Browsing: Cyber Incidents

Introduction: LLM-Generated Mythic Agents — Why It Matters The rise of LLM-Generated Mythic Agents marks a significant shift in offensive cybersecurity capabilities. Researchers have demonstrated that modern large language models (LLMs) can autonomously generate fully functional Mythic command-and-control (C2) agents from a single prompt without requiring human coding assistance. This development introduces a new generation of AI-powered offensive tooling that could dramatically change how both security professionals and threat actors build malware. According to research presented by SpecterOps, the automated framework can design, test, validate, and prepare deployable implants in approximately two hours using an orchestrated workflow known as Oracle.…

VS Code Infostealer Attack — Why It Matters A newly uncovered software supply chain campaign has revealed how attackers are abusing trusted open-source ecosystems to compromise developers. According to security researchers at JFrog, the VS Code Infostealer Attack leverages hijacked npm packages and compromised Go packages to silently deploy a multi-stage Python information stealer across Windows, Linux, and macOS. A newly uncovered software supply chain campaign has revealed how attackers are abusing trusted npm packages to compromise developers. Unlike traditional npm malware that relies on installation scripts, this campaign introduces a stealthier approach by exploiting Visual Studio Code’s automatic task…

Introduction: GLM-5.2 AI — Why It Matters GLM-5.2 AI 2026 is rapidly emerging as one of the most significant developments in AI-powered cybersecurity this year. Chinese AI company Zhipu AI has released its latest open-weight model, GLM-5.2, which reportedly delivers software vulnerability detection capabilities comparable to Anthropic’s Claude Mythos model. The release is attracting global attention because the model is openly available worldwide while achieving performance that independent testing suggests rivals some of the most advanced proprietary cybersecurity AI systems. According to publicly available benchmark results, GLM-5.2 achieved an F1 score of approximately 39% for detecting Insecure Direct Object Reference…

Introduction: Signal Backup Recovery Key Phishing — Why It Matters The Signal Backup Recovery Key Phishing campaign has prompted fresh warnings from the U.S. Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA). According to the updated advisory, Russian intelligence-linked threat actors have expanded their phishing operations by targeting users’ Signal Backup Recovery Keys rather than attempting to break the encrypted messaging platform itself. The Signal Backup Recovery Key Phishing campaign relies entirely on social engineering. Attackers impersonate Signal Support or trusted contacts to convince victims to reveal sensitive recovery credentials. Once obtained, these keys allow…

Introduction: Bucket Hijacking Attack — Why It Matters A newly disclosed cloud attack technique known as Bucket Hijacking Attack has revealed a serious weakness in how several leading cloud providers route data to storage buckets. Security researchers demonstrated that attackers could silently redirect active cloud data streams—including audit logs, telemetry, backups, and replicated data—to storage buckets under their own control without interrupting the affected cloud services. The technique affects cloud environments that rely on globally unique bucket names, including Amazon Web Services (AWS), Google Cloud, and Microsoft Azure. Rather than exploiting software vulnerabilities, the attack abuses cloud storage naming behavior…

Introduction: GPT-5.6 Sol — Why It Matters OpenAI has introduced GPT-5.6 Sol, its newest flagship artificial intelligence model, through a limited preview available only to a select group of trusted organizations. The preview also includes two additional models—Terra and Luna—and forms part of an ongoing engagement with the U.S. government before a broader public release. Unlike previous launches that focused primarily on performance improvements, GPT-5.6 Sol places significant emphasis on cybersecurity. The model incorporates OpenAI’s most advanced safeguards against malicious use, including stronger protections against jailbreak attempts, offensive cyber requests, and misuse for harmful activities. At the same time, it…

TinyRCT Backdoor — Why It Matters A Chinese-speaking advanced persistent threat (APT) group has reportedly deployed a newly identified malware family known as TinyRCT Backdoor in cyber espionage operations targeting government agencies and critical infrastructure organizations across Southeast Asia. According to researchers, the campaign has been attributed to the threat actor CL-STA-1062, which shares operational similarities with the previously tracked group UAT-7237. The campaign demonstrates how sophisticated espionage actors continue to refine their toolsets by combining custom malware, stealthy persistence techniques, and legitimate administrative utilities. Researchers observed compromises affecting at least ten organizations between October and December 2025, highlighting continued…

Introduction: Pedit COW Exploit — Why It Matters A newly disclosed Linux kernel vulnerability, Pedit COW Exploit, is drawing significant attention across the cybersecurity community after researchers demonstrated that it can allow a local, unprivileged user to obtain full root access on affected systems. Tracked as CVE-2026-46331, the flaw resides in the Linux kernel’s traffic-control subsystem and has already been accompanied by a publicly available proof-of-concept (PoC), dramatically increasing the urgency for organizations to patch vulnerable systems. Unlike many privilege escalation vulnerabilities, Pedit COW Exploit does not modify executable files stored on disk. Instead, attackers manipulate cached copies of privileged…

Introduction: Miasma Malware npm Packages — Why It Matters The Miasma Malware npm Packages campaign has emerged as a sophisticated software supply chain attack targeting developers through malicious npm packages associated with the LeoPlatform and RStreams ecosystems. Instead of relying on traditional installation scripts, the attackers abuse the binding.gyp build configuration file to trigger hidden code execution through node-gyp, allowing the malware to bypass many automated security checks. The campaign demonstrates how threat actors continue evolving their techniques to compromise developer environments silently. Once executed, the malware steals credentials from numerous development platforms and cloud services, including GitHub, npm, PyPI,…

Introduction: AWS AiTM Phishing Kit — Why It Matters A sophisticated phishing campaign targeting AWS users has revealed how attackers continue to evolve beyond traditional credential theft. The newly identified AWS AiTM Phishing Kit enables threat actors to steal AWS console credentials and multi-factor authentication (MFA) codes in real time, allowing them to hijack authenticated sessions before security tokens expire. According to Datadog Security Labs, the campaign was active between June 19 and June 23, 2026, and specifically targeted a small number of high-value AWS users, primarily software engineers and engineering leaders in the United States. Instead of simply collecting…