threats

Early Warning Signs of Supply-Chain Attacks Live in the Dark Web

Early warning signs of software supply-chain attacks often appear in dark web forums and marketplaces through sales of access to developer accounts, private repositories, source code, API keys, and SaaS integrations, which attackers can exploit to compromise trusted software components and deployment processes. Flare researchers highlight that monitoring such underground activity—beyond traditional vulnerability alerts—can help detect potential supply-chain threats before they escalate into full incidents, as access to these resources can expose critical credentials and trusted relationships crucial to supply-chain security.

https://www.bleepingcomputer.com/news/security/early-warning-signs-of-supply-chain-attacks-live-in-the-dark-web/

ClickFix Campaigns Expand Malware Delivery With New Loaders and Fake Update Lures

Recent ClickFix malware campaigns have expanded their delivery methods using new loaders—BabaDeda, Lorem Ipsum, and Potemkin—deployed via fake update lures and compromised websites. These campaigns employ sophisticated techniques like PowerShell execution, DLL side-loading, and domain generation algorithms to deploy information stealers, remote access trojans, and ransomware, targeting diverse sectors including education, finance, and legal services. Despite disruptions to previous malware-signing operations, threat actors have adapted by shifting to ClickFix social engineering attacks that exploit user trust to execute malicious payloads and maintain persistent access.

https://thehackernews.com/2026/06/clickfix-campaigns-expand-malware.html

Crooks Found a New Way to Collaborate Using Teams – by Hiding Command-and-Control Traffic

Researchers at Symantec discovered that DragonForce ransomware operators used a custom Go-based backdoor called Backdoor.Turn to hide command-and-control communications within legitimate Microsoft Teams traffic, effectively disguising malicious activity as routine corporate collaboration. The malware leveraged Microsoft Teams and Skype infrastructure, including TURN relay servers and QUIC connections, to evade detection while maintaining persistent access to a major US services company's network over two months. This represents the first known instance of malware using Microsoft Teams for covert command-and-control communication.

https://www.theregister.com/cyber-crime/2026/06/16/crooks-found-a-new-way-to-collaborate-using-teams-by-hiding-command-and-control-traffic/5256296

Agentic AI Red Teaming Reveals Zero-Click Human-in-the-Loop Bypass Attack Chains

Security researchers have discovered that agentic AI systems—AI capable of planning and executing multi-step tasks autonomously—exhibit exploitable vulnerabilities that allow attackers to bypass human-in-the-loop controls entirely, executing zero-click attack chains without user interaction. Microsoft’s year-long red teaming efforts led to an updated taxonomy identifying seven new failure modes in agentic AI, highlighting risks such as supply chain compromise, goal hijacking, and session context contamination, and recommending robust architectural mitigations including cryptographic agent verification and hardened approval processes.

https://cybersecuritynews.com/agentic-ai-red-teaming-reveals-zero-click/

ChatGPhish: The Page Is the Payload

Researchers discovered a new phishing and tracking attack called ChatGPhish that exploits ChatGPT's page summarization feature by injecting malicious Markdown links and images into web pages. When users summarize such pages in ChatGPT, the assistant renders active clickable links, spoofed alerts, and QR codes within its trusted interface, enabling phishing, cross-origin data leakage, and off-device attacks without traditional browser protections. This expands the attack surface from email to everyday browsing, highlighting risks in AI-generated outputs that automatically render untrusted external content inside trusted AI interfaces.

https://permiso.io/blog/chatgpt-markdown-rendering-vulnerability

AI Chatbot Recommendations Redirect Users to Cryptojacking Malware Sites

Microsoft has alerted to an active cryptojacking campaign that uses AI chatbot interactions to redirect users seeking legitimate system utilities to attacker-controlled domains hosting malware. This sophisticated attack targets users with high-performance GPUs by delivering malicious installers that establish persistent remote access, enabling cryptocurrency mining and potential further exploitation such as data theft or ransomware.

https://thehackernews.com/2026/05/ai-chatbot-recommendations-redirect.html

Google’s AI Is Being Manipulated. The Search Giant Is Quietly Fighting Back

A BBC investigation revealed that AI chatbots like Google's AI and ChatGPT can be easily manipulated by publishing targeted content online, causing them to spread misinformation on critical topics such as health and finance. In response, Google has updated its spam policies to combat such manipulation, signaling increased efforts by AI companies to prevent abuse, though experts warn that manipulators often stay ahead and users should remain cautious about AI-generated answers.

https://www.bbc.com/future/article/20260519-google-tackles-attempts-to-hack-its-ai-results

OpenAI’s GPT-5.5 Is as Good as Mythos at Finding Security Vulnerabilities – Schneier on Security

The UK’s AI Security Institute evaluated OpenAI’s GPT-5.5 and found that its capability to identify security vulnerabilities is comparable to Anthropic’s Claude Mythos model, with GPT-5.5 being generally available. This evaluation highlights the advancing role of large language models in cybersecurity, although discussions note limitations in reasoning and the potential plateau in detecting new attack classes without human input.

https://www.schneier.com/blog/archives/2026/05/openais-gpt-5-5-is-as-good-as-mythos-at-finding-security-vulnerabilities.html

Frontier AI Models Reap Rapid Discovery of Security Vulnerabilities

Frontier AI models, such as those tested by Palo Alto Networks under Project Glasswing, are accelerating the discovery of software security vulnerabilities, with 26 new common vulnerabilities recently disclosed compared to the usual five. While these AI tools offer potential for integrating security into the software development lifecycle, experts warn organizations have a limited three- to five-month window to leverage AI defensively before AI-driven exploitation becomes widespread.

https://www.cybersecuritydive.com/news/frontier-ai-rapid-discovery-security-vulnerabilities/820258/

Mystery Microsoft Bug Leaker Keeps the Zero-Days Coming

An anonymous researcher known as Nightmare-Eclipse has released two new Microsoft Windows zero-day vulnerabilities—YellowKey, a BitLocker bypass allowing unrestricted access to encrypted machines via USB, and GreenPlasma, a privilege escalation flaw granting SYSTEM access. Security experts warn these exploits pose serious risks, especially for stolen devices and post-compromise attacks, with no known mitigation currently available for GreenPlasma; this continues an ongoing series of damaging disclosures by the researcher following a claimed breach of trust with Microsoft.

https://www.theregister.com/security/2026/05/13/disgruntled-researcher-releases-two-more-microsoft-zero-days/5239758

Cyber-crime Increasingly Coming with Threats of Physical Violence

Cyber-crime is increasingly accompanied by threats of physical violence, with attackers targeting employees of companies under cyber-attack by accessing their personal data and issuing intimidation or actual harm threats. FBI data shows a significant rise in such incidents in the US, with nearly half of ransomware attacks including physical threats, and criminals sometimes hiring others to carry out or threaten violence as part of extortion strategies.

https://www.bbc.com/news/articles/cr71d8vyjv0o

DDoS Cyber Attack Makes eBay Lose $200m Per Day

A large-scale Distributed Denial of Service (DDoS) attack disrupted eBay's operations for 42 to 48 hours, causing an estimated loss of $200 million per day in transactions. The pro-activist group 313 Team claimed responsibility, highlighting the significant financial and reputational damage such cyberattacks can inflict on major online platforms.

https://www.cybersecurity-insiders.com/ddos-cyber-attack-makes-ebay-lose-200m-per-day/

FIRESTARTER: Cisco ASA Backdoor

On April 23, 2026, CISA and the UK National Cyber Security Centre revealed FIRESTARTER, a persistent backdoor implant targeting Cisco Adaptive Security Appliance firmware via CVE-2025-20333 and CVE-2025-20362, enabling advanced persistent threat actor UAT-4356 (linked to the earlier ArcaneDoor campaign) to maintain long-term access even after patching and rebooting. The malware hooks into Cisco’s core LINA process to execute attacker shellcode triggered by specially crafted WebVPN requests, requiring a hard power cycle or full device reimaging to fully remove, highlighting a serious evolution in firmware-level threats that challenge conventional patch-and-monitor security models.

https://thecyberthrone.in/2026/04/28/firestarter-cisco-asa-backdoor/

A Dozen Allied Agencies Say China Is Building Covert Hacker Networks Out of Everyday Routers

A coalition of U.S. and international government agencies has issued a warning about a significant shift in Chinese hacker tactics, highlighting the use of large-scale covert networks composed of compromised everyday routers and Internet of Things devices to conduct cyberattacks. These networks enable malicious activities such as reconnaissance, malware delivery, and espionage while disguising attackers' origins, prompting recommendations for organizations, especially large and critical infrastructure entities, to adopt enhanced cybersecurity measures and active threat hunting.

https://cyberscoop.com/china-nexus-covert-networks-advisory/

“Hackers Can Now Launch Massive 2Tbps Attacks”: Report Reveals Staggering 10x Growth in Botnet Size with Record-Breaking DDoS Incidents Peaking for 40 Minutes as Multi-Vector Attacks Grow in Complexity and Become Harder to Dismantle

Security researchers report a massive 10-fold growth in the size of the largest botnet, which expanded from 1.33 million to 13.5 million infected devices within a year, enabling hackers to launch unprecedented sustained DDoS attacks exceeding 2 Tbps and lasting over 40 minutes. These increasingly complex multi-vector attacks, often commanded via blockchain-based systems, pose greater challenges for mitigation as traffic now originates worldwide, rendering traditional defenses less effective.

https://www.techradar.com/pro/hackers-can-now-launch-massive-2tbps-attacks-report-reveals-staggering-10x-growth-in-botnet-size-with-record-breaking-ddos-incidents-peaking-for-40-minutes-as-multi-vector-attacks-grow-in-complexity-and-become-harder-to-dismantle

Scroll to Top