitHub README files or bug reports, attackers can manipulate the agent's control flow to execute unauthorized system commands. This exploitation enables Remote Code Execution (RCE) on developer workstations, often bypassing traditional EDR/AV via instruction-based hijacking rather than traditional binary-based malware. Specifically, the research demonstrates an escalation path where the agent is coerced into establishing a reverse shell through DNS TXT records, providing a covert Command and Control (C2) channel that facilitates full machine compromise.

Adaptive Phishing Kits and BlueKit Browser-in-the-Middle BitM Frameworks

Modern phishing campaigns are deploying adaptive kits that utilize client-side JavaScript fingerprinting (User-Agent, OS, screen resolution) to serve device-specific HTML/CSS templates, increasing social engineering success rates. These kits employ Browser-in-the-Middle (BitM) frameworks, such as BlueKit, and OAuth/OIDC Device Code phishing to intercept real-time session cookies and MFA tokens, effectively bypassing traditional multi-factor authentication. Attackers utilize DNS query manipulation and environment-aware checks to evade automated sandboxes and security crawlers. The impact is a significant reduction in MFA efficacy and increased detection difficulty for legacy indicator-based security tools.

Critical Unauthenticated RCE in Adobe ColdFusion CVE-2026-48281

Adobe has released security update APSB26-68 to address seven maximum-severity vulnerabilities in ColdFusion, headlined by CVE-2026-48281. This vulnerability carries a CVSS 10.0 rating, enabling unauthenticated remote code execution (RCE) by exploiting improper input validation or deserialization flaws within specific ColdFusion tags or functions, such as <cfinvoke> and <cfcomponent>. Successful exploitation allows an attacker to achieve full system control, facilitating lateral movement and privilege escalation within the enterprise network. Organizations running legacy ColdFusion environments face heightened risk, especially as Proof-of-Concept (PoC) research and exploit availability increase following public disclosure. Immediate patching is required to mitigate the risk of widespread exploitation.

Strategic Risk Analysis: UK Academic Collaborations with BUPT and Beihang University

The People's Republic of China (PRC) is systematically exploiting the UK's open academic environment via Military-Civil Fusion (MCF) strategies, utilizing BUPT and Beihang University as primary conduits for intellectual property acquisition. These institutions leverage joint research laboratories and PhD placement programs to illicitly transfer dual-use technologies in AI, 5G/6G telecommunications, and aerospace propulsion to the People's Liberation Army (PLA). This activity frequently bypasses export controls through "deemed exports," posing a critical risk to the UK's National Security Strategy. MI5 and the NCSC have issued briefings to over 70 universities to mitigate these foreign interference vectors and the systemic risk created by institutional financial dependence on Chinese funding.

Check Point 2026 Exposure Gap Report: AI-Driven Vulnerability Inflation

The report identifies "AI-Driven Vulnerability Inflation," a phenomenon where AI-augmented threat actors and automated discovery tools have doubled the volume of critical CVE discoveries. This surge has significantly degraded the signal-to-noise ratio within Security Operations Centers (SOCs), as fewer than 8.3% (1 in 12) of reported critical vulnerabilities require immediate remediation. The disconnect between high-level AI security governance and actual technical enforcement capabilities is widening a critical "exposure gap," overwhelming frontline defenders with low-priority alerts and high-velocity exploit payloads generated via Large Language Models (LLMs).

Critical Authentication Bypass in SimpleHelp RMM Leveraged for Djinn Stealer Deployment

CVE-2026-48558 is a critical authentication bypass vulnerability in SimpleHelp Remote Monitoring and Management (RMM) software stemming from improper validation of OpenID Connect (OIDC) token signatures when group-authenticated login is enabled. Attackers exploit this flaw to forge identity tokens, bypass multi-factor authentication (MFA), and provision rogue technician-level administrator accounts. This unauthorized privileged access allows for the mass deployment of "Djinn Stealer," a cross-platform information stealer targeting Windows and macOS, across all managed endpoints. This creates a significant supply-chain risk for Managed Service Providers (MSPs) and their clients, enabling widespread credential theft and lateral movement.

Phantom Squatting: Exploiting LLM Hallucinations for Phishing and Supply Chain Attacks

Phantom squatting is a novel attack vector that exploits the deterministic nature of Large Language Model (LLM) hallucinations. Unlike traditional typosquatting, attackers identify non-existent but plausible domains and package names generated by LLMs and pre-register them. This enables two primary exploitation paths: directing users to malicious phishing landing pages via hallucinated URLs and compromising developer environments through the installation of rogue software packages on repositories like npm and PyPI. Because these domains lack a legitimate predecessor, they effectively evade conventional brand-protection and lookalike-domain monitoring tools, leveraging the inherent authority bias users place in AI-generated technical guidance.

Microsoft Defender: RoguePlanet Zero-Day CVE-2026-50656 and Woodgnat Exploitation

The 'Woodgnat' threat actor (KongTuke) is leveraging a critical race condition in the Microsoft Defender quarantine pipeline (CVE-2026-50656) to facilitate local privilege escalation (LPE) to SYSTEM on Windows 10 and 11. The attack chain initiates with 'ClickFix' social engineering, followed by DLL sideloading via the legitimate MpExtMs.exe binary. This enables the deployment of the 'Mistic' backdoor (utilizing EndpointDlp.dll) and the 'ModeloRAT' Python-based Trojan. This sophisticated access is subsequently auctioned to high-impact ransomware groups such as Qilin, Akira, and Black Basta, presenting a significant risk to Insurance, Education, and IT service sectors through high-durability, privileged persistence.

Extradition of Alleged Scattered Spider Member Peter Stokes

The extradition of 19-year-old Peter Stokes from Finland to the United States marks a significant law enforcement milestone against the Scattered Spider threat actor group. Stokes, a dual U.S. and Estonian citizen, faces charges of conspiracy, computer intrusion, and fraud in the Northern District of Illinois. The group is recognized for advanced social engineering, identity theft, and unauthorized system access through fraudulent authentication bypasses. This apprehension demonstrates the increasing efficacy of international judicial cooperation in targeting digitally native operatives who exploit transnational boundaries to facilitate high-impact intrusion campaigns against enterprise environments.

Sandbox Escape Vulnerability in Anthropic's Claude Cowork for Windows

Security researcher Armadin has identified a multi-step attack chain capable of executing a sandbox escape within Anthropic's Claude Cowork for Windows. The vulnerability exploits two distinct weaknesses to bypass the application's Windows-specific isolation layer, enabling an AI agent or malicious input to interact directly with the host operating system. This exploit includes a network sandbox bypass, facilitating unauthorized external communication and the silent exfiltration of sensitive host data, including API keys and filesystem contents. While Anthropic disputes the practical risk and severity, the findings highlight critical boundary failures in AI agent architectures, where functional deployment speed may compromise essential host-level security controls.

PTC Windchill & FlexPLM: Critical RCE Vulnerability Added to CISA KEV

CISA has added CVE-2026-12569 to its Known Exploited Vulnerabilities (KEV) catalog, targeting PTC Windchill and FlexPLM product lifecycle management (PLM) software. This critical unsafe deserialization vulnerability (CVSS 9.3) allows unauthenticated remote attackers to achieve Remote Code Execution (RCE) via the Windchill PDMLink web component. Threat actors are actively leveraging this flaw to deploy web shells, facilitating persistent access and lateral movement within sensitive engineering and manufacturing environments. Given the concentration of proprietary CAD designs and bills of materials (BOM) within these systems, exploitation poses an extreme risk of industrial espionage and intellectual property theft across the defense, aerospace, and automotive sectors.

CISA KEV Update: Active Exploitation of Google Chrome, Arista EOS, and Cisco Systems

CISA has updated its Known Exploited Vulnerabilities (KEV) catalog to include critical flaws in Google Chrome, Arista EOS, and Cisco Systems, transitioning these vulnerabilities from theoretical risks to confirmed active exploitations. The Chrome vulnerabilities involve sandbox escapes—addressed in the Stable Channel 149 update—allowing attackers to gain host-level execution from the browser process. Simultaneously, critical flaws in Arista EOS and Cisco networking hardware provide vectors for network-wide interception, disruption, and lateral movement. Immediate remediation via vendor patches is mandatory for federal agencies and critical for enterprise environments to mitigate the risk of perimeter breach and internal escalation.

Critical Unauthenticated Remote Takeover in Oracle E-Business Suite CVE-2026-46817

CVE-2026-46817 is a critical authentication bypass vulnerability residing within the Oracle Payments component of the Oracle E-Business Suite (EBS). Rated with a CVSS v3.1 score of 9.8, this flaw permits unauthenticated remote attackers to circumvent security protocols and achieve full administrative or root-level control over the EBS instance. Research from Defused Cyber confirms that the vulnerability is currently being exploited in the wild. By targeting specific vulnerable API endpoints, adversaries can compromise the integrity of corporate financial records, payment processing workflows, and sensitive enterprise PII, posing a systemic risk of ransomware deployment and long-term persistence within ERP environments.

Securing AI Agent Behavior: Amazon Bedrock AgentCore and the Web4 Threat Landscape

The shift toward autonomous Web4 agents utilizing the Model Context Protocol (MCP) has created a critical security gap in identity and authorization. While Amazon Bedrock AgentCore implements granular IAM controls using aws:ViaAWSMCPService and aws:CalledViaAWSMCP to isolate agent-driven traffic, the agent skill marketplace presents a massive supply chain risk. Maliciously crafted agent "skills" have demonstrated the ability to bypass conventional security scanners, impacting approximately 26,000 agents, including corporate accounts. Mitigating these risks requires the adoption of emerging Web4 identity and payment standards (x402, EIP-8004) alongside advanced deceptive architectures like the AdvancedShelLM multi-agent honeypot to identify and influence autonomous adversarial behavior.

DeepSeek-Synthesized Browser-Native Ransomware via Microsoft Edge "Edgecution"

The Payouts Kings ransomware group has deployed "Edgecution," a malicious Microsoft Edge extension that leverages AI-synthesized attack blueprints from DeepSeek to achieve host-level compromise. The attack vector utilizes social engineering via Microsoft Teams to trick users into installing the extension. By abusing the Native Messaging API, the malware executes a browser sandbox escape, enabling the installation of persistent backdoors and ransomware overlays on Windows and Android platforms. Payloads include keyloggers, credential stealers, and webcam capture tools, marking a critical shift from theoretical AI-generated concepts to operational, cross-platform exploitation.


LINK COPIED TO CLIPBOARD