Category: Daily Recap

Daily Recap, AI-driven attacks are straining MSP security stacks as tools like OnyxC2 Stealer promise “enterprise-grade” theft, while the Miasma worm source code was briefly leaked on GitHub. Separately, the China-linked JDY botnet expanded beyond 1,500 devices to conduct reconnaissance and target U.S. military networks, while OpenAI said a likely Chinese influence operation tried to use ChatGPT to stir debate on data centers. #OnyxC2 #OnyxC2Stealer #Miasma #GitHub #JDY #ChatGPT #OpenAI #U.S. military

Daily Recap, Microsoft issued its June 2026 Patch Tuesday updates with a record 206 fixes and addressed multiple zero-days including YellowKey, GreenPlasma, MiniPlasma, and RoguePlanet, while also flagging potential issues installing some monthly updates on upgraded PCs. ServiceNow patched an already-exploited vulnerability and disclosed a customer data security incident, while Ivanti Sentry and Cisco SD-WAN faced high-risk flaws amid broader enterprise RCE and library vulnerability updates, including OpenSSL and Veeam Backup & Replication. #YellowKey #GreenPlasma #MiniPlasma #RoguePlanet #ServiceNow #Veeam #IvantiSentry #CiscoSDWAN #OpenSSL #Windows10 #Windows11

Daily Recap, Google and SAP released urgent fixes for a fifth Chrome zero-day exploited in the wild, plus critical NetWeaver/Commerce vulnerabilities and a LiteLLM issue that could be chained to unauthenticated remote code execution. CISA also ordered U.S. federal agencies to patch an exploited Check Point VPN flaw within 3 days, while Shai-Hulud supply-chain attacks targeted NPM and PyPI and WhatsApp/Meta disrupted additional NSO Group phishing campaigns.
#Chrome #NetWeaver #Commerce #LiteLLM #CheckPoint #Qilin #IKEv1 #Shai-Hulud #NPM #PyPI #NFCShare #WhatsApp #Meta #NSOGroup #SoFi #HongKong #UniFiOS

Daily Recap, Active exploits focused on attackers leveraging flaws in Everest Forms and SolarWinds Serv-U, while Check Point linked recent VPN zero-day attacks to the Qilin ransomware gang. Ransomware and extortion coverage highlighted Silent Ransom Group tactics like DNS fast flux and fake IT support calls, alongside breach reporting from Oxford University, Lansing Community College, and Meta AI-related Instagram account theft.
#EverestForms #SolarWindsServU #VPNZeroDay #Qilin #SilentRansomGroup #DNSFastFlux #OxfordUniversity #LansingCommunityCollege #MetaAI #Instagram #NSOGroup #C0XMO #DDWRT #ChatGPT

Cybersecurity Threat Research ‘Weekly’ Recap. This week covered multiple supply-chain intrusions and downstream impacts, including PyPI and npm compromises, along with continued targeting of GitHub Actions and cloud/dev tooling for credential theft and CI/CD propagation. Activity also ranged from extortion and ransomware tradecraft to public-facing exploitation, phishing-led loader/RAT campaigns, cross-platform botnets, and agentic container/Kubernetes abuse, alongside guidance on improving backup recovery readiness and testing.

Daily Recap, Actively exploited flaws were updated across major products, with CISA adding the SolarWinds Serv-U DoS issue to KEV despite no patch for CVE-2026-20245 and also flagging issues in Cisco Catalyst SD-WAN Manager. Malware and ecosystem threats continued alongside browser- and web-based activity, including Chinese APT persistence tooling, Android spyware Asin targeting Arabic users, and supply-chain abuse via IronWorm and Miasma on npm. #SolarWinds #Serv-U #CVE-2026-20245 #Cisco #CatalystSD-WAN #KEV #FFmpeg #Asin #IronWorm #Miasma #npm #OP-512 #MicrosoftIIS #Toshiba #Muji #Max

Daily Recap, Agentic AI and enterprise identity security are in focus as experts warn that autonomous systems can amplify insider risk, while developer tooling flaws and browser updates add new supply-chain and patching pressure. Multiple high-impact breaches and theft activity were reported across organizations including DentaQuest, RCI, and the UN World Food Programme, alongside new incidents like the IronWorm npm supply-chain attack and the Hola Browser cryptominer delivery. #AgenticAI #EnterpriseIdentity #ClaudeCode #GitHubActions #DentaQuest #RCI #UNWorldFoodProgramme #WFP #Stripe #IronWorm #npm #HolaBrowser #Chrome149 #Cisco #SDWAN #UnifiedCM #CVE202620230 #Comodo #FiveEyes #ChineseSpies #Kremlin #FTC #X #CISA #Palantir #Anthropic #BraveOrigin

Daily Recap, CISA and vendors warned of active exploitation and available proof-of-concept code tied to multiple high-risk issues, including Magento, Cisco Unified CM, and VS Code token theft, plus Android/Linux bugs, while a new HTTP/2 Bomb DoS technique can crash servers in under a minute. The day also covered rapid China-linked criminal activity using Atlas RAT, malspam abusing Google DoubleClick to deliver DesckVB RAT, Gemini prompt-injection risk via WhatsApp/Slack notifications, and further enforcement and policy updates involving Nobitex, fuel-tank monitoring targeting warnings, and CISA staffing planning.
#CISA #Magento #CiscoUnifiedCM #Vscode #GoogleDoubleClick #AtlasRAT #DesckVBRAT #WhatsApp #Slack #GoogleGemini #HTTP2Bomb #Nobitex

Daily Recap, Multiple vendors issued urgent zero-day patches across Android, Oracle WebLogic, and Wave 7 routers, while new weaknesses in VS Code and the WordPress Kirki plugin raised token-theft and admin-hijack concerns. Attack activity also escalated with the WeedHack campaign impacting over 116,000 Minecraft systems, the Kali365 phishing kit expanding to target AWS and Okta, and Gamaredon delivering GammaWorm and GammaSteel via WinRAR. #Google #Oracle #Acer #Android #OracleWebLogic #CVE-2024-21182 #Wave7 #VSCode #WordPress #Kirki #GitHub #WeedHack #CountLoader #Minecraft #Kali365 #AWS #Okta #MetaAI #Instagram #Gamaredon #WinRAR #GammaWorm #GammaSteel #Ukraine #CISA #FBI #MicrosoftExchangeOnline #Coreutils #DoD

Daily Recap, Anthropic expanded Project Glasswing (Mythos) access to 150 more organizations focused on critical infrastructure, while Meta AI was reportedly abused to hand over high-profile Instagram accounts in AI-assisted support flows. The roundup also covered a Red Hat npm supply-chain compromise tied to the Miasma campaign, active exploitation of Palo Alto Networks flaw CVE-2026-0257, and threats ranging from ClickFix/FakeUpdate site hijacking to the dismantling of a 17-million-device Dutch botnet. #ProjectGlasswing #Mythos #Anthropic #MetaAI #Instagram #RedHat #npm #Miasma #CVE-2026-0257 #PaloAltoNetworks #HPVoIP #WPMapsPro #WordPress #ClickFix #FakeUpdate #Dutch #Botnet #DragonWeave #CzechRepublic #Taiwan #ZeroKnowledge #Dragos #xIoT #Phosphorus #TinaPeters #USPS #Trump #Microsoft #Office #Teams

Daily Recap, Microsoft addressed an outage impacting MFA setup and the MySignIn service, and also fixed Windows security update installation issues tied to KB5089549, while a critical Windows Netlogon RCE flaw is being actively exploited and needs urgent patching. Elsewhere, attackers targeted a Linux kernel and a Palo Alto Networks vulnerability that had reportedly been exploited for weeks, an npm supply chain attack involving codexui-android stole OpenAI Codex authentication tokens, and election threats are increasingly focusing on campaign systems.
#MySignIn #MFAsetup #KB5089549 #WindowsNetlogon #NetlogonRCE #LinuxKernel #rootaccess #PaloAltoNetworks #codexui-android #OpenAICodex #npmSupplyChain #infostealer #campaignsystems

Cybersecurity Threat Research ‘Weekly’ Recap. The roundup covers supply-chain and developer tooling abuse (including malicious packages, RAT installers, and backdoored developer ecosystems) alongside ongoing phishing, AiTM, and social engineering campaigns targeting 2FA and payment data. It also highlights actively exploited vulnerabilities and long-running access via RATs, cloud/Kubernetes secret theft, blockchain-based C2, and increasing use of AI tools to automate attacks and phishing workflows.
#SicoobSDK #NuGet #Sentry #axios #LaravelLang #RVTools #DenoRAT #DinDoor #Tycoon2FA #PhaaS #PhaaSEcosystem #CVE-2026-0257 #GlobalProtect #CVE-2026-31431 #CopyFail #Gogs #KnowledgeDeliver #NimbusRAT #DriveSurge #OperationDragonWeave #SapphireSleet #OverlayPhantom #AtlasCross #Kimsuky #AhnLab #QuasarLinux #QLNX #P2Pinfect #ClearFake #SectopRAT #ACRStealer #WormGPT #Promptflux #SilentPushContextGraph #SectopRAT

Daily Recap, Critical PAN-OS GlobalProtect auth bypass CVE-2026-0257 is being exploited in the wild, while the ChatGPhish flaw shows how ChatGPT web summaries and shared links can be abused to deliver phishing and fake outage pages. Attackers are also chaining the Marimo CVE-2026-39987 exploit with an LLM agent for post-exploitation automation, as Charter Communications discloses a potential 5 million-person breach and the California AG sues 23andMe over its 2023 health data incident.
#CVE-2026-0257 #GlobalProtect #PAN-OS #ChatGPhish #ChatGPT #FakeOutagePages #Marimo #CVE-2026-39987 #LLMAgent #CharterCommunications #23andMe #CaliforniaAG

Daily Recap, Google Chrome rolled out session cookie theft protection for all users and shipped Chrome 148 with patches addressing 151 vulnerabilities to strengthen browser defenses. The day also covered ongoing breach litigation and threats using AI tools, plus malware and exploit activity across BTMOB, FortiClient EMS, Gogs, and Kimsuky.
#GoogleChrome #Chrome148 #151Vulnerabilities #CookieGuard #23andMe #CharterCommunications #Carnival #GreyVibe #Ukraine #ChatGPT #Gemini #BTMOB #FortiClientEMS #Gogs #Kimsuky #HTTPSpy #HelloDoor #VSCodeTunnels #Zapier #FIFA #Polymarket

Daily Recap, Sentencing and breach headlines dominated today: a Romania-linked hacking case delivered a 5-year prison term to target Oregon government systems, while Carnival Cruise confirmed a data breach affecting nearly 6 million people; a separate sextortion conviction resulted in a 33-year sentence for targeting 145 children. On the threat side, Grandoreiro malware and the BTMOB RAT campaign continue cross-platform targeting across Windows and Android, alongside GPU mining malware spreading via SEO poisoning and AI chatbots, plus an npm package that reportedly stole files from a Claude AI user directory on GitHub.
#Oregon #RomaniaHack #CarnivalCruise #Grandoreiro #BTMOB #Sextortion #Edamame #npm #ClaudeAI #GitHub #SEOpoisoning #AIChatbots