threats

What Do Ports Hear When Nobody’s Listening? An Assessment of Automated Cybercrime

An analysis of honeypot data reveals that the background noise of automated scans on public-facing ports is a complex multi-tiered ecosystem of botnets and malware campaigns, ranging from rudimentary IoT exploits to sophisticated fileless attacks targeting both consumer devices and enterprise infrastructure. Operators like Terrabot and r00ts3c demonstrate flawed but persistent automation exploiting known vulnerabilities, while advanced campaigns like RondoDox utilize decentralized residential bots to conduct coordinated, evolving attacks with techniques such as Log4Shell evasion and targeted command injection. This ongoing shadow economy uses high-volume automation and imperfection in defenses to maintain persistence and adaptation, highlighting the importance of monitoring structural patterns in network noise for effective threat detection.

https://isc.sans.edu/diary/33104?n

Europe Evolves Into Ransomware’s Favorite Region

Ransomware attacks in Europe surged by 55% in early 2026 compared to the previous year, with 684 incidents recorded by Black Kite across the continent, particularly targeting major economies like the UK, Germany, France, Italy, and Spain. Attackers are focusing on manufacturing and digital services sectors to exploit supply chain vulnerabilities, and growing reliance on third- and multi-tier vendors increases organizational risk, highlighting the need for enhanced visibility and risk management across entire vendor ecosystems.

https://www.darkreading.com/cybersecurity-analytics/europe-evolves-ransomware-favorite-region

‘Deepfake as a Service’ Sees 39% Spike in Dark Web Conversations — and Experts Fear It Will Fuel the Next Wave of “Fake Boss” Scams

Discussions about “deepfake as a service” have surged by 39% on dark web forums, raising concerns among experts that this trend could intensify “fake boss” scams, where attackers impersonate executives to deceive employees. The rise of easily accessible deepfake technology lowers barriers for cybercriminals to conduct sophisticated social engineering attacks. Experts warn that this development may lead to more convincing and frequent fraud attempts targeting organizations.

https://www.techradar.com/pro/security/deepfake-as-a-service-sees-39-percent-spike-in-dark-web-conversations-and-experts-fear-it-will-fuel-the-next-wave-of-fake-boss-scams

What the Latest ShinyHunters Breaches Reveal About Modern Cyberattacks

The recent breaches attributed to the ShinyHunters cybercrime group highlight a shift in modern cyberattacks toward exploiting identities, authentication workflows, and SaaS integrations rather than traditional software vulnerabilities. Attackers increasingly use stolen credentials, compromised OAuth tokens, social engineering, and abuse of legitimate access privileges to bypass perimeter defenses, demonstrating that identity has become the primary battleground in enterprise security. This trend exposes limitations in conventional security tools and underscores the need for continuous identity threat detection, risk-based authentication, and stricter access governance to prevent and mitigate such identity-centric attacks.

https://www.securityweek.com/what-the-latest-shinyhunters-breaches-reveal-about-modern-cyberattacks/

Agentjacking Attack Tricks AI Coding Agents Into Running Malicious Code

Researchers have identified a new attack called Agentjacking that deceives AI coding agents into executing malicious code by exploiting a flaw in Sentry's error-tracking platform. By injecting crafted error events via a public Sentry Data Source Name (DSN), attackers can trick AI assistants into interpreting them as trusted instructions, enabling code execution with developer privileges and exposing sensitive data. Despite acknowledgment, Sentry has not fully fixed the issue, leaving many organizations vulnerable to exploitation without traditional detection methods.

https://thehackernews.com/2026/06/agentjacking-attack-tricks-ai-coding.html

Early Warning Signs of Supply-Chain Attacks Live in the Dark Web

Early warning signs of software supply-chain attacks often appear in dark web forums and marketplaces through sales of access to developer accounts, private repositories, source code, API keys, and SaaS integrations, which attackers can exploit to compromise trusted software components and deployment processes. Flare researchers highlight that monitoring such underground activity—beyond traditional vulnerability alerts—can help detect potential supply-chain threats before they escalate into full incidents, as access to these resources can expose critical credentials and trusted relationships crucial to supply-chain security.

https://www.bleepingcomputer.com/news/security/early-warning-signs-of-supply-chain-attacks-live-in-the-dark-web/

ClickFix Campaigns Expand Malware Delivery With New Loaders and Fake Update Lures

Recent ClickFix malware campaigns have expanded their delivery methods using new loaders—BabaDeda, Lorem Ipsum, and Potemkin—deployed via fake update lures and compromised websites. These campaigns employ sophisticated techniques like PowerShell execution, DLL side-loading, and domain generation algorithms to deploy information stealers, remote access trojans, and ransomware, targeting diverse sectors including education, finance, and legal services. Despite disruptions to previous malware-signing operations, threat actors have adapted by shifting to ClickFix social engineering attacks that exploit user trust to execute malicious payloads and maintain persistent access.

https://thehackernews.com/2026/06/clickfix-campaigns-expand-malware.html

Crooks Found a New Way to Collaborate Using Teams – by Hiding Command-and-Control Traffic

Researchers at Symantec discovered that DragonForce ransomware operators used a custom Go-based backdoor called Backdoor.Turn to hide command-and-control communications within legitimate Microsoft Teams traffic, effectively disguising malicious activity as routine corporate collaboration. The malware leveraged Microsoft Teams and Skype infrastructure, including TURN relay servers and QUIC connections, to evade detection while maintaining persistent access to a major US services company's network over two months. This represents the first known instance of malware using Microsoft Teams for covert command-and-control communication.

https://www.theregister.com/cyber-crime/2026/06/16/crooks-found-a-new-way-to-collaborate-using-teams-by-hiding-command-and-control-traffic/5256296

Agentic AI Red Teaming Reveals Zero-Click Human-in-the-Loop Bypass Attack Chains

Security researchers have discovered that agentic AI systems—AI capable of planning and executing multi-step tasks autonomously—exhibit exploitable vulnerabilities that allow attackers to bypass human-in-the-loop controls entirely, executing zero-click attack chains without user interaction. Microsoft’s year-long red teaming efforts led to an updated taxonomy identifying seven new failure modes in agentic AI, highlighting risks such as supply chain compromise, goal hijacking, and session context contamination, and recommending robust architectural mitigations including cryptographic agent verification and hardened approval processes.

https://cybersecuritynews.com/agentic-ai-red-teaming-reveals-zero-click/

ChatGPhish: The Page Is the Payload

Researchers discovered a new phishing and tracking attack called ChatGPhish that exploits ChatGPT's page summarization feature by injecting malicious Markdown links and images into web pages. When users summarize such pages in ChatGPT, the assistant renders active clickable links, spoofed alerts, and QR codes within its trusted interface, enabling phishing, cross-origin data leakage, and off-device attacks without traditional browser protections. This expands the attack surface from email to everyday browsing, highlighting risks in AI-generated outputs that automatically render untrusted external content inside trusted AI interfaces.

https://permiso.io/blog/chatgpt-markdown-rendering-vulnerability

AI Chatbot Recommendations Redirect Users to Cryptojacking Malware Sites

Microsoft has alerted to an active cryptojacking campaign that uses AI chatbot interactions to redirect users seeking legitimate system utilities to attacker-controlled domains hosting malware. This sophisticated attack targets users with high-performance GPUs by delivering malicious installers that establish persistent remote access, enabling cryptocurrency mining and potential further exploitation such as data theft or ransomware.

https://thehackernews.com/2026/05/ai-chatbot-recommendations-redirect.html

Google’s AI Is Being Manipulated. The Search Giant Is Quietly Fighting Back

A BBC investigation revealed that AI chatbots like Google's AI and ChatGPT can be easily manipulated by publishing targeted content online, causing them to spread misinformation on critical topics such as health and finance. In response, Google has updated its spam policies to combat such manipulation, signaling increased efforts by AI companies to prevent abuse, though experts warn that manipulators often stay ahead and users should remain cautious about AI-generated answers.

https://www.bbc.com/future/article/20260519-google-tackles-attempts-to-hack-its-ai-results

OpenAI’s GPT-5.5 Is as Good as Mythos at Finding Security Vulnerabilities – Schneier on Security

The UK’s AI Security Institute evaluated OpenAI’s GPT-5.5 and found that its capability to identify security vulnerabilities is comparable to Anthropic’s Claude Mythos model, with GPT-5.5 being generally available. This evaluation highlights the advancing role of large language models in cybersecurity, although discussions note limitations in reasoning and the potential plateau in detecting new attack classes without human input.

https://www.schneier.com/blog/archives/2026/05/openais-gpt-5-5-is-as-good-as-mythos-at-finding-security-vulnerabilities.html

Frontier AI Models Reap Rapid Discovery of Security Vulnerabilities

Frontier AI models, such as those tested by Palo Alto Networks under Project Glasswing, are accelerating the discovery of software security vulnerabilities, with 26 new common vulnerabilities recently disclosed compared to the usual five. While these AI tools offer potential for integrating security into the software development lifecycle, experts warn organizations have a limited three- to five-month window to leverage AI defensively before AI-driven exploitation becomes widespread.

https://www.cybersecuritydive.com/news/frontier-ai-rapid-discovery-security-vulnerabilities/820258/

Mystery Microsoft Bug Leaker Keeps the Zero-Days Coming

An anonymous researcher known as Nightmare-Eclipse has released two new Microsoft Windows zero-day vulnerabilities—YellowKey, a BitLocker bypass allowing unrestricted access to encrypted machines via USB, and GreenPlasma, a privilege escalation flaw granting SYSTEM access. Security experts warn these exploits pose serious risks, especially for stolen devices and post-compromise attacks, with no known mitigation currently available for GreenPlasma; this continues an ongoing series of damaging disclosures by the researcher following a claimed breach of trust with Microsoft.

https://www.theregister.com/security/2026/05/13/disgruntled-researcher-releases-two-more-microsoft-zero-days/5239758

Scroll to Top