{"id":1365,"date":"2026-06-18T16:30:54","date_gmt":"2026-06-18T16:30:54","guid":{"rendered":"https:\/\/thedigitalfortress.us\/?p=1365"},"modified":"2026-06-18T16:30:54","modified_gmt":"2026-06-18T16:30:54","slug":"claude-chat-abuse-nastyc2-npm-packages-device-code-phishing-25-more-stories","status":"publish","type":"post","link":"https:\/\/thedigitalfortress.us\/?p=1365","title":{"rendered":"Claude Chat Abuse, NastyC2 npm Packages, Device-Code Phishing + 25 More Stories"},"content":{"rendered":"
\n

\ue804<\/i>Ravie Lakshmanan<\/span>\ue802<\/i>Jun 18, 2026<\/span><\/span>Hacking News \/ Cybersecurity News<\/span><\/p>\n<\/div>\n

\n
<\/a><\/div>\n

The internet did not break this week. It got used exactly as designed, which is worse.<\/p>\n

Searches were siphoned through shady browser add-ons. AI chat links turned into malware delivery paths. macOS attacks ran in memory and left almost nothing behind. Cloud agents looked like helpers until attackers treated them like open shells.<\/p>\n

Add exposed edge gear, poisoned packages, cash courier scams, stealers, loaders, and phishing that barely bothers pretending anymore. Here\u2019s the full mess.<\/p>\n

\n
\n
    \n<\/p>\n
  1. \n
    DoH lands in Windows Server 2025<\/span> <\/p>\n

    Microsoft has announced that DNS-over-HTTPS (DoH) for Windows DNS Server is generally available on Windows Server 2025 for client-to-server DNS traffic. \u00abWith general availability, organizations can now deploy encrypted and authenticated client-to-resolver DNS traffic directly within their existing on-premises DNS infrastructure,\u00bb the company said<\/a>. \u00abThe goal is to help improve privacy, reduce spoofing risk, and advance Zero Trust DNS without requiring a new resolver architecture. Enabling DoH on Windows DNS Server introduces encrypted communication for supported clients over HTTPS while preserving compatibility with most existing DNS deployments. Organizations can expect DoH traffic between DoH clients and Windows DNS Server to be encrypted via TLS, DNS queries to be transported as HTTPS requests, existing DNS functionality to continue operating as expected, and mixed environments, encrypted and traditional DNS, to be supported.\u00bb <\/p>\n<\/p><\/div>\n<\/li>\n

  2. \n <\/p>\n
    \n Search hijacks hide monetization layer<\/span><\/p>\n

    \n A cluster of 23 deceptive Chrome browser extensions has been found stealthily overriding users’ default search engines and routing queries through monetization middleware before delivering results. \u00abEach extension presents a different advertised purpose – satellite imagery, productivity tools, news readers, maps \u2013 while the actual business is search affiliate revenue,\u00bb security researcher Jean-Marie R. said<\/a>. \u00abThe campaign spans at least 8 distinct monetization brokers and ~758,000 affected users. While this might look like simple adware, it is a real security risk. First, it is a massive privacy violation: every search a user makes is sent to anonymous third-party brokers. Second, because the operators control the web traffic, they can easily switch from showing regular search results to injecting phishing links or malicious downloads at any time \u2013 all without ever updating the extension code itself.\u00bb\n <\/p>\n<\/p><\/div>\n<\/li>\n

  3. \n <\/p>\n
    \n Fileless macOS ClickFix attack chain<\/span><\/p>\n

    \n A Russian-speaking attacker has been observed targeting victims mainly in Asia, North America, and Oceania across technology, media, and business services sectors using ClickFix lures to deliver an AppleScript-based infostealer to macOS users. The ClickFix pages masquerade as downloads for a malware scanning utility. \u00abTo evade detection, the entire infection chain, starting from the initial clipboard paste to payload execution, is completely fileless, leaving no static artifacts on disk until persistence is established,\u00bb Netskope Threat Labs said<\/a>. \u00abVictims are socially engineered into executing a curl command that fetches a gzip-compressed stager, which pipes the second-stage AppleScript directly into osascript memory.\u00bb The second-stage, codenamed \u00abMeow (DEBUG),\u00bb uses a fake system dialog to harvest credentials, browser data, session cookies, and keychain contents. It’s also equipped with capabilities to trojanize legitimate desktop cryptocurrency wallet applications and maintain persistent command-and-control (C2) access, allowing the operator to run arbitrary payloads.\n <\/p>\n<\/p><\/div>\n<\/li>\n

  4. \n <\/p>\n
    \n Claude chat abuse fuels malware delivery<\/span><\/p>\n

    \n In another ClickFix campaign, threat actors have been spotted weaponizing Anthropic Claude’s shared chat feature, abusing the trust associated with a legitimate domain to deliver the MacSync credential-stealing malware. \u00abCybercriminals hijacked Google Ads searches for popular AI developer tools to funnel over 2,000 victims toward malicious download pages before quietly moving their operation onto claude.ai’s own platform, turning the trusted domain into a delivery mechanism for credential-stealing malware,\u00bb Trend Micro said<\/a>. \u00abThe Asia-Pacific region bore the brunt of the campaign, accounting for 67.2% of all confirmed victims, with Taiwan alone representing 30.5% of total traffic, a concentration that points to deliberate geographic ad targeting rather than opportunistic spread.\u00bb As many as 106 unique malicious hostnames have been identified over a span of seven weeks across six distinct attack waves.Anthropic has since banned the accounts responsible, disabled the malicious shared conversations, and is implementing additional abuse mitigations for its shared chat feature.\n <\/p>\n<\/p><\/div>\n

    \"\"<\/a><\/div>\n<\/li>\n
  5. \n <\/p>\n
    \n WhatsApp booking fraud spreads globally<\/span><\/p>\n

    \n Bitdefender ha\u0219 warned of an ongoing phishing campaign impersonating hotels, resorts, and accommodation providers across more than 10 countries. \u00abUnlike traditional travel scams that rely on generic phishing emails, this operation uses real booking information, localized messaging, and convincing hotel branding to trick travelers into handing over payment card details,\u00bb the Romanian cybersecurity company said<\/a>. \u00abVictims receive personalized messages containing names, stay dates, reservation details, and cancellation warnings. The campaign relies exclusively on WhatsApp, with no matching email or SMS infrastructure observed.\u00bb Observed languages include English, German, French, Spanish, Romanian, and Polish. Similar campaigns have been reported by Sekoia and Netcraft in the past.\n <\/p>\n<\/p><\/div>\n<\/li>\n

  6. \n <\/p>\n
    \n AI agent targets vulnerability chaos<\/span><\/p>\n

    \n Amazon Web Services (AWS) has announced<\/a> a new artificial intelligence (AI)-powered security agent called AWS Continuum<\/a> for code vulnerabilities, as models like Claude Mythos by attackers and defenders accelerate the ability to find and exploit vulnerabilities. AWS Continuum \u00abaddresses the full lifecycle of managing code vulnerabilities at machine speed. It continuously discovers vulnerabilities, validates which are genuinely exploitable, prioritizes them by business context, and helps you remediate them across the full stack within guardrails you define,\u00bb AWS said. The tech giant said the agent is model agnostic, and that it uses multiple frontier models where they perform best.\n <\/p>\n<\/p><\/div>\n<\/li>\n

  7. \n <\/p>\n
    \n AI export controls reshape model access<\/span><\/p>\n

    \n In a new report, WIRED said<\/a> the U.S. government’s decision to restrict Anthropic’s Claude Fable 5 and Mythos 5 models came after it ordered the AI company to revoke South Korea-based SK Telecom’s access over its alleged ties to China.\n <\/p>\n<\/p><\/div>\n<\/li>\n

  8. \n <\/p>\n
    \n SD-WAN zero-day scope expands<\/span><\/p>\n

    \n Cisco has updated<\/a> its February 2026 advisory for CVE-2026-20127, a critical privilege escalation flaw in Catalyst SD-WAN Controller and Catalyst SD-WAN Manager, to note that the vulnerability also affects Catalyst SD-WAN Validator. The security flaw has been exploited as a zero-day since 2023 by a sophisticated threat actor known as UAT-8616. It allows an unauthenticated remote attacker to bypass authentication and obtain administrative privileges on an affected system by sending a crafted request.\n <\/p>\n<\/p><\/div>\n<\/li>\n

  9. \n <\/p>\n
    \n AI coding agent trust bypass exposed<\/span><\/p>\n

    \n Manifold Security has flagged two high-severity local code-execution paths on a developer’s machine via a malicious repository in Cline<\/a>, an AI coding agent VS Code extension with more than 4.3 million installs. The repository’s content, in turn, tricks the agent into executing attacker-supplied shell commands under the developer’s account, enabling access to credentials, source code, and other sensitive data. \u00abCline ships an Approve\/Deny dialog and a \u00abSafe Commands\u00bb auto-approve filter that are supposed to stop exactly this. Both fail,\u00bb Ax Sharma, head of research at Manifold Security, said<\/a>. \u00abClicking the URL preview tile to verify where the agent is fetching from runs an OS-level command instead. The Approve\/Deny dialog never gates the click. ‘Safe Commands’ doesn’t inspect commands. It asks the AI agent whether its own command is safe, and trusts the answer, even after the same agent has been manipulated by attacker content.\u00bb While the findings have been classified as \u00about of scope,\u00bb Cline plans to release fixes in an upcoming release.\n <\/p>\n<\/p><\/div>\n<\/li>\n

  10. \n <\/p>\n
    \n HTTP\/2 abuse shifts to live reconnaissance<\/span><\/p>\n

    \n Earlier this month, Calif used OpenAI’s Codex to discover an exploit called the HTTP\/2 Bomb<\/a>. Formally tracked as CVE-2026-49975, the vulnerability ironically chains together two features that were expressly designed to save internet bandwidth to help attackers amplify junk traffic by orders of magnitude. Imperva has since reported<\/a> that attackers in the wild were \u00abrunning specialized tools designed to map out\u00bb vulnerable servers. A working proof-of-concept (PoC) is publicly available. \u00abExposure in this set is led by communication services at 24.9% of observed assets, with information technology contributing 18.0% and healthcare close behind at 17.0%,\u00bb CyCognito said<\/a>.\n <\/p>\n<\/p><\/div>\n<\/li>\n

  11. \n <\/p>\n
    \n Exposed email server becomes phishing hub<\/span><\/p>\n

    \n Cybersecurity researchers have discovered an \u00abinteresting attack\u00bb where an unknown actor leveraged a victim’s internet-facing terminal server as a phishing stager. Huntress said it recovered the full staging directory, including a legitimate bulk email software application (Gammadyne Mailer), a project file named dracii.mmp , and six target lists holding 8,894,920 email addresses. \u00abThe campaign impersonated the U.K. pharmacy chain Boots, using a ‘free gift’ survey as a lure,\u00bb the company said<\/a>. \u00abThe payload it pointed victims at was hosted on a compromised Bolivian government website, ipelc.gob[.]bo.\u00bb The payload is a Boots phishing web page hosted within the \/boots_store\/ subdirectory that urges users to complete a survey and redeem a free gift by entering their personal and financial information.\n <\/p>\n<\/p><\/div>\n<\/li>\n

  12. \n <\/p>\n
    \n Bank phishing delivers in-memory stealer<\/span><\/p>\n

    \n An active phishing campaign is targeting banks to deliver Phantom Stealer, an infostealer that’s sold under a subscription model for between $70 to $240 by a threat actor operating under the alias Oldphantomoftheopera. \u00abThe attack begins with phishing emails containing malicious attachments disguised as business documents,\u00bb Fortra said<\/a>. \u00abOnce executed, the malware runs entirely in memory, helping it evade traditional defenses. \u00abThe combination of targeted phishing delivery, advanced evasion techniques, broad credential harvesting capabilities, and a resilient multi-channel exfiltration infrastructure places this threat in the high-severity category.\u00bb Phantom Stealer targets major web browsers as well as Discord, Telegram, and Steam. It is also used to steal financial information, cryptocurrency assets, and collect keystrokes, screenshots, and clipboard data.\n <\/p>\n<\/p><\/div>\n<\/li>\n

  13. \n <\/p>\n
    \n Quantum-safe mandate timeline set<\/span><\/p>\n

    \n France’s cybersecurity agency ANSSI said<\/a> it would stop certifying security products that lack quantum-resistant encryption starting from 2027. It also requires businesses to purchase only quantum-safe products by 2030.\n <\/p>\n<\/p><\/div>\n<\/li>\n

  14. \n <\/p>\n
    \n State filters .ru email traffic<\/span><\/p>\n

    \n According to local media reports<\/a>, Estonia plans to implement additional security screening for emails sent from Russia’s .ru top-level domain before they reach government officials, citing heightened cyber risk. The new measures are expected to take effect starting August 31, 2026.\n <\/p>\n<\/p><\/div>\n<\/li>\n

  15. \n <\/p>\n
    \n Imposter scams hit $3.5B losses<\/span><\/p>\n

    \n The U.S. Federal Trade Commission (FTC) revealed that Americans lost a staggering $3.5 billion to imposter scams in 2025, with reported losses nearly tripling since 2020. \u00abThese scams lured consumers through text, phone, email, social media, search engine results, and other means. Some of the costliest impersonation scams start with a fake security alert, often from a bank,\u00bb the FTC said<\/a>. \u00abPeople are convinced to move money to ‘protect’ it, with their losses often limited only by their available funds.\u00bb In all, about $16 billion has been reported lost in 2025 to all types of fraud.\n <\/p>\n<\/p><\/div>\n<\/li>\n

  16. \n <\/p>\n
    \n Conti operator admits ransomware role<\/span><\/p>\n

    \n Oleksii Oleksiyovych Lytvynenko, 44, has pleaded guilty to wire fraud conspiracy in connection with Conti, a ransomware variant that infected more than 1,000 computers and networks across the world. \u00abLytvynenko, of Cork, Ireland, conspired with others to deploy Conti ransomware to extort victims and steal their data,\u00bb the U.S. Department of Justice said<\/a>. \u00abLytvynenko admitted to joining the Conti conspiracy no later than approximately September 2021. He admitted to possessing data from eight U.S. and four overseas victims, which had been stolen by Conti conspirators. Lytvynenko further admitted to joining a team run by a Conti conspirator during which time Lytvynenko was directed to work on coding a ‘loader,’ which is typically a type of malware, or malicious software, that is used to load programs necessary to execute other malicious attacks.\u00bb As of January 2022, Conti ransomware attacks resulted in at least $150 million in ransom payments. The Ukrainian national was extradited to the U.S. in October 2025. He is scheduled to be sentenced on September 10, 2026, and faces a maximum penalty of 20 years in prison.\n <\/p>\n<\/p><\/div>\n<\/li>\n

  17. \n <\/p>\n
    \n Steam wallpapers turn into account theft vector<\/span><\/p>\n

    \n Threat actors are abusing Steam Workshop to spread malware hidden in dozens of wallpaper packages, putting gamers’ accounts at risk. The activity has been active since late 2025. \u00abThe attackers are primarily targeting gamers in China and Russia, aiming to hijack their accounts,\u00bb Kaspersky said<\/a>. \u00abTo pull this off, they are exploiting Wallpaper Engine \u2013 a popular live wallpaper app available on Steam \u2013 specifically leveraging its Workshop sharing feature. The malware is hidden inside the wallpaper packages users share with one another. Running one of these compromised wallpapers can lead to a stolen Steam account or leave the victim\u2019s system infected with backdoors or crypto miners.\u00bb\n <\/p>\n<\/p><\/div>\n

    \"\"<\/a><\/div>\n<\/li>\n
  18. \n <\/p>\n
    \n Rust C2 framework hits npm supply chain<\/span><\/p>\n

    \n Three npm packages, node-ci-utils@2.1.4, win-env-setup@3.0.6, macos-ci-utils@1.0.0, have been found to act as droppers for Linux, Windows, and macOS systems to deliver a previously undocumented post-exploitation framework codenamed NastyC2. \u00abWritten entirely in Rust, it implements over 80 commands spanning credential harvesting, Active Directory attacks, container escape, cloud metadata theft, and fileless execution,\u00bb Panther said<\/a>. \u00abThe framework is comparable in scope to Cobalt Strike or Sliver, overlapping with both on BOF\/COFF execution, reflective DLL loading, multi-technique process injection, AD-native Kerberoasting and DCSync, AMSI\/ETW patching, SOCKS5 pivoting, and encrypted sleep.\u00bb\n <\/p>\n<\/p><\/div>\n<\/li>\n

  19. \n <\/p>\n
    \n npm package delivers worm + miner + LPE<\/span><\/p>\n

    \n A malicious npm package named crypto-javascript@4.2.5 has been observed installing three different payloads, including a supply chain worm that spreads across six build ecosystems (Rust, Cargo, Python, CMake, and npm), a Monero cryptocurrency miner, and an exploit for Dirty Frag, a local privilege escalation (LPE) vulnerability impacting the Linux kernel. \u00abAll three run from memory, leaving no named file on disk,\u00bb Panther said<\/a>. \u00abThe embedded kernel exploit carries a GCC build timestamp of 2026-04-30 1, seven days before public disclosure of the Dirty Frag vulnerability.\u00bb Although ELF timestamps can be forged, the development has raised the possibility that the threat actor may have had access to a working exploit code while details of the flaw were still under wraps.\n <\/p>\n<\/p><\/div>\n<\/li>\n

  20. \n <\/p>\n
    \n Multi-stage loader evades analysis chain<\/span><\/p>\n

    \n An active campaign is leveraging a multi-stage loader called OnionDrop to deliver malware families like LegionLoader (aka CurlyGate), CGrabber, and Vidar Stealer. OnionDrop is an advanced piece of malware with extensive defense evasion and anti-analysis features. \u00abThe chain starts with a ZIP archive and a legitimate Adobe-signed executable used for DLL side-loading,\u00bb Cyderes said<\/a>. \u00abFrom there, the malicious DLL walks through four transformation stages: custom byte-pair decoding, Xpress Huffman decompression via RtlDecompressBufferEx, AES-256-CBC decryption with rotating key material, and final shellcode execution through TpPostWork callback abuse inside the Windows Thread Pool. This is a professionally engineered evasion framework that anyone with access can point at any target.\u00bb\n <\/p>\n<\/p><\/div>\n<\/li>\n

  21. \n <\/p>\n
    \n Courier pickups extend crypto fraud lifecycle<\/span><\/p>\n

    \n The U.S. Federal Bureau of Investigation (FBI) has warned that scammers are instructing victims, usually senior citizens, to participate in cash pickups after engaging with them online by posing as individuals seeking business or romantic relationships. After establishing a relationship with the victim, the fraudster suggests investing in cryptocurrency and instructs the victim to download certain cryptocurrency trading applications and create investment accounts. \u00abThe scammers arrange for couriers to meet the victims in person to retrieve cash for fraudulent investments,\u00bb the FBI said<\/a>. \u00abLegitimate financial institutions may deny suspicious funds transfers by victims, so scammers inform victims in-person cash pickups are required to continue investing with the fraudulent investment firm or to pay purported fines to withdraw their investments. Alternatively, the fraudulent cryptocurrency exchange may inform victims their account has been ‘flagged,’ allowing the scammer to suggest the use of cash couriers as an alternative.\u00bb The dispatched couriers identify themselves using an agreed-upon code or a specific dollar bill serial number. When victims attempt to withdraw their perceived profits, the threat actors force them to pay non-existent taxes and penalties, again using couriers for cash pickups to continue the fraud.\n <\/p>\n<\/p><\/div>\n<\/li>\n

  22. \n <\/p>\n
    \n Belarus-linked Gmail phishing surge<\/span><\/p>\n

    \n CERT Polska has revealed that the Belarus-aligned Ghostwriter group has been running phishing campaigns targeting Gmail users through bogus messages designed to imitate official Gmail communications and trick recipients into clicking on malicious URLs that harvest their credentials. \u00abThese campaigns are carried out with high intensity, mainly on weekdays,\u00bb the agency said<\/a>. \u00abNotably, they enable the theft of two-factor authentication (2FA) credentials. In recent weeks, our team has observed the use of new domains serving phishing pages almost daily.\u00bb The campaign has targeted researchers, journalists, employees of public administration and law enforcement, and individuals connected to these groups through family or social relationships.\n <\/p>\n<\/p><\/div>\n<\/li>\n

  23. \n <\/p>\n
    \n OAuth device flow abused for account takeover<\/span><\/p>\n

    \n ReversingLabs has detailed a Microsoft 365 device code phishing campaign that makes use of Microsoft’s legitimate OAuth 2.0 Device Authorization Grant flow to obtain access to victim accounts. \u00abThe initial email sent to victims uses a lure that appears to be an approval for an estimate sent from a vendor to one of their customers,\u00bb security researcher Robert Simmons said<\/a>. \u00abRather than stealing passwords through a counterfeit login page, the phishing kit persuades victims to complete a legitimate Microsoft authentication process that authorizes an attacker-controlled device.\u00bb\n <\/p>\n<\/p><\/div>\n<\/li>\n

  24. \n <\/p>\n
    \n Stealer-as-a-service adds refund guarantee<\/span><\/p>\n

    \n A new information stealer called OnyxC2 is being marketed on underground forums, giving customers access to a web panel and a payload builder. Most importantly, paying users are eligible for refunds if a build gets caught. \u00abFor $250 a month, operators get a kit that harvests browser credentials, password managers, two-factor authentication (2FA), and crypto wallets across roughly 210 applications and extensions, then ships it all back over an encrypted channel,\u00bb BlackFog said<\/a>. \u00abThe stealer reaches 37 Chromium-based and 8 Gecko-based browsers, then 95 Chromium and 14 Gecko extensions, including 6 dedicated two-factor authentication extensions. It also covers 5 password managers, 17 cryptocurrency wallets, 11 FTP clients, and 5 email clients, with a further set of VPN, remote access, messaging, note-taking, and gaming targets.\u00bb A premium subscription is available for $500 per month. OnyxC2 also goes beyond a traditional steal by incorporating HVNC over a web browser, LSASS dumping, RunPE in memory and on disk, a reverse SOCKS5 proxy, screenshot capture, a keylogger, a file manager, and a reverse shell over HTTP, and a built-in TOR tunnel.\n <\/p>\n<\/p><\/div>\n<\/li>\n

  25. \n <\/p>\n
    \n AI-themed phishing drops AsyncRAT<\/span><\/p>\n

    \n A new campaign has been observed delivering malicious files disguised as AI-related documents in phishing emails to install AsynRAT. The attachments are distributed in the form of ZIP archives containing a Windows Shortcut (LNK) file that acts as a starting point for a stealthy, multi-stage attack chain. \u00abThese lures are designed to target users actively seeking AI-related learning resources,\u00bb Fortinet FortiGuard Labs said<\/a>. \u00abThe attack chain behind these files is remarkably complex, using multiple staged scripts to hide activity before ultimately deploying AutoHotkey-based loaders that reflectively inject a .NET remote access trojan [named clay_Client] and AsynRAT into memory for command-and-control communication and follow-on execution.\u00bb\n <\/p>\n<\/p><\/div>\n<\/li>\n

  26. \n <\/p>\n
    \n GCP telemetry gap exposes detection blind spots<\/span><\/p>\n

    \n Permiso Security said it discovered an \u00abinteresting and practically significant inconsistency\u00bb associated with serviceData, a field that has been deprecated in favor of metadata for obtaining service-specific information. \u00abIf serviceData were cleanly deprecated and services had migrated away from it, one would expect a predictable pattern: events after the deprecation date would stop populating the serviceData field and would start populating the relevant data in metadata instead,\u00bb security researcher Art Ukshini said<\/a>. However, further testing has uncovered that some events still populate serviceData correctly, while others produce empty serviceData objects. The security company said this unreliable behavior of serviceData translates into a concrete set of security risks that can affect detection coverage, incident response, and compliance, requiring organizations to validate log telemetry end-to-end.\n <\/p>\n<\/p><\/div>\n<\/li>\n

  27. \n <\/p>\n
    \n Worm weaponizes AI refusal behavior<\/span><\/p>\n

    \n A variant<\/a> of the Shai-Hulud worm<\/a> has been found to include an adversarial prompt for \u00absynthesizing weaponized biological agents suitable for aerosol dispersal\u00bb with an aim to target AI-powered malware scanners with an aim to trick the model into refusing a response for violating a safety guardrail, as opposed to classifying it as benign. \u00abA refusal is supposed to be the safe outcome,\u00bb JFrog said<\/a>. \u00abIt’s the model declining to do something harmful. Here, the refusal is the attack. If the scanner balks at the top of the file, it never reads the bottom, and the malware ships un-analyzed. Not because the model was fooled into trusting it, but because it was goaded into closing the book.\u00bb\n <\/p>\n<\/p><\/div>\n<\/li>\n

  28. \n <\/p>\n
    \n Risk-based patching gets enforcement layer<\/span><\/p>\n

    \n The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued<\/a> a new Binding Operational Directive, BOD 26-04<\/a>, that prioritizes security updates for Federal Civilian Executive Branch (FCEB) agencies, requiring them to remediate high-risk vulnerabilities within accelerated timeframes based on internet exposure, presence of a vulnerability in the Known Exploited Vulnerabilities (KEV) catalog, whether exploitation can be automated for large-scale attacks, and if the exploitation can translate to partial or total control of a system. Based on these risk factors, agencies may have to address these flaws within three days. The development is a sign that AI is not only lowering the barrier to exploit development and accelerating vulnerability research, but also allowing attackers to quickly incorporate newly disclosed flaws into their arsenal. \u00abCyber threat actors exploit unpatched vulnerabilities, and their use of AI may further narrow the time defenders have to react between patch release and possible exploitation,\u00bb CISA said<\/a>. \u00abThese factors provide federal agencies with a comprehensive risk picture to make informed decisions that significantly reduce risk without burdening IT managers with extra processes that do not change outcomes.\u00bb\n <\/p>\n<\/p><\/div>\n

    \"\"<\/a><\/div>\n<\/li>\n<\/ol>\n<\/section>\n<\/div>\n

    The lesson this week is not subtle. Trust is the attack surface now. The browser extension, the AI chat link, the OAuth flow, the coding agent, the package install, and the \u201cknown good\u201d cloud helper. Attackers are not always breaking down the door anymore. They are finding the doors we already propped open for convenience.<\/p>\n

    That means defense has to get less romantic about defaults. Watch the tools users trust, not just the files they download. Audit agents like accounts. Treat packages like code execution. Treat links from trusted platforms like links, not proof of safety. The internet did not collapse this week. It reminded us that \u201clegitimate\u201d is not the same as safe.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

    \ue804Ravie Lakshmanan\ue802Jun 18, 2026Hacking News \/ Cybersecurity News The internet did not break this week. It got used exactly as designed, which is worse. Searches were siphoned through shady browser…<\/p>\n","protected":false},"author":1,"featured_media":1366,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[383,266,9,2098,2097,39,35,390,187],"class_list":["post-1365","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-abuse","tag-chat","tag-claude","tag-devicecode","tag-nastyc2","tag-npm","tag-packages","tag-phishing","tag-stories"],"_links":{"self":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/1365","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1365"}],"version-history":[{"count":0,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/1365\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/media\/1366"}],"wp:attachment":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1365"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1365"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1365"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}