Mirage2FA Phishing Kit Uses HTML Smuggling to Steal Microsoft 365 Credentials – Help Net Security

, ,

Researchers at Fortra uncovered Mirage2FA, a phishing kit that uses HTML smuggling and obfuscated JavaScript to deploy fake Microsoft 365 login pages, tricking users into submitting credentials and multi-factor authentication details. The campaign employs business-themed lures and short-lived domains to carry out Microsoft 365 account takeovers, potentially exposing email, files, Teams messages, and other cloud resources. Users affected are advised to reset passwords, revoke sessions, review MFA methods, and check for unauthorized mailbox access.

https://www.helpnetsecurity.com/2026/06/26/mirage2fa-phishing-kit-microsoft-365-html-smuggling/

What Do Ports Hear When Nobody’s Listening? An Assessment of Automated Cybercrime

, ,

An analysis of honeypot data reveals that the background noise of automated scans on public-facing ports is a complex multi-tiered ecosystem of botnets and malware campaigns, ranging from rudimentary IoT exploits to sophisticated fileless attacks targeting both consumer devices and enterprise infrastructure. Operators like Terrabot and r00ts3c demonstrate flawed but persistent automation exploiting known vulnerabilities, while advanced campaigns like RondoDox utilize decentralized residential bots to conduct coordinated, evolving attacks with techniques such as Log4Shell evasion and targeted command injection. This ongoing shadow economy uses high-volume automation and imperfection in defenses to maintain persistence and adaptation, highlighting the importance of monitoring structural patterns in network noise for effective threat detection.

https://isc.sans.edu/diary/33104?n

Europe Evolves Into Ransomware’s Favorite Region

, , ,

Ransomware attacks in Europe surged by 55% in early 2026 compared to the previous year, with 684 incidents recorded by Black Kite across the continent, particularly targeting major economies like the UK, Germany, France, Italy, and Spain. Attackers are focusing on manufacturing and digital services sectors to exploit supply chain vulnerabilities, and growing reliance on third- and multi-tier vendors increases organizational risk, highlighting the need for enhanced visibility and risk management across entire vendor ecosystems.

https://www.darkreading.com/cybersecurity-analytics/europe-evolves-ransomware-favorite-region

Vulnerability Reports Are Not Special Anymore

,

Filippo Valsorda argues that vulnerability reports have lost their special status due to advances in large language models (LLMs), which can now identify potential security issues as effectively as human researchers. This shift diminishes the scarcity and confidentiality that once made vulnerability reports valuable, making the main challenge for maintainers triage and remediation rather than discovery. The article suggests security teams should adapt by focusing on rapid assessment and integrating automated LLM analysis into their workflows while recognizing some high-severity or trusted-source reports still require special handling.

https://words.filippo.io/vuln-reports/

‘Deepfake as a Service’ Sees 39% Spike in Dark Web Conversations — and Experts Fear It Will Fuel the Next Wave of “Fake Boss” Scams

, , ,

Discussions about “deepfake as a service” have surged by 39% on dark web forums, raising concerns among experts that this trend could intensify “fake boss” scams, where attackers impersonate executives to deceive employees. The rise of easily accessible deepfake technology lowers barriers for cybercriminals to conduct sophisticated social engineering attacks. Experts warn that this development may lead to more convincing and frequent fraud attempts targeting organizations.

https://www.techradar.com/pro/security/deepfake-as-a-service-sees-39-percent-spike-in-dark-web-conversations-and-experts-fear-it-will-fuel-the-next-wave-of-fake-boss-scams

Hundreds of AI-powered iOS Apps Found Exposing Credentials

,

Researchers from Wake Forest University analyzed 444 iOS apps with AI features and found that 282 exposed exploitable credentials or backend access, affecting diverse categories like productivity and health. Despite responsible disclosure, only 28% of the vulnerable apps remediated the issue, while 23% remained exploitable due to lack of action or flawed authentication. The study highlights systemic credential leakage in AI-powered iOS apps, posing ongoing security risks beyond individual developers and providers.

https://www.helpnetsecurity.com/2026/06/22/llm-api-credential-leakage-ios-apps/

OpenAI Expands Daybreak With GPT-5.5-Cyber to Help Defenders Patch Security Flaws

,

OpenAI has released an enhanced GPT-5.5-Cyber model through its Daybreak initiative to assist trusted defenders in identifying, validating, and patching software vulnerabilities across large codebases. Alongside an updated Codex Security plugin, this cybersecurity tool streamlines vulnerability detection, triage, and remediation, while the new Patch the Planet project partners with open-source communities to improve security by collaboratively developing and deploying patches. These efforts address the rapid escalation of vulnerabilities accelerated by AI, aiming to support maintainers in securing critical infrastructure despite increasing exploitation risks from advanced threat actors.

https://thehackernews.com/2026/06/openai-expands-daybreak-with-gpt-55.html

What the Latest ShinyHunters Breaches Reveal About Modern Cyberattacks

, , , ,

The recent breaches attributed to the ShinyHunters cybercrime group highlight a shift in modern cyberattacks toward exploiting identities, authentication workflows, and SaaS integrations rather than traditional software vulnerabilities. Attackers increasingly use stolen credentials, compromised OAuth tokens, social engineering, and abuse of legitimate access privileges to bypass perimeter defenses, demonstrating that identity has become the primary battleground in enterprise security. This trend exposes limitations in conventional security tools and underscores the need for continuous identity threat detection, risk-based authentication, and stricter access governance to prevent and mitigate such identity-centric attacks.

https://www.securityweek.com/what-the-latest-shinyhunters-breaches-reveal-about-modern-cyberattacks/

Agentjacking Attack Tricks AI Coding Agents Into Running Malicious Code

, ,

Researchers have identified a new attack called Agentjacking that deceives AI coding agents into executing malicious code by exploiting a flaw in Sentry's error-tracking platform. By injecting crafted error events via a public Sentry Data Source Name (DSN), attackers can trick AI assistants into interpreting them as trusted instructions, enabling code execution with developer privileges and exposing sensitive data. Despite acknowledgment, Sentry has not fully fixed the issue, leaving many organizations vulnerable to exploitation without traditional detection methods.

https://thehackernews.com/2026/06/agentjacking-attack-tricks-ai-coding.html

Early Warning Signs of Supply-Chain Attacks Live in the Dark Web

,

Early warning signs of software supply-chain attacks often appear in dark web forums and marketplaces through sales of access to developer accounts, private repositories, source code, API keys, and SaaS integrations, which attackers can exploit to compromise trusted software components and deployment processes. Flare researchers highlight that monitoring such underground activity—beyond traditional vulnerability alerts—can help detect potential supply-chain threats before they escalate into full incidents, as access to these resources can expose critical credentials and trusted relationships crucial to supply-chain security.

https://www.bleepingcomputer.com/news/security/early-warning-signs-of-supply-chain-attacks-live-in-the-dark-web/

Microsoft Confirms RoguePlanet Defender Zero-Day, Says Patch Is in Development

, ,

Microsoft has confirmed a privilege escalation zero-day vulnerability in Microsoft Defender, known as RoguePlanet (CVE-2026-50656), and is developing a patch to address it. The flaw, disclosed by researcher Chaotic Eclipse, exploits a race condition that can grant SYSTEM-level access regardless of Defender’s real-time protection setting.

https://thehackernews.com/2026/06/microsoft-confirms-rogueplanet-defender_02022423645.html

88% of People Struggle to Tell What’s Real Online

,

A Malwarebytes survey of 1,500 adults across several countries found that 88% of people struggle to distinguish real online content from AI-generated fakes, with 85% reporting difficulty telling scams from genuine interactions—an increase from 66% last year. Half of respondents have encountered AI-driven fraud, including AI-generated product photos and personalized scams, while 19% experienced AI-related identity harms like non-consensual explicit content creation. The findings highlight growing challenges in online trust and identity due to AI-enabled deception, urging increased awareness and protective measures.

https://www.malwarebytes.com/blog/ai/2026/06/88-of-people-struggle-to-tell-whats-real-online

ClickFix Campaigns Expand Malware Delivery With New Loaders and Fake Update Lures

,

Recent ClickFix malware campaigns have expanded their delivery methods using new loaders—BabaDeda, Lorem Ipsum, and Potemkin—deployed via fake update lures and compromised websites. These campaigns employ sophisticated techniques like PowerShell execution, DLL side-loading, and domain generation algorithms to deploy information stealers, remote access trojans, and ransomware, targeting diverse sectors including education, finance, and legal services. Despite disruptions to previous malware-signing operations, threat actors have adapted by shifting to ClickFix social engineering attacks that exploit user trust to execute malicious payloads and maintain persistent access.

https://thehackernews.com/2026/06/clickfix-campaigns-expand-malware.html

Amazon Security Research Reportedly Led to the White House’s Anthropic Fable Ban

, ,

Amazon's security research reportedly prompted the White House to impose export controls restricting foreign access to Anthropic's AI models Fable 5 and Mythos 5 after Amazon demonstrated the models could be manipulated to provide information useful for cyberattacks. CEO Andy Jassy's discussions with U.S. officials led to the directive, although Anthropic has contested the characterization of these vulnerabilities, noting similar issues exist in other publicly available models like GPT 5.5. This move has raised concerns as many of Anthropic’s researchers are foreign-born, effectively barring them from their own AI tools amid ongoing tensions between the company and the U.S. government.

https://www.theverge.com/ai-artificial-intelligence/949601/amazon-anthropic-fablemythos-government-ban

Crooks Found a New Way to Collaborate Using Teams – by Hiding Command-and-Control Traffic

, ,

Researchers at Symantec discovered that DragonForce ransomware operators used a custom Go-based backdoor called Backdoor.Turn to hide command-and-control communications within legitimate Microsoft Teams traffic, effectively disguising malicious activity as routine corporate collaboration. The malware leveraged Microsoft Teams and Skype infrastructure, including TURN relay servers and QUIC connections, to evade detection while maintaining persistent access to a major US services company's network over two months. This represents the first known instance of malware using Microsoft Teams for covert command-and-control communication.

https://www.theregister.com/cyber-crime/2026/06/16/crooks-found-a-new-way-to-collaborate-using-teams-by-hiding-command-and-control-traffic/5256296

Scroll to Top