Search This Blog

Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Five Eyes Warn AI-Powered Cyberattacks Could Outpace Defenses Within Months


 

A Five Eyes intelligence alliance has issued an urgent warning, warning that advanced artificial intelligence could soon allow cyberattacks capable of overwhelming government and enterprise defenses. They urge companies to strengthen their cybersecurity before these threats become reality. 

The alliance, comprising the United States, the United Kingdom, Canada, Australia, and New Zealand, announced on Monday that frontier artificial intelligence models are expected to transform offensive and defensive cyber operations in the coming months, rather than years, according to the alliance. According to the agencies, rapidly advancing artificial intelligence capabilities are lowering the barriers to cybercrime by facilitating faster, more sophisticated attacks. 

Several recent U.S. restrictions on foreign access to Anthropic's most advanced AI systems were prompted by concerns about their cybersecurity capabilities. This warning comes amid growing concern over the security implications of next-generation AI models. It was requested by intelligence partners that governments and businesses strengthen their cyber resilience immediately. 

There are several recommended measures, including patching known software vulnerabilities, modernizing legacy infrastructure, enforcing stricter access controls, and investing in proactive security monitoring. In addition to acknowledging the trend of threat actors adopting artificial intelligence to accelerate cyber operations, the alliance also stressed that this technology can significantly strengthen defenses.

Security tools powered by artificial intelligence can be used to identify vulnerabilities earlier, detect suspicious activity in real-time, improve software quality, and respond to incidents more quickly. According to cybersecurity experts, the warning is of particular significance to small and medium-sized companies, which may lack the resources and mature security programs found in large corporations. 

AI-driven attacks are likely to present the greatest risk to organizations with outdated systems and weak security controls as they become more accessible. Furthermore, the statement highlights the growing debate on AI governance. The debate between governments and industry continues, however experts contend that regulatory efforts have not kept pace with the rapid development of frontier AI models. 

echnology leaders and security researchers have recently called for a more transparent and scientifically based approach to artificial intelligence risk assessment while ensuring defensive security capabilities continue to advance. A Five Eyes warning emphasizes that artificial intelligence is rapidly transforming the cyber threat landscape. 

Organizations that are proactive in strengthening their security posture and integrating artificial intelligence into their defense systems will have greater success defending themselves against the next generation of cyber threats. The Five Eyes warning reflects a growing consensus that artificial intelligence is transforming cyber threat landscapes at a historic pace. 

Organizations with a strong resilience strategy, modernized security infrastructure, and responsible adoption of AI-driven defenses will be better prepared to deal with the next generation of cyber threats as offensive capabilities evolve.

Proxy Servers Power More Than Cybersecurity, Emerging as a Backbone for AI and Digital Businesses

 

Proxy servers are commonly linked with cybersecurity and online privacy, with much of the public conversation focusing on their association with cybercrime. However, beyond these concerns, proxy servers have become an essential part of modern business operations, research activities and emerging technologies, particularly artificial intelligence (AI).

According to Proxyway's annual market report, which has tracked the commercial proxy server industry since 2019, proxy servers play a much larger role in the digital economy than many people realise.

Proxy servers are computers that allow users to access the internet through a different internet connection. By routing traffic through another device, users can obtain a different IP address, making it appear as though they are browsing from another location or internet service provider.

Although they share similarities with virtual private networks (VPNs), proxy servers differ in one important way. Businesses often operate multiple proxy servers simultaneously instead of relying on a single connection, enabling them to collect publicly available web data on a much larger scale, subject to the policies of individual websites.

Beyond cybersecurity, proxy servers have become a key part of legitimate commercial operations. A well-established industry now provides proxy services to businesses across the globe while working towards responsible self-regulation. Several leading providers generate significant annual revenues by offering enterprises tools for large-scale web access and data collection.

Proxyway surveyed 13 major proxy service providers and found that e-commerce remains the biggest area of demand. Businesses use proxy servers to monitor competitors' product listings and pricing, build price comparison platforms, analyse customer reviews to understand market sentiment and support other commercial intelligence activities.

Proxy servers are also used to detect counterfeit products across online marketplaces and verify that digital advertisements appear in the intended locations.

In the travel industry, proxy technology enables online travel agencies and hotel booking platforms to compare prices and secure competitive deals. Digital marketers rely on proxies to track search engine rankings across different locations, while cybersecurity professionals use them to identify malicious applications online. Researchers and academic institutions also depend on proxy networks to gather extensive datasets, including studies examining media representation of women in workplaces.

Supporting AI development

Proxy servers are increasingly becoming an important component of the AI ecosystem.

They help facilitate access to the vast volumes of web data needed to train and update large language models. As AI systems continue to evolve through regular retraining, proxy infrastructure supports ongoing data collection efforts.

The report also highlights the growing role of proxy servers in agentic AI, where autonomous AI systems perform tasks on behalf of users.

For several proxy providers, AI-focused clients now represent a substantial share of their customer base. One major industry participant has reported strong year-on-year growth driven partly by rising demand from AI companies, with annualised recurring revenue increasing significantly and further expansion expected, according to the report.

Industry experts stress that proxy servers themselves are neutral technologies whose impact depends on how they are used. Their applications range from cybersecurity investigations and academic research to commercial operations and AI development.

Many established providers have adopted measures to ensure responsible usage. Residential proxy networks are built by obtaining users' consent and offering compensation to participants who contribute their internet connections.

Providers also conduct customer verification, with some requiring identity documents and video-based authentication. Many restrict access to high-risk websites, including government and financial institutions, while continuously monitoring their networks for misuse.

Several companies have also come together under the Ethical Web Data Collection Initiative, a consortium that aims to promote responsible data collection practices, strengthen public confidence and encourage sustainable industry standards.

While debates continue around AI training practices and the use of publicly available web data, proxy servers remain an important part of the internet's infrastructure, quietly supporting many digital services that people use every day.

Sovereign File Architecture Gains Importance as Enterprises Rethink Cloud Data Control

 

Cloud computing changed enterprise IT by enabling organizations to achieve significant storage scalability and cost savings. Companies quickly embraced the idea of storing data in the cloud because of its flexibility and accessibility. However, because information remains on physical servers, companies are discovering that data is stored in a specific location subject to local legislation. 

This led to the concept of sovereign file architecture, one of the strategies by which organizations seek to store information considering jurisdiction as a critical factor. The data storage strategy is now focused on achieving file sovereignty and residency rather than convenience. Data sovereignty differs from privacy in that the former concerns the primary authority that possesses the right to store and access information, while the latter relates to its geographic location. 

While the early cloud computing innovators placed their data with the most accessible and cost-effective infrastructure, there was little information on where exactly it was stored. This created a sovereignty gap, as the organizations had limited insight into who could access the information and the applicable legal frameworks. At the same time, there are more data residency and sovereignty risks today as countries impose strict regulations and trade barriers while dealing with cybersecurity threats and geopolitical tensions. 

Data residency is a crucial consideration for many organizations, particularly those dealing with sensitive data and operating at a multinational level. Disasters, government restrictions, or geopolitical tensions may render some servers inaccessible, thus necessitating the need to store data in different jurisdictions. Enterprises are now prioritizing storage solutions that give them the most control by allowing them to migrate or place their information as they see fit. 

These factors are driving companies to adopt sovereign file architecture, which is designed to decouple file management from storage. By doing so, organizations satisfy the need to store data in several jurisdictions and maintain flexibility regarding where to store sensitive or non-sensitive information. Enterprises can also utilize a hybrid strategy consisting of private and public storage methods, thus balancing costs and file security. 

Sovereign file architecture allows organizations to remain compliant with the increasingly stringent data residency and sovereignty laws enforced by governments worldwide. Consequently, there is now a growing preference for sovereign file architectures over other options when considering factors such as transparency, legal protection, and control.

Chinese AI Model GLM 5.2 Pushes Open-Weight AI Forward

 




Chinese artificial intelligence company Z.ai, formerly known as Zhipu AI, has introduced GLM 5.2, an open-weight large language model that is attracting attention among developers for combining advanced AI capabilities with the flexibility to run on privately owned hardware. Unlike proprietary AI platforms such as ChatGPT and Claude, which are primarily accessed through cloud-based subscriptions, GLM 5.2 allows developers to download, customize, and deploy the model within their own computing environments, offering greater control over infrastructure, privacy, and operational costs.

The release comes as open-weight AI models continue to narrow the performance gap with leading commercial systems. While proprietary models have traditionally dominated the AI ecosystem with stronger reasoning capabilities, newer open-weight alternatives, including Meta's Llama family, Mistral, and now GLM 5.2, are demonstrating that many enterprise workloads no longer require exclusive reliance on premium cloud-hosted models. Businesses commonly use AI to summarize extensive document repositories, generate and debug software code, automate repetitive workflows, and retrieve information from internal knowledge bases, making cost-efficient deployment an increasingly important consideration.

Unlike fully open-source AI projects that typically publish training code, data processing pipelines, evaluation frameworks, and other development components, open-weight models primarily provide access to the trained model parameters. This enables organizations to fine-tune and integrate the model into their own applications while maintaining considerably more flexibility than closed AI services, where the underlying model remains inaccessible.

Interest in GLM 5.2 has also grown following demonstrations showing the model running locally on high-end Apple systems, including the Mac mini. Although these deployments require powerful hardware, they illustrate how advanced AI models are gradually becoming practical outside centralized cloud infrastructure. For organizations handling sensitive financial information, medical records, intellectual property, or confidential research, local deployment reduces the need to transmit data to third-party platforms, strengthening privacy protections while supporting regulatory compliance and data sovereignty requirements.

Despite its flexibility, GLM 5.2 remains an exceptionally demanding model. Built using a Mixture-of-Experts architecture containing between 744 billion and 753 billion parameters, the model occupies approximately 1.51TB of storage and memory in its original form. Developers therefore rely on quantization, a compression technique that reduces memory requirements by lowering the numerical precision of model weights. Even after aggressive optimization, approximately 240GB of memory is still required to load the model. GLM 5.2 also supports a one-million-token context window, allowing it to process entire software repositories, lengthy technical documentation, and extensive research collections within a single prompt, though doing so places additional demands on system memory.

As organizations continue evaluating how AI should be deployed across their operations, GLM 5.2 reflects a broader industry movement toward flexible AI ecosystems where proprietary, open-weight, and locally hosted models each serve different operational needs. Rather than replacing commercial AI platforms outright, models such as GLM 5.2 provide businesses with additional options to balance performance, cost, security, and data control as enterprise AI adoption continues to evolve.

Free VPNs and Streaming Apps Turn Your Device Into a Criminal Proxy

 

Free VPNs and streaming apps are quietly transforming everyday devices into tools for cybercriminals. Unwitting users are allowing their internet connections to be hijacked and used to mask illegal activity, exposing them to serious security and legal risks. While not all residential proxies are illegal, abusers take advantage of anonymity coupled with cheap, unauthorized residential proxies to perform tasks that may be unethical, if not outright illegal at times. 

Research from Infoblox Threat Intel indicates that the situation is more dire than previously assumed, as nearly two thirds (65%) of its Threat Defense Cloud customers made DNS queries to domains used to access or orchestrate residential proxy networks in 2026, totaling over 500 billion such queries per month. Criminals exploit these proxies for activities like fraud, online ad fraud, fake account creation, unauthorized data scraping, and bypassing regional restrictions on streaming platforms. Because their traffic blends in with legitimate user requests, businesses often struggle to identify and block these threats until real damage has occurred. 

Most users are unaware that their devices are being weaponized. Permission is either buried in the fine print of end-user license agreements or never properly obtained at all. Once inside a network, these apps can silently forward requests from threat actors, who benefit from the anonymity of a residential IP. Victims may later face issues such as flagged accounts, CAPTCHA overload, or extra verification steps, as their IP addresses get tagged by reputation systems for suspicious behavior. 

Certain categories of software are higher risk. Free VPNs, cheap IoT devices from unknown manufacturers, screen-recording or streaming software, and browser extensions can all serve as entry points for residential proxy abuse. These tools often lack transparency about their data and traffic practices, prioritizing monetization over user safety. 

Avoiding this is easier said than done, but there are ways to reduce susceptibility to this kind of abuse. A software audit should be your first line of defense. Knowing what runs on all your devices and whether it is trustworthy or not is key to preventing exposure. Investing in a router or software service that blocks such requests would also go a long way, as would leveraging Protective DNS to monitor your network. To start, users can also use services to monitor and check their IP's risk profile, allowing them to determine whether they are already a victim of abuse.

Council of Europe Data Breach Exposes Records of 10000 Employees After ShinyHunters Leak


 

Council of Europe is investigating a major data breach following the public release of approximately 297 GB of sensitive employee data by cybercriminal group ShinyHunters following the expiration of a ransom deadline. 

An archive has been leaked that contains information regarding more than 10,000 current and former employees, contractors, and job applicants dating from 15 years ago. As one of Europe's leading human rights organizations since 1949, the Council of Europe has been an official observer at the United Nations since 1949. It represents 46 member states and is a central force in promoting democracy, human rights, and the rule of law throughout Europe. 

Since the information it holds is sensitive, the breach of confidentiality is particularly significant. As reported by ShinyHunters, more than 429,000 files, including personnel data, were obtained from multiple Council departments, including human resources and administrative units. This was one of the largest breaches of personal data involving an intergovernmental organization in Europe. 

Information available indicates that payroll records, bank account information, medical information, tax information, social security information, salary histories, personnel files, and thousands of CVs were exposed. Due to the large size of the dataset, identity theft, financial fraud, and highly targeted phishing are significantly more likely to occur. It has been reported that the breach is related to CVE-2026-35273, a critical 9.8-severity zero-day vulnerability affecting Oracle PeopleSoft's Environment Management Hub (PSEMHUB). 

According to security researchers, the vulnerability allowed attackers to execute arbitrary code remotely without authentication. According to Google's Mandiant team, more than 100 organizations had actively exploited the vulnerability prior to Oracle's release of security guidance. Using the zero-day vulnerability in combination with older vulnerabilities, ShinyHunters obtained persistent access, migrated laterally through compromised environments, and exfiltrated data while posing as legitimate users. 

The exploit was conducted between May 27 and June 9, before mitigations were available. ShinyHunters has also altered its extortion strategy significantly following the Council of Europe declining to meet the ransom demand. In response to the Council's refusal to pay the ransom, ShinyHunters announced it would permanently distribute stolen datasets through multiple mirror sites and torrent networks, thereby reducing the likelihood of future takedown efforts.

In addition, the incident adds to the growing number of campaigns involving ShinyHunterS Researchers have recently linked the group to attacks targeting multiple organizations, while Google's threat intelligence team has linked the group's latest activity to widespread exploitation of the Oracle PeopleSoft zero-day vulnerability before mitigations were available. 

According to a brief statement issued by the Council of Europe, the organization was "investigating the matter and assessing the situation." Further comment was not provided. The organization has not yet announced a formal notification process or measures to protect individuals' identities. Zero-day exploitation and data extortion campaigns are becoming increasingly prevalent, with public disclosure increasingly taking precedence over traditional ransomware encryption. 

The threat of persistent leak strategies is increasing, which is why organizations are being urged to strengthen vulnerability management, accelerate patch deployment, and improve incident response to minimize both institutions and individuals' long-term risks.

Critical Bugs In Cursor IDE via Zero-Click Prompt Injection Can Launch RCE


CATO AI labs discovered two critical flaws in the famous AI code editor ‘Cursor’ that could result in remote code execution (RCE) outside the IDE’s sandbox. 

Duneslide

The IDE is employed by more than half of the Fortune 500. Both RCE flaws, called “DuneSlide,” were given a 9.8 CVSS score. The security bugs are tracked as CVE-2026-50548 and CVE-2026-50549.

The bugs demonstrated how prompt injection can move beyond the LLM layer and reveal classical bugs in code paths that were earlier not thought of as part of the attack surface.

A threat actor can exploit either of these bugs to overwrite critical system files (such as cursorsandbox binary), changing sandboxed comments into unsandboxed RCE and resulting in a full system hack on both the victim device and linked SaaS workspaces.

Key takeaways

Bugs found: Cato AI Labs found two separate, critical bugs in Cursor IDE, resulting in non-sandboxed RCEs on the victim’s system.

Arbitrary file write through prompt injection: Via zero-click prompt injection, these bugs could let a threat actor use zero-click prompt injections to write arbitrary files on the target’s local system.

Escaping sandbox and RCE: If leveraged, a threat actor can jump out of the terminal sandbox and attain a full RCE and a complete device exploit.

Zero-click attack vector: The exploit doesn’t need any prior user privileges or particular interaction. It is prompted when a target makes an “makes an innocuous prompt that inadvertently ingests a threat actor-controlled payload from an untrusted source, such as an MCP server or a web search result,” Cato AI Labs reported.

First vulnerability: Parameter altering

The first bug surfaces from how the sandbox creates its security boundaries based on tool parameters. If a sandbox command is executed, Cursor creates a seatbelt policy that allows writing into the present working directory.

This means that a remote hacker cannot command the working directory of a sandboxed operation because coding agents are a unique part of software. But, in this bug, a prompt injection works as the passageway to that part of the code.

Second vulnerability: Symlink failure

The second vulnerability is fully independent of the first and exists in Cursor’s file path resolution edge instances.  It allows hackers to avoid beyond-limits write restrictions via symbolic links.

In most traditional software, an external hacker cannot remotely generate symlinks on the target's system.  In this scenario, a prompt injection changed the Cursor agent to a bridgehead for non-trivial activities that end in a full system compromise. 

JadePuffer Uses AI to Streamline End to End Ransomware Operations


 

Researchers have discovered the first ransomware intrusion conducted almost entirely by an autonomous large language model (LLM) agent, further demonstrating how generative AI and cybercrime are convergent. 

Sysdig researchers were able to detect the campaign by analyzing an attack linked to the JadePuffer threat actor that exploited a critical vulnerability in Langflow to gain initial access. Following reconnaissance, credential harvesting, privilege escalation, lateral movement, persistence, and encryption of data, an AI agent was able to conduct these activities independently. 

Instead of operating as a scripted automation tool, the agent demonstrated an ability to assess its environment, recover from failed actions, and dynamically adjust its approach throughout the intrusion, which highlights a significant shift toward AI-assisted offensive operations with minimal direct human intervention.

During the intrusion, CVE-2025-3248 was exploited, which was a critical unauthenticated remote code execution vulnerability in Langflow that enabled arbitrary Python code execution when the deployment was exposed to the internet. Although patched in April and later added to CISA's Known Exploited Vulnerabilities catalog following active exploitation, internet-exposed Langflow instances remained attractive targets because they commonly stored cloud credentials, API tokens, and application secrets. 

The AI-driven operation then systematically extracted Langflow's PostgreSQL database and profiled the compromised host before expanding its reconnaissance to connected MinIO object storage, enumerating environment variables and sensitive configuration files, and harvesting available credentials. When an API returned XML instead of the expected JSON, the agent automatically adjusted its parsing logic and continued enumeration without manual intervention. 

The operation also established persistence through a cron job configured to contact attacker-controlled infrastructure every 30 minutes. Once persistence and reconnaissance were established, the AI agent moved to the destructive phase of the attack by dynamically refining its execution in response to its environment of target. 

A Sysdig analysis found that the ransomware model modified payloads to satisfy authentication checks, verified that User Defined Functions (UDFs) were present, and signaled that work had been completed before initiating ransomware activity. By using MySQL's AES_ENCRYPT() function, all 1,342 Nacos service configuration records were encrypted, the original configuration_info and history tables were removed, and a README_RANSOM table was created containing the extortion message, Bitcoin payment address, and Proton Mail contact information for negotiations. 

Although the ransom note claimed AES-256 encryption, Sysdig assessed the implementation more closely resembled AES-128 in ECB mode. In addition, the encryption key was generated locally, but was neither retained nor transmitted to attackers' infrastructure.

The researchers also noted the Bitcoin wallet embedded in the ransom instructions matched a public documentation address, suggesting that the LLM reproduced this address from its training data rather than generating an operational payment destination for the ransom. Each captured payload included an explanation in natural language explaining how the actions were carried out, demonstrating the agent's ability to interpret system feedback, diagnose errors, and revise its logic, rather than relying on repetitive scripted retries, throughout the intrusion.

Aside from rapid troubleshooting execution failures, Sysdig also documented the agent's ability to interpret error responses and alter its approach in real time. The model was observed to correct an unsuccessful authentication attempt within 31 seconds by identifying the root cause of the failure rather than repeating the same steps over and over again. There were over 600 distinct payloads recorded throughout the intrusion, which each reflected deliberate progression through sequential attack stages rather than static automation. 

A Bitcoin wallet incorporated into the ransom note was an unresolved anomaly, which precisely matched an address published in Bitcoin developer documentation, an address which is well known for its use. 

Investigators were unable to determine whether the address was reproduced from the training data or if it was deliberately selected by the operator since both references are readily available in technical resources. It is also indicative of a larger evolution in cyber operations assisted by artificial intelligence during the past year. Earlier claims of AI-powered ransomware, including PromptLock, were ultimately linked to controlled research rather than active criminal operations. 

The use of generative artificial intelligence in operational situations has become increasingly evident in recent incidents. Anthropic previously disclosed the use of its Claude Code assistant in extortion against at least 17 organizations under human supervision in an extortion campaign, followed by a largely autonomous state-linked espionage operation using artificial intelligence to develop exploits and facilitate data theft. 

Operator involvement was limited. Similar fabricated credentials were also observed in the JadePuffer campaign, reinforcing the possibility that the unusual Bitcoin addresses observed may have been the result of model hallucinations rather than deliberate malicious intent. Collectively, these incidents demonstrate the ways in which artificial intelligence is automating discrete phases of sophisticated intrusion, reducing the expertise and effort normally required to conduct large-scale offensive operations. 

From a defensive perspective, Sysdig recommends maintaining established security practices. Langflow deployments should be fully patched against CVE-2025-3248 and code execution interfaces should not be exposed directly to the internet. Secrets should be stored in dedicated secrets managers rather than accessible runtime environments. Additionally, the company recommends replacing default signing keys, restricting public exposure, preventing database connections from root accounts, as well as enforcing outbound network controls so that compromised hosts are not able to communicate with command and control systems.

According to Sysdig, autonomous agents are able to detect and exploit new vulnerabilities within hours of their disclosure, which makes runtime detection and behavioral monitoring equally critical as timely patch management.

It was reported by the researchers that indicators of compromise associated with the campaign were released in support of incident response efforts, including the use of CVE-2025-3248 as the initial entry vector, command-and-control infrastructure located at 45.131.66[.]106 with an ongoing beacon program, and a staging server located at 64.20.53[.]230. There are three ransom artifacts associated with the ransom attack, namely the table README_RANSOM, the wallet 3J98t1WpEZ73CNmQviecrnyiWrnqRhWNLy, and the email address e78393397[@]proton[.]me. 

JadePuffer is not regarded by Sysdig as introducing fundamentally new attack techniques, but the researchers consider it to be an important indicator of where offensive capabilities are heading. Creating an environment where autonomous AI agents can individually combine familiar exploitation methods into complete intrusion chains, making every exposed application server, configuration repository, and administrative interface available to the internet a far more attractive target than before. 

The evolution of ransomware has reached an important turning point with the launch of JadePuffer, as autonomous artificial intelligence agents are now capable of executing complex attacks without human assistance. 

AI infrastructure should be secured, credentials exposed to the internet must be rigorously managed, and runtime detection capabilities should be strengthened to identify adaptive behavior before it progresses into a full-scale compromise. With artificial intelligence-assisted attacks on the rise, proactive resilience is as important as rapid patching.

New Bad Epoll Bug Impacts Android and Linux, Allows Root Access


A recently found Linux kernel vulnerability called ‘Bad Epoll’ (CVE-2026-46242) allows an ordinary person without any special privilege to take complete command of a device as a root. This has impacted Linux systems, Android, and servers, and a patch is out to address the flaw. 

Bad Epoll was discovered in the same kernel code where Anthropic’s famous AI model, Mythos, discovered another vulnerability. 

The AI flagged one flaw but missed Bad Epoll. Expert Jaeyoung Chung discovered this one.

About Bad Epoll

Epoll is a Linux feature that allows a program to watch various network connections and files at once. You cannot switch it off as web browsers, network services, and servers, all rely on it.

The flaw is a ‘use-after-free’ bug, where two parts of the kernel clean up the same internal object at once. One cleans the memory while the other one writes it. This small friction allows hackers to attack kernel memory, then rise upward to root.

Detecting the bug

Timing is the catch. A random attempt nearly never lands in the window where the two pathways intersect since it is just roughly six machine instructions wide. On testing platforms, Chung's attack expands that window and tries again without crashing, achieving root roughly 99% of the time.

It is more serious since, according to his account, it can be triggered from within Chrome's renderer sandbox, which prevents nearly all other kernel problems, and it can reach Android, which is not possible with other Linux privilege bugs.

Chung sent the flaw as a zer0-day to Google’s kernelCTF program, and full details can be found on his Github. There are no indications that hackers have used it in real-time. At present, an android variant of compromise exists and the only working code is the kernelCTF PoC.

History of the bug

These two flaws go back to a single 2023 modification to the epoll code. According to Chung, Mythos discovered the first two, now labelled as CVE-2026-43074, with an early patch in 2026.

Additionally, Anthropic said that Mythos discovered linux kernel privilege-escalation bugs, but it did not relate the findings with Bad Epoll. Finding the first one was difficult as race-condition flaws are difficult to detect. But why did the AI miss the second flaw? 

Chung offers two likely reasons:

Small timing window

Lack of evidence during runtime 

North Korean PolinRider Campaign Spreads Malicious Packages Across npm, Go, Chrome, and Packagist

 

North Korean threat actors behind the Contagious Interview campaign have been observed persistently targeting software supply chains by distributing more than 100 malicious packages and browser extensions. Researchers note that the PolinRider campaign is targeting software developers and those in the cryptocurrency space by leveraging popular open-source repositories and developer tools. 

The cybersecurity researchers at Socket have discovered 108 unique malicious packages and browser extensions, resulting in 162 release artifacts. Within the discovered malicious code, the researchers have identified 19 npm packages, 10 Packagist (Composer) libraries, 61 Go modules, and one Google Chrome extension. Researchers note that the threat actors continue to compromise developer accounts and push out malicious code updates each time they gain access to a software repository. 

Researchers have linked the PolinRider campaign to the Contagious Interview supply chain attack, which has been actively targeting developers since at least 2023. In most cases, North Korean hackers impersonate recruiters or business partners on social media platforms and code repositories, luring targets into installing malicious software during the interview process. 

The PolinRider threat group was first detected this year when cybersecurity analysts identified hundreds of GitHub repositories with hidden JavaScript code that downloads an updated version of the BeaverTail malware. According to the researchers, almost 2000 GitHub repositories and 1000+ unique owners have been compromised by the PolinRider campaign as of April 2026. 

Researchers suggest that attackers are not compromising the GitHub servers directly but rather hijacking developer accounts on the platform. The initial access to the developer accounts is achieved through either the domain takeover or account recovery process. Attackers compromise the developers’ Visual Studio Code accounts or npm account, where they then install a malicious Visual Studio Code extension or an npm package. 

After the initial compromise, the attackers’ BeaverTail malware searches the project directory for the most common JavaScript configuration files and other relevant files such as Tailwind CSS, Next.js, Babel, and ESLint files. It then stealthily inserts malicious code into the files. Additionally, the malware tampers with the Git commit history to hide its tracks by overwriting commit messages and timestamps. 

The latest updates to the BeaverTail malware now download the second stage of encrypted payloads from the blockchain network. Attackers have been observed using TRON, Aptos, and BNB Smart Chain blockchain networks to host the payloads. The decrypted payloads then deploy remote access malware, including DEV#POPPER RAT and OmniStealer, to exfiltrate data from the compromised systems. Researchers recommend that developers who have installed any of the compromised packages should treat their systems as compromised.

The users should update their compromised accounts, including SSH keys and tokens, from a different machine if possible. Additionally, the developers should delete the malicious versions of the packages and re-install the project dependencies using a trusted package manager lock file. Lastly, the developers should review their commits, tasks, and files for any suspicious activities or unauthorized changes.

AI-Powered Antivirus: How Next-Gen Software Predicts and Stops Threats

 

Antivirus software has undergone a profound transformation, shifting from reactive signature matching to proactive behavior prediction. Where traditional tools once relied on databases of known malware fingerprints, modern solutions now leverage machine learning, behavioral analysis, and real-time monitoring to identify suspicious activity before an attack fully unfolds. This evolution is essential as cybercriminals deploy polymorphic code, fileless malware, and zero-day exploits faster than legacy defenses can adapt. 

Historically, antivirus programs functioned like a bouncer checking IDs against a blacklist of known troublemakers. If a file matched a stored signature, it was blocked; if not, it slipped through undetected. This model worked when malware evolved slowly, but today’s threat landscape moves at lightning speed. Polymorphic malware mutates its code with each infection, metamorphic variants rewrite themselves entirely, and zero-day attacks exploit freshly discovered vulnerabilities before patches exist. Signature databases, while still useful, increasingly lag behind the pace of malicious innovation, leaving systems exposed to novel or rapidly changing threats. 

Modern antivirus flips the script by focusing on behavior rather than identity. It monitors API calls, memory access patterns, encryption bursts, and unusual network traffic to spot anomalies. For instance, a process that suddenly begins locking files across a network, disabling security services, or contacting unfamiliar servers at odd hours raises red flags—even if it has no known signature. This behavior-first approach is critical against ransomware and fileless attacks that operate in memory or hijack legitimate tools to avoid detection. Anomaly detection establishes a baseline of “normal” system activity and alerts on deviations, enabling early intervention before damage spreads. 

Machine learning supercharges this capability by training models on vast datasets of both clean and malicious files. These algorithms learn subtle patterns linked to malware—suspicious code structures, odd execution paths, or risky permission requests—and assign risk scores to files and processes. Decision trees, support vector machines, and neural networks each contribute to layered evaluations that reduce false negatives for unseen threats. Companies like Microsoft, CrowdStrike, and SentinelOne deploy such models at scale, continuously refining them with telemetry from millions of endpoints. The result is a system that generalizes from past attacks to catch new ones, even without an exact signature match. 

The ultimate aim is prediction: intercepting malware in its earliest stages using sandboxing, dynamic analysis, and integration with broader security stacks like endpoint detection and response (EDR). Suspicious files are detonated in isolated environments to observe their behavior safely, while EDR tools trace attack chains across networks. Yet AI is a double-edged sword—attackers also use it to craft evasive malware that adapts to detection systems. False positives and privacy concerns from heavy telemetry remain challenges. For most users, built-in tools like Microsoft Defender and Apple’s XProtect offer strong baseline protection, but layered security and user vigilance against phishing are still essential.

Report Details Alleged $1 Million Payment to Kairos After Data Theft

 



A newly published investigation has offered an unusual look inside a cyber extortion case in which a U.S. government organization is believed to have paid about $1 million after attackers stole sensitive data from its network. The analysis, conducted by Rakesh Krishnan for Ransom-ISAC, draws on leaked negotiation conversations and cryptocurrency transaction records to reconstruct how the incident unfolded.

The case stands out because the attackers, operating under the name Kairos, do not appear to have used traditional ransomware. According to the report, investigators found no evidence that the group encrypted computer systems or provided victims with decryption keys. Instead, the attackers allegedly copied confidential files and demanded payment in exchange for keeping the stolen information private.

Although the report does not identify the victim by name, several details point toward Union County, Ohio. File names referenced during the negotiations included "Union.xlsx," "1 union co psi template.doc," and an archive labelled "union.rar." One collection of files reportedly came from the county prosecutor's office, with the attackers claiming that publishing those records could interfere with criminal cases. During the discussions, the victim also described itself as a small county government with limited financial resources.

The reported incident closely matches a cyberattack disclosed by Union County in May 2025. At the time, county officials announced that personal information belonging to 45,487 current and former employees and residents had been exposed. The compromised records included Social Security numbers, financial information, passport details, fingerprints, and other sensitive data. Neither Union County nor Kairos has publicly confirmed that the leaked negotiations relate to that breach.

The leaked conversations show that the negotiations continued for nearly a month. Kairos initially demanded $3 million, claiming to possess more than two terabytes of stolen information containing around 1.6 million files. The victim responded with progressively higher offers, beginning at $100,000 before increasing to $255,000 and later $430,000. The attackers eventually reduced their demand to $1 million while imposing strict payment deadlines and warning that the most sensitive files would be released if an agreement was not reached.

According to the investigation, the payment was made on June 13, 2025, using approximately 9.44 Bitcoin, valued at roughly $1 million at the time. Blockchain analysis traced the cryptocurrency through several digital wallets before portions of the funds reached addresses linked to the cryptocurrency exchanges Bybit and OKX, as well as the Russian cryptocurrency service BELQI. While blockchain records allow investigators to follow the movement of digital assets, they do not automatically reveal the identities of those controlling the wallets.

The report also questions the value of paying cybercriminals in exchange for promises to delete stolen information. Kairos reportedly supplied what it described as proof that the files had been removed. However, the evidence only showed that the group once possessed the data and could not verify that every copy had actually been destroyed. Security experts have long warned that organizations have no reliable way to confirm whether stolen information has been deleted after a ransom payment.

Beyond the individual case, the investigation reflects a wider change in the cybercrime ecosystem. An increasing number of threat groups are abandoning file encryption and relying solely on data theft and extortion to pressure victims into paying. Sophos reported that only about half of the ransomware incidents it investigated during 2025 involved data encryption, the lowest proportion recorded in six years. Groups such as the Silent Ransom Group have also carried out extortion campaigns targeting organizations by threatening to leak stolen information without deploying ransomware.

The Kairos negotiations also resemble tactics seen in previous cyber extortion cases. Researchers examining leaked internal communications from the Black Basta ransomware operation found similarly prolonged bargaining, with initial multimillion-dollar demands eventually ending in substantially lower settlements. Earlier leaks involving the Conti ransomware group provided comparable insight into how attackers negotiate payments behind the scenes.

Although Kairos' public leak site is no longer online and its last publicly known victim was recorded in June 2026, investigators observed cryptocurrency activity linked to the group's infrastructure as recently as May 2026. The continued movement of funds suggests that the disappearance of a leak site does not necessarily indicate that an operation has ceased.

The case offers several practical lessons for government agencies and other organizations. Strengthening multi-factor authentication, monitoring repeated failed login attempts, watching for unusually large outbound data transfers, separating highly sensitive records from other systems, and preparing a communication strategy before an incident occurs can all reduce the impact of cyber extortion. The investigation also reinforces a point repeatedly emphasized by incident responders: once data has been stolen, there is no dependable way to verify an attacker's promise that it has been permanently deleted.

Massive Azure CLI Password Spray Campaign Targets Microsoft 365, Over 81 Million Login Attempts Detected

 

Cybersecurity company Huntress has uncovered a large-scale password spray campaign targeting Microsoft 365 environments through the Azure CLI, resulting in millions of malicious login attempts and multiple account compromises.

According to the company, between June 12 and June 21, attackers carried out more than 81 million login attempts against customer environments. The campaign led to the compromise of 78 user accounts across 64 organizations.

During the two-week period, threat actors were found compromising between two and four accounts each day. However, activity surged around June 22, when 23 organizations were reportedly affected in a single spike.

Huntress' investigation revealed that the majority of the login attempts originated from Autonomous System (AS) 32167, which is associated with internet hosting provider LSHIY LLC.

“These attacks are part of a large wave of credential spray attacks across a few different ASNs. In the past six months, Huntress has observed the volume of credential spray attacks increase by over 155 times across our customer base,” the cybersecurity company says.

The company also observed a sharp increase in password spray attacks during late May and early June, impacting multiple organizations. Huntress believes the campaign primarily relied on previously compromised username-password combination lists.

As part of the attack, the threat actors exploited the OAuth Resource Owner Password Credentials (ROPC) authentication flow to validate user credentials. Although this authentication method has been deprecated in OAuth 2.1, it still allows attackers to obtain a new user-delegated access token when valid credentials are provided.

Because of this authentication flow, attackers were able to compromise accounts even when multi-factor authentication (MFA) was enabled, provided that MFA policies were not configured to protect the OAuth ROPC authentication process.

“ROPC is considered problematic for several reasons, but one of those reasons is that it doesn’t offer support for modern auth flows like MFA or SSO. That means, as we saw in this campaign, ROPC sends the password straight to the /token endpoint with no interactive MFA prompt,” Huntress explains.

Further analysis of the affected environments showed several weaknesses in MFA implementation. In some organizations, MFA was applied only to specific cloud applications or user groups. Others enforced MFA only for logins from untrusted locations, while some had deployed MFA policies that were never actively enforced.

“It’s worth noting that eight businesses impacted by the campaign had no MFA policy at all. While threat actors in this campaign were able to get in despite MFA being set up, the takeaway should not be that MFA doesn’t work at all; instead, organizations should ensure that their MFA policies are properly configured to address the authorization flow used across these incidents,” the cybersecurity firm notes.

Huntress also traced the attack traffic to IPv6 address ranges linked to LSHIY, an internet infrastructure provider registered in Hong Kong, Wuhan, China, and New York. Previous reports have also associated IPv6 ranges operated under AS32167 and AS955 with infrastructure originating from China.

The cybersecurity firm said it reported the malicious activity to LSHIY through the provider's abuse reporting mechanism but did not receive any response.

AI-Driven Software Development Demands a New Approach to Security Audits

 



Artificial intelligence is rapidly reshaping how software is built, enabling developers to generate code, automate repetitive tasks and accelerate application development. While these tools are helping organizations improve productivity, cybersecurity experts warn that they are also introducing new security and governance challenges that traditional software audits were never designed to address. As AI-generated code becomes more deeply embedded in development workflows, security leaders are being encouraged to expand software audits beyond compliance checks and evaluate how artificial intelligence influences the entire software development lifecycle (SDLC).

Unlike conventional audits, which primarily examine financial records, operational controls and regulatory compliance, modern software audits must determine how AI contributes to software development and whether its use introduces security risks before applications are deployed. This includes identifying which developers are using AI-powered coding assistants, understanding how frequently these tools are used, determining where AI-generated code enters development pipelines, and verifying that approved tools are being used responsibly. Collectively, these activities form what many security professionals now describe as the Agentic Development Lifecycle (ADLC), where governance extends beyond the software itself to the AI systems supporting its creation.

The need for stronger oversight is becoming increasingly urgent. Research has found that one in five organizations has experienced a serious security incident associated with AI-generated code, highlighting how limited visibility into AI-assisted development can expose organizations to unnecessary risk. Without a clear understanding of developer practices and AI tool adoption, Chief Information Security Officers (CISOs) face growing challenges in enforcing security policies, demonstrating regulatory compliance and providing boards with measurable assessments of AI-related risk.

Although AI coding assistants can significantly improve developer efficiency, security specialists caution that they should not be treated as autonomous software engineers. Studies comparing human developers with large language models (LLMs) show that leading AI models can effectively identify issues such as insecure coding patterns, code smells and certain design weaknesses. However, they continue to struggle with more complex security responsibilities, including denial-of-service protections, insufficient logging and permission management. As a result, experienced developers remain essential for reviewing AI-generated code, identifying inaccuracies and ensuring vulnerabilities are eliminated before software reaches production.

Security leaders also recommend that organizations adopt a structured auditing framework for AI-assisted development. This includes maintaining an inventory of approved AI coding tools, mapping AI-generated code to development activities, benchmarking models against known vulnerability patterns and monitoring integrations to ensure AI agents access only authorized tools and data sources. Regular vulnerability assessments, developer upskilling and risk-based evaluations can further help organizations identify skill gaps, strengthen governance and reduce the likelihood of preventable security incidents.

Ultimately, effective AI governance requires more than simply adopting new technologies. By combining continuous oversight with skilled human review and well-defined security policies, organizations can harness the productivity benefits of AI while maintaining secure software development practices. As AI becomes an increasingly permanent part of modern software engineering, comprehensive audits will play a central role in ensuring innovation does not come at the expense of security.

MSG Data Breach: Hackers Leak Facial Recognition Records of 26 Million Visitors

 

A massive data breach at Madison Square Garden has exposed the facial recognition and personal records of millions of visitors, sparking outrage and legal action. The cybercrime group ShinyHunters leaked 45 gigabytes of stolen data after the arena’s parent company missed a ransom deadline, raising serious concerns about biometric privacy and surveillance. 

The breach, which reportedly occurred on June 5, 2026, involved the theft of what hackers claim are 26 million customer and corporate records. The leaked files include biometric tracking logs, internal threat assessments, background check information, and detailed dossiers on attendees—some dating back to 2018. Among the exposed data were references to New York Knicks players, coaches, and talent, with fields listing addresses, contact details, and even “cost of talent.” Customer emails were also part of the dump, including messages from fans who had previously expressed concern about being misidentified by MSG’s facial recognition cameras. 

What makes this incident particularly alarming is MSG’s extensive use of facial recognition technology across its venues. For years, the arena has deployed biometric systems to screen visitors—and controversially, to ban lawyers from firms that have sued the company. The leaked surveillance records now reveal how deeply the venue tracked individuals, creating detailed profiles without clear consent. Privacy advocates argue this breach underscores the risks of unchecked biometric data collection, especially when security practices fail to protect such sensitive information.

In the wake of the leak, a federal class-action lawsuit—Avalo v. MSG Entertainment—was filed on June 16 in a New York court. The plaintiff, Carlos Avalo, alleges his biometric data was captured during a 2025 concert visit without proper disclosure or consent. The suit seeks at least $5 million in initial damages and highlights violations of biometric privacy laws. This is not MSG’s first major breach in under a year, further eroding trust in the company’s ability to safeguard visitor data. Despite repeated requests, MSG Entertainment has not publicly confirmed the full scope of the breach or commented on the lawsuits. 

The ShinyHunters group, known for targeting high-profile organizations like Kodak and Instructure, claimed responsibility for the attack, alleging they gained access by socially engineering a low-level employee. The incident serves as a stark reminder of the vulnerabilities in even the most advanced surveillance systems—and the human element that often remains the weakest link. As investigations continue, the breach raises urgent questions about the ethics of biometric data collection, the adequacy of current privacy regulations, and the responsibilities of venues that turn guests into data profiles.

Google Targets NetNut Residential Proxy Network Operating Across Two Million Devices


 

Several international authorities have coordinated operations to disrupt the infrastructure behind a large residential proxy network, also known as Popa, after Google dealt a significant blow to one of the internet's largest residential proxy ecosystems. 

Through the action, which was conducted in collaboration with Lumen Technologies, the FBI, and other industry partners, millions of compromised Android-powered devices, including smart TVs, streaming boxes, and other internet-connected consumer hardware, were prevented from accessing the network. This significantly reduced the network's operational capacity. 

In the network, ordinary household devices were covertly transformed into proxy relays that permitted cybercriminals and state-linked threat actors to route malicious activity through legitimate residential IP addresses while masking their identities while provoking suspicions among unsuspecting individuals. 

According to security researchers, there are at least two million compromised devices worldwide comprised of the botnet, indicating both its scope and the growing misuse of consumer IoT infrastructure in modern cyber campaigns. In addition to its sheer scale, NetNut has become an integral component of the underground residential proxy market, providing infrastructure to hundreds of cybercriminals and espionage-linked threat actors. 

Several domains were used to conduct the operations of the service, including netnut.com, seized as a result of the FBI's disruption efforts. Researchers at the Google Threat Intelligence Group (GTIG) observed 316 distinct threat clusters that leveraged suspected NetNut exit nodes during one week last month, illustrating the platform's substantial operational reach. 

As a result of the analysis, attackers were not only able to hide access to their own infrastructure, but also were able to conduct password-spreading campaigns and establish covert connections into targeted environments by using trusted residential IP addresses. NetNut operators are dependent on Google to provide malware command-and-control (C2) services, so Google disabled their accounts and cloud services, effectively cutting them off from their critical backend infrastructure. 

The company notified affected Android users and deactivated malicious applications associated with the botnet simultaneously through Google Play Protect, and it distributed technical intelligence on NetNut's software development kits (SDKs) and C2 architecture to platform providers, law enforcement agencies, and cybersecurity researchers in order to strengthen coordination in detection and mitigation. 

Moreover, Google emphasized that the disruption is likely to spread beyond a single botnet, as NetNut's reseller model has provided infrastructure to multiple residential proxy providers for many years, making the operation potentially significant for the entire illicit proxy ecosystem. Investigations into the operation have also highlighted the commercial infrastructure that underpins the proxy network. 

A report from Qurium, Synthient, Nokia Deepfield, and Spur in June linked the Popa botnet to NetNut, an Israeli public company owned by Alarum Technologies. During controlled testing, Synthient demonstrated that traffic routed through NetNut's commercial gateway originated from a device that was intentionally enrolled in the Popa network, providing evidence that the commercial proxy service was directly connected to compromised endpoints. 

In addition to the researchers refraining from attribution of intent or operational knowledge to Google, Google stated that its own threat intelligence was consistent with the public findings, treating NetNut and Popa as components of the same network and supporting the research team's assessment of proxy infrastructure construction. 

In contrast, Alarum has firmly rejected those conclusions, rejecting the categorization of NetNut as a botnet, and stating that the research is based on "unverified facts, as opposed to demonstrably inaccurate assertions and flawed deductions." In addition to maintaining that its platform operates as a legitimate, consent-based bandwidth-sharing service, the company maintains that it does not compromise user devices or function without authorization. 

Synthient's analysis challenged that position, revealing that none of the twenty examined applications related to the ecosystem provided meaningful consent prompts before enrolling users' devices in bandwidth sharing operations, raising further questions about transparency in the software distribution process. 

Aside from cautioning that removing NetNut represents only the first phase of a much larger effort, Google also stressed that the company operates a large white-label reseller program that allows third parties to market access to the same residential proxy infrastructure under a variety of brand names. As the company points out, a number of residential proxy services which appear to be independent ultimately draw connectivity from the NetNut device pool, so disruptions can affect multiple brands simultaneously if one provider is disrupted. 

However, Google characterized the latest actions as degradation, not a complete takedown, pointing out that operators have previously restored capacity through the use of competing proxy providers to source infrastructure. As evidence of the resilience of these interconnected ecosystems, the company cited its disruption of the China-linked IPIDEA residential proxy network in January and its subsequent legal action against the operators of the BadBox 2.0 botnet, whose Android TV infrastructure is similar to Popa, which was launched in July 2025. 

In order to create long-term impact, sustained, coordinated disruption across multiple providers must be undertaken. According to researchers, consumers' access to residential proxy networks is most commonly facilitated by applications that offer financial rewards for "unused bandwidth" or "sharing internet access." It is highly recommended that security teams only install apps from trusted app stores, carefully review VPN and proxy software permission requests, enable protections such as Google Play Protect, and purchase smart TVs and streaming devices from reputable manufacturers to minimize the risk of preloaded or malicious software being installed. 

Additionally, the report warns that residential IP addresses will not be in short supply in the cybercriminal ecosystem following NetNut's disruption. In order to identify any reemergence of NetNut-related traffic, continued monitoring of reseller brands and successor infrastructure is essential. 

According to Alarum's corporate legal counsel, Omer Weiss, a statement following the operation was issued by the company in which it was made aware of the FBI's seizure of certain NetNut-related domains on July 2, 2026. According to Weiss, Alarum is seriously concerned about the matter and will work closely with law enforcement authorities to investigate any misuse of its infrastructure and support the pursuit of accountability for those responsible. 

 As a result of NetNut's disruption, an important step in challenging the growing abuse of residential proxy infrastructure has been achieved, but the disruption also underscores the increasingly interconnected nature of commercial services, compromised consumer devices, and cybercriminal operations as well.

In a rapidly evolving proxy ecosystem characterized by reseller networks and shared infrastructure, sustained collaboration between technology providers, law enforcement agencies, and cybersecurity professionals will remain crucial. Maintaining trusted software sources, enforcing built-in security protections, and monitoring for unauthorized network activity remain practical safeguards against a threat landscape that is becoming increasingly adaptable.

Apple Expands AI in iOS 27 with Smarter Everyday Features Beyond Siri

 

Apple is expanding its artificial intelligence strategy beyond Siri with iOS 27 by integrating AI across its apps and services instead of relying on a standalone chatbot. The new features are designed to simplify everyday tasks through automation while giving users control and maintaining Apple’s privacy-first approach. 

One of the key additions is Bill Splitting, which uses Apple Cash to divide restaurant bills. After scanning or uploading a receipt, Apple Intelligence identifies ordered items, quantities, taxes, tips, and the total amount. Through Messages, users can select what they ordered, allowing everyone to pay their share without manually calculating costs. Apple is also enhancing account security with its Passwords app. 

The feature can detect compromised or weak credentials exposed in data breaches, recommend stronger passwords, and securely update them on supported websites without requiring users to manually log in and change each password. The Messages app is gaining AI-powered suggestions that help users complete common tasks. It can recommend photos when someone asks about a past event, suggest creating reminders when someone requests an item, and prompt users to add meetings or dinner plans to their Calendar without leaving the conversation. 

A new Call Context feature will display useful information, such as booking confirmation numbers stored in Mail, during customer service calls. Apple says all processing happens on the device, ensuring personal information remains private. The Shortcuts app is also becoming easier to use by allowing users to create automations using natural language. Instead of manually building workflows, users can simply describe what they want, such as updating their calendar, controlling smart home devices, or sharing their ETA with family members.  

Additional iOS 27 features include AI-powered tab organization in Safari, which groups related webpages by topic, and smarter Home app notifications that combine multiple smart home events into a single alert. Apple has also improved search within the Home app to help users quickly find important camera clips, such as package deliveries. Together, these updates highlight Apple’s broader AI vision of embedding intelligence throughout its software rather than limiting it to Siri. 

By integrating AI into familiar apps, the company aims to make daily tasks faster, simpler, and more secure while continuing to prioritize user privacy.

Anubis Ransomware Gang Attacks Again, Exploit Remote Access


Hackers linked with Anubis ransomware operation were found abusing the Citrix Bleed 2 (CVE-2025-5777) flaw to find initial access. 

According to Arctic Wolf, the techniques vary among different affiliates, and few patterns surfaced in tradecraft via authentic Remote Management and Monitoring (RMM) tooling, hands-on-keyboard procedures and credential access. 

Anubis also exploited authentic remote access and admin tools such as MeshAgent, Total Software Deployment, ScreenConnect, UltraVNC, and Zoho Assist to merge with usual IT operations while handling control of target systems.

About Anubis 

Anubis is a RaaS gang that first surfaced in late 2024 as a spinoff of Sphinx ransomware. The ransomware campaign was first disclosed on the Ransomware and Advanced Malware Protection (RAMP) darkweb forum in February last year. As per the data from Ransomware.Live, the cybercrime gang has taken responsibility for 91 victims on its data leak website, with 11 targets in June 2026.

Areas impacted

Some significant areas attacked are business services, technology, financial services, healthcare, and technology. Above 50% of the targets are based in the U.S, then U.K, Australia, France, and Canada.

Rubrik Zero Labs published a report in July 2025 which said Anubis promotes promising profit splits, which offers 80% of the ransom paid, and combines it with a data wiping (irresistible) feature to further blackmail the victims to pay upfront.

Experts at Rubrik said that “when Anubis's /WIPEMODE module is activated, files remain in directories but are reduced to a 0 KB size regardless of ransom payment.” The experts added that when “Anubis changes ransomware’s traditional strategic calculus, it creates powerful incentives for motivated threat actors to deploy Anubis in pursuit of lucrative returns.”

The impact

Commenting on the severity of the attack, Rubrik said that, “Knowing threat actors can revert victims' environments to this scorched-earth state with a single command significantly increases pressure on victims to pay before the wiper is fully activated.”

The ransomware incidents in 2026 consist both exploitation of CVE-2025-5777 (CVSS score: 9.3), a severe flaw affecting Citrix Net and valid VPN credential use.

The source of VPN credentials in these attacks is unknown, but experts say that they are likely to be collected after the first compromise, or via credential stuffing, initial access brokers (IABs), or information stealer operations.  

runZero Uncovers Seven FatFs Vulnerabilities That Could Expose Millions of Embedded Devices to Code Execution

 

Security firm runZero has revealed seven security vulnerabilities in FatFs, a lightweight filesystem library widely used by embedded devices to read and write FAT and exFAT storage formats found on USB drives and SD cards.

The vulnerabilities are considered significant because FatFs is integrated into the firmware powering a broad range of products, including security cameras, drones, industrial control systems, hardware cryptocurrency wallets, and devices running real-time operating systems (RTOS).

According to the researchers, attackers could exploit the flaws by introducing a specially crafted USB drive, SD card, or malicious firmware update file to vulnerable devices. On severely affected systems, successful exploitation could lead to memory corruption and arbitrary code execution.

runZero noted that many embedded devices do not implement the memory protection mechanisms commonly found in smartphones and desktop operating systems. As a result, "any physical access leads to a jailbreak." The researchers warned that devices such as public kiosks, security cameras with SD card slots, ATMs, and voting machines equipped with USB ports could potentially be compromised with only brief physical access.

The seven vulnerabilities stem from a similar root cause. When FatFs processes intentionally malformed storage media or firmware images, it improperly handles invalid data, creating opportunities for crashes, memory corruption, or data leakage. The vulnerabilities have received CVSS ratings ranging from Medium to High, with none classified as Critical.

The most severe issue, tracked as CVE-2026-6682 (CVSS 7.6), is an integer overflow affecting FAT32 volume mounting. Incorrect calculations can generate an inaccurate file size, which is later interpreted as a legitimate read length, potentially resulting in memory corruption and remote code execution.

The complete list of disclosed vulnerabilities includes:

  • CVE-2026-6682 (CVSS 7.6 – High): Integer overflow during FAT32 volume mounting that can cause memory corruption and possible code execution. The flaw may also be exploited through certain firmware update mechanisms.
  • CVE-2026-6687 (CVSS 7.6 – High): A buffer overflow involving an exFAT volume-label field that enables memory corruption.
  • CVE-2026-6688 (CVSS 7.6 – High): Long filenames can overflow wrapper code commonly implemented around FatFs, making mitigation dependent on downstream developers rather than the library itself.
  • CVE-2026-6685 (CVSS 6.1 – Medium): Integer wraparound in cache handling for fragmented volumes that may silently corrupt stored data.
  • CVE-2026-6683 (CVSS 4.6 – Medium): Divide-by-zero vulnerability in exFAT handling that can crash devices and potentially render hardware unusable during firmware updates.
  • CVE-2026-6686 (CVSS 4.6 – Medium): Improper file extension handling that may expose residual data from previously deleted files.
  • CVE-2026-6684 (CVSS 4.6 – Medium): A malformed GPT partition table can cause devices to hang while mounting storage media. This is currently the only vulnerability addressed upstream in FatFs version R0.16.

runZero also highlighted challenges surrounding coordinated disclosure. The company said it repeatedly attempted to contact the FatFs maintainer and involved Japan's JPCERT/CC coordination center but did not receive a response.

As a result, the researchers stated that there are currently no upstream patches for the memory corruption vulnerabilities, no dedicated security advisory process, and no centralized mechanism for notifying the numerous vendors that bundle FatFs into their products. While upgrading to FatFs R0.16 mitigates the GPT partition issue, the remaining vulnerabilities require downstream vendors to develop and distribute their own fixes.

The vulnerabilities affect multiple software platforms and frameworks that incorporate FatFs, including Espressif ESP-IDF, STMicroelectronics STM32Cube, Zephyr, MicroPython, ArduPilot, RT-Thread, Mbed, Samsung TizenRT, and the SWUpdate firmware updater. This broad adoption extends the potential impact across consumer IoT devices, industrial equipment, drones, and cryptocurrency hardware wallets.

As of runZero's public disclosure on July 1, no known attacks exploiting these vulnerabilities had been reported. However, the researchers have released proof-of-concept disk images, a testing framework, and a functional QEMU-based exploit demonstration, making technical details publicly available.

For firmware developers, runZero recommends identifying any bundled FatFs implementations, reviewing wrapper code for unsafe filename and file-size handling, and preparing vendor-specific patches. Organizations operating affected devices are advised to treat USB ports, SD card slots, and firmware update channels as potential attack vectors by restricting physical access and applying firmware updates as they become available.

AI-assisted vulnerability research speeds up discovery

runZero revealed that it initially reviewed FatFs manually in 2017 but found few noteworthy issues. During a renewed assessment in March 2026, the researchers employed an AI-assisted workflow using Visual Studio Code, GitHub Copilot running in "auto" mode, and a series of simple prompts.

The AI-generated workflow created a fuzzer capable of feeding malformed inputs into the filesystem library, uncovering vulnerabilities that had been missed during the earlier manual review while also helping validate their exploitability.

The researchers compared this trend to other recent AI-assisted security discoveries, including Google's Big Sleep identifying an exploitable memory flaw in SQLite during late 2024 and an autonomous AI agent discovering 21 memory-safety vulnerabilities in FFmpeg last month.

runZero argued that the increasing accessibility of AI-powered security research means attackers can leverage similar techniques, making timely vulnerability disclosure and remediation increasingly important.

The company also warned that patch deployment across the embedded ecosystem is likely to take years rather than months. It cited the 2024 PixieFail vulnerabilities affecting EDK II firmware as an example of slow downstream remediation and suggested that FatFs faces an even greater challenge due to the absence of an active upstream security response.

Until upstream fixes become available and platform vendors release security updates, organizations should assume that many deployed embedded devices continue to process untrusted FAT and exFAT media using vulnerable code.