2026-06-16 AI创业新闻
Cisco Releases Security Updates for Actively Exploited SD-WAN Manager Flaw
Cisco has released security updates for a medium-severity security flaw in Catalyst SD-WAN Manager that has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-20262 , carries a CVSS score of 6.5 out of 10.0. “A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system,” Cisco said in an advisory. The issue, the networking equipment company added, stems from inadequate validation of user-supplied input during a file upload process.
An attacker could exploit this behavior to create or overwrite any file on the underlying operating system by sending crafted HTTP requests to an affected API endpoint. This, in turn, could be weaponized to elevate to the root. However, successful exploitation hinges on the attacker already having valid credentials with at least write access. The vulnerability impacts the following products regardless of the deployment type - Cisco Catalyst SD-WAN Manager On-Prem Cisco SD-WAN Cloud-Pro Cisco SD-WAN Cloud (Cisco Managed) Cisco SD-WAN for Government (FedRAMP) Patches have been released to address the issue - Cisco Catalyst SD-WAN Release 20.9.9.1 and earlier - Fixed in 20.9.9.2 Cisco Catalyst SD-WAN Release 20.12.7.1 and earlier - Fixed in 20.12.7.2 Cisco Catalyst SD-WAN Release 20.15.4.4 and earlier - Fixed in 20.15.4.5 Cisco Catalyst SD-WAN Release 20.15.5.2 and earlier - Fixed in 20.15.5.3 Cisco Catalyst SD-WAN Release 20.18.3 - Fixed in 20.18.3.1 Cisco Catalyst SD-WAN Release 26.1.1.1 and earlier - Fixed in 26.1.1.2 Cisco said it “became aware of limited exploitation of this vulnerability” in June 2026, adding it was discovered during internal security testing.
The company has also shared indicators of compromise associated with the malicious activity, urging customers to audit “/var/log/nms/vmanage-server.log” for suspicious WAR file uploads as below - 11-June-2026 03:53:37,310 EDT INFO [a66cdc5f-807d-4c23-944e-5c809a2ece6b] [server] [SdraAnyConnectFileUploadHandler] (default task-40704) |default| uploaded Remote Access Anyconnect profile file: ../../../../var/lib/wildfly/standalone/deployments/suspicious.war to vManage. Other indicators include attempts to deploy malicious code and interact with it, although Cisco has warned that they may not “consistently appear” in every incident log. The follow-on activities related to this vulnerability are - /var/log/nms/vmanage-appserver.log: 11-June-2026 07:52:55,275 UTC INFO [server] (DeploymentScanner-threads - 2) WFLYSRV0010: Deployed “suspicious.war” (runtime-name : “suspicious.war”) /var/log/nms/containers/service-proxy/serviceproxy-access.log: [2026-06-11T07:57:33.635Z] “POST /suspicious/index.jsp HTTP/1.1” 200 - 267 76 17 - “1.1.1.54” “Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0” “d7336b83-422b-4000-93e1-0296f102bbed” “1.1.1.4:8443” “127.0.0.1:8080” CVE-2026-20262 is the eighth security flaw impacting Cisco SD-WAN to be flagged as actively exploited this year alone after CVE-2026-20245, CVE-2026-20182, CVE-2026-20127, CVE-2026-20122, CVE-2026-20128, CVE-2026-20133, and CVE-2022-20775. The exploitation of some of these flaws has been attributed to an advanced persistent threat (APT) actor named UAT-8616.
The development has prompted the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to add the flaw to its Known Exploited Vulnerabilities ( KEV ) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by June 29, 2026. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
CISA Flags LiteSpeed cPanel Plugin Flaw Exploited for Root Privilege Escalation
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a security flaw impacting LiteSpeed cPanel Plugin to its Known Exploited Vulnerabilities ( KEV ) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by June 18, 2026. The vulnerability in question is CVE-2026-54420 (CVSS score: 8.5), which has been described as a case of privilege escalation. It allows a user with FTP or web shell access to escalate privileges to root on shared hosting servers running CloudLinux or CageFS.
“LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS,” according to a description of the vulnerability in CVE.org. It’s currently not known how the vulnerability is being exploited in the wild and if any of those attacks have been successful, but LiteSpeed has urged users to run the command below to check if their servers are affected - grep -rE ‘cpanel_jsonapi_func=(generateEcCert|packageUserSize)|cert_action_entry .*geneccert’ /usr/local/cpanel/logs/ /var/cpanel/logs/ 2>/dev/null If the grep command does not show any output, it indicates the server has not been impacted by the issue. If there is any output, LiteSpeed has shared additional indicators to rule out any false positives - generateEcCert immediately followed by packageUserSize for the same user (legitimate UI flows don’t chain these) 7-10 concurrent calls per attempt (legitimate UI does one at a time) Namecheap has been credited with bringing the issue to its attention on May 31, 2026. Users are advised to upgrade to LiteSpeed WHM Plugin v5.3.2.1 (bundled w/ cPanel plugin v2.4.8) or higher to patch the vulnerability.
Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
Chinese Hackers Abused Google Workspace Rules to Steal Research and Defense Emails
A China-linked espionage group hid inside North American medical, academic, and military research networks for more than a year, quietly stealing sensitive research and defense email. The way in was a backdoor on their REDCap research servers that stole login credentials. The exfiltration was the unusual part: the attackers rewired the victims’ own Google Workspace rules to copy any message matching their keywords to an inbox they controlled. Google’s Threat Intelligence Group (GTIG) laid out the campaign in a report published this week and attributes it with high confidence to a cluster it tracks as UNC6508.
The actor and its REDCap backdoor are not new names; Google first surfaced both in February , in a wider report on state-backed attacks against the defense sector. It did not name the victims, describing them only as multiple organizations across the US and Canada: clinical providers, academic centers, military health institutions, advocacy groups, and health regulators. Google says it notified them and disrupted the group’s infrastructure. How they got in The entry point was REDCap (Research Electronic Data Capture), a web platform that hospitals and universities use to build and manage study databases.
UNC6508 compromised externally facing REDCap servers. Google has not pinned down the initial access vector, named a specific CVE, or listed the affected versions, though it saw the group probing older, vulnerable ones. Around three months after getting in, the group deployed custom malware GTIG calls INFINITERED , which trojanizes REDCap’s own system files and does three things. First, it hijacks the upgrade process so each new REDCap version reinjects the code instead of clearing it.
Second, it harvests usernames and passwords from the login page and stores them, encrypted, in local database tables. Third, it acts as a backdoor, taking commands through HTTP cookies and running on every page load. The earliest known compromise dates to September 2023, with activity continuing through November 2025. Once on the server, UNC6508 ran internal reconnaissance and credential discovery, pulling database and service account credentials, then used those logins to move into the internal network and on to a domain administrator account.
Google does not spell out the exact path to that admin account. With admin rights, the group set up the exfiltration. How they stole the email The exfiltration rode a feature that was already there. UNC6508 abused content compliance rules, a legitimate Google Workspace admin feature that scans mail for keywords and can copy or forward matching messages.
Similar features exist in other cloud mail suites. The group created a rule, misspelled “Patroit,” that watched for nearly 150 keywords, search terms, and email addresses. When a message matched, Workspace silently BCC’d it to an attacker-controlled Gmail address, which Google has since disabled. No malware on the mail server, no separate exfiltration tool, no unusual network traffic.
Just a built-in mail feature, turned to copy the organization’s secrets to an inbox the attackers owned. MITRE already catalogs email-forwarding-rule abuse as a known technique. What GTIG flags as new here is the use of domain content compliance rules to do it, a method it says it had not seen from a China-linked actor before. The rule’s keywords mapped to UNC6508’s collection priorities: geo-strategic policy, military strategy and equipment, advanced technology including AI and uncrewed vehicles, offensive cyber programs, and medical research.
One term stood out for its specificity, chikungunya , the mosquito-borne virus behind a 2025 outbreak in China’s Guangdong province. What to do Start with REDCap. Patch externally facing servers and remove old versions outright, not just alongside the current build. REDCap lets legacy versions run side-by-side, and that is what enables downgrade attacks, where an attacker forces software back to a known-vulnerable release.
Then check the mail side. Review Workspace, or equivalent, content compliance and mail-forwarding rules for anything that BCCs or reroutes mail to outside addresses. Check admin audit logs for when rules changed, not just what they say now. Pull GTIG’s published indicators and hunt for INFINITERED.
And put phishing-resistant MFA on administrator accounts, since the whole mail-theft step hinged on admin access. Google still does not know how UNC6508 first reached the REDCap servers. The part worth watching is the mail rule. Once attackers hold admin access, a built-in cloud feature can quietly become an exfiltration path, and that is what defenders need to audit, not just the REDCap backdoor.
Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels
Cybersecurity researchers have flagged two malicious cyber campaigns that exhibit similarities with a persistent North Korean threat cluster known as Contagious Interview (aka Famous Chollima, HexagonalRodent, and Void Dokkaebi). According to a report published by Proofpoint, the threat actor has been found orchestrating phishing campaigns using developer role recruitment or code review themes to target nearly 100 organizations in finance, cryptocurrency, education, technology, and several other sectors. The activity has been codenamed UNK_DeadDrop . “The infection chain begins with emails containing links to actor-controlled GitHub repositories hosting malicious scripts that result in the execution of cross-platform malware for macOS, Linux, and Windows, including an open-source Go framework named Overlord ,” Proofpoint researchers Saher Naumaan and Carlos Rubio said .
A crucial aspect connecting the campaign to Pyongyang is the use of Microsoft Visual Studio Code (VS Code) projects that employ the “runOn: folderOpen” technique to trigger the execution of malicious code every time the code editor is opened without requiring any user interaction. This approach has been adopted by the Contagious Interview actors since December 2025. The activity documented by the enterprise security company involved more than 250 emails that were sent during a six-week period to individuals in almost 100 organizations. Over 75% of the targeted entities are located in the U.S., followed by the U.K., Australia, France, Brazil, Germany, India, Israel, Japan, and the Netherlands.
The emails contain links to GitHub repositories masquerading as technical assignments or cryptocurrency-related projects, instructing recipients to clone the repository and open it in VS Code or Cursor, resulting in the execution of operating system-specific malware loaders for Linux, macOS, and Windows. Subsequent lures observed in May 2026 have pivoted their approach by requesting targets to review their open-source projects. The loader - a shell script for macOS and Linux and a VBScript for Windows systems - is designed to install a malicious VS Code extension (VSIX) that masquerades as a legitimate Google service, while communicating with an external server to facilitate remote command execution, system reconnaissance, and data exfiltration from browser wallet extensions, credentials, and desktop wallet apps. The Linux and macOS infection chains lead to a custom version of the open-source Overlord framework with capabilities to enable data theft.
It also prompts users to enter their system password using a fake security pop-up. The Windows attack chain, on the other hand, relies on the VBScript payload to run a CMD file, which then installs the extension. The end goal remains the same: to steal credentials and data from wallet browser extensions and applications, and exfiltrate the results to the server (“23.137.105[.]75:5173”) via an HTTP POST request. “Unlike the Linux/macOS agent, the Windows pipeline does not maintain a persistent connection; it uploads the ZIP files, performs cleanup, and terminates,” Proofpoint said.
Further analysis has uncovered that the threat actor previously distributed a Windows Go binary of Overlord, but has since shifted to the new method, likely in an attempt to avoid detection. Proofpoint said it’s tracking UNK_DeadDrop as distinct from Contagious Interview due to differences in initial access methods (LinkedIn vs. email) and the use of the Overlord framework, which is different from the custom malware families the North Korean hacking group has traditionally deployed, including BeaverTail, InvisibleFerret, and OtterCookie. “UNK_DeadDrop activity suggests North Korea-aligned operations targeting developers for financial gain are maturing and evolving,” the company said.
“The shift from active social engineering over social media platforms to conduct fake interviews to large campaigns of recruitment-themed phishing emails distributing links to malicious repositories could indicate an actor industrializing and scaling operations.” The disclosure comes as Yeeth Security said it discovered three malicious VS Code extensions named “ByteBinTools.jupyter-powerdev-2026.6.8.vsix,” ToolCraft.jupyter-powertools-3.21.0.vsix,” and “OLDev.markdown-mode-devtools-2.1.0.vsix” on the official marketplace that are dressed up as seemingly harmless Jupyter Notebook productivity tools, but are, in fact, a “sophisticated, multi-stage backdoor” engineered to bypass endpoint defenses. The malware supports the following functions - A SharePoint site functioning as a command queue, victim registry, and exfiltration channel A JavaScript layer that handles all command-and-control (C2) communication via Microsoft Graph API and SharePoint to Components enabling arbitrary file read, write, and exfiltration, as well as code execution using a Windows executable and a Python script for Linux and macOS The C2 channel, besides running commands or scripts, can issue a third command type called “host_action,” which facilitates file system operations like pwd, ls, cd, and cat, along with file upload and downloads. Although there exists no direct overlap with any publicly documented North Korean campaign, Yeeth Security said the developer tooling split between JavaScript and Python has its echoes in Contagious Interview, and that the malicious artifacts’ Microsoft Graph API authentication mechanism shares some similarities with the Lazarus Group’s Dream Job attacks detailed by S2 Grupo LAB52 in October 2025. The findings dovetail with the discovery of multiple campaigns linked to the North Korean threat actors in recent months - A follow-up to the Axios supply chain attack using three malicious npm packages (redeem-onchain-sdk@1.0.7, nicegui@0.1.4, and period-newline@0.1.0) that deliver an information stealer that exfiltrates harvested data to a different C2 infrastructure.
The packages are listed as dependencies on GitHub projects disguised as cryptocurrency trading bots. “Less than 18 hours after the Axios malicious packages were removed from NPM, the first secondary payload was already live on the registry,” OpenSourceMalware said . “This suggests the threat actor had prepared backup infrastructure and was ready to immediately deploy alternative delivery mechanisms.” An attack campaign codenamed TaskJacker has been observed dropping malicious VS Code task files into unsuspecting GitHub users’ existing repositories, spreading in a worm-like fashion. “By weaponizing VS Code’s tasks.json auto-execution feature, attackers have created a scenario where simply opening a cloned repository in your IDE can compromise your system,” the OpenSourceMalware team said.
“No user interaction required beyond a git clone and opening the folder.” Contagious Interview’s use of Git hooks (“.githooks/pre-commit”) to fire the execution of malicious code when a target clones a “coding assessment” repository, marking a shift from hiding the malicious code within .vscode/tasks.json or package.json files. Contagious Interview’s use of a compromised Packagist package (“roberts/leads”) to target PHP developers with a JavaScript malware loader that reaches out to blockchain and public RPC infrastructure in order to fetch, decrypt, and execute a next-stage JavaScript payload. The adversary has also leveraged its access to compromised developer systems to tamper with commits and inject multi-stage obfuscated JavaScript code to the source code files in their repositories. The final payload is a variant of the DEV#POPPER RAT .
“Void Dokkaebi’s operations do not end with a single infected developer,” Trend Micro said . “The compromised machine becomes a launchpad, with the threat actor weaponizing the victim’s own repositories and turning their code contributions into infection vectors for downstream developers. The result is a self-sustaining propagation chain resembling a worm’s behavior rather than a traditional targeted attack.” Contagious Interview’s migration of InvisibleFerret from readable Python scripts to Cython-compiled binaries, distributing the malware as .pyd files on Windows and .so files on macOS. “The update gives the intrusion set an additional layer of evasion while preserving InvisibleFerret’s core capabilities, including backdoor access, browser credential theft, clipboard monitoring, keylogging, and cryptocurrency wallet targeting,” Trend Micro said.
“BeaverTail has also expanded beyond its original downloader and stealer role into a broader malware with overlapping functions, including credential harvesting and wallet trojanization.” A malicious npm package named “ terminal-logger-utils “ has been found to target Telegram data, SSH keys, crypto wallets, cloud configurations, and environment variables. The package was published by “jpeek895,” an account flagged for publishing a similar package called “terminal-logger-pack” in late April 2026. Another npm package named “ js-logger-pack “ has been found to deliver an ELF binary with infostealer and remote access trojan (RAT) capabilities. BlueNoroff’s (aka Sapphire Sleet and UNC1069) targeting of macOS environments within high-value financial sectors to deliver infostealer malware as part of a targeted social engineering against individuals in the cryptocurrency, investment, and Web3 space.
Some of these efforts also make use of fake Zoom and Microsoft Teams meeting-themed lures and ClickFix-style prompts and instructions to install supposed “missing” meeting SDKs and deliver malicious payloads. The attacks led to the deployment of updated variants of Cabbage RAT (aka CageyChameleon), PowerShell implants capable of credential and data theft, or a newly identified data-stealing macOS toolkit known as Mach-O Man . “By persuading users to manually execute AppleScript or Terminal-based commands, Sapphire Sleet shifts execution into a user-initiated context, allowing the activity to proceed outside of macOS protections such as Transparency, Consent, and Control (TCC), Gatekeeper, quarantine enforcement, and notarization checks,” Microsoft said. Contagious Trader ‘s use of over 50 malicious packages embedded across more than 100 GitHub repositories targeting developers in the cryptocurrency space to deliver three malware families: PromptMink, OtterCookie , and a new Windows clipboard stealer called ClipViper.
“The malicious repositories are promoted through verified accounts on X and Reddit, use spoofed developer identities and bot-inflated star counts to appear legitimate, and are distributed across 40+ GitHub users and organizations as redundant delivery fronts,” Panther said . A cluster of obfuscated malicious npm packages published by multiple throwaway accounts has been found to deliver variants of the OtterCookie infostealer by means of a postinstall hook. Another malicious npm package named “ node-env-resolve “ has been identified as making use of six runtime dependencies that match the OtterCookie toolkit. Contagious Interview’s use of generative artificial intelligence to assist with the development of loaders responsible for launching BeaverTail and OtterCookie, and to set up front companies used for listing job openings and social engineering outreach via fake LinkedIn accounts.
According to data shared by Expel, these campaigns are likely carried out by multiple teams, each comprising several members. The attacks have resulted in the theft of $12 million in cryptocurrency in the first three months of 2026. “The threat actor’s campaigns exfiltrated a total of 26,584 cryptocurrency wallets from 2,726 infected developers’ systems,” Expel’s Marcus Hutchins said . A supply chain attack campaign codenamed jsonspack has used 27 malicious npm packages to deliver a JavaScript RAT and infostealer, or drop a loader that fetches an unspecified payload.
Another malicious npm package named “ sleek-pretty “ has been found to target developers running Polymarket trading bots to carry out system fingerprinting, SSH backdoor installation, filesystem exfiltration, and targeted theft of Polymarket CLOB API credentials. A sustained npm malware campaign spanning 108 malicious packages and 261 package versions targeted developers between March 20 and April 20, 2026, with an aim to steal credentials, Telegram Desktop sessions, and wallet keys, and establish persistent access using malware families like BeaverTail and OtterCookie. “Whilst financially motivated cybercrime is highly unappealing to almost every nation-state, since the monetary loss from the resulting sanctions would far outweigh any financial gain, this is not the case for North Korea,” Expel said. “The heavy sanctions already levied against the country mean there is little more that can be done to deter them, but a lot to be gained for a nation whose economic activity is severely constrained.” Found this article interesting?
Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
LiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers
A default low-privilege account on a LiteLLM proxy can climb to full admin and run code on the server by chaining three vulnerabilities, researchers at Obsidian Security disclosed LiteLLM is a widely deployed open-source AI gateway that brokers calls to more than 100 model providers behind one OpenAI-compatible interface. A server takeover exposes every provider key it holds, the secrets that decrypt its stored credentials, and every prompt and response passing through it. Obsidian rates the full chain CVSS 9.9, in the Critical range. BerriAI , the maintainer, included the complete fix set in LiteLLM v1.83.14-stable, which GitHub lists as released May 2.
Upgrade to that release or later to close the three-CVE chain. The three bugs The first link is CVE-2026-47101 , an authorization bypass. When a regular user (an internal_user) generates a virtual API key, LiteLLM stores the caller-supplied allowed_routes field without checking it against the user’s role. The field is supposed to narrow what a key can do.
Instead, the proxy also treats it as a fallback grant, so a non-admin can mint a key with allowed_routes: [”/*”], a wildcard that reaches every route, including admin-only ones. The same unchecked write shows up on the other key-management endpoints, which is why the fix took three pull requests to land. With the route gate bypassed, the handlers behind it become reachable. Several of them assume the gate has already done the screening, which opens two paths.
One is CVE-2026-47102 , privilege escalation. The /user/update endpoint lets a user edit their own record, but does not restrict which fields they can write. A self-update with user_role: “proxy_admin” is accepted and saved, promoting the caller to full proxy admin. An org_admin can hit this endpoint through a legitimate, intended code path with no bypass required; a default internal_user reaches it after CVE-2026-47101.
VulnCheck, which assigned the CVE, scores it 8.7 under CVSS 4.0, 8.8 under 3.1. The other is CVE-2026-40217 , a sandbox escape in the Custom Code Guardrail, which compiles and runs admin-supplied Python. The production endpoints ran the code through exec() with no source-level filtering. When exec() gets a globals dict without builtins, Python silently injects the full builtins module, which hands the code import, open, and eval.
A plain payload calling os.system was then enough for a reverse shell. A separate path on the /guardrails/test_custom_code playground endpoint, found independently by X41 D-Sec , defeated a regex deny-list through runtime bytecode rewriting. Both ended in server-side code execution. What an attacker gets LiteLLM sits at a chokepoint, so the reach is wide.
A full chain exposes the master key, the salt key that decrypts stored credentials, and the database URL. It also exposes every configured provider key, for OpenAI, Anthropic, Gemini, Bedrock, Azure, and the rest. Keys in config or environment are plaintext; keys in the database are encrypted but recoverable with the salt key. Everything sent through the gateway, prompts and responses, becomes readable, which in real deployments is where PII, source code, internal tickets, and pasted secrets end up.
If the proxy also runs as a Model Context Protocol (MCP) or agent gateway, OAuth tokens and tool credentials are in scope too. The sharper risk is not what an attacker reads but what they can rewrite. The gateway sits on the wire between an AI agent and the model, so a compromise lets it alter responses in transit. Obsidian demonstrated this against Claude Code routed through a compromised proxy.
This is not prompt injection . Instead of persuading the model to misbehave, the attacker uses LiteLLM’s built-in callback mechanism, an extension point that fires on every request and never shows up in the admin UI. The callback swaps the model’s response for a forged tool call and rewrites the safety-check context so the action reads as approved. In the demo, the developer types one word, hello, and the attacker pops a reverse shell on the developer’s machine.
Separate from the chain, LiteLLM hands a proxy_admin an intentional code-execution path: its MCP support lets an admin register stdio MCP servers that the proxy launches as local subprocesses. That is a design trade-off rather than a bug, and the patches do not change it, so reaching admin is effectively reaching code execution. Obsidian reproduced a reverse shell this way on v1.88.0. A genuine bug in the same stdio-MCP machinery, CVE-2026-42271 , let callers spawn subprocesses through LiteLLM’s MCP preview endpoints; it was exploited in the wild and added to CISA’s KEV catalog earlier this month.
None of this is LiteLLM’s first rough stretch this year. In March, a supply-chain compromise backdoored two LiteLLM releases on PyPI, and in April, a critical SQL injection was exploited within 36 hours of disclosure. Obsidian frames the chain here as a disclosed flaw with a working demo, not as exploitation seen in the wild, but the proxy’s position keeps making it a target. What to do Upgrade to v1.83.14-stable or later, the first release with the full fix set.
Then audit. Re-verify every account holding proxy_admin and treat that role as host-level access. Review every Custom Code Guardrail on the proxy. Check the callbacks loaded from config.yaml under litellm_settings.callbacks, since those never appear in the console and are exactly where a post-RCE attacker would hide.
Verify the integrity of the deployed code, not just the config. If exposure is suspected, rotate provider keys, database credentials, and any stored MCP tokens. A compromised proxy does not just leak data. It sits between the agent and the model and can forge the responses that the agent acts on.
The chain that gets an attacker there is misplaced trust at every layer: the route gate trusted the caller-supplied field, the handlers trusted the route gate, and nobody actually checked. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes
A single click on a trusted Microsoft link could have let an attacker pull emails, calendar details, and indexed files out of Microsoft 365 Copilot Enterprise Search. Researchers at Varonis Threat Labs chained three bugs into a one-click exfiltration path they call SearchLeak . Because the link pointed to a real microsoft.com domain, traditional anti-phishing and URL filtering tools were unlikely to flag it. No prompt, no password, no second click.
Microsoft assigned CVE-2026-42824 and marked it critical; the CVSS scores ran lower and disagreed, 6.5 from Microsoft and 7.5 from the National Vulnerability Database . The company mitigated the flaw on its backend, so customers have nothing to worry about, and Varonis presented a proof-of-concept, not observed exploitation. Three bugs, one click Microsoft’s advisory describes the flaw as a command injection that can expose information over a network. In practice, SearchLeak stacks one AI-specific weakness on two old web bugs, and each link is needed for the next.
The entry point is the q parameter in the Copilot Enterprise Search URL. It is meant for a natural-language query, but Copilot reads whatever sits there as instructions, not just a search string. Varonis calls this Parameter-to-Prompt injection . An attacker writes a URL that tells Copilot to search the mailbox, take an email title, and place it inside an image URL.
The victim types nothing. They click, and Copilot does the work. Next is a race condition in how the response renders. Microsoft’s guardrail wraps Copilot output in
blocks so the browser treats markup as text.
The catch is timing: the wrapping happens after Copilot finishes generating, but the browser renders the stream as it arrives. The injected
tag is drawn and fires its request before the sanitizer runs. By the time the output is neutralized, the request has already left. The last link gets the data past the page’s Content Security Policy.
The CSP on m365.cloud.microsoft blocks images from arbitrary domains, but it allowlists *.bing.com. Bing’s “Search by Image” endpoint accepts an image URL and fetches it server-side to analyze it. Point that fetch at an attacker’s server with the stolen text encoded in the path, and Bing retrieves it. The browser’s CSP never applies, because the request comes from Bing’s infrastructure.
Bing becomes the exfiltration proxy. The CSP allowlist does the hiding. Put together: the victim clicks, Copilot searches their data, the response embeds a value like an email subject in a Bing image URL, the browser calls Bing during streaming, and Bing pulls the attacker’s URL. The attacker reads it off their own logs, for example, a request for /Your_Security_Code_847291/img.png.
What an attacker gets Copilot Enterprise can reach whatever the signed-in user can, through their Microsoft Graph access, and the attacker inherits that reach without ever logging in. The most time-sensitive prize sits in the inbox: one-time codes, MFA codes, and password-reset links, often still valid for a few minutes. A script that lifts those off a log while the window is open can take over an account before anyone notices. The same access also reaches calendar invites, meeting notes, and any SharePoint or OneDrive file Copilot has indexed, where the salary data, earnings figures, and acquisition plans live.
SearchLeak is the second time Varonis has shown this pattern. Varonis researcher Dolev Taler demonstrated the same one-click technique in an earlier Reprompt attack against Copilot Personal, and it held up against Enterprise Search despite the extra guardrails that tier is supposed to enforce. The same pattern showed up in EchoLeak (CVE-2025-32711), the zero-click Copilot data-leak bug Aim Security disclosed in 2025. SSRF and sanitizer races are old bug classes; the prompt injection is the new part, and it makes them reachable again.
Microsoft mitigated the flaw on its backend, and because Copilot Enterprise is a managed service, tenant admins cannot patch or reconfigure the parts that failed. What they can do is watch and contain. Look for Copilot Search URLs carrying encoded payloads or HTML in the q parameter, and for unusual outbound requests to Bing’s image endpoints. Tighten data-access governance so Copilot indexes less, which shrinks what any future leak can reach.
Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More
Stuff broke again. Not in a movie way. An old tool was left exposed. An abandoned package was abused.
A deprecated feature was still running in prod. This week is the same lesson in a new form: phishing kits are easier to rent, AI names are useful bait, old login paths still fail, and forgotten software keeps becoming someone else’s entry point. Scroll through the full Monday Cybersecurity Recap below for the news, tools, webinars, and fixes worth your time this week. ⚡ Threat of the Week Google Patches Actively Exploited Chrome 0-Day
- Google released security updates to address 74 vulnerabilities, including one that has come under active exploitation in the wild.
The high-severity vulnerability, tracked as CVE-2026-11645 (CVSS score: 8.8), has been described as an out-of-bounds memory access in V8, Chrome’s JavaScript and WebAssembly engine. Google acknowledged that an “exploit for CVE-2026-11645 exists in the wild,” but stopped short of sharing additional specifics to ensure that a majority of the users are updated with a fix and to prevent further exploitation. Google has addressed a total of five actively exploited Chrome zero-days since the start of the year. This includes CVE-2026-2441, CVE-2026-3909, CVE-2026-3910, and CVE-2026-5281.
How Drata Tackles Shadow AI and SaaS Sprawl With a Lean Team Learn how the role of IT has changed in modern orgs, the operational realities of shadow IT and identity sprawl, and how Drata uses Nudge Security to gain visibility and control of AI use, SaaS sprawl, and identity risks. 🎥 June 16th, 2026 at 1pm CT Register Now ➝ 🔔 Top News ShinyHunters Gang Exploits Oracle PeopleSoft Zero-Day
- The ShinyHunters (aka UNC6240) extortion crew exploited an unpatched flaw in Oracle PeopleSoft (CVE-2026-35273, CVSS score: 9.8) to break into enterprise networks. The vulnerability relates to a missing authentication for a critical function that could allow an unauthenticated attacker to obtain takeover of PeopleSoft Enterprise PeopleTools. According to Google Mandiant, the exploitation activity was observed between May 27 and June 9, 2026.
Following a successful compromise, the attackers have been observed conducting targeted internal reconnaissance using MeshCentral, lateral movement, and data exfiltration. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the flaw to its Known Exploited Vulnerabilities ( KEV ) catalog, giving Federal Civilian Executive Branch (FCEB) agencies until June 15, 2026, to apply the fixes. The campaign has mainly targeted the higher education sector; 68% of the more than 100 notified organizations were universities and colleges.
“The observed exploitation targeted PeopleSoft’s Environment Management Hub (PSEMHUB) endpoints, and data stolen during the campaign was published on the ShinyHunters Data Leak Site (DLS) on June 9, 2026,” Rapid7 said . 100s of Arch Linux Packages Compromised to Push Rootkit and Steale r
- Unknown threat actors have managed to compromise hundreds of legitimate-but-abandoned packages in the Arch User Repository (AUR) and modify them with preinstall scripts that download and execute a malicious npm package called atomic-lockfile. The campaign has been codenamed Atomic Arch by Sonatype. “Analysis of atomic-lockfile, the malicious dependency, found a bundled Linux payload with functionality tied to credential harvesting, stealth, anti-debugging, and potential data exfiltration,” the company said.
Although the initial number of affected packages was 400, it has since risen to over 1,500 . As of June 12, 2026, Arch Linux developers have deleted all the malicious commits they are aware of. Outside PhaaS Enterprise Taken Down
- The U.S. Federal Bureau of Investigation said it took down a number of domains linked to Outsider, a Chinese phishing-as-a-service (PhaaS) software kit behind an estimated 3,870,000 stolen credit cards and a corresponding estimated $1.9 billion in losses since July 2023.
In tandem, Google said it pursuing legal action against the operators, who weaponized Gemini to “help generate fraudulent phishing pages and deploy massive SMS phishing (‘smishing’) attacks, often through text messages impersonating legitimate brands, alerting recipients of ‘brokerage account issues’ or insisting they are eligible for ‘rewards through their mobile phone carrier.” According to a complaint filed by Google, the group “built, maintains, and uses a turn-key, online software suite that enables criminals, regardless of technical skill, to publish fraudulent websites designed to rob victims and enrich themselves.” The toolkit costs $88 per week or $200 per month, offering access to more than 290 pre-built templates that mimic legitimate websites. The goal is to steal passwords and corresponding multi-factor authentication codes, as well as financial information in real-time. “Part of the Outsider software’s appeal is the ease with which someone with limited technical expertise -like many members of the Enterprise - can purchase the software, execute various phishing attacks, and, upon purchase, meet other members of the Enterprise who are proficient in other areas,” the tech giant added. Critical Check Point VPN Flaw Exploited in Limited Attacks
- Check Point warned of active exploitation of a critical vulnerability CVE-2026-50751 (CVSS score: 9.3) impacting Remote Access VPN and Mobile Access deployments that are configured to use the deprecated IKEv1 key exchange protocol.
The security flaw is a case of a logic flow weakness in certificate validation that allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password. The Israeli cybersecurity company said it first observed indications of suspicious activity on June 4, 2026, with the earliest observed exploitation dating back to May 7, 2026. Exploitation efforts are said to have ramped up starting this month. The exploitation activity, Check Point added, has been limited to a “few dozen targeted organizations globally.” In one case, the post-exploitation phase has been associated with a Qilin ransomware affiliate.
The Gentlemen Ransomware Claims 478 Victims
- A new analysis of The Gentlemen operation revealed that the financially motivated threat group initially operated as an affiliate responsible for conducting double extortion attacks, while leveraging resources from various ransomware-as-a-service (RaaS) schemes like LockBit (aka Tenacious Mantis), Qilin (aka Pestilent Mantis), and Medusa (aka Venomous Mantis). The group, which it tracks as Phantom Mantis, is led by a Russian-speaking cybercriminal it calls LARVA-368, who goes by the online aliases hastalamuerte, ArmCorp, zeta88, nobody0, and santamuerte. The Gentlemen is known to be active since March 2025, claiming a total of 478 victims to date. Microsoft, which is tracking the cluster under the moniker Storm-2697, said the operation “initially started as a closed ransomware group then began offering its RaaS to affiliates in September 2025.” 🔥 Trending CVEs Bugs drop weekly, and the gap between a patch and an exploit is shrinking fast.
These are the heavy hitters for the week: high-severity, widely used, or already being poked at in the wild. Check the list, patch what you have, and hit the ones marked urgent first - CVE-2026-11645 (Google Chrome), CVE-2026-50751 (Check Point Remote Access VPN and Mobile Access), CVE-2026-35273 (Oracle PeopleSoft), CVE-2026-5027 (Langflow), CVE-2026-44963 (Veeam Backup & Replication), CVE-2026-23111 ( Linux kernel ), CVE-2026-45447 (OpenSSL), CVE-2026-44748, CVE-2026-27671 (SAP NetWeaver AS ABAP and ABAP Platform), CVE-2026-22732 (SAP Commerce Cloud and SAP Data Hub), CVE-2026-40128 (SAP NetWeaver Application Server Java Web Container), CVE-2026-10520 (Ivanti Sentry), CVE-2026-28252, CVE-2026-28253, CVE-2026-28254, CVE-2026-28255, CVE-2026-28256 (Trane Tracer SC+ HVAC controller), CVE-2025-46412, CVE-2025-41426 (Vertiv Liebert IS-UNITY-DP network cards), CVE-2026-0274 (Palo Alto Networks Cortex XSOAR and Cortex XSIAM), CVE-2026-20253 (Splunk Enterprise), CVE-2026-9648 (Haskell TLS software stack), from CVE-2026-12007 through CVE-2026-12011 (Google Chrome), CVE-2026-45034 (PhpSpreadsheet), PTT-2026-004, PTT-2026-005 , an authentication bypass vulnerability ( phpBB ), and a maximum-severity code injection vulnerability in Wazuh (no CVE). 🎥 Expert Webinars Find Out What Your Automated Pentest Is Missing Before Attackers Do → Automated pentesting is useful. It is also easy to overread.
A tool that proves an exploit path worked does not prove your SIEM saw it, your EDR reacted, or your team could respond before damage spread. This webinar cuts through that gap: what automated pentesting actually validates, why repeat runs start returning fewer useful findings, and how BAS helps show which controls failed, not just which vulnerabilities exist. Stop AI-Speed Attacks Before Your Legacy Controls Catch Up → AI has changed the pace of cyberattacks. Lures get sharper, campaigns adapt faster, and attackers can test what works before defenders finish investigating.
This webinar breaks down how AI-powered threats like Mythos get in, move, and scale, then shows how to fight back with tighter access, reduced attack surface, blocked lateral movement, and in-line controls that stop risky behavior before it becomes an incident. Stop Employees From Leaking Source Code, Contracts, and PII Into AI Tools → Employees are already pasting company data into AI tools. Source code, contracts, customer records, and internal notes can leave the business through one prompt. This webinar shows how to move from after-the-fact detection to real-time prevention, with browser-level controls that stop risky AI use at the point where data is about to leak.
📰 Around the Cyber World Campaigns Use AI Brands as Lures
- Microsoft warned of campaigns capitalizing on the global interest around artificial intelligence (AI) as a social engineering lure in campaigns. “These campaigns, which don’t represent compromise of services, span phishing, malvertising, and search engine optimization (SEO)-driven attacks that ultimately lead to credential theft, financial fraud, or malware infection,” the company said . Some of the campaigns include a ChatGPT-themed lure that leads to a phishing kit collecting credit card data, a Claude-themed phishing campaign collecting credentials and access tokens, an “Awesome AI Windows Plugin” malvertising campaign deploying Vidar Stealer, and Fake DeepSeek V4 installers on GitHub delivering Vidar Stealer. The tech giant said it “observed the initial access broker Storm-3075 employing AI-themed malvertising to deliver payloads, including malware signed by the malware-signing-as-a-service (MSaaS) offering attributed to the financially motivated threat actor Fox Tempest, on behalf of multiple downstream actors.” macOS Users Targeted by Fake Installers
- Deceptive installers for popular software are being used to push information stealers to macOS users.
“The infection chain almost always starts inside a web browser,” Huntress said . “Threat actors lean heavily on search engine optimization (SEO) poisoning to hijack search results, or they seed compromised links across torrent networks and cracked software forums. A user drops their guard, clicks the malicious link, and downloads what they assume is an authentic installer.” The DMG files, once executed, aim to bypass Apple Gatekeeper protections to realize their goals. In 2024, more than 65% of newly reported macOS malware was classified as infostealers.
History of Chinese-Language Guarantee Marketplaces
- Flare has shed light on the “ guarantee model “ that powers various illicit online Telegram marketplaces like HuiOne Guarantee and Tudou Guarantee. “These marketplaces are third-party escrow services for illicit transactions,” security researcher Chris d’Eon explained . “The marketplace operator stands between buyer and seller, holds the buyer’s funds in escrow, releases them to the seller only when the buyer confirms delivery, and adjudicates disputes when something goes wrong. In return, the operator collects deposits from vendors who want to advertise under its brand, fees on transactions, and revenue from paid promotional slots.” The model, which has its roots in legitimate Chinese consumer-internet trust architecture launched by Alipay in 2003, facilitates the sale of money laundering services, stolen data, fraud kits, fake identity documents, recruitment for scam compounds, retail fraud, deepfake services, and the physical infrastructure that drives human trafficking and forced-labour compounds.
Law enforcement crackdown has led to “fragmentation but not elimination” of the criminal enterprise. More than 30 successor marketplaces have emerged following the takedown of HuiOne and Xinbi, almost all of them managing their operations via Telegram owing to its reach, bot infrastructure, and improved resilience despite the platform’s efforts to crack down on such activities. These include Tiancheng, Dabai, Ouyi, Yinuo, Jin Bo, Haihua, Timi, and Lao Niu. UniFi OS Flaws Exploited
- The UniFi OS Server remote code execution chain, comprising CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910, is now being actively exploited, according to Defused Cyber , following a report from Bishop Fox about how the three flaws could be combined to achieve unauthenticated code execution as root.
The attacks culminated in the deployment of commodity malware. Khmer Shadow Targets Cambodian Government Entities
- A targeted cyber espionage campaign against Cambodian government entities has leveraged a meeting-themed SFX archive to sideload a custom C++ loader dubbed NIGHTFORGE, which then decrypts and executes a Havoc Demon payload in memory. “NIGHTFORGE has demonstrated a moderate level of sophistication, combining advanced defense-evasion techniques such as NTDLL unhooking and Hell’s Gate syscall resolution, a method that enables direct system calls and helps evade user-mode monitoring, with operational shortcomings that suggest the tool is still under active development,” Acronis said . The activity has been attributed to any known threat group, but it’s “likely aligned with regional intelligence collection interests in Southeast Asia.” How Attackers Could Exploit Cloud Logging Services
- Palo Alto Networks Unit 42 has warned that threat actors could exploit cloud logging services, which are crucial for security monitoring, to “create weak spots, evade detection, and in certain scenarios, establish continuous visibility within a target’s environment.” Attackers could tamper with resources within the cloud logging service (e.g., disabling, altering, or deleting logs, or even impairing logging) to hide their presence or attempt to route logs to their own accounts, establishing continuous visibility over the victim’s environment, performing continuous discovery, and passively monitoring all activity.
Operation TaxShadow Delivers Multi-Stage Malware Framework
- An Indian tax-themed phishing campaign has been observed delivering a sophisticated multi-stage malware framework through a mix of social engineering, phishing infrastructure, and memory-resident malware execution techniques. “The campaign begins with a fraudulent tax notification email impersonating an official Indian tax authority, leveraging government branding, urgency-based messaging, and compliance-related threats to manipulate victims into interacting with a malicious phishing website,” CYFIRMA said . “Victims are subsequently instructed to download a malicious ZIP archive containing three staged payload components: कर विवरण.exe, SbieDll.dll, and SbieDll.bin, which collectively establish the complete infection lifecycle.” The attack makes use of a highly modular malware architecture, coupled with advanced defense-evasion and anti-analysis techniques, to launch a payload in memory. The malware also establishes persistent WebSocket-based communications.
MagicAd Displays Background Ads on Android Devices
- A new Android trojan called MagicAd has been found to bypass operating system restrictions to display background ads. “One of these methods is universal, while the others are designed for devices from specific manufacturers,” Russian cybersecurity company Doctor Web said . “These include exploiting third-party software and using the system media player.” The malware is distributed via apps on GetApps, the official app catalog for Xiaomi devices. It has been discovered in more than 50 games and apps.
The campaign is assessed to have commenced in 2025, with the threat actors behind it also leveraging the Samsung Galaxy Store as a distribution mechanism. Currently, none of the apps are available for download. Residential Proxies in the Wild
- Residential proxies are designed to relay internet traffic through devices that belong to regular consumers, such as home routers, mobile devices, IoT devices, and devices with applications embedded with proxyware. One way this is achieved is that application developers themselves can embed software development kits (SDKs) provided by the residential proxy networks into their products as a way to monetize their software, allowing them to receive a small amount of money on each installation.
In an analysis published last week, Infoblox said monthly queries to residential proxy domains steadily grew from nearly 400 billion to over 500 billion between January 2025 and April 2026 across its customer base, an increase of about 25%. “There are likely several explanations for this: certainly, the rise in AI-related training, which often requires scraping websites, is a major driver of residential proxy demand,” it said . “Residential proxies bypass many anti-scraping measures, as the traffic appears to be coming from the devices of real people.” Some of the most commonly observed proxy services queried include Bright Data, Hola VPN, Oxylabs Proxy, Honeygain, and Grass. The DNS threat intelligence firm said many residential proxy services operate in a grey space.
SHEET#CREEP Drops C# Remote Access Trojan
- An ongoing cyber espionage campaign dubbed SHEET#CREEP has leveraged a diplomatic-themed ISO phishing lure to distribute a C# remote access trojan (RAT). The activity was previously flagged by Zscaler and Bitdefender , attributing it to a threat actor known as Transparent Tribe. “The RAT abuses the Google Sheets API as its command-and-control (C2) channel, authenticating via an embedded GCP service account private key and using individual spreadsheet tabs per victim for bidirectional communication,” Securonix researchers Shikha Sangwan, Akshay Gaikwad, and Aaron Beardslee said . “The LNK triggers a C# dropper that extracts a bait PDF, drops the RAT payload into the Windows Vault directory, and establishes persistence through a scheduled task, before melting (self-deleting) to remove forensic traces.” The cybersecurity company said it identified 91 active victim tabs in the C2 spreadsheet, including a high-confidence target located in Pakistan.
Malware Distributed via npm and PyPI Packages
- A cryptocurrency-focused software supply chain campaign has used malicious npm packages to facilitate credential harvesting, wallet theft, remote payload delivery, and blockchain-based command-and-control. “Technical analysis uncovered capabilities including cryptocurrency wallet interception, private key and mnemonic phrase theft, SSH credential harvesting, environment variable collection, sensitive file discovery, remote activation mechanisms, blockchain-based infrastructure retrieval, and multi-stage malware deployment,” CYFIRMA said . A second campaign, codenamed Solana FakeFix , has targeted Solana developers with 20 bogus npm and PyPI packages to steal wallet keys, cloud credentials, source-control tokens, SSH keys, and environment secrets, while a third campaign, CMS Windows Loader, has used five npm packages to load remote executables and JavaScript code dynamically. In a related development, two versions of the dbmux npm package (2.2.5 and 1.0.5) were flagged for containing malware.
“Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer,” according to a GitHub advisory . “The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.” Ransomware Attack Uses Easyupload.io for Data Exfiltration
- In one ransomware attack investigated by Huntress, a threat actor accessed the victim’s hypervisor and created a new virtual machine (VM) as a staging location from which they launched the Akira ransomware. The threat actor rapidly progressed through the attack, disabling Microsoft Defender and installing WinRAR, an archival tool typically used by threat actors for staging data.
“The threat actor used the Microsoft Edge browser to access Bing, and search for the term ‘eayupload’ before settling on Easyupload.io, a website that provides access to file uploads via drag-and-drop,” the cybersecurity company said . “Shortly after accessing the LimeWire website, presumably to exfiltrate staged archives, the threat actor launched the akira.exe file encryptor against several mounted shares.” 🔧 Cybersecurity Tools SpooNMAP → It is a Python tool that wraps Nmap and Masscan to make port scanning easier and faster. It guides users through scan options, supports small, medium, large, full, and custom scans, can grab service banners with Nmap, and lets users scan target IPs or CIDR ranges from a file. CVE MCP Server → It connects Claude to 27 security intelligence tools across 21 data sources, helping analysts look up CVEs, check EPSS and CISA KEV status, find PoCs, scan dependencies, review IP reputation, and generate risk reports from one place.
Disclaimer: This is strictly for research and learning. It hasn’t been through a formal security audit, so don’t just blindly drop it into production. Read the code, break it in a sandbox first, and make sure whatever you’re doing stays on the right side of the law. Conclusion This week’s lesson is simple: attackers do not need magic.
They need old code, busy teams, weak defaults, and one forgotten box nobody wants to claim. That is the uncomfortable part. The next big incident may already be sitting in your stack, quietly working as designed. Found this article interesting?
Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
The Onboarding Password Mistake That Creates Unnecessary Risk
Employee onboarding is a busy time for IT teams. New starters need devices, accounts, access permissions, and passwords, all delivered within a tight timeframe. That usually means sharing a temporary “first-day” password so employees can access systems for the first time. The issue is that these passwords don’t always stay temporary.
They may be sent over email or SMS, reused across accounts, or never changed at all, creating unnecessary risk during the onboarding process. For attackers, weak or poorly managed onboarding credentials can provide an easy route into corporate systems. To make the onboarding process more secure without slowing new employees down, it’s important to understand why typical password-sharing methods introduce risk. When convenience overrides security The most common approach to sharing initial credentials with new employees is to send them in plain text over email or SMS.
It’s quick and convenient, especially during busy onboarding periods, but it also creates an obvious exposure point. If those messages are intercepted, forwarded, or accessed on an unsecured device, attackers can gain immediate access to corporate accounts and systems. The alternative is sharing passwords verbally, either in person or over the phone. While this reduces the risk of digital interception, it creates operational challenges of its own.
IT teams and new starters need to coordinate schedules, and the process often breaks down when managers or third parties are asked to relay credentials on IT’s behalf. The more people involved in handling a password, the greater the chance of it being mishandled or disclosed. Neither method provides a particularly secure or scalable way to handle onboarding credentials. In many cases, organizations are balancing ease of access against security, and temporary passwords end up becoming a long-term weakness rather than a short-term onboarding step.
A more secure approach to onboarding passwords Traditional onboarding methods create risk because organizations are forced to share temporary passwords in the first place. Addressing this issue are specialized solutions like Specops First Day Password , available as part of Specops uReset , which removes the need to distribute first-day passwords altogether. Specops First Day Password Instead of receiving a temporary credential over email, SMS, or phone, new employees set their own password through a secure enrollment process. Users receive an enrollment link via personal email, text message, or a “reset my password” option on their domain-joined device.
After verifying their identity using a personal email address or mobile number, they can create a password that meets the organization’s policy requirements from the outset. This approach reduces the risk associated with intercepted or mishandled onboarding credentials while making the process easier for both IT teams and new starters. Specops uReset The risk of temporary passwords becoming permanent Most onboarding credentials are designed to be temporary, with employees expected to create a new password after their first login. However, it’s easy for busy users to miss this step and delay changing their password.
Onboarding workflows may also fail to enforce a reset, or temporary credentials may remain active without anyone noticing. That creates a problem because first-day passwords are rarely designed with long-term security in mind. They’re simpler, more predictable, or generated in bulk to speed up onboarding. If those credentials remain active, they become an easy target for attackers looking for low-effort ways into corporate systems.
Recent incidents show how dangerous unchanged default or temporary credentials can be, particularly when they’re left exposed on internet-facing systems or tied to sensitive user data. Exploiting weak credentials in critical infrastructure In November 2023, the Municipal Water Authority of Aliquippa in Pennsylvania, USA, was targeted by the Iranian-linked hacktivist group Cyber Av3ngers. The hackers exploited programmable logic controllers (PLCs) protected by the default credential “1111”, which allowed them to gain control of a remote booster station serving two townships. While there was no risk to water supply, the severity of the risk was highlighted by CISA alerting other facilities to update the default credentials in similar systems and disconnect PLCs from the open internet.
The incident is a good example of how setup credentials can become a long-term security weakness. A password intended for initial deployment or testing remained active on production systems, giving attackers a straightforward route into operational technology environments. Breaching a hiring platform through a poorly protected admin account In 2025, researchers discovered that McDonald’s AI-powered hiring platform, McHire, could be accessed through a weak legacy administrator account reportedly using “123456” as both the username and password. The platform, operated by Paradox.ai, handled large volumes of applicant information as part of the recruitment and onboarding process.
Using the default credentials, the researchers were able to access a test “restaurant” environment within the McHire platform. From there, they could view chat interactions linked to more than 64 million job applications. Paradox.ai responded quickly after the issue was responsibly disclosed, resolving the vulnerability and updating its security policies. However, the incident highlights how easily forgotten default or test credentials can create serious exposure when they remain connected to live systems.
Secure your onboarding processes with Specops Passwords aren’t disappearing any time soon; even as passkeys and passwordless authentication grow in popularity, passwords still play a central role in most onboarding and access management processes. That means organizations need secure, reliable ways to manage credentials throughout their entire lifecycle, including the very first password a user receives. Sharing temporary credentials or forgetting to reset default passwords create unnecessary risk that attackers are quick to exploit. Reducing that risk doesn’t have to make onboarding more complicated.
By allowing users to securely create their own passwords from day one, organizations can improve security while giving IT teams a more scalable and manageable onboarding process. Specops helps organizations strengthen password security at every stage of the user lifecycle, from onboarding and password creation through to ongoing policy enforcement and breached password protection. If you’d like to see how our solutions could work in your organization, book a demo today . Found this article interesting?
This article is a contributed piece from one of our valued partners. Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
152 Chrome Wallpaper Extensions with 105K Installs Linked to Adware and Fake Traffic
Cybersecurity researchers have discovered a network of 152 Google Chrome extensions that act as new tab live wallpaper add-ons to distribute a potentially unwanted program (PUP) family. The cluster spans 38 separate Chrome Web Store publisher accounts and three brand backends: tabplugins[.]com, yowgames[.]com, and chromewallpaper[.]com. They have been collectively installed 105,000 times. The names of some of the extensions are listed below - Neymar - Football Live Wallpaper (laafpeklcnlfmjaofbndehkjpnccbhek) Satoru Gojo Manga Live Wallpaper (mnpacdigbockiilmilhbedciadenfdnb) Porsche 911 - Sports Car Live Wallpaper (dead service worker) (iedplnnolciaofkakkjmcojnmklpfikg) Satoru Gojo Live Wallpaper (ipiabbhciknabpoihaakdahgghllelpj) Hello Kitty Wallpapers HD New Tab (hijpkhinofkdobfagfbobnnoihmopgkk) Pusheen Cat Wallpapers HD New Tab (famchdjojcnakamhkddkpaglnkonkfnl) Peach & Goma Wallpapers HD New Tab (nomekamioepglinefhenifnbegjhfiai) Spider-Man Miles Morales Swing Live Wallpaper (jjngbcodoldjmpjpfbhfelaljbdlkekh) BMW M3 Neon Night Drive Live Wallpaper (gfikbhpfjldbbikolkcimfgmejhdkjbe) BMW Wallpapers (dbiamdajndfmpmmeklcbbnekhkdcakhf) Death Note Anime Wallpapers HD New Tab (pkdloppfapenphihgbldhjjlfhgnkmcg) Sonic Frontiers Starfall Live Wallpaper (imkepemaflommlonnppjobgdpokbfmoj) Tanjiro - Demon Slayer Live Wallpaper (ibglidkppckhminbhbgcajomjplomcka) Neymar New Tab Wallpaper (gkbfokaephnaajnmpgiieidpfieamggb) Anime Car Drift Live Wallpaper (bcafgkhoifffmnoajkgmbhcojpabjffm) Choso Wallpapers New Tab (ojeaociifmdciibodcifjjocdlbjjeep) Anime Rain Live Wallpaper (npcghghfkbpgiamoifabankdnmopenni) Minecraft Sakura Pond Live Wallpaper (mjdhgndjbajnanfimjipafechjbakdhh) Straw Hat Live Wallpaper Ghost of Tsushima (lblgjffllphdepifdkfhlihddckhlkll) Zenitsu Agatsuma Live Wallpaper (laeciedchhnmnfhllplcgkfcdbdfgdhn) “Every listing declares on the Chrome Web Store that it will not collect or use user data, while the linked privacy policy admits the opposite: that the extensions log IP addresses, ISP, click counts, and referrers and share that data with Google AdSense, DoubleClick, and third-party ad partners,” Socket security researcher Kush Pandya said .
What’s more, a sub-cluster of the identified extensions defines two hard-coded URLs in a JavaScript file (“js/bg.js”) that are activated during install and uninstall operations - The install URL includes the Urchin Tracking Module (UTM) parameters “utm_source=google&utm_medium=organic&utm_campaign=tanjiro-demon-slayer-live-wallpaper” thereby disguising the extension opening a tab on install as an “organic” search. The uninstall URL is a google.com/url redirect wrapper that masquerades the uninstall as genuine Google Search activity. Organic search on search engines like Gook refers to the unpaid listings on a search engine results page (SERP) generated by algorithms. Their placement is based on parameters like relevance, authority, and search engine optimization (SEO), and is different from sponsored results.
The idea behind these extension, Socket said, is to artificially create that signal, which essentially amounts to fabricating the origin of its own traffic. “The visit is not a person who searched Google; it is the extension opening a tab on its own and stamping it ‘arrived from Google organic search,’” the company explained. “The uninstall ping goes a step further, wrapping the destination in the exact google.com/url format Google uses for real search-result clicks, including the signed ved and usg tokens, so the hit looks like a human clicking a Google result.” The JavaScript files also come equipped with a dormant capability to enumerate and delete every IndexedDB database it can find upon a service worker start. The campaign is assessed to be a “financially motivated commercial adware and traffic-attribution-fraud affiliate operation,” although its exact provenance remains unknown.
Available circumstantial indicators suggest it could have originated from Turkey. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites
An attacker tampered with trusted JavaScript files used by WordPress sites running PushEngage , OptinMonster , and TrustPulse , turning those files into a way to break into the sites. When a site administrator was logged in as the file loaded, the code created an admin account under the attacker’s control and installed a hidden plugin that opened a way back in. Ordinary visitors did not trigger it. Any site that was hit should be treated as compromised.
All three plugins are run by one company, Awesome Motive, which had not commented on the two larger plugins as of June 15. Security firm Sansec disclosed the wider campaign on June 13, finding the same malicious code in JavaScript served for all three plugins. PushEngage followed a day later with its own incident notice , confirming an attacker had served tampered copies of its script and that sites loading them could be taken over. PushEngage, acquired by Awesome Motive years ago, is so far the only one of the three to issue guidance; OptinMonster and TrustPulse users have heard nothing official.
The window was not the same for each plugin. Sansec saw the malicious code in OptinMonster and TrustPulse for only about 25 minutes on June 12, first around 22:17 UTC and gone by 22:42. PushEngage’s exposure ran longer: several hours on June 12, and its script was still being served from some of the CDN’s servers into June 14. So the two plugins with the most sites had the smallest window, and PushEngage had the largest.
Sansec estimates that the three plugins reach more than 1.2 million sites between them, the bulk of that OptinMonster, which alone has over a million active installs. PushEngage’s WordPress plugin has more than 9,000. That figure is reach, not damage: it counts sites that run the plugins, not sites that were broken into. How the attack worked The poisoned script did nothing on a normal page view.
It acted only when a logged-in WordPress administrator loaded it, then used that admin’s session to take over. That design is also why the WordPress dashboard cannot tell you whether you were hit: the backdoor is built to stay out of the admin screens, so the only reliable check is on the server itself. In PushEngage’s case, the tampered files were its normal embeds, pushengage-web-sdk.js and pushengage-subscription.js, served from clientcdn.pushengage.com, the content-delivery network that pushes PushEngage’s script out to customer sites. OptinMonster and TrustPulse were hit through separate Awesome Motive CDN endpoints.
PushEngage says the rest of its systems were untouched: it found no sign that its main application or the servers holding customer data were reached. By PushEngage’s own account, once the script ran with an administrator logged in, it: used that admin’s session to act with full permissions, created a new admin account under the attacker’s control, installed a plugin that does not show up in the dashboard, and sent the new login details and site information to tidio[.]cc, a fake domain made to look like the real tidio.com. Sansec found the same sequence across all three plugins. The tidio[.]cc domain was registered on April 28, weeks before the attack, which points to a planned operation rather than a quick smash and grab.
The hidden plugin is the real prize. It opens what is known as a web shell, a remote command channel: anyone who knows the right URL can run code on the server without logging in. From there the attacker can read or change any file, copy the database, plant more backdoors, inject card-skimming code, redirect visitors, or steal data. The extra admin account is a simple way back in if you delete the plugin but miss the account.
And because the attacker can run code freely, removing the named plugin and account may not be enough; both Sansec and PushEngage say to assume other backdoors could remain. How the attacker got in This is the part the two accounts disagree on. PushEngage says the attacker first broke into the server running its marketing website, through a known flaw in UpdraftPlus , a WordPress backup plugin. That server is separate from the systems that run the product and store customer data.
What mattered was not the server itself but a key sitting on it: a CDN API key. With that key, the attacker did not need to break into PushEngage’s main systems. It could simply change the files the CDN was already delivering to customer sites. Sansec is not convinced the entry point is settled.
It says the breached system is still unknown, with Awesome Motive’s own servers the most likely place, the CDN account possible, and the CDN provider, BunnyNet, unlikely. Sansec’s public analysis does not examine or endorse the UpdraftPlus theory; that account comes from PushEngage alone, about its own environment. UpdraftPlus does have a separate authentication-bypass bug, CVE-2026-10795 , that Wordfence rates 8.1 (high severity); it is now patched, and Wordfence has reported attacks against it, so anyone running UpdraftPlus should update no matter what. Whether that bug had anything to do with this break-in is unconfirmed.
Treat the entry point as unsettled. What to check and do By Sansec’s timeline, the OptinMonster and TrustPulse files were clean by June 13, while PushEngage’s script lingered on some CDN servers into June 14. PushEngage says it is still working out the exact window and has since replaced the bad files, cleared the CDN cache, changed the CDN key and all related credentials, and moved the marketing site to new infrastructure. None of that cleans a site that was already taken over.
Indicators of Compromise (IoCs) from Sansec Because the backdoor hides from the dashboard, you cannot rule out compromise by looking at WordPress. If your site ran any of the three plugins during the threat window, the only dependable answer is a server-side scan. Do not try to settle it by guessing whether you were logged in; most owners cannot prove that either way. Treat the steps below as the baseline.
Run a server-side scan. Anyone who had PushEngage, OptinMonster, or TrustPulse active during the window should scan the server directly. A browser or dashboard check will miss a payload that only ran for logged-in admins. (Sansec saw the same payload on all three plugins, but has not confirmed OptinMonster and TrustPulse were delivered the same way or in the same window as PushEngage.) Check the filesystem, not the dashboard.
Under wp-content/plugins, look for folders named content-delivery-helper (“Content Delivery Helper”) or database-optimizer (“Database Optimizer”). Trust what is on disk. Delete any admin accounts you did not create, especially developer_api1 or anything matching dev_xxxxxx. Check your logs.
Review web server access logs from June 12 to 14 UTC for outbound traffic to tidio.cc, including its /cdn-cgi/ paths, and to the attacker’s server at 84.201.6.54. If you find anything, assume the worst. Rotate everything: admin passwords, API keys, database credentials, and the secret keys (salts) in wp-config.php. With code execution on the server, more persistence may remain.
Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
Sniper Dz Scams Target MENA Users via Fake Facebook Offers and Browser Alerts
Cybersecurity researchers have disclosed details of fraudulent activity targeting users across the Middle East and North Africa by employing various fraudulent Facebook accounts impersonating politicians, public figures, and trusted organizations. “These accounts promoted fake offers, including free mobile internet packages, financial compensation, and government subsidy programs,” Group-IB analysts Anna Yurtaeva and Viacheslav Shevchenko said . “Victims were encouraged to click embedded links to claim the advertised benefits, but were instead redirected through a chain of intermediary websites that ultimately led to phishing and traffic monetization infrastructure.” The Singapore-headquartered cybersecurity company has these campaigns to Sniper Dz , a turnkey phishing-as-a-service (PhaaS) platform that was taken down last month in an INTERPOL-led operation. The findings indicate that the platform goes beyond facilitating credential theft, generating illicit revenue via browser notification abuse, premium SMS subscriptions, premium-rate calls, and investment scams.
A “typical Sniper Dz scam victim funnel” begins with localized social engineering lures, with the scammers impersonating well-known telecom providers such as Algérie Télécom to promote fake offers, to direct users to domains hosted on Link in bio services that act as an intermediary layer between the social media post and the final destination. “Rather than directing victims straight to a malicious website, the campaign first routes users through trusted link-aggregation platforms such as Linkbio and Linktree,” Group-IB researchers said. “The attackers create decoy landing pages on domains operated by these services.” The attack ends with directing victims to a page that obtains browser notification permissions by prompting users to click “Allow” to continue. Behind the scenes, code embedded in the web page subscribes the web browser to a push notification system using a Voluntary Application Server Identification ( VAPID ) public key.
Group-IB said the same VAPID key has been observed across campaigns masquerading as telecommunications providers in Algeria and investment-related scams targeting users in multiple regions. “Because VAPID public keys are used to identify the notification service responsible for delivering push messages, their reuse can provide valuable insight into underlying infrastructure relationships,” the company said. “The consistent appearance of the same key across otherwise distinct campaigns suggests that the operators are relying on a shared push-notification ecosystem rather than independent infrastructure.” Furthermore, the page engages in back button hijacking by injecting 10 fake history states, tricking users into visiting sites that may serve unsolicited ads, or trapping them in a “back-button prison” and within attacker-controlled content to inflate ad impressions, promote scams, or deliver malicious content. “The page also implements a tab-under technique that activates when users interact with certain links,” the cybersecurity company noted.
If a link opens a new browser tab, a delayed script silently redirects the original tab to another destination controlled by the operators. “This allows the campaign to continue driving traffic through its redirection and monetization infrastructure even after the victim believes they have left the site. By combining browser notification abuse with history manipulation and tab-under redirections, the operators make it significantly more difficult for users to escape the scam ecosystem.” Once users are enrolled into the notification infrastructure, the attacks progress to the monetization phase, routing the victims to a traffic distribution system (TDS) that determines which scam to present based on factors like device type, location, and mobile carrier. Potential pathways include premium-rate call scams, premium SMS subscription fraud, and investment scams.
“This campaign demonstrates how modern fraud operations increasingly rely on the abuse of legitimate web technologies rather than traditional malware,” Group-IB said. “Instead of infecting devices, the operators exploit trusted platforms, browser features, and social engineering techniques to guide victims through a carefully designed monetization funnel.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Flaw
Palo Alto Networks has revealed that it has observed “active exploitation” of a recently disclosed PAN-OS vulnerability by an unknown threat actor to obtain unauthorized access to GlobalProtect portals. The vulnerability in question is CVE-2026-0257 (CVSS score: 7.8), an authentication bypass flaw affecting the portal and gateway components of PAN-OS software that could be exploited by bad actors to set up VPN connections. According to the network security company, the security defect could be exploited by a bad actor to bypass security controls and initiate VPN connections. The vulnerability has been exploited in the wild in limited attacks, with initial activity observed on May 17, 2026.
It’s currently unknown who is behind the exploitation efforts. “No post-access behavior or lateral movement has been identified as of this time,” Palo Alto Networks said . “Only a small portion of the probed devices actually established VPN sessions, resulting in gateway-connected events.” The company has also released indicators of compromise (IoCs) associated with the activity - IP addresses - 23.128.228[.]6 104.207.144[.]154 146.19.216[.]119 146.19.216[.]120 146.19.216[.]125 179.43.172[.]213 185.195.232[.]139 198.12.106[.]60 202.144.192[.]47 Host Names and MAC Addresses - aa:bb:cc:dd:ee:ff 00:11:22:33:44:55 WINDOWS-LAPTOP-001 DESKTOP-GP01 GP-CLIENT Palo Alto Networks is also urging customers to search GlobalProtect logs for successful gateway-connected events that match the following hard-coded client configuration values from a proof-of-concept (PoC) exploit - endpoint_os_version : Microsoft Windows 10 Pro 64-bit source_user_info.domain : empty Late last month, the U.S. Cybersecurity and Infrastructure Security Agency (CSIA) added CVE-2026-0257 to its Known Exploited Vulnerabilities (KEV) catalog, ordering Federal Civilian Executive Branch (FCEB) agencies to mitigate the flaw by June 1, 2026.
Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.