NEW#0814
Check Point6 days ago11 min▣LLM reporthigh This weekly threat intelligence bulletin highlights multiple active exploitation campaigns targeting network infrastructure (Cisco SD-WAN, Ubiquiti UniFi OS, FortiGate firewalls) and AI platforms (Dify, Langflow), alongside supply chain attacks against Polymarket and AI agent ecosystems. Notable emerging threats include EvilTokens phishing-as-a-service abusing device-code authentication for M365 token theft, the FortiBleed campaign converting 430,000+ firewalls into credential stealers, and Turla's StockStay espionage malware targeting Ukrainian entities. Cloud extortion group FulcrumSec and the DCloud Uni-App fraud framework (236,493+ scam domains) represent additional significant threats requiring defensive attention.
NEW#0813
Check Point6 days ago10 min▣LLM reporthigh Check Point Research identified a DeepSeek-attributed malicious Python Flask sample that transforms a theoretical browser ransomware risk into a practical attack using the File System Access API. The sample, disguised as a Discord avatar AI upscaler named InfernoGrabber v9.0, leverages social engineering to trick users into granting folder-level file access via browser permission prompts. Once access is granted, the web page can enumerate, read, exfiltrate, and encrypt files in the selected directory — all without installing a native payload or exploiting a browser vulnerability. The technique is particularly dangerous on Android where Chrome 132+ exposes the File System Access API to web content, allowing access to high-value photo directories including DCIM.
NEW#0812
Akamai6 days ago9 min▣LLM reportmedium The upcoming MCP 2026-07-28 specification fundamentally reshapes the protocol's security model by moving to a stateless architecture, eliminating protocol-managed sessions, and mandating OAuth 2.1 with PKCE. While this removes historical attack vectors like session hijacking and unsolicited server prompts, it introduces new risks: client-controlled state objects and tracking IDs enable cross-agent workflow hijacking, the _meta object allows metadata-based privilege escalation, new HTTP headers create desync and data leakage opportunities, MCP Apps bring stored XSS into AI interfaces, and asynchronous tasks introduce resource exhaustion DoS vectors. Security responsibility now rests squarely on MCP server developers and platform operators to implement cryptographic state verification, input validation, output encoding, and resource quotas.
NEW#08116 days ago19 min▤RecapJun 2026
AI Attacked and Abused While Perimeter Authentication Collapses
The month's defining shift was the emergence of AI as a two-sided battlefield: organizations deployed AI tools faster than they secured them, while attackers weaponized the same technology against defenders. Critical flaws in LangGraph allowed SQL injection chained to remote code execution, M365 Copilot could be turned into a one-click data exfiltration weapon via SearchLeak, and Langflow was exploited to deploy cryptominers. Meanwhile, the ongoing Shai-Hulud campaign injected prompts to blind AI malware scanners, macOS.Gaslight turned prompt injection against human analysts, and Russia's APT28 began experimenting with LLM-integrated malware. At the same time, perimeter authentication collapsed at scale: FortiBleed exposed credentials for over 73,000 FortiGate firewalls, CVE-2026-50751 let attackers bypass Check Point VPN authentication entirely, and ShinyHunters exploited an Oracle PeopleSoft zero-day across over 100 organizations.
Supply chain attackers followed developers to their new AI tools, compromising the ecosystems where code is written and built. The Shai-Hulud/Miasma worm expanded from npm into PyPI and injected persistent backdoors into AI coding assistant configurations, while North Korea's Sapphire Sleet compromised over 140 Mastra npm packages to steal cryptocurrency wallets, and the ongoing GlassWorm campaign pivoted to WebAssembly malware in VS Code extensions using the Solana blockchain as command-and-control. Social engineering also industrialized: the ErrTraffic framework turned ClickFix deception into a Malware-as-a-Service operation with blockchain dead drops, and EvilTokens hid phishing flows inside browser-side encryption to defeat network scanners while hijacking Microsoft device-code authentication.
Organizations should treat AI deployments as untrusted perimeter assets—restrict their network access, audit third-party skills and extensions, and assume prompt-injection attacks will target both automated scanners and human analysts. Every internet-facing VPN, firewall, and edge appliance should be patched immediately, with credentials rotated and phishing-resistant MFA enforced, because perimeter authentication failures now cascade directly into internal network compromise.
#08108 days ago6 min▤RecapJun 22 – Jun 29
Legitimate Tools Hijacked as AI Becomes the New Battleground
The most damaging intrusions this week didn't rely on custom malware — they hijacked the legitimate tools and protocols organizations already trust. FortiBleed harvested real credentials from FortiGate firewall configurations worldwide, EvilTokens bypassed multi-factor authentication by abusing Microsoft's own device login flow, and a WhatsApp campaign installed legitimate ManageEngine remote management software to maintain persistent access.
Simultaneously, attackers are learning to manipulate the AI systems defenders increasingly depend on. The macOS.Gaslight malware feeds fake error messages to AI analysis tools to blind security analysts, malicious skills on the OpenClaw marketplace trick AI assistants into executing harmful commands, and researchers demonstrated that chatbot reconnaissance can map an organization's defenses through casual conversation.
Reset all FortiGate and VPN credentials immediately, scrutinize AI marketplace add-ons before installation, and assume that any legitimate-looking login prompt or remote management tool could be an attacker wearing a trusted disguise.
#0809KKaspersky12 days ago7 min▣LLM reporthigh The StrikeShark campaign utilizes a novel malware family named SharkLoader to deploy Cobalt Strike Beacons across various global sectors. Threat actors gain initial access by exploiting known vulnerabilities in public-facing applications or distributing custom droppers disguised as legitimate software. SharkLoader employs advanced evasion techniques, including Perfect DLL Hijacking and extensive API hooking, to bypass loader locks and conceal its execution in memory.
#0808
Palo Alto Networks12 days ago6 min▣LLM reporthigh Threat actors are exploiting the OpenClaw AI agent ecosystem by publishing malicious skills on the ClawHub marketplace. These skills leverage semantic instruction hijacking to bypass traditional security controls, delivering macOS infostealers via base64-encoded droppers, utilizing massive file padding for defense evasion, and executing novel agentic financial fraud schemes like runtime affiliate injection and front-running.
#0807
Arctic Wolf12 days ago6 min▣LLM reportcritical FortiBleed is a severe, large-scale credential compromise campaign targeting internet-facing Fortinet FortiGate devices. Threat actors utilize a sophisticated pipeline, including the custom CyberStrike Harvester, to extract and crack credentials from device configurations and traffic captures, subsequently pivoting into internal networks for Active Directory enumeration and data exfiltration.
#0806
SentinelOne12 days ago5 min▣LLM reporthigh SentinelLABS identified macOS.Gaslight, a DPRK-aligned Rust backdoor targeting macOS systems. The implant establishes a resilient C2 channel via the Telegram Bot API using AES-GCM over pinned TLS and achieves persistence via a masqueraded LaunchAgent. Notably, it embeds a 38-message prompt-injection payload designed to feed fabricated system errors to LLM-assisted triage tools, aiming to abort or corrupt automated analysis. The malware also stages a standalone Python environment to execute a credential and data stealer.
#0805
Recorded Future12 days ago5 min▣LLM reportmedium Recorded Future has identified a purchase scam campaign, dubbed AEGIR, utilizing SEO poisoning on compromised legitimate websites to redirect organic search traffic to unindexed scam domains. The campaign employs referrer-based cloaking to evade detection and leverages transaction laundering across multiple merchant accounts to monetize stolen payment card data, specifically targeting event-driven demand like the 2026 World Cup.
#0804
Palo Alto Networks12 days ago5 min▣LLM reporthigh Researchers identified a universal bucket hijacking technique affecting major cloud providers (AWS, GCP, Azure) that allows attackers to silently exfiltrate data streams. By exploiting the global uniqueness of bucket names, an attacker with deletion privileges can delete a target bucket and recreate it in their own environment, seamlessly rerouting logs, backups, and messages without requiring granular configuration update permissions.
#0803
Trend Micro12 days ago7 min▣LLM reporthigh A cryptocurrency-mining campaign is actively exploiting CVE-2026-33017, an unauthenticated RCE vulnerability in Langflow, to deploy the lambsys malware. The attack chain involves a bash dropper that establishes SSH-based lateral movement, followed by a Go-based payload that systematically disables Linux security controls, eliminates rival miners, and deploys a customized XMRig miner.
#0802
ANY.RUN12 days ago5 min▣LLM reporthigh The EvilTokens phishing kit utilizes browser-side AES-GCM decryption to conceal its malicious payload from static analysis tools. By abusing the Microsoft Device Code authentication flow, the kit tricks victims into authorizing attacker access to their Microsoft 365 accounts without directly harvesting credentials, creating a significant visibility gap for SOC teams.
#0801
Zscaler ThreatLabz12 days ago5 min▣LLM reporthigh ThreatLabz identified a new attack campaign deploying 'Edgecution,' a malicious Microsoft Edge browser extension used by an initial access broker affiliated with Payouts King ransomware. The malware abuses the Chrome native messaging protocol to bridge a headless browser extension with a Python-based backdoor, enabling arbitrary code execution and filesystem access while evading traditional browser sandboxes.
#0800
Canadian Centre for Cyber Security12 days ago3 min▣LLM reportcritical The Canadian Centre for Cyber Security issued an advisory regarding critical vulnerabilities across multiple Broadcom VMware Tanzu products, including RabbitMQ, Greenplum, and GemFire. Organizations are advised to review the Broadcom security advisories and apply the patched versions to mitigate potential exploitation risks.
#0799
Akamai12 days ago4 min▣LLM reportmedium Researchers identified a critical gap in AI chatbot security where assistants leak operational context, such as tool access and boundaries, through benign reconnaissance queries. This leaked information allows attackers to bypass static model guardrails and craft highly targeted prompt injections, highlighting the need for dynamic runtime protection.
#0798
Trail of Bits12 days ago4 min▣LLM reportinfo Trail of Bits introduced the 'Patch the Planet' initiative, leveraging frontier AI models to identify and remediate vulnerabilities across critical open-source projects. The effort highlights a paradigm shift where AI accelerates bug discovery, making triage, patching, and disclosure the primary challenges for maintainers.
#0797
Canadian Centre for Cyber Security12 days ago3 min▣LLM reporthigh The Canadian Centre for Cyber Security published a daily digest summarizing security advisories from IBM, Ubuntu, Dell, CISA (ICS), and Red Hat. The advisories cover a wide range of enterprise software, Linux kernels, and industrial control systems requiring immediate patching to address newly disclosed vulnerabilities.
#0796KKaspersky12 days ago9 min▣LLM reporthigh A widespread malware campaign is leveraging compromised WhatsApp accounts to distribute malicious VBScript files disguised as financial documents. The multi-stage infection chain abuses legitimate Windows utilities to download payloads, attempts to bypass UAC via registry modifications, and ultimately deploys a preconfigured ManageEngine Endpoint Central RMM agent to establish persistent remote access.
#0795
Check Point12 days ago5 min▣LLM reportcritical This threat intelligence report highlights recent data breaches involving third-party vendors, emerging AI threat vectors such as prompt injection and WebSocket abuse, and active exploitation of critical vulnerabilities in Fortinet, Cisco, and Splunk products. Additionally, seasonal phishing campaigns targeting travelers and Amazon Prime members are surging alongside a cross-platform Rust-based crypto clipboard hijacker.