Jamf Threat Labs found a new macOS infostealer, PamStealer, that impersonates Maccy, a popular open-source clipboard manager, through a fake website. Victims download what looks like a Maccy installer but is a malicious AppleScript that quietly fetches a Rust-based stealer. Its standout trick is how it grabs the login password: it shows a native-looking prompt saying "Maccy wants to make changes" and validates whatever the user types against macOS's own Pluggable Authentication Modules, so it only keeps a confirmed-correct password and avoids the noisy process calls other stealers make. The second stage hides as Finder, encrypts its traffic, and delays its Full Disk Access request to avoid suspicion.
Kaspersky detailed Umbrij, a new tool from the ToddyCat espionage group that steals access to corporate Gmail without ever taking a password. Delivered on Windows through DLL side-loading via trusted signed programs, Umbrij copies the victim's already-signed-in browser profile, launches a hidden Chromium with remote debugging, and drives it through Google's OAuth flow while impersonating legitimate Google Workspace sync apps. Because the copied profile is already authenticated, Google issues an authorization code that is exchanged for an access token, giving the attackers API access to Gmail, Drive, Calendar, and more, and sidestepping both the password and multi-factor authentication. The technique shows how stealing OAuth tokens can quietly bypass account protections.
Dark Reading reports a ransomware campaign that leans on impersonating Interpol to pressure small businesses, using straightforward social engineering rather than sophisticated tooling. By dressing up their demands as communications from the international police organization, the attackers try to intimidate owners and staff who may lack dedicated security teams into believing they are in legal trouble and paying up. The campaign spans several regions, including the United States, Europe, and the Middle East. It is a reminder that authority-themed impersonation remains effective against smaller organizations, where a convincing-looking notice can short-circuit normal caution and verification.
CISA has added a SharePoint remote code execution flaw to its Known Exploited Vulnerabilities catalog after confirming active exploitation, months after Microsoft rated it less likely to be attacked. The bug (CVE-2026-45659, CVSS 8.8) comes from unsafe deserialization of untrusted data and lets an authenticated attacker with only Site Member permissions run code on a SharePoint server over the network, with low complexity and no user interaction. Microsoft patched it in May for SharePoint Server Subscription Edition, 2019, and Enterprise 2016. On-premises SharePoint is a repeated target because it holds sensitive data and is often internet-facing, and it has a long history of weaponized code execution flaws.
Adobe has released patches for seven critical, top-rated code execution vulnerabilities in its ColdFusion web application platform and Campaign Classic marketing tool. Six of the flaws affect ColdFusion 2025 and 2023 and stem from unrestricted file uploads, improper input validation, and path traversal, each allowing arbitrary code execution; the seventh, in Campaign Classic, is an authorization flaw with the same impact on on-premises installations. All can be exploited in low-complexity attacks without user interaction. Adobe says it is not aware of any active exploitation but assigned its highest deployment priority, urging admins to patch quickly, since ColdFusion has repeatedly been targeted by attackers and ransomware crews.
Researchers at Synacktiv disclosed an unpatched flaw in Argo CD, the popular GitOps tool for deploying to Kubernetes, that can lead to full cluster takeover. The problem is in repo-server, the component that turns Git repository files into Kubernetes manifests: its internal gRPC service requires no authentication, so anyone who can reach it on the cluster network can send a crafted request and run commands. Synacktiv reported it about eighteen months ago, but there is still no fix and no CVE, so it went public to warn users. With no patch, the practical defense is network isolation using Kubernetes network policies.
Researchers at Cato AI Labs detailed two flaws, dubbed DuneSlide, in the AI code editor Cursor that let a prompt-injection attack break out of the sandbox Cursor uses to contain the commands its agent runs. The attacker never types anything: they plant instructions in content the agent reads on the user's behalf, such as a connected MCP service or a web page. One flaw abuses a working-directory setting to get an attacker path added to the allowed-write list, letting injected commands overwrite the sandbox helper itself and then run with no sandbox. Both are rated 9.8 and are fixed in Cursor 3.0; every earlier version is affected, so users should update.
The US Department of Homeland Security has confirmed a breach of the Homeland Security Information Network, an unclassified but sensitive platform that federal, state, local, and private-sector partners use to share threat information and coordinate operations. The intrusion is believed to have happened between late May and early June, and according to reporting, the attackers targeted HSIN servers and an associated SharePoint collaboration system. DHS says it isolated the affected systems, that classified networks were not touched, and that the platform remains operational, but it has not attributed the attack or confirmed whether documents were stolen. Even without confirmed theft, compromising this coordination hub is operationally significant.
Medical device maker Medtronic has begun notifying customers that their personal data was exposed in a breach of its corporate IT systems earlier this year, an attack claimed by the extortion group ShinyHunters. Medtronic noticed unusual activity in mid-April and its investigation found that an unauthorized actor had access between April 13 and 19. ShinyHunters claimed to hold roughly nine million records containing personal and internal corporate data, and Medtronic did not pay, with its listing later removed from the group's leak site. The company says its products, patient safety, and the networks running its medical devices were not affected, crediting separation between corporate and clinical systems.
Sekoia found a campaign that targets security researchers by planting a Python remote access trojan, ChocoPoC, in proof-of-concept exploits published on GitHub. Rather than putting malware in the exploit code itself, the attackers add a malicious package to the PoC's dependency list on the Python Package Index, so simply installing and running the exploit pulls down the trojan, which can run commands and steal data. At least seven repositories posed as PoCs for flaws in products like FortiWeb, PAN-OS, Ivanti Sentry, and Check Point VPN, with downloads spiking after each new vulnerability made headlines. One malicious package was fetched about 2,400 times, mostly on Linux.