Category: Daily Recap

Cybersecurity Threat Research ‘Weekly’ Recap. The briefing covers AI, SaaS, and collaboration threats with prompt injection and OAuth abuse, phishing and BEC intrusions, supply chain abuse, ransomware campaigns, cloud and Kubernetes security, vulnerability research, and new threat intel tooling, naming campaigns such as PromptMink, Cordial Spider, Snarky Spider, VECT RaaS, Silver Fox, and ABCDoor #PromptMink #CordialSpider.

Daily Recap, phishing and account abuse dominated the news, with ConsentFix v3 abusing OAuth to hijack Azure tokens, Bluekit offering AI-assisted phishing templates, AccountDumpling compromising roughly 30,000 Facebook accounts via Google AppSheet, and Cordial Spider and Snarky Spider using vishing and SSO abuse to extort users inside Google Workspace, HubSpot, SharePoint, and Salesforce. Nation-state activity followed with a China-linked SHADOW-EARTH-053 cluster targeting Asian governments, a Poland NATO state, journalists, and activists using Exchange/IIS exploits and ShadowPad, plus GLITTER CARP and SEQUIN CARP phishing aimed at journalists and activists; the report also covers urgent cPanel patching, revised bug bounties, guidance on secure deployment of agentic AI, and notable breaches at Trellix and Instructure, as well as the ANTS data breach case. #ConsentFix #Azure #Bluekit #AccountDumpling #Facebook #Meta #AppSheet #CordialSpider #SnarkySpider #SHADOW_EARTH_053 #ShadowPad #GLITTERCARP #SEQUINCARP #cPanel #Trellix #Instructure #ANTS #ALPHV #BlackCat #ScatteredSpider #GUARDAct #WindowsRun

Daily Recap, AI Security updates highlight Claude Security’s public beta for repository vulnerability scanning and Dataiku’s Kiji Privacy Proxy to locally mask PII before prompts reach external AI APIs. The report also notes governance gaps with Shadow AI, Cisco’s Model Provenance Kit for fingerprinting AI models and detecting tampering, and the emergence of AI-assisted phishing like Bluekit, along with other ransomware, supply-chain, and vulnerability news across Windows, SAP, and related ecosystems. #ClaudeSecurity #BluekitPhishing

Daily Recap, critical supply-chain flaws in Gemini CLI and SAP npm could enable host RCE, token theft, and secret-stealing malware in CI/CD and developer environments. Daily Recap, a WordPress redirect plugin used by over 70,000 sites hid a dormant backdoor for five years while a separate GitHub flaw exposed millions of private repositories. #GeminiCLI #SAPnpm #WordPressBackdoor #GitHubRCE #cPanelZeroDay #CopyFail #Qinglong #PromptMink #SandhillsMedical #Roblox #Dubai #CryptoScamRaid #VercelBreach

Daily Recap, European police dismantled a €50 million crypto investment scam ring operating fake trading call centers in Tirana and using remote-access tools to steal and launder funds, while multiple critical vulnerabilities were exploited across LiteLLM, GitHub, Windows, and OpenEMR. The day also featured supply-chain breaches, ransomware tensions, and AI policy debates involving Checkmarx, Vimeo, VECT 2.0, LAPSUS$, BlueNoroff, Handala, Scattered Spider, and NGA as attackers, victims, and policymakers navigate an evolving threat landscape. #CryptoRing #LiteLLM #GitHub #Windows #OpenEMR #Checkmarx #LAPSUS$ #Vimeo #VECT #BlueNoroff #Handala #ScatteredSpider #NGA #ClaudeMythos #Kaseya #CoinbaseCartel #Snowflake #BigQuery

Daily Recap, the latest cybersecurity news covers Microsoft’s plan to block legacy TLS 1.0 and TLS 1.1 for Exchange Online starting July 2026 and an Outlook outage that forced iPhone Mail reauthentication after degradation. It also highlights espionage and vulnerability disclosures, including Xu Zewei’s extradition linked to Silk Typhoon/HAFNIUM, Russia-linked Signal phishing, and breaches affecting Medtronic and ADT, plus supply-chain activity around PyPI and GlassWorm. #XuZewei #SilkTyphoon #HAFNIUM #Medtronic #ADT #PyPI #GlassWorm

Daily Recap, BlackFile extortion targets retail and hospitality with seven-figure ransoms using voice phishing, IT-support impersonation, and leaked-data sites, while romance and pig-butchering scams continue to devastate victims. Malware activity includes UNC6692 deploying the SnowBelt browser extension for persistence and credential theft, and fast16—a 20-year-old Lua-based sabotage framework predating Stuxnet—plus espionage links to Xu Zewei and HAFNIUM/Silk Typhoon attacks on Microsoft Exchange. #BlackFile #SnowBelt #UNC6692 #fast16 #Stuxnet #XuZewei #HAFNIUM #SilkTyphoon #MicrosoftExchange #Duo #Itron #Pack2TheRoot #PackageKit #TLSConnect #LuLu #TibetanVote #COVID19VaccineResearch

Cybersecurity Threat Research ‘Weekly’ Recap. The report highlights activity across supply chains, APT intrusions, phishing, ransomware, edge and IoT infrastructure, and AI-enabled exploitation, noting Open VSX sleeper extensions delivering GlassWorm and npm supply-chain worms. The analysis also covers covert C2, credential theft, and domain spoofing in developer ecosystems, with groups such as GopherWhisper, Tropic Trooper, Mustang Panda, UNC6692, and others deploying staged loaders, custom beacons, shadow firmware, and crypto drainers. #GlassWorm #GopherWhisper

Daily Recap, AI now drives the top initial-access vector with phishing accounting for 35% of Q1 2026 compromises, and researchers warn that hidden indirect prompt injection is spreading across the open web to manipulate LLM agents. It also covers vulnerability advisories (KEV) involving SimpleHelp, Samsung MagicINFO 9 and D-Link DIR-823X, China-linked espionage with GopherWhisper and Song Wu, extortion and fraud cases including BlackFile and SMS Blaster, and policy moves like Section 702 and Windows Update controls. #GopherWhisper #SongWu

Daily Recap, Bitwarden and Checkmarx faced separate supply-chain compromises that exposed developer secrets through malicious npm, Docker, and extension loaders affecting CLI, KICS, VS Code, and Open VSX users. Vercel disclosed broader fallout from a Context.ai intrusion, with Lumma Stealer stealing API keys and tokens that could impact downstream systems. #Bitwarden #Checkmarx #ContextAI #LummaStealer #Vercel

Daily Recap, Microsoft Edge updates disrupted Teams meetings on Windows as engineers review diagnostics while Sean Plankey withdrew from consideration to lead CISA amid workforce losses and budget strain. The recap also highlights AI security advances and a surge in threat activity, including GopherWhisper using Outlook/Slack/Discord for C2, Contagious Interview and related BeaverTail, OtterCookie, and InvisibleFerret campaigns, proxy networks by Chinese actors, and patches such as Defender CVE-2026-33825 and iOS CVE-2026-28950, plus Mirai in D-Link routers, KICS/Docker Hub supply-chain issues, CanisterSprawl, Harvester’s GoGra backdoor, and Lotus Wiper hits in Venezuela.
#GopherWhisper #ContagiousInterview #BeaverTail #OtterCookie #InvisibleFerret #GoGra #LotusWiper #TuMangaOnline #CISA #Edge #Teams

Daily Recap, UK cyber officials report they are handling four major incidents per week amid rising nation-state activity from Russia, Iran and China, while the EU imposes sanctions on Russian propaganda networks and Ukraine exposes a bot farm supplying thousands of fake Telegram accounts to Russian spies. Ransomware cases surface in legal actions around BlackCat/ALPHV and insider-leakage details, while GoGra Linux backdoor abusing Microsoft Graph API and an npm supply-chain attack on Namastex Labs highlight evolving threats, alongside the Vercel breach via Context.ai.
#BlackCat #GoGra

Daily Recap, the week featured high-profile data breaches at Vercel and ANTS, a Seiko USA Shopify data claim, and misconfigured Perforce servers exposing sensitive data from major organizations. Ransomware, crypto threats, platform abuse, and regulation dominated headlines, including BlackCat/ALPHV and Scattered Spider activity, The Gentlemen using SystemBC, Lazarus/TraderTraitor’s KelpDAO heist, FakeWallet/SparkKitty on the Apple App Store, notable CVEs like SGLang CVE-2026-5760, Google Antigravity RCE risks, BridgeBreak flaws in Silex and Lantronix, and regulatory actions by the FTC and Italy’s data-protection authority.
#Vercel #LummaStealer #Mandiant #ANTS #SeikoUSA #Shopify #Perforce #BlackCat #ALPHV #AngeloMartino #ScatteredSpider #TheGentlemen #SystemBC #Lazarus #TraderTraitor #KelpDAO #rsETH #TornadoCash #FakeWallet #SparkKitty #AppleAppStore #Cisco #Zimbra #TeamCity #ActiveMQ #SGLang #CVE-2026-5760 #GGUF #GoogleAntigravity #BridgeBreak #Silex #Lantronix #Bluesky #Ofcom #Telegram #TeenChat #ChatAvenue #X #Athr #FTC #TakeItDownAct #Grok #PosteItaliane #Postepay #ItalyDataProtectionAuthority

Daily Recap, Vercel disclosed a third-party AI tool compromise that led to unauthorized internal access and limited customer impact, with hackers also claiming to sell stolen data. Microsoft Teams is increasingly abused in helpdesk impersonation attacks using Quick Assist and Rclone, Cisco patched critical ISE and Webex flaws that could enable remote code execution and root access, and a zero-day in Adobe Acrobat Reader (CVE-2026-34621) was observed in the wild.
#Vercel #AcrobatReader

Cybersecurity Threat Research ‘Weekly’ Recap: A roundup of social engineering, phishing, and remote-access abuse highlights Cross-tenant helpdesk impersonation, a Black Basta affiliate executive-targeting campaign, and the ClickFix phishing operation. The report also covers ransomware, extortion, data leaks, malware post-exploitation, cloud and identity abuse, and mobile-endpoint threats across multiple sectors. #CrossTenantHelpdesk #BlackBasta #ClickFix #UNC1069 #AgenziaDelleEntrate #YouTubeCopyrightNotices #InteractiveBrokers #MacSyncStealer #NightSpire #PayoutsKing #Qilin #TheGentlemen #INC_Ransom #MOIS #HomelandJustice #Karma #Handala #ForceHound #Keenadu #RecruitRat #SaferRat #Astrinox #Massiv #RedSun #TP-Link #JoomlaSEOSpam