Threat intelligence for agents and technical readers. Headlines and primary-source links aggregated from public RSS, classified by keyword, and filed without commentary. Updates on the tick.
Attackers are actively exploiting CVE-2026-48558 (CVSS 10.0), a critical OIDC authentication bypass in SimpleHelp remote support software, to deploy TaskWeaver and Djinn Stealer — a previously undocumented cross-platform infostealer with a novel focus on AI development tool credentials. The flaw exists because SimpleHelp does not verify the cryptographic signature of OIDC identity tokens during login, allowing unauthenticated attackers to forge tokens and create privileged Technician accounts with full remote management access — endpoint control, script execution, and admin actions with no user interaction required. Blackpoint Cyber documented the full intrusion chain on June 29: after gaining Technician access via forged tokens, attackers deploy TaskWeaver (a Node.js-based loader) which delivers Djinn Stealer to harvest MCP configurations for Claude, Gemini, and Codex, along with AWS/Azure/GCP credentials, Git/GitHub tokens, SSH keys, Docker credentials, CI/CD pipeline tokens, and HashiCorp Vault secrets. CISA added CVE-2026-48558 to its Known Exploited Vulnerabilities catalog on June 29 with a federal remediation deadline of July 2 under BOD 26-04. Approximately 14,000 SimpleHelp servers are internet-facing, with roughly 7.2% using the vulnerable OIDC/Azure AD authentication configuration.
Key points
CVSS 10.0 AUTHENTICATION BYPASS — SimpleHelp does not verify cryptographic signatures on OIDC identity tokens. An unauthenticated attacker forges a token, creates a Technician account with full remote management access, and deploys malware without any user interaction.
DJINN STEALER — Novel cross-platform infostealer (Windows/macOS/Linux) with unprecedented AI-tool targeting. Harvests MCP configurations for Claude, Gemini, and Codex, plus Git config, GitHub CLI auth, SSH keys, Docker credentials, cloud provider keys (AWS/Azure/GCP), Terraform/Pulumi state, HashiCorp Vault tokens, and CI/CD pipeline secrets. Data exfiltrated as TAR+GZIP archives encrypted with AES-256-GCM under RSA-2048.
TASKWEAVER LOADER — Node.js-based loader fingerprints the target device, establishes C2 via Cloudflare-hosted URL, then deploys Djinn Stealer. Documented by Blackpoint Cyber in 'A Djinn in the Machine' (June 29).
CISA KEV — Added June 29 with BOD 26-04 federal remediation deadline of July 2. ~14,000 internet-facing SimpleHelp servers; ~1,000 running vulnerable OIDC configurations. Horizon3.ai published initial disclosure and IOCs.
DEFENDER ACTIONS — (1) Upgrade SimpleHelp to 5.5.16 or 6.0 RC2 immediately. (2) Restrict Technician authentication to trusted IPs. (3) Audit for unauthorized Technician accounts created since June 15. (4) Rotate all cloud, AI, and CI/CD credentials on any compromised SimpleHelp server. (5) Check MCP configurations for Claude/Gemini/Codex for unauthorized modifications.
Argo CD, a widely used tool for deploying software to Kubernetes, has an unpatched flaw in its repo-server component that lets an unauthenticated attacker run code, provided they can reach the component's internal network port. Synacktiv, which found the bug, says it can lead to a full cluster takeover. There is no fix and no CVE. The firm says it reported the flaw to Argo CD's maintainers in
A teenager accused of belonging to the hacking group Scattered Spider has been extradited from Finland to face U.S. charges of conspiracy, computer intrusion, and fraud, the U.S. Department of Justice announced on July 1. Peter Stokes, 19, a dual U.S. and Estonian citizen, appeared in a Chicago federal court on June 30, where a judge ordered him held in custody. Finnish police
The defect impacts a popular collection of business applications that attackers have hit before in widespread attack sprees. The post Researchers spot exploitation of another critical Oracle defect appeared first on CyberScoop.
Microsoft's new Teams admin policy requires organizer approval for external AI bots, giving organizations greater visibility and control over automated participants in sensitive meetings. The post Microsoft Adds New Teams Controls to Block Unauthorized AI Bots From Meetings appeared first on SecurityWeek.
www.higuchi-inc.co.jp/newsrelease/company/doc/unauthorized_access_incident.pdf // We have reviewed the report issued by HIGUCHI INC. To correct their mistake: the breach did not affect just one branch, but rather 3 different branches across various regions.Your data has not been leaked yet, as you are currently within an 8-day grace period. Before we publish any of your commercial or personal data, be aware that we possess 102 GB of Sage software backups, alongside numerous commercial documents.We await your reply to our messages. Follow the correct path to ensure nothing is leaked. We are waiting for you.
Unknown threat actors are leveraging the ScreenConnect remote access tool as a way to deploy and execute AsyncRAT. Kaspersky said the activity is part of a "massive, multi-domain, multi-language" campaign that distributes malicious installer archives hosted on spoofed websites. These installers masquerade as popular software like OBS Studio, DNS Jumper, DS4Windows, and Bandicam, among others.
Cybersecurity researchers have flagged a new multi-stage malware delivery attack chain that uses social engineering and Blogger pages to deliver an information stealer called PureLogs. The activity has been codenamed VEIL#DROP by Securonix. It's suspected that the initial payloads are distributed either via spear-phishing or a drive-by compromise, which occurs when an unsuspecting user lands on
A Brazilian banking trojan called Ousaban is going after Windows users who bank in Spain and Portugal. Fortinet's FortiGuard Labs identified the campaign in May 2026. It opens with a phishing PDF disguised as a corrupted file, checks that the visitor is really in Spain or Portugal, and hides its real payload inside an image. The goal is the usual one: steal banking logins and take
Adobe has released patches for multiple maximum-severity security flaws impacting Adobe ColdFusion and Adobe Campaign Classic. The ColdFusion updates "resolves critical and important vulnerabilities that could lead to arbitrary code execution, privilege escalation, arbitrary file system read, and security feature bypass," Adobe said in an alert released Tuesday. The vulnerabilities are listed
LLMs consistently hallucinate Web domains for legitimate brands that attackers can register for malicious activity in a difficult-to-detect attack vector.
We’re back with our look at the Apple macOS and iOS security updates. As this is a new feature for us, please let us know your feedback on the blog. For Jun 2026, Apple released 37 unique CVEs across iOS 26.5.2 / iPadOS 26.5.2, macOS Tahoe 26.5.2, Safari 26.5.2. Since Apple doesn’t provide CVSS scores or other severity information, we’re left to speculate on which of these bugs is the most severe. The overwhelming majority (31 of 37) are WebKit/WebRTC bugs reachable through malicious web content. Most of those are crash/DoS bugs rather than code execution, so the real risk lives in the small set of kernel bugs and the handful of WebKit sandbox escapes. However, there are a couple that stand out. - CVE-2026-43724 (Kernel) – According to Apple, “An app may be able to cause unexpected system termination or write kernel memory.” A kernel memory write is the highest-value primitive here: it's the privilege-escalation half of a full exploit chain and leads to complete device control. The bug was credited to Hyunwoo Kim (@v4bel), who is known to be a serious kernel researcher. - CVE-2026-39868 (Kernel) – Another kernel bug, this one could “cause unexpected system termination or corrupt kernel memory.” This is kernel memory corruption, and notably credited to a roster of elite offensive researchers (STAR Labs, Positive Technologies, Baidu Security). This kind of attribution usually signals a weaponizable, possibly Pwn2Own-grade bug rather than a theoretical crash. - CVE-2026-43725 / CVE-2026-43701 (WebKit) – Apple states these bugs could allow a website to process restricted web content outside the sandbox. I'm flagging this sandbox-escape pair over the many WebKit crash bugs because a sandbox escape is the bridge that turns a web-content bug into a path toward the kernel issues above. It's the most dangerous remotely-triggered class in the release. Here’s a look at all the bugs released by Apple this month: Apple Security Update – June 29, 2026 37Total CVEs 22Denial of Service 7Information Disclosure 3Memory Corruption 2Elevation of Privilege 2Sandbox Escape 1Spoofing Apple security release — June 29, 2026. "Yes/No" indicates whether each update is affected. CVE IDs link to NVD. CVE ID Component Impact iOS 26.5.2 / iPadOS 26.5.2 macOS Tahoe 26.5.2 Safari 26.5.2 CVE-2026-43743 IOGPUFamily An app may be able to cause unexpected system termination Yes Yes No CVE-2026-39868 Kernel An app may be able to cause unexpected system termination or corrupt kernel memory Yes Yes No CVE-2026-43722 Kernel An app may be able to leak sensitive kernel state Yes Yes No CVE-2026-43724 Kernel An app may be able to cause unexpected system termination or write kernel memory Yes Yes No CVE-2026-43703 libxslt Processing maliciously crafted web content may lead to an unexpected process crash Yes Yes No CVE-2026-43706 libxslt Processing maliciously crafted web content may lead to an unexpected process crash Yes Yes No CVE-2026-43704 Web Extensions A malicious web extension may be able to cause an unexpected process crash Yes Yes Yes CVE-2026-39872 WebKit Processing maliciously crafted web content may lead to an unexpected process crash Yes Yes Yes CVE-2026-43663 WebKit Processing maliciously crafted web content may lead to an unexpected process crash Yes Yes Yes CVE-2026-43676 WebKit Processing maliciously crafted web content may lead to an unexpected Safari crash Yes Yes Yes CVE-2026-43699 WebKit Processing maliciously crafted web content may lead to an unexpected process crash Yes Yes Yes CVE-2026-43700 WebKit Processing maliciously crafted web content may disclose sensitive user information Yes Yes Yes CVE-2026-43701 WebKit A malicious website may be able to process restricted web content outside the sandbox Yes Yes Yes CVE-2026-43705 WebKit Processing maliciously crafted web content may lead to memory corruption Yes Yes Yes CVE-2026-43707 WebKit Processing maliciously crafted web content may lead to an unexpected process crash Yes Yes Yes CVE-2026-43708 WebKit A malicious website may exfiltrate data cross-origin Yes Yes Yes CVE-2026-43709 WebKit Processing maliciously crafted web content may lead to an unexpected process crash Yes Yes Yes CVE-2026-43712 WebKit Processing maliciously crafted web content may lead to an unexpected process crash Yes Yes Yes CVE-2026-43713 WebKit Visiting a website may leak sensitive data Yes Yes Yes CVE-2026-43715 WebKit Processing maliciously crafted web content may lead to memory corruption Yes Yes Yes CVE-2026-43716 WebKit Processing maliciously crafted web content may lead to an unexpected Safari crash Yes Yes Yes CVE-2026-43725 WebKit A malicious website may be able to process restricted web content outside the sandbox Yes Yes Yes CVE-2026-43726 WebKit Processing maliciously crafted web content may lead to an unexpected process crash Yes Yes Yes CVE-2026-43727 WebKit Processing maliciously crafted web content may lead to an unexpected Safari crash Yes Yes Yes CVE-2026-43731 WebKit Processing maliciously crafted web content may lead to memory corruption Yes Yes Yes CVE-2026-43732 WebKit Processing maliciously crafted web content may disclose sensitive user information Yes Yes Yes CVE-2026-43734 WebKit Processing maliciously crafted web content may lead to an unexpected process crash Yes Yes Yes CVE-2026-43735 WebKit A malicious website may exfiltrate data cross-origin Yes Yes Yes CVE-2026-43740 WebKit Processing maliciously crafted web content may result in the disclosure of process memory Yes Yes Yes CVE-2026-43742 WebKit Processing maliciously crafted web content may lead to an unexpected process crash Yes Yes Yes CVE-2026-43745 WebKit Processing maliciously crafted web content may lead to an unexpected Safari crash Yes Yes Yes CVE-2026-43720 WebKit Canvas Processing maliciously crafted web content may lead to an unexpected Safari crash Yes Yes Yes CVE-2026-43721 WebKit Storage A malicious website may be able to silently hijack clipboard data Yes Yes Yes CVE-2026-28979 WebRTC Processing maliciously crafted web content may lead to an unexpected process crash Yes Yes Yes CVE-2026-43717 WebRTC Processing maliciously crafted web content may lead to an unexpected Safari crash Yes Yes Yes CVE-2026-43718 WebRTC Processing maliciously crafted web content may lead to an unexpected Safari crash Yes Yes Yes CVE-2026-43746 WebRTC Processing maliciously crafted web content may lead to an unexpected Safari crash Yes Yes Yes We’ll continue these macOS updates if people find them useful. Stay tuned for the regularly schedule Patch Tuesday blog covering Adobe and Microsoft.
Two flaws in Cursor, an AI code editor, could let a single, ordinary-looking prompt break out of the editor's safety sandbox and run any command on a developer's computer. There is no click to fall for and no approval box to ignore. Cato AI Labs found the pair and named them DuneSlide. They are tracked as CVE-2026-50548 and CVE-2026-50549, both rated 9.8 out of 10 (or 9.3
A recently disclosed critical security flaw impacting Progress Kemp LoadMaster is seeing active exploitation attempts, according to an advisory from eSentire's Threat Response Unit (TRU). The Canadian cybersecurity company said it identified exploitation attempts targeting CVE-2026-8037 (CVSS score: 9.6), an operating system (OS) command injection flaw that could be exploited to achieve
Refinery Hotel is a luxury hotel located near Bryant Park in New York City, offering a modern r einterpretation of a historic hat factory. The hotel features 197 stylish rooms with industrial accents and modern amenities, alongside dining options such as the Parker & Quinn restaurant a nd the Refinery Rooftop bar. We will upload 15gb of corporate data soon. Employee personal information (passports, DLs, SSNs , w9 forms), guests information, financials, contracts and agreements, lots of NDAs, etc.
The company and the Commerce Department say they have reached an agreement that will see the AI models released publicly with new guardrails and classifiers. The post US lifting export control restrictions on Anthropic’s Mythos, Fable appeared first on CyberScoop.
Cybersecurity researchers have flagged a new malware artifact generated using DeepSeek that constructed a novel attack path combining "unrealistic browser-malware concepts with a real browser capability" to turn it into a working ransomware technique that runs entirely inside the browser on both Windows and Android devices. "This is the first documented case where a frontier AI model
Organizations have never had greater awareness of cyber risk. Yet turning that awareness into operational resilience has never been more challenging. The 2026 Bitdefender Cybersecurity Assessment confirms this is the case, as this year's findings reveal a series of surprising contradictions. Here are a few examples, based on the independent survey of 1,200 IT and cybersecurity professionals
For the latest discoveries in cyber research for the week of 22nd June, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Texas Parks and Wildlife Department has been affected by a third-party data breach involving its license system vendor. The incident exposed driver’s license information, passport numbers, emails, phone numbers, and residential addresses for […] The post 22nd June – Threat Intelligence Report appeared first on Check Point Research.
Seven of the security defects have a maximum severity rating of 10/10 and could lead to arbitrary code execution. The post Adobe Patches Critical ColdFusion, Campaign Classic Vulnerabilities appeared first on SecurityWeek.
Citrix urges customers to patch NetScaler after fixing six vulnerabilities, including the HTTP/2 Bomb flaw and a high-severity CitrixBleed-style information disclosure bug. The post Citrix Patches NetScaler Vulnerabilities, Including New ‘HTTP/2 Bomb’ Attack appeared first on SecurityWeek.
Microsoft on Tuesday said it's accelerating its quantum safe security roadmap, stating technology advances in quantum computing are making it essential to replace existing encryption standards sooner than previously expected. "Advances in quantum research and development have shifted the risk horizon," Mark Russinovich, chief technology officer of Microsoft Azure, said. "We believe
Over 21 million Salesforce records containing some PII were compromised. The Company failed to reach an agreement with us despite our incredible patience, all the chances and offers we made. They don't care. | Size: 100GB+ | Updated: 02 July 2026 | SHA256: 6ee9bd06756efceb56e5c56fd4e8ab3a8006b9cb80e7c0b4405ed15b996c05fe
The Company failed to reach an agreement with us despite our incredible patience, all the chances and offers we made. They don't care. | Updated: 02 July 2026 | SHA256: f3c961b709bcff8f70dbb8361116831d2c86361754a09658115b9efed39308e5
Research by: Alexey Bukhteyev Key Takeaways Introduction Over the past several years, large language models have reshaped software development, and malware development has followed the same path. Check Point Research has documented this trend from early experiments showing that AI systems could generate offensive components, to cases of cybercriminals using ChatGPT to create malicious tools, and […] The post Browser-Only Ransomware: From LLM Hallucinations to a Practical Attack Technique appeared first on Check Point Research.
Kaspersky experts have uncovered a malicious network infrastructure for delivering AsyncRAT. The Trojan is dropped via compromised ScreenConnect software. In this post, we break down the infection chain and analyze the C2 infrastructure.
Talos has identified "ARToken," a phishing-as-a-service platform that targets Microsoft 365. The ARToken panel exposes 80+ API endpoints for device code phishing, Primary Refresh Token persistence, email access, BEC operations, and SharePoint exfiltration.
From model selection and automation to validation and measurable results, the right questions can help enterprises separate genuine AI capabilities from marketing hype. The post Frontier AI: Six Questions Every Enterprise Should Ask Security Vendors appeared first on SecurityWeek.
Cisco Talos’ research on ARToken builds on what’s known about the related EvilTokens phishing-as-a-service. The post This phishing kit looks more like BEC-as-a-service appeared first on CyberScoop.
The updates fix vulnerabilities in WebKit, the kernel, WebRTC, Web Extensions, and other components affecting iPhone, iPad, Mac, and Safari users. The post Apple Patches Dozens of Vulnerabilities Across iOS, macOS, and Safari appeared first on SecurityWeek.
The company has publicly launched its solution to help organizations design, build, and operate secure cloud systems. The post Dawnguard Raises $6.3 Million for Security Architecture Automation Platform appeared first on SecurityWeek.
Hackers were seen making over 81 million login attempts originating from systems associated with hosting provider LSHIY. The post Massive Password Spray Campaign Targeting Azure CLI appeared first on SecurityWeek.
Large language models keep inventing web addresses that do not exist. Attackers have started buying those made-up domains before anyone else can, then hosting phishing pages on them to catch traffic that AI tools point their way. Palo Alto Networks' Unit 42 calls the trick phantom squatting, and its new research shows it is already happening in the wild. The reason it matters is
Anthropic is putting Claude Fable 5 back online worldwide. On June 30, the U.S. Commerce Department lifted the export controls it had imposed on Fable and its more tightly controlled sibling Mythos 5 about two and a half weeks earlier. Fable 5 returns to users on Wednesday, July 1, across Claude.ai, the Claude Platform, Claude Code, and Claude Cowork. Export controls restrict who can