Worm Code Exposed, AI Agent Tricked, Claude Security Fix + 28 Fresh Stories

A new analysis from Flashpoint has revealed that “more than 11.1 million devices were infected with infostealers last year, fueling a supply of over 3.3 billion stolen credentials, session cookies, cloud tokens, and other forms of identity data now circulating across illicit markets.” There are over 30 unique infostealer strains actively listed for sale across illicit marketplaces, forums, and underground communities, indicating the “scale and accessibility of the modern malware-as-a-service ecosystem.” Lumma, Acreed, Rhadamanthys, Vidar, and StealC were the most prolific stealers in 2025. India, Brazil, Indonesia, Vietnam, the Philippines, and the U.S. were the top six countries affected by stealer malware during the same period.

A threat actor named “o1oo1” has advertised an advanced remote access trojan (RAT) named SilabRAT that’s sold under a malware-as-a-service (MaaS) model for $5,000 a month on darknet forums since September 2025. “SilabRAT is heavily focused on financial gain through credential theft,” Group-IB said. “It offers stability and is capable of bypassing existing security measures.” Delivered via ClickFix campaigns using Hijack Loader, the malware uses Hidden Virtual Network Computing (HVNC) to facilitate remote control capabilities, employs techniques like Browser Profile Cloning to replicate a user’s browser profile (user agent, extensions, storage, and other fingerprinting attributes) to the attacker’s system, and can identify wallet addresses or extract cryptocurrency-related artifacts. The Russian-speaking malware developer and vendor, “o1oo1,” has been active since late 2020, previously launching a service called AsmCrypt.

CrowdStrike has revealed that a North Korean threat actor known as Famous Chollima, which is behind the long-running IT worker and Contagious Interview campaign, accounted for 47% of all state-sponsored hands-on-keyboard operations against the tech sector between April 2025 and March 2026. Hands-on intrusions refer to cyber attacks in which a human operator controls and interacts with a system rather than relying solely on malware. “In their IT worker infiltration campaigns, they sought fraudulent employment at tech companies across North America, Europe, and Asia,” the cybersecurity company said.

The U.S. Department of Justice has announced the seizure of 13 internet domains masquerading as consulting companies used to target U.S. persons, including current and former security clearance holders with access to classified and sensitive U.S. government information. “These domain seizures offer a glimpse at how foreign actors can use promises of easy money to lure Americans into revealing sensitive or classified information that they are duty-bound to protect,” said Assistant Attorney General for National Security John A. Eisenberg. “Anyone approached online with offers of easy income for vague ‘consulting’ work should treat those overtures with extreme caution and remain vigilant for warning signs of malicious targeting.” These sham companies advertised generic consulting or analyst jobs on platforms like Upwork, Expertia AI, Hubstaff Talent, Wellfound, and Post Job Free that sought to recruit current or former U.S. government and U.S. military employees to lend their expertise to unspecified clients. The recruiters then pressured candidates to part with confidential information and reports from “insider” sources in exchange for cryptocurrency payments. The announcement comes after the Five Eyes intelligence alliance countries warned of China aggressively using job platforms to target people for information. In a statement shared with Reuters, the Chinese Embassy in Washington condemned the allegations and called them fabricated.

The Miasma credential-stealing attack framework was briefly made available for free on GitHub, after multiple repositories with the name “Miasma-Open-Source-Release” began appearing since June 8, 2026. According to SafeDep, the source code has been published through compromised developer accounts. “The Miasma codebase appears to be larger than a supply chain worm,” SafeDep said. “It is a full supply chain attack toolkit that allows the attacker to execute various attacks via stolen credentials against arbitrary or targeted packages on public registries (PyPI, npm, RubyGems), JFrog Artifactory, GitHub repositories and GitHub Actions, AI coding tools config poisoning, SSH-based lateral movement, and other attack vectors.” As opposed to relying on conventional command-and-control (C2) infrastructure, the malware employs three independent C2 channels using GitHub commit search, each with a different search string and crypto key: “DontRevokeOrItGoesBoom” to discover attacker-controlled personal access tokens (PATs) for data exfiltration, “TheBeautifulSandsOfTime” to deliver JavaScript, and “firedalazer” to deliver Python script URLs that act as a remote code execution backdoor. Miasma is assessed to be a variant of the Shai-Hulud worm. The campaign has since morphed into a Python variant called Hades, which represents the latest evolution of the sustained software supply chain campaign. As of last week, a total of 304 components have been impacted by Miasma.

Google has revealed that it intends to save the images, files, audio, and video users upload to Search under

Researchers at Iru have identified a new cross-platform remote access trojan named SStar Agent, built to work on both Windows and macOS. “The macOS variant behaves like a powerful surveillance tool geared toward reconnaissance and data theft, while the Windows variant adds keystroke logging, clipboard tracking, and remote input control,” the team explained. “A key component is a large POST request sent to /api/telemetry/report, which continuously scans and uploads the entire directory structure to flag files of interest. The differences between the two builds suggest the malware is still being developed.” The trojan is distributed through a compromised npm package called “tw-style-utils,” disguised as a fake Web3 engineering coding test hosted in a GitHub repo (“star45674/smart-contract-engineer-role”). While the repo itself contains no harmful code, the malware is embedded within its npm dependency. Although attribution remains uncertain, the tactics overlap with known North Korean hacker operations.

Tenable has revealed a tactic called download pumping, where attackers artificially boost the download numbers of npm packages to make malicious ones look trustworthy to developers. One case involved the “ambar-src” package, which surpassed 50,000 downloads in just three days after attackers released hundreds of harmless versions before slipping in the actual malware. “Each new release triggered automated downloads from repository mirrors and analysis tools,” Tenable noted. “By flooding the registry with rapid version updates, they created a surge of artificial traffic that hammered the download counter past 50,000 in a mere three days.”

A flaw in certain Microsoft Exchange configurations could let attackers send emails posing as any user within an affected organization. The method has been named Ghost-Sender. “Using Exchange Online—or on-premises Exchange in hybrid mode—alongside an external MX record, such as a third-party email gateway or spam filter, can enable impersonation of any sender to any recipient in the victim’s tenant,” warned InfoGuard Labs. “This bypasses whatever SPF, DKIM, or DMARC policies the spoofed domain has in place, and the messages arrive with no warning. You can impersonate someone inside or outside the organization. For internal senders, Outlook even displays the person’s profile picture.”

A previously unidentified threat group called SiribClone has focused on Russian military personnel using fake “safe photo sharing” apps to deliver malware targeting desktops and mobile devices. In some scenarios, operators pose as women looking for romantic connections to compromise smartphones, computers, and Telegram accounts. Active since early 2025, the group deploys a spyware called SafeLoveStealer on Android devices—capable of stealing photos, videos, documents, and location information—while Windows machines are hit with a credential-stealing tool dubbed SiribGrabber. Malware is disguised as military-themed documents inside ZIP files sent via email. The group also runs fake Telegram login pages designed to harvest phone numbers, verification codes, and two-factor authentication passwords, granting full account access. A related utility called Kontur stores hijacked Telegram sessions so operators can review stolen messages. Separately, Russian maritime universities, energy sites, embassies, and government bodies have faced phishing attacks from an unknown actor since at least July 2024. Recent waves have used a C2 framework named Ravage, while earlier 2024 campaigns relied on Cobalt Strike. A third group, Cloud Atlas, has also singled out Russia (along with Belarus), sending phishing emails with ZIP files containing malicious shortcut links that execute PowerShell scripts, ultimately deploying malware such as VBShower and PowerShower, the latter designed to install a password-stealing tool. Attackers move laterally across networks using RDP, SSH, and RevSocks via tools like PAExec or PsExec as part of a framework called PowerAdmin. Two additional utilities have been uncovered: PowerCloud, which harvests user data with admin rights and logs it to Google Sheets, and Browser Checker, a PowerShell script that detects whether browser processes (Chrome, Edge, Firefox, etc.) are running on the machine.

A ransomware-linked attacker has deployed a new backdoor family called MTLBackdoor through ClickFix social engineering. “MTLBackdoor accepts commands such as downloading and uploading files from the victim’s machine,” reported Zscaler ThreatLabz. “One of its most notable capabilities is loading Beacon Object Files (BOFs) to extend its functionality on the fly.” The malware surfaced in May 2026. In recent months, ransomware campaigns associated with DragonForce and World Leaks have used tools like VIPERTUNNEL—a Python-based implant previously tied to RansomHub—and RustyRocket, a purpose-built Rust utility for stealthy data theft and maintaining long-term access. “Once launched, RustyRocket establishes a secure connection back to the attacker’s server using deeply encrypted, layered traffic that blends seamlessly with regular internet activity, making detection extremely difficult,” said Accenture’s T. Ryan Whelan. “It’s a full communications platform engineered for persistence and concealment.”

A fresh skimmer campaign is focusing on WooCommerce stores to pilfer credit card data from checkout pages. “The skimmer mimics the legitimate Stripe payment form and validates cards in real time so that

“The victim never suspects anything,” CloudSEK explained. “What makes this sample especially sophisticated is how convincingly it mimics a genuine checkout experience. It replicates the same client-side validation steps that a real payment page would perform.”

A newly identified Go-based loader called GoFlateLoader is being leveraged to deploy a range of infostealers, including Amatera, Remus, Lumma, Vidar, StealC, and SvitStealer. According to Gen Digital’s Avast, “GoFlateLoader is available in both x86 (32-bit) and x86-64 (64-bit) versions, aligned with the architecture of the payload it is intended to run.” The loader is built for in-memory execution and is intentionally bloated with an oversized PE overlay to evade detection. The malware spreads through pirated software and a malicious Traffic Distribution System (TDS) previously associated with Remus Stealer, AnimateClipper, and the SessionGate framework. Since early April 2026, over 33,000 distinct users have been targeted, with Brazil, India, Argentina, Mexico, Turkey, and Spain among the hardest-hit countries.

Maxwell Schultz, 36, from Columbus, Ohio, has been handed a 24-month federal prison sentence for breaching his former employer’s network after his contract was ended in May 2021. Posing as another contractor, Schultz acquired login credentials, gained access to the company’s systems, and ran a malicious PowerShell script that reset approximately 2,500 passwords — locking out employees and contractors and resulting in losses exceeding $862,000. Schultz pleaded guilty to the offense in November 2025.

A fresh phishing campaign masquerading as Italian and European banking institutions is being used to spread an Android malware strain named NFCShare. The attacks rely on phishing pages designed to steal user credentials, after which victims are urged to “update” their banking app by downloading an APK file hosted on GitHub (“antoniocastaldo1998/app-scuola”). The ultimate objective is to walk the user through a counterfeit card verification process: hold the card against the phone, keep it in place during “authentication,” and enter the card PIN. Behind the scenes, the app captures NFC card data (ISO-DEP) and sends it to a remote WebSocket server. The campaign shows tactical similarities to other NFC relay malware families, including SuperCardX and RelayNFC. The presence of Chinese-language text points to a China-linked operator or shared tooling origins.

Four phishing simulations conducted on an OpenClaw email agent nicknamed Pinchy showed that it is vulnerable to the same social engineering tricks that fool human users. “In certain scenarios, Pinchy not only failed to detect the phishing attempts but also carried out dangerous actions that could put a real organization at risk,” Varonis reported. “In one striking example, a casual email from someone named ‘Dan’ simply asking the agent to share staging credentials was enough to get it to forward AWS IAM keys, database passwords, and SSH access to an external Gmail address.” This form of agent phishing differs from indirect prompt injection. While prompt injection hides malicious instructions within data the model processes to provoke unintended behavior, agent phishing works at the application level. “A plausible request comes through a standard communication channel, looks like a legitimate business message, and succeeds when the agent acts on it before confirming the sender’s identity,” Varonis noted.

Apple has announced that the next version of Apple Intelligence — the company’s generative AI platform — will be able to replace weak or compromised passwords with a single tap through the Passwords app. “Building on its existing ability to warn users about weak and compromised passwords, Passwords can now automatically resolve these issues with just one tap,” Apple stated. “Leveraging Apple Intelligence and Safari to act on the user’s behalf, Passwords securely navigates websites to log in and upgrade accounts to stronger passwords.”

A technique dubbed EDRChoker disrupts the client-server communication of Endpoint Detection and Response (EDR) software to bypass security defenses. “EDRChoker leverages policy-based Quality of Service (QoS) to throttle EDR agents down to minimal bandwidth; when agents try to connect, they repeatedly time out because of the extremely restricted bandwidth,” said a security researcher known as Zero Salarium. “It takes a list of common EDR process names and applies QoS policies that cap those processes at 8 bits per second. At that rate, an EDR agent is effectively cut off from its server.” Earlier in January, the same researcher also demonstrated EDRStartupHinder, a method that blocks EDR programs from launching. “EDRStartupHinder exploits Windows Bindlink to redirect a DLL from System32 to a different location, while also taking advantage of a mechanism that only loads DLLs signed by a program protected with Protected Process Light (PPL) to stop AV/EDR services from starting,” the researcher explained. A separate technique developed by Binary Defense disables critical security services — such as Windows Defender and Sysmon — without setting off conventional malware alerts. It alters Windows Access Control Lists (ACLs) to insert “Deny” Access Control Entries (ACEs) against core system libraries like “kernel32.dll.” Since these services depend on the DLL to operate, the dependency chain is severed. After a system reboot, the protected services are unable to start, leaving the endpoint completely undefended.

The supply chain attack on CPUID that delivers STX RAT is more extensive than initially believed. A new analysis from Cyderes has uncovered seven additional trojanized packages linked to the same operation. “All packages use the same delivery method,” the cybersecurity firm stated. “The threat actor, using the alias Leda Elacoate (pufferfish11@firemail[.]cc), created and maintained a Bitbucket repository of trojanized installers over roughly a month, targeting a broad spectrum of user groups.” Among the affected packages is X-VPN, a consumer VPN service with over 100 million reported users. Those who installed X-VPN through official channels were not impacted. “The actor started with cryptocurrency exchange and trading software as bait — going after users likely to have financial account access — and gradually broadened the lure portfolio to include social engineering decoys and VPN software,” Cyderes added.