The macOS.Gaslight malware family now embeds prompt injection strings and fake system-failure messages to confuse AI-assisted malware analysis tools, risking aborted or truncated triage. The sample is a Rust binary with backdoor and information-stealing functionality, and it contains a 3.5 KB payload with 38 fake system messages meant to mislead automated analysis.

Bluekit has added browser-in-the-middle (BitM) login theft to its phishing stack, increasing the risk of session-token theft and account takeover. The mechanism uses rrweb to serialize page content and stream it over a WebSocket while an attacker-controlled browser relays victim interactions. The same infrastructure pairs the new delivery method with anti-analysis checks and live session monitoring that make the phishing flow harder to spot.

An active campaign used unauthorized peering connections and SSH access to maintain footholds inside a service provider's Cisco Catalyst SD-WAN environment, increasing the risk of stealthy control-plane access. Activity was observed from late 2025 into March 2026, suggesting a persistent operation rather than a one-off event. The operator used that access to change default account passwords and evade detection. The campaign matters because SD-WAN control planes can provide wide-scale access to internal enterprise traffic.

A Chrome extension with 10 million+ installs was found to carry a dormant script-injection path, raising the risk of arbitrary JavaScript execution across visited websites. A single server-side change could activate the behavior without an extension update or store review. The extension’s youtube.com check can be bypassed by embedding the string anywhere in a URL, allowing the code path to reach non-YouTube pages. That could expose pages, credentials, and authenticated sessions even though no malicious payload distribution was observed.

CISA published new guidance on June 24 for federal civilian executive branch agencies to replace legacy internet gateways with SASE as part of the move from TIC 2.0 to TIC 3.0 and zero trust. The guidance changes how agencies can build network architecture while still preserving CISA visibility into traffic. It also points agencies toward CLAW for telemetry and away from routine TLS decryption as a default inspection model.

Kandji fixed its MDM agent on macOS and assigned CVE-2026-39118 after validation showed a trust issue that could let a standard user disable enterprise security controls. The patch closes a macOS agent weakness exposed through XPC trust handling. The broader research showed the same technique can undermine tamper protection and remove visibility from security products.

macOS XPC trusted software verification lets a non-root user abuse cached signature trust to call privileged helper functions without authentication, opening a route to disable or remove EDR and MDM tools. XM Cyber traced the flaw to the way signed apps and their root helpers trust CDHash-based callers. The technique can inherit a legitimate app's trusted status, then invoke sensitive helper methods with no authentication. The result is a broad tamper-protection bypass across many macOS applications.

Ransomware attacks rose across Europe in early 2026, increasing operational and supply-chain risk for regional organizations. Activity climbed 55.1% year-over-year and averaged 171 incidents per month. Manufacturing was the most targeted sector at 28% of incidents, while several major countries accounted for most of the volume. The pattern points to a broad regional surge rather than isolated spikes.

A previously undocumented macOS implant named Gaslight combines Telegram bot API C2, persistent shell control, and file exfiltration with a built-in prompt-injection payload. The sample is designed to mislead AI-assisted triage by injecting fabricated system-failure messages that can make analysis abort or stop. It also establishes persistence through a LaunchAgent and steals Keychain and browser data from Chrome, Brave, Firefox, and Safari. The combination of anti-analysis and credential/data theft raises the risk of stealthy compromise on macOS hosts.

The Mistic backdoor is being used in financially motivated attacks against organizations across insurance, education, IT, and professional services, raising the risk of stealthy long-term access. It is also tracked as MLTBackdoor and has been delivered through ClickFix-style lures. The malware runs in memory, can self-delete, and uses DLL side-loading via MpExtMs.exe to blend in.

The KongTuke operation is using ClickFix lures and Microsoft Teams messages to widen access-seeking attacks against multiple organizations, increasing the risk of follow-on compromise and resale of access. The activity has been linked to January 2026 malware delivery chains and a later pivot last month to fake IT support messaging. The operation also overlaps with ModeloRAT delivery and has been seen in attacks that later deployed Qilin ransomware.

The DraftKings customer-account compromise exposed 60,000 accounts through credential stuffing and enabled theft from affected users. Attackers added payment methods under their control to 1,600 accounts, turning account access into direct financial fraud. DraftKings later said 67,995 customer accounts were compromised, indicating the intrusion was broader than the initial disclosure. The incident shows how reused passwords can turn a single-platform login attack into large-scale account takeover and loss.

Cisco released security updates for Cisco Catalyst SD-WAN after CVE-2026-20245 was linked to root-level command execution, and customers were told to move to fixed software. The affected scope includes vManage, vSmart, and vBond, and Cisco said there were no workarounds. The flaw was already used in zero-day attacks, making the upgrade urgent for exposed deployments.

The Edgecution malware is extending a Microsoft Edge browser foothold into host-level compromise by abusing Chrome Native Messaging and launching a Python-based backdoor. The activity matters because it turns a browser extension into a bridge for shell, PowerShell, and arbitrary Python execution on infected systems. The delivery chain uses fake Microsoft Teams IT-support lures and update-themed pages to push malicious scripts and ZIP payloads. The operation is tied to ransomware-related access tooling and is designed to increase persistence and control on compromised Windows hosts.

CVE-2025-67038 in Lantronix EDS5000 Series devices is now under active exploitation, creating a root-level command execution risk for affected systems. CISA told FCEB agencies to apply the fixes by June 26, 2026. The flaw is a code injection issue with a CVSS 9.8 severity rating.

Ubiquiti released UniFi OS patches for CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910, closing three maximum-severity defects tied to in-the-wild exploitation. The fixed issues span command injection, path traversal, and improper access control on network-accessible systems. The release matters because the chain was reported as being used to deploy commodity malware and could support unauthorized changes and broader network compromise.

Researchers demonstrated BioShocking, a prompt-injection technique that pushed six agentic browsers and plugins past guardrails and made them copy login credentials for exfiltration. The proof-of-concept raised immediate risk for logged-in accounts, open tabs, and private repositories across AI browser products. The test covered OpenAI's ChatGPT Atlas, Perplexity's Comet, and Anthropic's Claude extension.

The Amadey and StealC ecosystems now operate as malware-as-a-service (MaaS) offerings, widening access to loader and stealer capabilities for paying customers and affiliates. The model supports payload delivery and sensitive-information theft from compromised hosts while shifting execution burden onto self-hosted affiliate infrastructure. Named operators such as InCrease and plymouth show how commodity malware can be monetized as a recurring criminal service rather than a one-time tool sale.

The StealC and Amadey infostealer infrastructure was disrupted, cutting off the C2 servers used to control infected systems and weakening a major cybercrime supply chain. Law enforcement seized nearly 200 IP-based C2 servers and around 50 domains, while responders identified over 18,000 victim computers and severed criminal control. The takedown matters because the two families were linked to over 140,000 infected computers worldwide, and both were used to steal credentials or deliver additional malware.

The Amadey loader and StealC infostealer are being linked through shared C&C infrastructure, making the pair easier to coordinate and disrupt. Amadey helps attackers gain access and deliver secondary payloads, while StealC steals credentials, cryptocurrency wallets, cookies, and other valuable data. The pairing matters because it supports a common intrusion chain from initial access to post-compromise theft.

An international law-enforcement takedown under Operation Endgame disrupted shared infrastructure used by StealC and Amadey, with around 50 domains and nearly 200 active IP-based C2 servers seized. The action was coordinated by Europol, involved Germany’s Federal Criminal Police Office and legal support from Eurojust, and included technical analysis and intelligence support from partners such as Microsoft, ESET, BitSight, IBM X-Force, Lumen, Proofpoint, and Mitsui Bussan Secure Directions. Microsoft said the disruption used AI-powered analysis and court-authorized action to target the shared malware infrastructure, while Europol said the wider effort helped freeze €41m in criminal crypto assets and recover 27 million stolen login credentials.

CISA's BOD 26-04 requires federal agencies to apply available security updates or vendor-recommended mitigations within three days, accelerating remediation for actively exploited flaws. The directive increases pressure on agencies to reduce exposure across affected systems before attackers can expand access.

Ubiquiti UniFi OS now has three actively exploited CVEs that can let attackers make unauthorized changes, expose sensitive files, and reach remote code execution on vulnerable devices. CISA added CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910 to its Known Exploited Vulnerabilities catalog after warning of active abuse. Ubiquiti released fixes in May, and the flaws were described as remotely exploitable without privileges. Researchers at Bishop Fox later showed the issues could be chained into full system compromise, raising urgency for patching and mitigation.

Service desk identity verification is being tightened against social engineering attacks, reducing impersonation-driven account takeover and unauthorized access across corporate environments. The guidance centers on password resets, account unlocks, and MFA changes, where attackers often pose as employees or IT staff. Recommended controls include out-of-band confirmation, tighter approval paths, and alerts for repeated recovery requests.

macOS.Gaslight is a Rust-based macOS implant and information stealer assessed with high confidence as the work of North Korea-aligned threat actors. The sample uses Telegram Bot API C2 and embeds prompt injection content, including 38 fabricated system messages inside a Markdown-fenced block, to try to make AI-assisted malware triage abort, truncate, or refuse analysis. It also remains a working backdoor/infostealer, collecting data from Chrome, Brave, Firefox, Safari, terminal histories, installed apps, and the macOS login keychain. SentinelOne reported that the deceptive text includes bogus token-expiry, out-of-memory, disk-exhaustion, and repeated-operation errors, plus false warnings about injection and static-analysis issues. The implant can open an interactive shell, use a LaunchAgent for persistence, and upload collected data through Telegram, with operator settings supplied at runtime and the bot token redacted from its own output. The activity directly targets LLM-assisted reverse-engineering workflows by trying to make analysis tools doubt the sample and stop processing it.

Researchers identified macOS.Gaslight, a North Korea-linked Rust infostealer-backdoor that can steal Chrome, Brave, Firefox and Safari data, terminal histories, installed-app lists and the macOS login keychain. The sample also offers an interactive shell and routes command traffic through Telegram's Bot API, using encryption and certificate pinning to resist inspection. It embeds 38 fabricated system messages to derail AI-assisted triage before defenders can analyze the implant normally. The blend of credential theft, covert command handling and analysis sabotage increases the risk of unauthorized access and prolonged defender blindness.

Cordyceps exposed a CI/CD workflow privilege-escalation flaw in pull-request automation that let unauthenticated users hijack privileged workflows and reach open-source supply chains. In scans of about 30,000 high-impact repositories, more than 300 were fully exploitable. The weakness enabled attacker-controlled code execution, credential theft, and supply-chain compromise across repositories at large organizations. The issue was confirmed in environments tied to Microsoft, Google, Apache, Cloudflare, and Python.

KDDI Corporation confirmed an email-system breach that exposed customer credentials across six Japanese ISPs, putting account access at risk. The intrusion was detected on June 17 and publicly disclosed on June 23. KDDI said as many as 14.22 million email addresses and passwords were likely compromised, making password resets urgent.

A KDDI email-system breach exposed customer credentials across six Japanese ISPs, putting up to 14.22 million email addresses and passwords at risk. The compromise was detected on June 17 and publicly disclosed on June 23, making this a large-scale credential-exposure event. KDDI says it has modified the system and is urging affected customers to change passwords.

KDDI disclosed unauthorized access to its email system used by six Japanese ISPs after detecting the intrusion on June 17. The company said an actor exploited a vulnerability in third-party software and that up to 14.22 million email addresses and passwords were likely compromised, creating immediate account-security risk for customers of the affected providers. KDDI says it has modified the system, applied technical countermeasures, notified Japanese authorities, and urged affected users to change passwords. Public details still do not identify the vulnerable software, a CVE, or the intrusion actor, so response is focused on credential hygiene and containment rather than product-specific patch tracking.