# Cybersecurity Weekly Recap: Key Threats, Vulnerabilities, and Breaking News
**By Ravie Lakshmanan | Jun 29, 2026 | Cybersecurity / Hacking**
This past week served as a stark reminder that threat actors don’t always need sophisticated techniques to breach systems. Often, a single small mistake, an overlooked legacy access path, or an unpatched vulnerability is all it takes to open the door to attackers.
Below is a comprehensive recap of the week’s most significant cybersecurity developments.
—
## ⚡ Threat of the Week
### New DirtyClone Linux Kernel Flaw Lets Local Users Gain Root via Cloned Packets
Cybersecurity researchers have uncovered a new variant of the well-known Dirty Frag Linux kernel vulnerability. Dubbed **DirtyClone** (CVE-2026-43503), this flaw enables local users to escalate their privileges to root by exploiting cloned packets. The exploit has been proven to work successfully on Debian, Ubuntu, and Fedora systems running default namespace configurations.
According to JFrog, “Any local user on a server or device running a vulnerable kernel who holds or can acquire the CAP_NET_ADMIN capability (frequently obtainable via unprivileged user namespaces) [is exploitable].” The research team emphasized that this vulnerability poses the most significant risk to multi-tenant cloud environments, Kubernetes clusters, and containerized workloads where user namespaces are enabled or privileged containers are deployed.
—
## Top News
### Critical PTC Windchill PDMlink and PTC FlexPLM Flaw Exploited
A critical remote code execution vulnerability affecting PTC Windchill PDMlink and PTC FlexPLM enterprise Product Data Management and Product Lifecycle Management software has come under active exploitation in the wild. The flaw, tracked as **CVE-2026-12569**, is a case of improper input validation that allows attackers to execute arbitrary code by sending a malicious network request. Threat actors are exploiting the vulnerability to deploy JSP web shells on susceptible systems. Patches have been released, and organizations running these products are urged to apply them immediately.
### OpenAI Previews GPT-5.6 Sol, Terra, and Luna
OpenAI has officially unveiled **GPT-5.6 Sol, Terra, and Luna**, with Sol positioned as the company’s most capable model to date designed specifically for cybersecurity applications. The models are being released in a staggered rollout with approval from the U.S. government. This release follows the company’s earlier deployment of an improved GPT-5.5-Cyber model to trusted defenders as part of the Daybreak initiative, as well as the launch of the **Patch the Planet** project in collaboration with Trail of Bits, aimed at securing open.
OpenAI has been transparent about the dual-use nature of this technology, acknowledging that the same capabilities that help red teamers identify zero-day vulnerabilities can equally assist threat actors in exploiting them. The company has committed to prioritizing patching jailbreak techniques within the models and has framed the overall effort as a strategy to place advanced defensive tools into the hands of defenders before adversaries can leverage the same capabilities for offensive purposes.
### New Gaslight macOS Malware Discovered
Researchers have identified a newly discovered macOS malware dubbed **Gaslight**, which is specifically engineered to deceive AI-assisted malware analysis tools. The malware embeds prompt injection strings and fabricated debugging data within the executable binary. As cybersecurity teams increasingly rely on AI-powered tools for malware analysis and reverse engineering, Gaslight attempts to “gaslight” these tools into believing there is an issue with the analysis, potentially causing them to abort, truncate, or refuse to analyze the artifact entirely.
Gaslight has been attributed with high confidence to a North Korean-linked threat actor. The malware is a Rust-based binary with backdoor and information-stealing capabilities, enabling operators to establish a persistent foothold on infected hosts. These findings underscore how threat actors are actively developing anti-analysis techniques tailored specifically to circumvent AI-assisted security platforms.
### Turla Uses STOCKSTAY Backdoor in Ukraine Attacks
The Russian state-sponsored threat group known as **Turla** has leveraged a previously undocumented .NET backdoor codenamed **STOCKSTAY** in attacks targeting government and military organizations in Ukraine, as well as entities with ties to Italian foreign policy. STOCKSTAY shares significant code-level and functional overlaps with Kazuar, a known implant used by Turla since 2017. Suspected development activity for the malware dates back to December 2022.
### Amadey, StealC Malware Operations Disrupted in Operation Endgame
A coordinated law enforcement operation, conducted in partnership with private sector companies, successfully dismantled significant portions of the criminal infrastructure powering the **Amadey and StealC** malware families. According to Europol, the operation resulted in the disruption of 326 servers and 142 domains, the identification of over €41 million ($47 million) in cryptocurrency linked to criminal activity, and the recovery of approximately 27 million credentials stolen from more than 385,000 compromised systems.
Both Amadey and StealC are distributed to cybercriminals under a Malware-as-a-Service (MaaS) model. Microsoft noted that criminals use Amadey to gain initial access to victim devices, subsequently, which then exfiltrates credentials, cryptocurrency wallets, and other sensitive data. The two malware families were linked to more than 140,000 infected devices during the first two weeks of May 2026 alone. Notably, no arrests were announced as part of the operation.
—
## 🔥 Trending CVEs
As always, vulnerabilities are disclosed weekly, and the window between patch availability and exploits appearing in the wild continues to shrink at an alarming rate. Organizations should prioritize patching the following high-severity flaws:
– **CVE-2026-47729** (Squidbleed – Squid)
– **CVE-2026-12957** (Amazon Q Developer)
– **CVE-2026-12569** (PTC Windchill PDMlink and PTC FlexPLM)
– **CVE-2026-43503** (DirtyClone – Linux Kernel)
– **CVE-2026-46331** (pedit COW – Linux Kernel)
– **CVE-2026-30040 & CVE-2026-30041** (FastStone Image Viewer)
– **CVE-2026-45585** (Microsoft WinRE)
– **CVE-2026-8461** (PixelSmash – FFmpeg)
– **CVE-2026-55200** (libssh2)
– **CVE-2026-20971** (Samsung KNOX kernel)
– **CVE-2026-10086, CVE-2026-10712, CVE-2026-12053** (GitLab CE and EE)
– **CVE-2026-13028, CVE-2026-13032, CVE-2026-13033, CVE-2026-13038** (Google Chrome)
– **CVE-2026-53605** (Reachy Mini Wireless image)
– **CVE-2026-13136, CVE-2025-15660, CVE-2026-13135** (Synology MailPlus Server)
– **CVE-2026-11374** (ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus)
– Critical Infoblox NIOS privilege escalation vulnerability (no CVE assigned)
—
## 🎥 Upcoming Cybersecurity Webinars
**”Stop AI-Driven Cyberattacks Before They Stop Your Business”** – Hackers are now leveraging AI to launch cyberattacks at machine speed. If defensive strategies are still calibrated for human-speed threats, organizations face significant risk. This webinar will provide a step-by-step blueprint to counter AI-driven attacks and help organizations protect themselves before it’s too late.
—
*Original article by Ravie Lakshmanan, published Jun 29, 2026. Source: The Hacker News.*# AI-Powered Cyber Threats: The New Frontier of Digital Warfare
## Webinars
* **When AI Goes Rogue: How to Secure the New Cyber Attack Surface** → As companies rush to adopt AI, hackers are turning these tools into a massive liability by hijacking AI agents and leaking trade secrets. Join this urgent webinar to see exactly how attackers weaponize AI against businesses. You’ll get a practical blueprint to lock down your setups, fix risky configurations, and stop your own tech from going rogue.
* **Building at Machine Speed: How to Secure AI Software Delivery** → AI tools are generating code faster than security teams can review it, introducing hidden risks into software pipelines. Join this webinar to learn how to catch vulnerabilities and govern AI risk without slowing down development. You’ll get a practical roadmap to protect your software supply chain and scale AI engineering safely.
—
## 📰 Around the Cyber World
### China’s New Zhipu AI Reportedly Matches Claude Mythos in Vulnerability Discovery
The Wall Street Journal reported that a new model released by China’s Zhipu AI, GLM-5.2, matches the performance of Anthropic Mythos when it comes to finding vulnerabilities, narrowing the gap between top U.S. models and those developed by Chinese companies. The ability of AI systems to autonomously find security defects in software has created new urgency to efforts that entail the use of models to quickly close them before they can be exploited by bad actors. There are also worries that these models, in the wrong hands, can become potential enablers of cyber warfare. The Trump administration has called for the creation of a framework that grants the federal government the ability to evaluate AI models’ capabilities and determine which qualify as “covered frontier models,” a designation for AI systems with advanced cyber capabilities.
### Indirect Prompt Injection in Agentic Coding Tools
Mozilla’s Zero Day Investigative Network (0DIN) characterized indirect prompt injection as a “very real and serious attack vector that can result in catastrophic damage, much of which will be irreversible.” In the case of agentic IDEs and coding agents, they can request access to various tools, which, once approved, can pave the way for code execution, file system operations, and network calls. Specifically, an attacker can obtain code execution using a seemingly harmless repository by chaining trusted setup instructions, routine error handling, and automated agent behavior. The attacker-controlled repository does not even have to contain any malicious code. Instead, it’s fetched at runtime from a DNS TXT record by framing it as an essential step during the installation phase when a developer copies the repository link and instructs the agent to get it running. “In short, agentic coding tools have access to everything they need for this: private data, including environment variables, credentials, API keys, and local configuration files,” 0DIN said. “Untrusted content, such as repositories, documentation, and error messages from recently installed packages, can inject malicious models to steal this data.”
### New KuinaExtractor Rust Infostealer Spotted
A new Rust-based information stealer called KuinaExtractor comes fitted with capabilities to harvest web browser data, crypto wallets and credentials for services such as Roblox, Steam and Discord. Said to be in active development since December 2025, the stealer also includes a Chrome app-bound encryption (ABE) bypass. In parallel, the malware developer worked on two short-lived projects known as KuinaCookieExtractor and Zenith C2 before they were abandoned. KuinaCookieExtractor goes beyond browser cookies to include Roblox and Steam sessions, Minecraft and FileZilla logins, Telegram tdata and Discord tokens, and exfiltrates over a Discord webhook rather than Telegram.
### New LokiBot Campaign Surfaces After a Hiatus
A new email phishing campaign has been observed delivering LokiBot via a JavaScript attachment. Once launched, the script triggers the execution of a PowerShell loader that runs a .NET injector payload that deploys the LokiBot malware. LokiBot is capable of harvesting credentials from password managers like 1Password, Enpass, and KeePass, and contacts an external server to receive and execute commands.
### Phishing Campaign Drops Malicious Chrome Extension
Invoice-themed email phishing lures written in Italian are being used to launch JavaScript attachments masquerading as PDF documents. “The most interesting part of this infection was not the initial JavaScript. The malware installed a malicious Google Chrome extension and paired it with a Native Messaging Host,” D3 Lab said. “This combination allowed code running inside Chrome to request PowerShell commands on the Windows system.”
### Time as an Attack Surface
New research from NCC Group has argued the need for treating time as a “first‑class attack surface,” stating clock drift, time synchronisation failures, and deliberate oscillator manipulation can be exploited to undermine cryptography, authentication, industrial automation, and safety systems. “The risk is amplified by broader technological trends,” NCC Group’s Andy Davis said. “Cloud computing, containerisation, and virtual machines abstract time away from physical hardware, placing it under the control of hypervisors and orchestration layers. At the same time, Industrial Control Systems, IoT devices, and safety-critical platforms increasingly rely on low‑cost oscillators and commodity components that are vulnerable to environmental influence and physical manipulation. Systems that once relied on isolated, deterministic timing sources are now interconnected, synchronised, and exposed.”
### Threat Actors Exploit Xiongmai DVR Flaw to Deliver Proxy SDK
Threat actors have been exploiting CVE-2024-3765, a vulnerability in Xiongmai DVR, to deploy commercial residential proxy SDKs using a Mirai botnet-derived HTTP downloader. “All DDoS and scanning capability has been stripped,” the Nokia Deepfield Emergency Response Team (ERT) said. “What remains is a minimal HTTP client and an embedded userspace ELF loader – Mirai reduced to a delivery truck.” The main stager installed following a successful compromise deploys a proxy binary called PacketSDK, which is part of the IPIDEA residential proxy network disrupted by Google earlier this year. The stager also contains a remote code execution backdoor that polls an external server for updates every 2 minutes.
### Nation-State Targeting of Water Systems
DomainTools warned that water and wastewater infrastructure have become strategic pressure points for state and state-aligned actors from China, Iran, and Russia. “The combination of chronic underinvestment and weak baseline operational technology (OT) security makes many of these critical systems easy to compromise,” the company said. “Such intrusions can have both physical and psychological impact, and disruptions often affect civilian life, public health, and trust in government.”
### Anthropic Accuses Alibaba of Obtaining Illicit Access to Claude
Anthropic has accused the Chinese company Alibaba of what it described as the “largest campaign to illicitly extract Claude’s capabilities.” The attacks occurred between April 22 and June 5, 2026, when “operators affiliated with Alibaba and Alibaba Qwen, Alibaba’s AI lab,” allegedly generated “more than 28.8 million
—
*This article was compiled based on information from the original post content.*# Weekly Cybersecurity Roundup: AI-Driven Threats, Open-Source Security Initiatives, and Microsoft Certificate Expirations
## 🤖 AI and Threat Intelligence
### Anthropic Uncovers Large-Scale Distillation Campaign Targeting Claude
Anthropic has revealed that unidentified threat actors conducted a massive distillation campaign against its AI model, Claude, leveraging nearly 25,000 fraudulent accounts. The campaign specifically targeted Claude’s advanced capabilities, including agentic reasoning, software engineering proficiency, and long-horizon task execution. To evade detection, the attackers employed sophisticated obfuscation techniques and routed their activities through proxy networks. This incident highlights the growing trend of threat actors attempting to extract and replicate the capabilities of frontier AI models through systematic abuse of API access.
### Fake OpenAI Organization Invites Fuel New “Poisoned Tenant” Campaign
A novel phishing campaign dubbed **LLMShare** is leveraging compromised ChatGPT tenants to send fraudulent organization invitations. The emails originate from OpenAI’s legitimate notification address (noreply@tm.openai.com), pass all standard email authentication checks, and reference OpenAI by name — making them virtually indistinguishable from genuine invitations. The likely goal is to harvest sensitive information shared within the AI chatbot once victims join the attacker-controlled organization.
In a related tactic, threat actors are abusing AI chatbot sharing functionality to distribute pages containing malicious instructions, effectively turning them into malware delivery platforms. Push Security noted that attackers have used ChatGPT’s code rendering feature to construct a fully designed fake page mimicking a ChatGPT service disruption notice. This page redirects victims to a convincing clone of ChatGPT’s download page that delivers a malicious executable.
—
## 🐧 Open Source and Linux
### Linux Foundation Launches Akrites and OSERA Initiatives
The Linux Foundation has introduced **Akrites**, a coordinated effort designed to address and disclose vulnerabilities in critical open-source software at a time when AI is accelerating both the scale and speed of vulnerability discovery. According to the foundation, “The initiative provides a single, trusted place to coordinate, remediate, and disclose, with a shared SIRT [Security Incident Response Team] serving as a predictable partner for maintainers rather than a flood of uncoordinated reports.”
Akrites also plans to collaborate with critical infrastructure operators to help deploy fixes before vulnerabilities can be exploited in the wild.
In addition, the Linux Foundation announced its intent to form the **Open Source Enterprise Resiliency Alliance (OSERA)**, aimed at strengthening the open-source components underpinning the financial services sector through a vendor-neutral, upstream-aware approach. The foundation stated: “OSERA complements the recently announced Akrites, the cross-industry effort enabling coordinated disclosure and upstreaming. As financial-services downstream complement to Akrites, OSERA will collaborate with Akrites in the upstreaming process and, together with the Open Source Security Foundation, to represent the voice of the industry in defining remediation standards.”
—
## 🪟 Microsoft News
### Microsoft Extends Windows 10 Consumer Extended Security Updates by One Year
Microsoft has quietly extended the Extended Security Updates (ESU) program for Windows 10 consumers by an additional year, allowing eligible users to continue receiving security updates through **October 12, 2027**. To enroll, devices must be running Windows 10, version 22H2 Home, Professional, Pro Education, or Workstations edition. Devices operating in kiosk mode, joined to an Active Directory domain or Microsoft Entra, or enrolled in a Mobile Device Management (MDM) solution are not eligible.
### Microsoft’s Secure Boot Certificates Have Expired
The certificates that manage UEFI Secure Boot trust — specifically, **Microsoft Corporation KEK CA 2011**, **Microsoft UEFI CA 2011**, and **Microsoft UEFI CA 2011** — expired on June 24 and June 27, 2026. A third certificate, **Microsoft Windows Production PCA 2011**, is set to expire on **October 19, 2026**.
Microsoft stated that many Windows PCs manufactured since 2024 already have the updated 2023 certificates. For remaining devices, Microsoft is delivering new Secure Boot certificates through Windows monthly updates, with partner OEMs making firmware updates available to ensure compatibility.
Google Cloud has released guidance for updating Compute Engine Shielded VM instances to trust the updated Microsoft Secure Boot certificates. For Linux on Azure virtual machines, users are advised to follow Microsoft’s recommended actions. Linux users more broadly should update their shims to the latest versions signed by the new key.
It is important to note that devices lacking the newer 2023 certificates will continue to function normally, and standard Windows updates will continue to install. However, these devices will no longer receive new security protections for the early boot process, including updates to Windows Boot Manager, Secure Boot databases, revocation lists, or mitigations for newly discovered boot-level vulnerabilities.
—
## 🔧 Cybersecurity Tools
**Sulla** — An open-source security tool by Praetorian that scans internal network SMB file shares to find exposed credentials and sensitive data. Operating as a fast, low-noise static binary, it maps Active Directory environments and uses multi-layered filtering with the Titus engine to perform in-memory analysis for cloud keys, passwords, and tokens. It outputs structured, real-time results to help security teams identify and remediate internal data exposure before it can be exploited.
**Karna** — A Web Application Firewall (WAF) module specifically engineered for the Kong Gateway to provide modern, scalable security for web applications. By integrating directly into the Kong ecosystem, it allows organizations to enforce fine-grained security policies and filter malicious traffic at the gateway layer, ensuring that protection is applied consistently across distributed services without adding significant latency.
*Disclaimer: This is strictly for research and learning. It hasn’t been through a formal security audit, so don’t just blindly drop it into production. Read the code, break it in a sandbox first, and make sure whatever you’re doing stays on the right side of the law.*
—
## Conclusion
This week, keep it simple. Break the small thing, find the forgotten access, wait for someone to say they meant to patch it.
No genius required. Just old mistakes with fresh damage. Shut the door. Check the locks.
—
*Original article source: [The Hacker News](https://thehackernews.com)*



