<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss xmlns:atom="http://www.w3.org/2005/Atom" version="2.0"><channel><title>Zaufana Trzecia Strona</title><link>https://badcyber.com/</link><description>Recent content on Zaufana Trzecia Strona</description><generator>Hugo</generator><language>en-US</language><lastBuildDate>Sun, 05 Jul 2026 11:00:00 +0200</lastBuildDate><atom:link href="https://badcyber.com/feed.xml" rel="self" type="application/rss+xml"/><item><title>IT Security Weekend Catch Up – July 5, 2026</title><link>https://badcyber.com/it-security-weekend-catch-up-july-5-2026/</link><pubDate>Sun, 05 Jul 2026 11:00:00 +0200</pubDate><guid>https://badcyber.com/it-security-weekend-catch-up-july-5-2026/</guid><description><![CDATA[<div class="payload-richtext"><p>Afraid of missing important security news during the week? We&#39;re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!</p><h3>For the less technical</h3><ol class="list-number"><li
          class=""
          style="text-align: left;"
          value="1"
        >[PL][VIDEO] <a href="https://www.youtube.com/watch?v=DsPoe1Wf8Hs" rel="noopener noreferrer" target="_blank">GPS interference in Europe. The trail leads to a Russian satellite</a></li><li
          class=""
          style="text-align: left;"
          value="2"
        >[PL] <a href="https://demagog.org.pl/analizy_i_raporty/agencja-projektowania-spolecznego-tak-rosja-atakuje-zachodnie-spoleczenstwa/" rel="noopener noreferrer" target="_blank">How the Social Design Agency works on Russia&#39;s behalf</a></li><li
          class=""
          style="text-align: left;"
          value="3"
        >[PL][AUDIO] <a href="https://www.youtube.com/watch?v=ghL8WwqxOs8" rel="noopener noreferrer" target="_blank">Fifth episode of the Informatyk Zakładowy Retro-podcast</a></li><li
          class=""
          style="text-align: left;"
          value="4"
        >[PL][VIDEO] <a href="https://www.youtube.com/watch?v=3lXk4jj1exM" rel="noopener noreferrer" target="_blank">Digital Hydra: does the individual stand a chance?</a></li><li
          class=""
          style="text-align: left;"
          value="5"
        >[PL] <a href="https://moje.cert.pl/komunikaty/2026/108/nieoplacony-parking-uwazaj-na-oszustow/#" rel="noopener noreferrer" target="_blank">Unpaid parking fee? Watch out for scammers</a></li><li
          class=""
          style="text-align: left;"
          value="6"
        >[PL][VIDEO] <a href="https://www.youtube.com/watch?v=RisMSzAW45k" rel="noopener noreferrer" target="_blank">Why everyone falls for online scams</a></li><li
          class=""
          style="text-align: left;"
          value="7"
        >[PL][VIDEO] <a href="https://www.youtube.com/watch?v=oknI3e-JDS4" rel="noopener noreferrer" target="_blank">They&#39;re trying to steal your Gmail credentials on LinkedIn</a></li><li
          class=""
          style="text-align: left;"
          value="8"
        >[PL] <a href="https://cbzc.policja.gov.pl/bzc/aktualnosci/983,17-latek-wlamywal-sie-na-konta-abonentow-sieci-telekomunikacyjnych-Wygenerowal-n.html" rel="noopener noreferrer" target="_blank">Polish cyber police identify 17-year-old behind attacks on mobile subscribers</a></li><li
          class=""
          style="text-align: left;"
          value="9"
        >[PL] <a href="https://cert.orange.pl/aktualnosci/jak-fbi-szkoli-sledczych-w-realistycznym-cyberpoligonie/" rel="noopener noreferrer" target="_blank">How the FBI trains investigators in a realistic cyber range</a></li><li
          class=""
          style="text-align: left;"
          value="10"
        >[PL] <a href="https://czasopismo.legeartis.org/2026/06/nielegalnie-przetwarzane-dane-osobowe-dowod-postepowaniu-sadowym-wyrok-tsue/" rel="noopener noreferrer" target="_blank">Illegally processed personal data as evidence in court</a></li><li
          class=""
          style="text-align: left;"
          value="11"
        >[PL] <a href="https://demagog.org.pl/analizy_i_raporty/raport-internet-dzieci-2026-algorytmy-i-ai-szkodza-juz-kilkulatkom/" rel="noopener noreferrer" target="_blank">&quot;Children online 2026&quot; report: algorithms and AI are already harming preschoolers</a></li><li
          class=""
          style="text-align: left;"
          value="12"
        >[PL] <a href="https://www.tabletowo.pl/eustella-europejska-alternatywa-dla-chatgpt-i-gemini/" rel="noopener noreferrer" target="_blank">Eustella, a secure European alternative to ChatGPT and Gemini</a></li><li
          class=""
          style="text-align: left;"
          value="13"
        ><a href="https://www.eff.org/deeplinks/2026/06/hate-algorithm-rss-one-tools-youve-been-looking" rel="noopener noreferrer" target="_blank">Hate “the algorithm?” RSS is one of the tools you’ve been looking for</a></li><li
          class=""
          style=""
          value="14"
        ><a href="https://citizenlab.ca/research/member-of-committee-investigating-spyware-hacked-with-pegasus/" rel="noopener noreferrer" target="_blank">Espionage against the European Parliament. Member of committee investigating spyware hacked with Pegasus</a></li><li
          class=""
          style=""
          value="15"
        ><a href="https://www.europol.europa.eu/media-press/newsroom/news/global-cyber-strike-disrupts-socgholish-amadey-and-stealc-malware-networks" rel="noopener noreferrer" target="_blank">Global cyber strike disrupts SocGholish, Amadey, and StealC malware networks</a></li><li
          class=""
          style=""
          value="16"
        ><a href="https://www.justice.gov/opa/pr/united-states-seizes-hundreds-internet-domains-used-illegally-stream-world-cup-matches" rel="noopener noreferrer" target="_blank">United States seizes hundreds of Internet domains used to illegally stream World Cup matches</a></li><li
          class=""
          style=""
          value="17"
        ><a href="https://cloud.google.com/blog/topics/threat-intelligence/google-continued-disruption-residential-proxy-networks" rel="noopener noreferrer" target="_blank">Google’s continued disruption of malicious residential proxy networks</a></li><li
          class=""
          style=""
          value="18"
        ><a href="https://www.justice.gov/opa/pr/alleged-member-criminal-cyber-hacking-group-scattered-spider-arrested-finland-and-extradited" rel="noopener noreferrer" target="_blank">Alleged member of criminal cyber hacking group “Scattered Spider” arrested in Finland and extradited to the United States</a></li></ol><h3>For the more technical</h3><ol class="list-number"><li
          class=""
          style=""
          value="1"
        >[PL][VIDEO] <a href="https://www.youtube.com/watch?v=L6H8DCYpmCI" rel="noopener noreferrer" target="_blank">An overview of interesting web application vulnerabilities</a></li><li
          class=""
          style=""
          value="2"
        >[PL][VIDEO] <a href="https://www.youtube.com/watch?v=8JHfUqvn_vQ" rel="noopener noreferrer" target="_blank">FortiBleed isn&#39;t a new flaw, it&#39;s a credentials issue</a></li><li
          class=""
          style=""
          value="3"
        >[PL][VIDEO] <a href="https://www.youtube.com/watch?v=f0phQreGegk" rel="noopener noreferrer" target="_blank">Railway cyber resilience: from vulnerabilities to compliance and security</a></li><li
          class=""
          style=""
          value="4"
        >[PL] <a href="https://www.sirt.pl/deepfake-gov-pl-i-falszywa-inwestycja-jak-oszusci-przejmuja-zaufanie-do-instytucji/" rel="noopener noreferrer" target="_blank">Deepfakes and a spoofed gov.pl site backed a fake investment platform</a></li><li
          class=""
          style=""
          value="5"
        ><a href="https://www.huntress.com/blog/klue-breach-investigation" rel="noopener noreferrer" target="_blank">Cybercrime breaches Klue: Salesforce data impacted for many victims</a></li><li
          class=""
          style=""
          value="6"
        ><a href="https://www.kali.org/blog/kali-linux-2026-2-release/" rel="noopener noreferrer" target="_blank">Kali Linux 2026.2 release (GNOME 50, KDE 6.6, Helper Scripts, APT Formats &amp; VM Boot Tweaking)</a></li><li
          class=""
          style=""
          value="7"
        ><a href="https://bednars.me/blog/winpe-harness" rel="noopener noreferrer" target="_blank">WinPE as a stateless harness for Windows driver testing and fuzzing</a></li><li
          class=""
          style=""
          value="8"
        ><a href="https://research.jfrog.com/post/dissecting-and-exploiting-linux-lpe-variant-dirtyclone-cve-2026-43503/" rel="noopener noreferrer" target="_blank">Dissecting and exploiting Linux LPE variant: DirtyClone (CVE-2026-43503)</a></li><li
          class=""
          style=""
          value="9"
        ><a href="https://thehackernews.com/2026/06/282-ios-apps-found-leaking-llm-api-keys.html" rel="noopener noreferrer" target="_blank">282 iOS AI apps leak API keys and open AI proxy access in network traffic study</a></li><li
          class=""
          style=""
          value="10"
        ><a href="https://www.zscaler.com/blogs/security-research/indirect-prompt-injection-web-content-targets-ai-agents" rel="noopener noreferrer" target="_blank">Indirect prompt injection in web content targets AI agents</a></li><li
          class=""
          style=""
          value="11"
        ><a href="https://www.mcafee.com/blogs/other-blogs/mcafee-labs/crypto-clipper-wallet-swapping-browser-extension-malware/" rel="noopener noreferrer" target="_blank">Silent Swap: A crypto clipper extension campaign</a></li><li
          class=""
          style=""
          value="12"
        ><a href="https://www.microsoft.com/en-us/security/blog/2026/06/29/chromium-extension-uses-airelated-branding-redirect-browser-search/" rel="noopener noreferrer" target="_blank">Chromium extension uses AI‑related branding to redirect browser search</a></li><li
          class=""
          style=""
          value="13"
        ><a href="https://0din.ai/blog/clone-this-repo-and-i-own-your-machine" rel="noopener noreferrer" target="_blank">Clone this repo and I own your machine</a></li><li
          class=""
          style=""
          value="14"
        ><a href="https://layerxsecurity.com/blog/bioshocking-ai-gaming-the-ai-browser-and-escaping-its-guardrails/" rel="noopener noreferrer" target="_blank">BioShocking AI: “Gaming” the AI browser and escaping its guardrails</a></li><li
          class=""
          style=""
          value="15"
        ><a href="https://blog.talosintelligence.com/artoken-inside-an-eviltokens-affiliate-panel-targeting-microsoft-365/" rel="noopener noreferrer" target="_blank">ARToken: Inside an EvilTokens affiliate panel targeting Microsoft 365</a></li><li
          class=""
          style=""
          value="16"
        ><a href="https://www.forcepoint.com/blog/x-labs/asyncrat-reloaded-python-trycloudflare-malware" rel="noopener noreferrer" target="_blank">AsyncRAT reloaded: Using Python and TryCloudflare for malware delivery again</a></li><li
          class=""
          style=""
          value="17"
        ><a href="https://www.levelblue.com/blogs/spiderlabs-blog/an-analysis-of-valleyrat-infection-campaigns-from-fake-installers-japanese-malicious-emails" rel="noopener noreferrer" target="_blank">An analysis of ValleyRAT infection campaigns from fake installers, Japanese malicious emails</a></li><li
          class=""
          style=""
          value="18"
        ><a href="https://www.trendmicro.com/en_us/research/26/f/tonresolver.html" rel="noopener noreferrer" target="_blank">TONResolver RAT abuses TON blockchain to target Japan&#39;s hotel industry</a></li><li
          class=""
          style=""
          value="19"
        ><a href="https://thedfirreport.com/2026/06/29/from-bing-search-to-ransomware-bumblebee-and-adaptixc2-deliver-akira-3/" rel="noopener noreferrer" target="_blank">From Bing search to ransomware: Bumblebee and AdaptixC2 deliver Akira</a></li><li
          class=""
          style=""
          value="20"
        ><a href="https://www.securonix.com/blog/veildrop-blogspot-hosted-powershell-loader/" rel="noopener noreferrer" target="_blank">Veil#Drop: Blogspot-hosted PowerShell loader delivers PureLog stealer through XOR-encoded in-memory .NET payloads</a></li><li
          class=""
          style=""
          value="21"
        ><a href="https://www.jamf.com/blog/pamstealer-macos-infostealer-applescript-rust/" rel="noopener noreferrer" target="_blank">PamStealer: a Rust-based macOS infostealer that validates credentials through PAM</a></li><li
          class=""
          style=""
          value="22"
        ><a href="https://blog.xlab.qianxin.com/rustduck-en/" rel="noopener noreferrer" target="_blank">RustDuck: An in-depth analysis of a two-stage botnet</a></li><li
          class=""
          style=""
          value="23"
        ><a href="https://socket.dev/blog/miasma-mini-shai-hulud-hits-leoplatform-npm-packages-go-ecosystem" rel="noopener noreferrer" target="_blank">Miasma Mini Shai-Hulud hits LeoPlatform npm packages and GitHub Actions, expands to the Go ecosystem</a></li><li
          class=""
          style=""
          value="24"
        >[VIDEO] <a href="https://www.youtube.com/watch?v=dCRmoaKQo_s" rel="noopener noreferrer" target="_blank">Signals &amp; Stories: The evolution of attribution in cyber threat intelligence</a></li><li
          class=""
          style=""
          value="25"
        ><a href="https://www.acronis.com/en/tru/posts/mustang-panda-targets-indias-government-and-energy-sectors/" rel="noopener noreferrer" target="_blank">Mustang Panda targets India&#39;s government and energy sectors with Zohomurk and Minirecon</a></li><li
          class=""
          style=""
          value="26"
        ><a href="https://www.seqrite.com/blog/operation-dragonreturn-china-nexus-cyber-espionage-campaign-targeting-govt-of-india-mof-tax-infrastructure-via-multi-stage-dcrat-deployment/" rel="noopener noreferrer" target="_blank">Operation DragonReturn: China-nexus cyber espionage campaign targeting Govt. of India/MoF tax infrastructure via multi-stage DcRAT deployment</a></li><li
          class=""
          style=""
          value="27"
        ><a href="https://censys.com/blog/unc1151-phishing-email-campaign/" rel="noopener noreferrer" target="_blank">UNC1151 phishing email targeting Belarusian politician points to multi-national campaign</a></li></ol><p>Did you enjoy this list? You can subscribe to one of our feeds on <a href="https://twitter.com/badcybercom">Twitter</a>, <a href="https://www.facebook.com/badcyber/">Facebook</a> or <a href="/feed/">RSS</a>.</p></div>]]></description></item><item><title>IT Security Weekend Catch Up – June 26, 2026</title><link>https://badcyber.com/it-security-weekend-catch-up-june-26-2026/</link><pubDate>Fri, 26 Jun 2026 23:30:00 +0200</pubDate><guid>https://badcyber.com/it-security-weekend-catch-up-june-26-2026/</guid><description><![CDATA[<div class="payload-richtext"><p>Afraid of missing important security news during the week? We&#39;re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!</p><h3>For the less technical</h3><ol class="list-number"><li
          class=""
          style="text-align: left;"
          value="1"
        >[PL] [VIDEO] <a href="https://www.youtube.com/watch?v=OZgJmaiC35Q" rel="noopener noreferrer" target="_blank">Everyday cybersecurity</a></li><li
          class=""
          style="text-align: left;"
          value="2"
        >[PL] <a href="https://cert.orange.pl/aktualnosci/dlaczego-publikacja-zdjec-dzieci-ze-swiadectwem-to-zly-pomysl/" rel="noopener noreferrer" target="_blank">Why posting photos of children with their certificates is a bad idea?</a></li><li
          class=""
          style="text-align: left;"
          value="3"
        >[PL] <a href="https://czasopismo.legeartis.org/2026/06/dane-logowania-dane-osobowe-pozyskanie-informacji-facebook-wyrok-nsa/" rel="noopener noreferrer" target="_blank">Are website login credentials personal data?</a></li><li
          class=""
          style="text-align: left;"
          value="4"
        >[PL] <a href="https://cbzc.policja.gov.pl/bzc/aktualnosci/975,Czlonkowie-grupy-przestepczej-w-rekach-CBZC-wsparcie-agentow-FBI-oraz-HSI.html" rel="noopener noreferrer" target="_blank">Members of a criminal group arrested by Poland’s CBZC with help from the FBI and HSI</a></li><li
          class=""
          style="text-align: left;"
          value="5"
        >[PL] <a href="https://cert.orange.pl/aktualnosci/sprzedajesz-telefon-na-vinted-uwazaj-nie-tylko-na-phishing-i-blik/" rel="noopener noreferrer" target="_blank">Selling a phone on Vinted? Watch out for more than phishing and BLIK scams</a></li><li
          class=""
          style="text-align: left;"
          value="6"
        >[PL] <a href="https://www.sirt.pl/falszywy-sklep-latwogang-jak-popularnosc-akcji-charytatywnej-stala-sie-paliwem-dla-oszustow/" rel="noopener noreferrer" target="_blank">How a popular charity campaign became fuel for scammers</a></li><li
          class=""
          style="text-align: left;"
          value="7"
        >[PL] <a href="https://uodo.gov.pl/pl/138/4445" rel="noopener noreferrer" target="_blank">Poland’s data protection chief advises law enforcement on how to interpret deepfakes</a></li><li
          class=""
          style="text-align: left;"
          value="8"
        >[PL] <a href="https://czasopismo.legeartis.org/2026/06/nadzor-kontrola-podmiotami-kluczowymi-waznymi-nis2/" rel="noopener noreferrer" target="_blank">NIS2: Oversight and supervision of essential and important entities</a></li><li
          class=""
          style="text-align: left;"
          value="9"
        >[PL] <a href="https://oko.press/o-czyja-suwerennosc-cyfrowa-troszczy-sie-unia-europejska" rel="noopener noreferrer" target="_blank">Whose digital sovereignty is the European Union trying to protect?</a></li><li
          class=""
          style="text-align: left;"
          value="10"
        >[PL] <a href="https://czasopismo.legeartis.org/2026/06/blokowanie-dzieciom-dostepu-pornografii-maloletnim-weryfikacja-wieku-naruszenie-swobody-swiadczenia-uslug-wyrok-tsue/" rel="noopener noreferrer" target="_blank">Blocking children’s access to pornography vs freedom to provide services</a></li><li
          class=""
          style="text-align: left;"
          value="11"
        >[PL] <a href="https://siecobywatelska.pl/gdy-informacja-znika/" rel="noopener noreferrer" target="_blank">Could disappearing messages become a way to avoid transparency?</a></li><li
          class=""
          style="text-align: left;"
          value="12"
        ><a href="https://www.politico.eu/article/eu-says-amazon-microsoft-cloud-services-should-fall-under-digital-dominance-rules/" rel="noopener noreferrer" target="_blank">EU says Amazon, Microsoft cloud services should fall under digital dominance rules</a></li><li
          class=""
          style="text-align: left;"
          value="13"
        ><a href="https://citizenlab.ca/research/russia-breaks-into-human-rights-activists-phone-with-cellebrite/" rel="noopener noreferrer" target="_blank">Russia breaks into human rights activist’s phone with Cellebrite</a></li><li
          class=""
          style="text-align: left;"
          value="14"
        ><a href="https://www.bitdefender.com/en-us/blog/hotforsecurity/scammers-steam-gift-cards-dead" rel="noopener noreferrer" target="_blank">Scammers have killed the physical Steam Gift cards</a></li><li
          class=""
          style="text-align: left;"
          value="15"
        ><a href="https://www.bleepingcomputer.com/news/security/nintendo-confirms-data-stolen-in-webmd-subsidiary-cyberattack/" rel="noopener noreferrer" target="_blank">Nintendo confirms data stolen in WebMD subsidiary cyberattack</a></li><li
          class=""
          style="text-align: left;"
          value="16"
        ><a href="https://www.bleepingcomputer.com/news/security/jaredfromsubway-mev-bot-hacked-in-15-million-crypto-theft/" rel="noopener noreferrer" target="_blank">JaredFromSubway MEV bot hacked in $15 million crypto theft</a></li></ol><h3>For the more technical</h3><ol class="list-number"><li
          class=""
          style=""
          value="1"
        >[PL] <a href="https://kapitanhack.pl/fifa-i-broken-access-control-jak-konto-bez-uprawnien-uzyskalo-dostep-do-systemow-mistrzostw-swiata-2026/" rel="noopener noreferrer" target="_blank">How an unauthorized account gained access to FIFA systems</a></li><li
          class=""
          style=""
          value="2"
        ><a href="https://ps.tc/pages/blog-usbliter8.html" rel="noopener noreferrer" target="_blank">Introducing usbliter8: An A12/A13 SecureROM exploit</a></li><li
          class=""
          style=""
          value="3"
        ><a href="https://blog.calif.io/p/squidbleed-cve-2026-47729" rel="noopener noreferrer" target="_blank">Squidbleed (CVE-2026-47729). Heartbleed&#39;s ancient cousin, hiding in Squid since 1997</a></li><li
          class=""
          style=""
          value="4"
        ><a href="https://lucidbitlabs.com/blog/when-defenses-become-attack-surface/" rel="noopener noreferrer" target="_blank">When defenses become attack surface: CVE-2026-20971, a Samsung kernel UAF</a></li><li
          class=""
          style=""
          value="5"
        ><a href="https://arstechnica.com/security/2026/06/following-user-outcry-amd-reinstates-memory-encryption-in-consumer-cpus/" rel="noopener noreferrer" target="_blank">Following user outcry, AMD reinstates memory encryption in consumer CPUs</a></li><li
          class=""
          style=""
          value="6"
        ><a href="https://jfrog.com/blog/pixelsmash-critical-ffmpeg-vulnerability-turns-media-files-into-weapons/" rel="noopener noreferrer" target="_blank">PixelSmash – critical FFmpeg vulnerability turns media files into weapons</a></li><li
          class=""
          style=""
          value="7"
        ><a href="https://blog.xlab.qianxin.com/arystinger-botnet-hijacks-legacy-routers-for-global-attacks-en/" rel="noopener noreferrer" target="_blank">More than 4,000 legacy routers compromised by AryStinger, turned into global attack proxies for hackers</a></li><li
          class=""
          style=""
          value="8"
        ><a href="https://www.cloudsek.com/blog/inside-the-fortibleed-open-directory-a-technical-analysis-of-what-the-attacker-left-behind" rel="noopener noreferrer" target="_blank">Inside the FortiBleed open directory: A technical analysis of what the attacker left behind</a></li><li
          class=""
          style=""
          value="9"
        ><a href="https://www.wordfence.com/blog/2026/06/attackers-actively-exploiting-sensitive-information-exposure-vulnerability-in-gravity-smtp-plugin/" rel="noopener noreferrer" target="_blank">Attackers actively exploiting sensitive information exposure vulnerability in Gravity SMTP plugin</a></li><li
          class=""
          style=""
          value="10"
        ><a href="https://www.island.io/blog/badblocker-11-million-users-one-server-call-away-from-compromise" rel="noopener noreferrer" target="_blank">BadBlocker: 11 million users, one server call away from compromise</a></li><li
          class=""
          style=""
          value="11"
        ><a href="https://www.sentinelone.com/labs/macos-gaslight-rust-backdoor-turns-prompt-injection-on-the-analyst-not-the-sandbox/" rel="noopener noreferrer" target="_blank">macOS.Gaslight: Rust backdoor turns prompt injection on the analyst, not the sandbox</a></li><li
          class=""
          style=""
          value="12"
        ><a href="https://www.elastic.co/security-labs/oxloader-malware-loader-infostealer" rel="noopener noreferrer" target="_blank">Lost in relocation: analysis of a new loader distributing CastleStealer</a></li><li
          class=""
          style=""
          value="13"
        ><a href="https://www.blackfog.com/inside-onyxc2-the-new-stealer-targeting-210-apps/" rel="noopener noreferrer" target="_blank">Inside OnyxC2: The new stealer targeting 210 apps</a></li><li
          class=""
          style=""
          value="14"
        ><a href="https://www.welivesecurity.com/en/eset-research/gamaredon-2025-leveraging-tunnels-workers-dead-drops-new-alliances/" rel="noopener noreferrer" target="_blank">Gamaredon in 2025: Leveraging tunnels, workers, dead drops, and new alliances</a></li><li
          class=""
          style=""
          value="15"
        ><a href="https://www.spamhaus.com/resource-center/solaris-loader-a-new-malware-loader/" rel="noopener noreferrer" target="_blank">SolarisLoader - a new malware loader</a></li><li
          class=""
          style=""
          value="16"
        ><a href="https://www.microsoft.com/en-us/security/blog/2026/06/17/crypto-clipper-uses-tor-worm-like-propagation-for-persistence-control/" rel="noopener noreferrer" target="_blank">Crypto Clipper uses Tor and worm-like propagation for persistence and control</a></li><li
          class=""
          style=""
          value="17"
        ><a href="https://labs.k7computing.com/index.php/a-multi-stage-steganographic-loader-campaign-deploying-diverse-payloads-globally/" rel="noopener noreferrer" target="_blank">A multi-stage steganographic loader campaign deploying diverse payloads globally</a></li><li
          class=""
          style=""
          value="18"
        ><a href="https://www.gendigital.com/blog/insights/research/inside-vidar-abe-bypass" rel="noopener noreferrer" target="_blank">Inside Vidar’s ABE bypass: From memory scanning to APC injections</a></li><li
          class=""
          style=""
          value="19"
        ><a href="https://any.run/cybersecurity-blog/eviltokens-ghost-code-analysis/" rel="noopener noreferrer" target="_blank">EvilTokens: How “ghost” code threatens US and European businesses</a></li><li
          class=""
          style=""
          value="20"
        ><a href="https://www.zscaler.com/blogs/security-research/payouts-king-ransomware-initial-access-broker-deploys-new-edgecution" rel="noopener noreferrer" target="_blank">Payouts King ransomware initial access broker deploys new Edgecution malware</a></li><li
          class=""
          style=""
          value="21"
        ><a href="https://www.seqrite.com/blog/threat-actors-weaponizing-rar-archives-to-target-thailands-healthcare-sector/" rel="noopener noreferrer" target="_blank">Threat actors weaponizing RAR archives to target Thailand’s healthcare sector</a></li><li
          class=""
          style=""
          value="22"
        ><a href="https://dti.domaintools.com/research/threat-intelligence-report-nation-state-targeting-of-water-systems-2024-2026" rel="noopener noreferrer" target="_blank">Threat intelligence report: Nation-state targeting of water systems 2024–2026</a></li></ol><p>Did you enjoy this list? You can subscribe to one of our feeds on <a href="https://twitter.com/badcybercom">Twitter</a>, <a href="https://www.facebook.com/badcyber/">Facebook</a> or <a href="/feed/">RSS</a>.</p></div>]]></description></item><item><title>IT Security Weekend Catch Up – June 19, 2026</title><link>https://badcyber.com/it-security-weekend-catch-up-june-19-2026/</link><pubDate>Fri, 19 Jun 2026 23:00:00 +0200</pubDate><guid>https://badcyber.com/it-security-weekend-catch-up-june-19-2026/</guid><description><![CDATA[<div class="payload-richtext"><p>Afraid of missing important security news during the week? We&#39;re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!</p><h3>For the less technical</h3><ol class="list-number"><li
          class=""
          style="text-align: left;"
          value="1"
        >[PL] <a href="https://cbzc.policja.gov.pl/bzc/aktualnosci/965,Zarabiali-na-fikcyjnych-sklepach-internetowych-oszukali-w-ten-sposob-ponad-440-o.html" rel="noopener noreferrer" target="_blank">Fraudsters behind fake online stores scam more than 440 people</a></li><li
          class=""
          style="text-align: left;"
          value="2"
        >[PL] <a href="https://uokik.gov.pl/kreator-cv-czyli-kreator-kosztow-kara-dla-serwisu-interviewmepl" rel="noopener noreferrer" target="_blank">UOKiK fines Interviewme.pl over costly CV builder</a></li><li
          class=""
          style="text-align: left;"
          value="3"
        >[PL] <a href="https://cert.orange.pl/ostrzezenia/oszusci-podszywaja-sie-pod-inpost-i-kradna-dostep-do-whatsapp-sprawdz-jak-nie-dac-sie-oszukac/" rel="noopener noreferrer" target="_blank">Scammers pose as InPost to hijack WhatsApp accounts</a></li><li
          class=""
          style="text-align: left;"
          value="4"
        >[PL] <a href="https://cert.orange.pl/ostrzezenia/falszywy-mail-allegro-phishing-paczka/" rel="noopener noreferrer" target="_blank">Fake Allegro email warns of delivery address error</a></li><li
          class=""
          style="text-align: left;"
          value="5"
        >[PL] <a href="https://panoptykon.org/informowanie-o-inwigilacji-potrzebne-od-zaraz" rel="noopener noreferrer" target="_blank">People need to be notified of surveillance without delay</a></li><li
          class=""
          style="text-align: left;"
          value="6"
        >[PL] <a href="https://cyfrowa.rp.pl/globalne-interesy/art44619631-palantir-przegral-w-szwajcarii-wyrok-ujawnil-rosnace-obawy-o-technologiczna-zaleznosc-od-usa" rel="noopener noreferrer" target="_blank">Palantir loses in Switzerland as Europe moves to curb reliance on the US</a></li><li
          class=""
          style="text-align: left;"
          value="7"
        >[PL][AUDIO] <a href="https://informatykzakladowy.pl/czwarty-odcinek-retro-podcastu-informatyka-zakladowego/" rel="noopener noreferrer" target="_blank">Fourth episode of the Informatyk Zakładowy retro podcast</a></li><li
          class=""
          style="text-align: left;"
          value="8"
        ><a href="https://www.independent.co.uk/tech/china-ai-university-arts-degree-b2995940.html" rel="noopener noreferrer" target="_blank">China’s universities cut thousands of ‘obsolete’ arts degrees in AI overhaul</a></li><li
          class=""
          style="text-align: left;"
          value="9"
        ><a href="https://arstechnica.com/tech-policy/2026/06/uk-to-ban-social-media-for-kids-under-16-may-impose-overnight-curfews/" rel="noopener noreferrer" target="_blank">UK to ban social media for kids under 16, may impose overnight curfews</a></li><li
          class=""
          style="text-align: left;"
          value="10"
        >[VIDEO] <a href="https://www.youtube.com/watch?v=y_RirGTqnlM" rel="noopener noreferrer" target="_blank">The internet group that changed hacking forever</a></li><li
          class=""
          style="text-align: left;"
          value="11"
        ><a href="https://blog.openmeasures.io/p/telegram-crackdown-patriot-party" rel="noopener noreferrer" target="_blank">Cybercriminals are evading Telegram crackdowns in &#39;patriot party&#39; and crypto-themed channels</a></li><li
          class=""
          style="text-align: left;"
          value="12"
        ><a href="https://www.theregister.com/cyber-crime/2026/06/15/council-of-europe-hacked-in-shinyhunters-peoplesoft-heist/5255757" rel="noopener noreferrer" target="_blank">Council of Europe hacked in ShinyHunters&#39; PeopleSoft heist</a></li><li
          class=""
          style="text-align: left;"
          value="13"
        ><a href="https://www.bleepingcomputer.com/news/security/kodak-confirms-data-breach-claimed-by-shinyhunters-extortion-gang/" rel="noopener noreferrer" target="_blank">Kodak confirms data breach claimed by ShinyHunters extortion gang</a></li><li
          class=""
          style="text-align: left;"
          value="14"
        ><a href="https://www.europol.europa.eu/media-press/newsroom/news/ransomware-gangs-cut-eur-336-million-audia6-crypto-laundering-pipeline" rel="noopener noreferrer" target="_blank">Ransomware gangs cut off from EUR 336 million ‘AudiA6’ crypto laundering pipeline</a></li><li
          class=""
          style="text-align: left;"
          value="15"
        ><a href="https://www.fbi.gov/news/stories/inside-the-fbis-kinetic-cyber-range" rel="noopener noreferrer" target="_blank">Inside the FBI&#39;s 22,000 square-foot indoor technical training environment in Huntsville</a></li></ol><h3>For the more technical</h3><ol class="list-number"><li
          class=""
          style=""
          value="1"
        >[PL] <a href="https://www.sirt.pl/falszywy-dokument-przewozowy-purelogs-stealer-realnym-zagrozeniem/" rel="noopener noreferrer" target="_blank">Fake shipping document campaign shows PureLogs Stealer is a real threat</a></li><li
          class=""
          style=""
          value="2"
        ><a href="https://doublepulsar.com/fortibleed-75k-fortinet-firewalls-have-admin-passwords-cracked-60299faa65f8" rel="noopener noreferrer" target="_blank">FortiBleed — 75k Fortinet firewalls have admin passwords cracked</a></li><li
          class=""
          style=""
          value="3"
        ><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-arbfw-c2rZvQ" rel="noopener noreferrer" target="_blank">Cisco Catalyst SD-WAN Manager arbitrary file write vulnerability</a></li><li
          class=""
          style=""
          value="4"
        ><a href="https://labs.watchtowr.com/more-evidence-that-words-dont-mean-what-we-thought-they-meant-ivanti-sentry-pre-auth-os-command-injection-cve-2026-10520/" rel="noopener noreferrer" target="_blank">More evidence that words don&#39;t mean what we thought they meant (Ivanti Sentry pre-auth OS command injection CVE-2026-10520)</a></li><li
          class=""
          style=""
          value="5"
        ><a href="https://www.imperva.com/blog/compromise-openclaw-with-prompt-injections-in-message-objects/" rel="noopener noreferrer" target="_blank">Compromise OpenClaw with prompt injections in message objects</a></li><li
          class=""
          style=""
          value="6"
        ><a href="https://www.aikido.dev/blog/phpbb-authentication-bypass-rce" rel="noopener noreferrer" target="_blank">10 year old critical vulnerability in phpBB affecting tens of millions of users across thousands of forums</a></li><li
          class=""
          style=""
          value="7"
        ><a href="https://www.acronis.com/en/tru/posts/from-emerging-threat-to-top-tier-ransomware-as-a-service-the-evolution-of-inc-ransomware/" rel="noopener noreferrer" target="_blank">From emerging threat to top-tier ransomware-as-a-service: The evolution of INC ransomware</a></li><li
          class=""
          style=""
          value="8"
        ><a href="https://www.ibm.com/think/x-force/interlock-and-rhysida-within-the-ransonware-ecosystem" rel="noopener noreferrer" target="_blank">Interlock and Rhysida within the ransomware ecosystem</a></li><li
          class=""
          style=""
          value="9"
        ><a href="https://www.welivesecurity.com/en/eset-research/killing-me-gently-inside-gentlemens-edr-killer-framework/" rel="noopener noreferrer" target="_blank">Killing me gently: Inside Gentlemen’s EDR killer framework</a></li><li
          class=""
          style=""
          value="10"
        ><a href="https://www.rapid7.com/blog/post/tr-malware-tracking-dropping-elephant-tradecraft-china-themed-loader-chain/" rel="noopener noreferrer" target="_blank">Malware à la Mode: Tracking Dropping Elephant tradecraft through a China-themed loader chain</a></li><li
          class=""
          style=""
          value="11"
        ><a href="http://infoblox.com/blog/threat-intelligence/hot-take-operation-endgame-vs-socgholish/" rel="noopener noreferrer" target="_blank">Operation Endgame vs SocGholish</a></li><li
          class=""
          style=""
          value="12"
        ><a href="https://www.sonatype.com/blog/atomic-arch-npm-campaign-adds-malicious-dependency" rel="noopener noreferrer" target="_blank">Atomic Arch: Attackers hijack trusted AUR packages to deliver rootkit-like malware</a></li><li
          class=""
          style=""
          value="13"
        ><a href="https://www.aikido.dev/blog/multiple-jetbrains-ide-plugins-caught-stealing-ai-keys" rel="noopener noreferrer" target="_blank">Multiple JetBrains IDE plugins caught stealing AI keys</a></li><li
          class=""
          style=""
          value="14"
        ><a href="https://www.microsoft.com/en-us/security/blog/2026/06/17/postinstall-payload-inside-mastra-npm-supply-chain-compromise/" rel="noopener noreferrer" target="_blank">From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet</a></li><li
          class=""
          style=""
          value="15"
        ><a href="https://www.zscaler.com/blogs/security-research/shai-hulud-campaign-evolution-miasma-hades-and-ai-scanner-evasion" rel="noopener noreferrer" target="_blank">Shai-Hulud campaign evolution: Miasma, Hades, and AI scanner evasion</a></li><li
          class=""
          style=""
          value="16"
        ><a href="https://socket.dev/blog/152-chrome-live-wallpaper-extensions-hid-ad-tracking" rel="noopener noreferrer" target="_blank">152 Chrome live wallpaper extensions hid ad tracking and faked Google search traffic</a></li><li
          class=""
          style=""
          value="17"
        ><a href="https://zimperium.com/blog/rokarolla-android-banker-with-complete-device-takeover-capabilities" rel="noopener noreferrer" target="_blank">Rokarolla: Android banker with complete device takeover capabilities</a></li><li
          class=""
          style=""
          value="18"
        ><a href="https://www.d3lab.net/nfcshare-evolves-from-a-banking-phishing-apk-to-a-github-hosted-android-nfc-fraud-campaign/" rel="noopener noreferrer" target="_blank">NFCShare evolves: from a banking phishing APK to a GitHub-hosted Android NFC fraud campaign</a></li><li
          class=""
          style=""
          value="19"
        ><a href="https://www.security.com/threat-intelligence/dragonforce-msteams-backdoor" rel="noopener noreferrer" target="_blank">Hidden in Teams: DragonForce attackers weaponize Microsoft Teams relays to stay hidden</a></li><li
          class=""
          style=""
          value="20"
        ><a href="https://www.zscaler.com/blogs/security-research/clickfix-campaign-generated-ai-delivers-smartrat" rel="noopener noreferrer" target="_blank">ClickFix campaign generated via AI delivers SmartRAT</a></li><li
          class=""
          style=""
          value="21"
        ><a href="https://www.huntress.com/blog/potemkin-loader-rmmproject-clickfix-attack" rel="noopener noreferrer" target="_blank">Someone&#39;s hands are on your keyboard then your whole network. Courtesy of ClickFix, Potemkin, RMMProject and EtherRAT</a></li><li
          class=""
          style=""
          value="22"
        ><a href="https://www.huntress.com/blog/terminal-server-phishing-stager-exposed" rel="noopener noreferrer" target="_blank">The devil, eight million emails, and a whole lot of milk</a></li><li
          class=""
          style=""
          value="23"
        ><a href="https://www.welivesecurity.com/en/eset-research/fishmongers-arsenal-upgraded-sprysocks-windows/" rel="noopener noreferrer" target="_blank">FishMonger’s arsenal upgraded: SprySOCKS for Windows</a></li><li
          class=""
          style=""
          value="24"
        ><a href="https://cloud.google.com/blog/topics/threat-intelligence/prc-targets-us-medical-research/" rel="noopener noreferrer" target="_blank">Public and private medical community targeted by China-nexus threat actor pursuing artificial intelligence, cyber, medical, and national defense research</a></li><li
          class=""
          style=""
          value="25"
        ><a href="https://www.sygnia.co/blog/operation-highland-velvet-ant/" rel="noopener noreferrer" target="_blank">Velvet Ant’s Operation Highland: How a China-nexus actor infiltrated an internal network undetected</a></li></ol><p>Did you enjoy this list? You can subscribe to one of our feeds on <a href="https://twitter.com/badcybercom">Twitter</a>, <a href="https://www.facebook.com/badcyber/">Facebook</a> or <a href="/feed/">RSS</a>.</p></div>]]></description></item><item><title>IT Security Weekend Catch Up – June 12, 2026</title><link>https://badcyber.com/it-security-weekend-catch-up-june-12-2026/</link><pubDate>Fri, 12 Jun 2026 23:30:00 +0200</pubDate><guid>https://badcyber.com/it-security-weekend-catch-up-june-12-2026/</guid><description><![CDATA[<div class="payload-richtext"><p>Afraid of missing important security news during the week? We&#39;re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!</p><h3>For the less technical</h3><ol class="list-number"><li
          class=""
          style="text-align: left;"
          value="1"
        >[PL] <a href="https://www.wnp.pl/tech/na-ten-cel-wydamy-nawet-100-mld-zl-rocznie-nowa-strategia-rzadu-w-cyfryzacji,1070455.html" rel="noopener noreferrer" target="_blank">Polish government approves National Digitalization Strategy</a></li><li
          class=""
          style="text-align: left;"
          value="2"
        >[PL] <a href="https://siecobywatelska.pl/czy-jawnosc-zagraza-bezpieczenstwu-panstwa/" rel="noopener noreferrer" target="_blank">Is transparency a threat to national security?</a></li><li
          class=""
          style="text-align: left;"
          value="3"
        >[PL][VIDEO] <a href="https://www.youtube.com/watch?v=61jjjKMZEqM" rel="noopener noreferrer" target="_blank">Secret Department No. 4: What Russian intelligence agents study?</a></li><li
          class=""
          style="text-align: left;"
          value="4"
        >[PL] <a href="https://www.pap.pl/aktualnosci/gosc-studia-pap-agata-slusarek-ekspertka-cyberbezpieczenstwa" rel="noopener noreferrer" target="_blank">Expert warns there’s no such thing as a risk-free investment. A “safe” profit offer online could be a scam</a></li><li
          class=""
          style="text-align: left;"
          value="5"
        >[PL] <a href="https://cert.orange.pl/ostrzezenia/deepfake-falszywa-platforma-bukmacherska/" rel="noopener noreferrer" target="_blank">The World Cup “guaranteed win” that drains your account: An analysis of a deepfake campaign ahead of the FIFA World Cup</a></li><li
          class=""
          style="text-align: left;"
          value="6"
        >[PL] <a href="https://czasopismo.legeartis.org/2026/06/weryfikacji-wieku-uzytkownikow-serwisow-pornograficznych-blokowanie-dostepu-maloletnim-internecie-projekt/" rel="noopener noreferrer" target="_blank">Mandatory age checks for porn sites</a></li><li
          class=""
          style="text-align: left;"
          value="7"
        >[PL][AUDIO] <a href="https://www.youtube.com/watch?v=HiL94WvjCww" rel="noopener noreferrer" target="_blank">Meta and Google in court. Will the verdicts change the internet?</a></li><li
          class=""
          style="text-align: left;"
          value="8"
        >[PL] <a href="https://krytykapolityczna.pl/swiat/usa-ai-sztuczna-inteligencja-centra-danych-szkodliwosc-protesty-mieszkancow/" rel="noopener noreferrer" target="_blank">Americans united in opposition to AI data centers</a></li><li
          class=""
          style="text-align: left;"
          value="9"
        >[PL] <a href="https://demagog.org.pl/analizy_i_raporty/ai-jako-narzedzie-skoordynowanej-dezinformacji-jak-odpowiedziec-na-ten-problem/" rel="noopener noreferrer" target="_blank">AI enables coordinated disinformation campaigns</a></li><li
          class=""
          style="text-align: left;"
          value="10"
        >[PL] <a href="https://uodo.gov.pl/pl/138/4423" rel="noopener noreferrer" target="_blank">Poland’s data protection chief appeals the closure of an investigation into AI-generated nude images of a student</a></li><li
          class=""
          style="text-align: left;"
          value="11"
        ><a href="https://www.theguardian.com/business/2026/jun/08/aviva-ai-bogus-insurance-claims-rocket" rel="noopener noreferrer" target="_blank">Aviva detects record £230m in bogus insurance claims as use of AI rises</a></li><li
          class=""
          style="text-align: left;"
          value="12"
        ><a href="https://www.theguardian.com/technology/2026/jun/12/pokemon-go-data-trained-ai-that-could-assist-military-drones-in-war-zones" rel="noopener noreferrer" target="_blank">Pokémon Go data trained AI that could assist military drones in war zones</a></li><li
          class=""
          style="text-align: left;"
          value="13"
        >[VIDEO] <a href="https://www.youtube.com/watch?v=tz23G_UXCGA" rel="noopener noreferrer" target="_blank">Something is jamming GPS over Europe. Here&#39;s what we found</a></li><li
          class=""
          style="text-align: left;"
          value="14"
        ><a href="https://www.bleepingcomputer.com/news/security/french-govt-messaging-service-breached-in-account-hijacking-attack/" rel="noopener noreferrer" target="_blank">French govt messaging service breached in account hijacking attack</a></li><li
          class=""
          style="text-align: left;"
          value="15"
        ><a href="https://www.theguardian.com/technology/2026/jun/09/spyware-firm-targeted-whatsapp-users-defiance-us-court-order-meta-says" rel="noopener noreferrer" target="_blank">Spyware firm targeted WhatsApp users in defiance of US court order, Meta says</a></li></ol><h3>For the more technical</h3><ol class="list-number"><li
          class=""
          style=""
          value="1"
        >[PL][VIDEO] <a href="https://www.youtube.com/watch?v=R5jTfcX6pf8" rel="noopener noreferrer" target="_blank">MCP – the hot topic in the world of app security</a></li><li
          class=""
          style=""
          value="2"
        >[PL] <a href="https://sekurak.pl/signal-wdraza-mechanizmy-chroniace-przed-phishingiem-czy-sa-wystarczajace-do-ochrony-uzytkownika/" rel="noopener noreferrer" target="_blank">Signal rolls out new anti-phishing features</a></li><li
          class=""
          style=""
          value="3"
        ><a href="https://cert.pl/en/posts/2026/06/UNC1151-gmail-campaign/" rel="noopener noreferrer" target="_blank">UNC1151/Ghostwriter phishing campaign targeting Gmail accounts</a></li><li
          class=""
          style=""
          value="4"
        ><a href="https://blog.checkpoint.com/security/check-point-releases-important-hotfix-for-vulnerabilities-in-deprecated-ikev1-vpn-protocol/" rel="noopener noreferrer" target="_blank">Active exploitation of Check Point VPN authentication bypass (CVE-2026-50751)</a></li><li
          class=""
          style=""
          value="5"
        ><a href="https://www.fortinet.com/blog/threat-research/inside-cross-platform-propagation-of-new-gafgyt-variant-c0xmo" rel="noopener noreferrer" target="_blank">Inside the cross-platform propagation of a new Gafgyt variant C0XMO</a></li><li
          class=""
          style=""
          value="6"
        ><a href="https://www.crowdstrike.com/en-us/blog/patch-tuesday-analysis-june-2026/" rel="noopener noreferrer" target="_blank">June 2026 Patch Tuesday: Microsoft patches 206 vulnerabilities including three publicly disclosed zero-days</a></li><li
          class=""
          style=""
          value="7"
        ><a href="https://www.huntress.com/blog/unpatched-ntlm-leak-windows-search-uri-handler" rel="noopener noreferrer" target="_blank">When &quot;moderate&quot; means &quot;sometimes&quot;</a></li><li
          class=""
          style=""
          value="8"
        ><a href="https://www.bleepingcomputer.com/news/security/google-patches-fifth-chrome-zero-day-bug-exploited-in-attacks-this-year/" rel="noopener noreferrer" target="_blank">Google patches new Chrome zero-day flaw exploited in the wild</a></li><li
          class=""
          style=""
          value="9"
        >[VIDEO] <a href="https://www.youtube.com/watch?v=eTdeFbWROeg" rel="noopener noreferrer" target="_blank">The only Open Redirect that scares me</a></li><li
          class=""
          style=""
          value="10"
        ><a href="https://www.bleepingcomputer.com/news/security/oracle-mitigates-peoplesoft-zero-day-exploited-in-data-theft-attacks/" rel="noopener noreferrer" target="_blank">Oracle mitigates PeopleSoft zero-day exploited in data theft attacks</a></li><li
          class=""
          style=""
          value="11"
        ><a href="https://blog.exodusintel.com/2026/06/08/off-by-exploiting-a-use-after-free-in-the-linux-kernel/" rel="noopener noreferrer" target="_blank">Off by !: Exploiting a use-after-free in the Linux kernel</a></li><li
          class=""
          style=""
          value="12"
        ><a href="https://blog.sekoia.io/fsbs-matryoshka-1-3-gamaredons-gifts-that-keeps-unpacking-gammaphish-and-gammaworm/" rel="noopener noreferrer" target="_blank">FSB’s matryoshka – Gamaredon’s gifts that keeps unpacking – GammaPhish and GammaWorm</a></li><li
          class=""
          style=""
          value="13"
        ><a href="https://blog.sekoia.io/fsbs-matryoshka-2-3-gamaredons-gifts-that-keeps-unpacking-gammaload/" rel="noopener noreferrer" target="_blank">FSB’s matryoshka #2/3 – Gamaredon’s gifts that keeps unpacking – GammaLoad</a></li><li
          class=""
          style=""
          value="14"
        ><a href="https://blog.sekoia.io/fsbs-matryoshka-3-3-gamaredons-gifts-that-keeps-unpacking-gammasteel/" rel="noopener noreferrer" target="_blank">FSB’s matryoshka #3/3 – Gamaredon’s gifts that keeps unpacking – GammaSteel</a></li><li
          class=""
          style=""
          value="15"
        ><a href="https://www.fortinet.com/blog/threat-research/threat-actors-weaponize-ai-hype-to-deliver-asyncrat" rel="noopener noreferrer" target="_blank">Threat actors weaponize AI hype to deliver AsyncRAT</a></li><li
          class=""
          style=""
          value="16"
        ><a href="https://research.jfrog.com/post/iron-worm-shai-hulud-rustier-cousin/" rel="noopener noreferrer" target="_blank">IronWorm: Shai-Hulud&#39;s rustier cousin</a></li><li
          class=""
          style=""
          value="17"
        ><a href="https://www.stepsecurity.io/blog/binding-gyp-npm-supply-chain-attack-spreads-like-worm" rel="noopener noreferrer" target="_blank">Miasma npm supply chain attack: Self-spreading worm via Phantom Gyp</a></li><li
          class=""
          style=""
          value="18"
        ><a href="https://safedep.io/inside-the-miasma-supply-chain-attack-toolkit/" rel="noopener noreferrer" target="_blank">Inside the Miasma software supply chain attack toolkit</a></li><li
          class=""
          style=""
          value="19"
        ><a href="https://opensourcemalware.com/blog/miasma-reaches-azure" rel="noopener noreferrer" target="_blank">The blight reaches Microsoft: 73 repos disabled in 105 seconds</a></li><li
          class=""
          style=""
          value="20"
        ><a href="https://www.sophos.com/en-us/blog/you-do-surprise-me-exe-an-unexpected-executable-in-hola-browser" rel="noopener noreferrer" target="_blank">You do surprise me.exe: An unexpected executable in Hola Browser</a></li><li
          class=""
          style=""
          value="21"
        ><a href="https://www.microsoft.com/en-us/security/blog/2026/06/08/ai-brands-as-bait-how-threat-actors-are-using-the-ai-hype-in-social-engineering/" rel="noopener noreferrer" target="_blank">AI brands as bait: How threat actors are using the AI hype in social engineering</a></li><li
          class=""
          style=""
          value="22"
        ><a href="https://www.proofpoint.com/us/blog/threat-insight/dont-fear-repo-unkdeaddrop-phishing-campaign-targets-developers-steal" rel="noopener noreferrer" target="_blank">Don&#39;t fear the repo: UNK_DeadDrop phishing campaign targets developers to steal cryptocurrency</a></li><li
          class=""
          style=""
          value="23"
        ><a href="https://www.gendigital.com/blog/insights/research/goflateloader-delivers-multiple-infostealers" rel="noopener noreferrer" target="_blank">GoFlateLoader: A widespread Golang loader delivering multiple infostealers</a></li><li
          class=""
          style=""
          value="24"
        ><a href="https://unit42.paloaltonetworks.com/cloud-logging-defense-evasion/" rel="noopener noreferrer" target="_blank">Blinding the watchmen: Abusing cloud logging services for defense evasion and visibility</a></li><li
          class=""
          style=""
          value="25"
        ><a href="https://www.zscaler.com/blogs/security-research/technical-analysis-mltbackdoor" rel="noopener noreferrer" target="_blank">Technical analysis of MLTBackdoor</a></li><li
          class=""
          style=""
          value="26"
        ><a href="https://www.catonetworks.com/blog/cato-ctrl-previously-undocumented-ninjaone-rmm-abuse-chain/" rel="noopener noreferrer" target="_blank">From fiscal lures to remote access, a previously undocumented NinjaOne RMM abuse chain</a></li><li
          class=""
          style=""
          value="27"
        ><a href="https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/" rel="noopener noreferrer" target="_blank">OceanLotus: From external espionage to domestic targeting</a></li><li
          class=""
          style=""
          value="28"
        ><a href="https://www.volexity.com/blog/2026/06/04/verdantbamboo-just-another-brickstorm-in-the-firewall/" rel="noopener noreferrer" target="_blank">VerdantBamboo: Just another BRICKSTORM in the firewall</a></li><li
          class=""
          style=""
          value="29"
        ><a href="https://blog.sekoia.io/apt28-an-evolution-of-tradecraft/" rel="noopener noreferrer" target="_blank">APT28, an evolution of tradecraft</a></li><li
          class=""
          style=""
          value="30"
        ><a href="https://www.trendmicro.com/en_us/research/26/f/old-winrar-flaw-fuels-attacks-on-ukraine.html" rel="noopener noreferrer" target="_blank">Old WinRAR flaw fuels attacks on Ukraine: How unmanaged software keeps the door open</a></li><li
          class=""
          style=""
          value="31"
        ><a href="https://cloud.google.com/blog/topics/threat-intelligence/targeted-campaign-us-law-firms/" rel="noopener noreferrer" target="_blank">Seeking counsel: Ongoing targeted campaign against US law firms</a></li><li
          class=""
          style=""
          value="32"
        ><a href="https://www.acronis.com/en/tru/posts/behind-khmer-shadow-targeted-espionage-against-cambodian-government-entities/" rel="noopener noreferrer" target="_blank">Behind Khmer Shadow: Targeted espionage against Cambodian government entities</a></li></ol><p>Did you enjoy this list? You can subscribe to one of our feeds on <a href="https://twitter.com/badcybercom">Twitter</a>, <a href="https://www.facebook.com/badcyber/">Facebook</a> or <a href="/feed/">RSS</a>.</p></div>]]></description></item><item><title>IT Security Weekend Catch Up – June 7, 2026</title><link>https://badcyber.com/it-security-weekend-catch-up-june-7-2026/</link><pubDate>Sun, 07 Jun 2026 22:30:00 +0200</pubDate><guid>https://badcyber.com/it-security-weekend-catch-up-june-7-2026/</guid><description><![CDATA[<div class="payload-richtext"><p>Afraid of missing important security news during the week? We&#39;re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!</p><h3>For the less technical</h3><ol class="list-number"><li
          class=""
          style="text-align: left;"
          value="1"
        ><a href="https://krebsonsecurity.com/2026/06/hackers-used-metas-ai-support-bot-to-seize-instagram-accounts/" rel="noopener noreferrer" target="_blank">Hackers used Meta’s AI support bot to seize Instagram accounts</a></li><li
          class=""
          style="text-align: left;"
          value="2"
        ><a href="https://arstechnica.com/security/2026/05/fed-up-with-vibe-coders-dev-sneaks-data-nuking-prompt-injection-into-their-code/" rel="noopener noreferrer" target="_blank">Fed up with vibe coders, dev sneaks data-nuking prompt injection into their code</a></li><li
          class=""
          style="text-align: left;"
          value="3"
        ><a href="https://www.theregister.com/cyber-crime/2026/06/02/dumbass-criminal-breaks-the-first-rule-of-ransomware-club/5250380" rel="noopener noreferrer" target="_blank">&#39;Dumbass&#39; criminal breaks the &#39;first rule of ransomware club&#39;</a></li><li
          class=""
          style="text-align: left;"
          value="4"
        ><a href="https://arstechnica.com/security/2026/06/dashlane-issues-opaque-advisory-warning-20-encrypted-vaults-were-stolen/" rel="noopener noreferrer" target="_blank">Can’t make sense of Dashlane’s vault theft notification? You’re not alone</a></li><li
          class=""
          style="text-align: left;"
          value="5"
        ><a href="https://www.theregister.com/security/2026/06/01/gta-cheat-service-atlas-menu-hacked-as-attacker-alleges-screenshot-spying/5249192" rel="noopener noreferrer" target="_blank">GTA cheat service Atlas Menu hacked as attacker alleges screenshot spying</a></li></ol><h3>For the more technical</h3><ol class="list-number"><li
          class=""
          style=""
          value="1"
        ><a href="https://source.android.com/docs/security/bulletin/2026/2026-06-01" rel="noopener noreferrer" target="_blank">Android Security Bulletin—June 2026</a></li><li
          class=""
          style=""
          value="2"
        ><a href="https://mysk.blog/2026/05/19/cve-2026-28910/" rel="noopener noreferrer" target="_blank">CVE-2026-28910: Breaking macOS App Sandbox data containers, TCC, and hijacking apps using Archive Utility</a></li><li
          class=""
          style=""
          value="3"
        ><a href="https://heyitsas.im/posts/cifswitch/" rel="noopener noreferrer" target="_blank">CIFSwitch: a non-universal Linux local root vulnerability</a></li><li
          class=""
          style=""
          value="4"
        ><a href="https://www.bleepingcomputer.com/news/microsoft/critical-windows-netlogon-remote-code-execution-flaw-now-exploited-in-attacks/" rel="noopener noreferrer" target="_blank">Critical Windows Netlogon RCE flaw now exploited in attacks</a></li><li
          class=""
          style=""
          value="5"
        ><a href="https://blog.ammaraskar.com/github-token-stealing/" rel="noopener noreferrer" target="_blank">1-click GitHub token stealing via a VSCode bug</a></li><li
          class=""
          style=""
          value="6"
        ><a href="https://blog.calif.io/p/codex-discovered-a-hidden-http2-bomb" rel="noopener noreferrer" target="_blank">HTTP/2 Bomb: AI-discovered DoS hits every major web server</a></li><li
          class=""
          style=""
          value="7"
        ><a href="https://permiso.io/blog/chatgpt-markdown-rendering-vulnerability" rel="noopener noreferrer" target="_blank">ChatGPhish: The page is the payload</a></li><li
          class=""
          style=""
          value="8"
        ><a href="https://www.wordfence.com/blog/2026/05/15000-wordpress-sites-affected-by-administrator-account-creation-vulnerability-in-wp-maps-pro-wordpress-plugin/" rel="noopener noreferrer" target="_blank">15,000 WordPress sites affected by administrator account creation vulnerability in WP Maps Pro WordPress plugin</a></li><li
          class=""
          style=""
          value="9"
        ><a href="https://socket.dev/blog/malicious-nuget-package-impersonates-sicoob-sdk" rel="noopener noreferrer" target="_blank">Malicious NuGet package impersonates Sicoob SDK to exfiltrate banking certificates and passwords</a></li><li
          class=""
          style=""
          value="10"
        ><a href="https://www.microsoft.com/en-us/security/blog/2026/05/28/typosquatted-npm-packages-used-steal-cloud-ci-cd-secrets/" rel="noopener noreferrer" target="_blank">Typosquatted npm packages used to steal cloud and CI/CD secrets</a></li><li
          class=""
          style=""
          value="11"
        ><a href="https://www.aikido.dev/blog/red-hat-npm-packages-compromised-credential-stealing-worm" rel="noopener noreferrer" target="_blank">Red Hat npm packages compromised to spread a credential-stealing worm</a></li><li
          class=""
          style=""
          value="12"
        ><a href="https://socket.dev/blog/mini-shai-hulud-campaign-hits-red-hat-cloud-services-npm-packages" rel="noopener noreferrer" target="_blank">Mini Shai-Hulud campaign hits Red Hat Cloud Services npm packages</a></li><li
          class=""
          style=""
          value="13"
        ><a href="https://www.ox.security/blog/new-npm-supply-chain-attack-redhat-cloud-services-compromised/" rel="noopener noreferrer" target="_blank">New Shai-Hulud hits npm: @redhat-cloud-services compromised</a></li><li
          class=""
          style=""
          value="14"
        ><a href="https://www.godaddy.com/resources/news/malware-targeting-wordpress-abuses-steam-community-profiles" rel="noopener noreferrer" target="_blank">Malware targeting WordPress abuses Steam community profiles for command &amp; control operations</a></li><li
          class=""
          style=""
          value="15"
        ><a href="https://www.mcafee.com/blogs/other-blogs/mcafee-labs/weedhack-minecraft-malware-as-a-service-campaign-research/" rel="noopener noreferrer" target="_blank">Game Over: WeedHack – The rise of Minecraft malware-as-a-service campaign</a></li><li
          class=""
          style=""
          value="16"
        ><a href="https://www.picussecurity.com/resource/blog/nightspire-ransomware-attack-chain-tools-and-tactics" rel="noopener noreferrer" target="_blank">NightSpire ransomware attack chain, tools and tactics</a></li><li
          class=""
          style=""
          value="17"
        ><a href="https://www.withsecure.com/en/resources-hub/w-labs/greyvibe/" rel="noopener noreferrer" target="_blank">GREYVIBE: A Russia-nexus group leveraging AI across state-aligned operations</a></li><li
          class=""
          style=""
          value="18"
        ><a href="https://ellio.tech/en/blog/sanctioned-seized-still-scanning-inside-a-russian-bulletproof-hosting-network-targeting-the-eu/" rel="noopener noreferrer" target="_blank">Sanctioned, seized, still scanning: Inside a Russian bulletproof hosting network targeting the EU</a></li></ol><p>Did you enjoy this list? You can subscribe to one of our feeds on <a href="https://twitter.com/badcybercom">Twitter</a>, <a href="https://www.facebook.com/badcyber/">Facebook</a> or <a href="/feed/">RSS</a>.</p></div>]]></description></item></channel></rss>