Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7

PamStealer Mac malware poses as a clipboard app and verifies passwords through PAM

Jamf Threat Labs found a new macOS infostealer, PamStealer, that impersonates Maccy, a popular open-source clipboard manager, through a fake website. Victims download what looks like a Maccy installer but is a malicious AppleScript that quietly fetches a Rust-based stealer. Its standout trick is how it grabs the login password: it shows a native-looking prompt saying "Maccy wants to make changes" and validates whatever the user types against macOS's own Pluggable Authentication Modules, so it only keeps a confirmed-correct password and avoids the noisy process calls other stealers make. The second stage hides as Finder, encrypts its traffic, and delays its Full Disk Access request to avoid suspicion.

Check
Make sure anyone using the Maccy clipboard manager downloaded it only from maccy.app or its official GitHub, and treat unexpected admin-password prompts and Full Disk Access requests during app installs with suspicion.
Affected
Mac users who install software from fake or unofficial sites; PamStealer poses as the Maccy clipboard app, confirms the login password through macOS PAM, then steals credentials, browser data, and wallet access.
Fix
Install Mac apps only from official sites or the App Store, verify download URLs carefully, deny unexpected password and Full Disk Access prompts, and keep macOS and endpoint tools updated.

Umbrij malware steals Google OAuth tokens through a hidden browser to read Gmail

Kaspersky detailed Umbrij, a new tool from the ToddyCat espionage group that steals access to corporate Gmail without ever taking a password. Delivered on Windows through DLL side-loading via trusted signed programs, Umbrij copies the victim's already-signed-in browser profile, launches a hidden Chromium with remote debugging, and drives it through Google's OAuth flow while impersonating legitimate Google Workspace sync apps. Because the copied profile is already authenticated, Google issues an authorization code that is exchanged for an access token, giving the attackers API access to Gmail, Drive, Calendar, and more, and sidestepping both the password and multi-factor authentication. The technique shows how stealing OAuth tokens can quietly bypass account protections.

Check
Audit which third-party apps and OAuth grants have access to your Google Workspace accounts, and watch endpoints for browsers launched with headless and remote-debugging flags outside dedicated test systems.
Affected
Organizations using Google Workspace or Gmail for business; by hijacking an already-signed-in browser profile and the OAuth flow, attackers gain token-based access to email and files without a password or MFA prompt.
Fix
Regularly review and revoke unnecessary OAuth app access to Google accounts, monitor for suspicious DLL side-loading and headless browser debugging, restrict remote-debugging use, and alert on unusual Google API access.

Ransomware crews pose as Interpol to pressure small businesses into paying

Dark Reading reports a ransomware campaign that leans on impersonating Interpol to pressure small businesses, using straightforward social engineering rather than sophisticated tooling. By dressing up their demands as communications from the international police organization, the attackers try to intimidate owners and staff who may lack dedicated security teams into believing they are in legal trouble and paying up. The campaign spans several regions, including the United States, Europe, and the Middle East. It is a reminder that authority-themed impersonation remains effective against smaller organizations, where a convincing-looking notice can short-circuit normal caution and verification.

Check
Warn staff, especially at smaller organizations, that law-enforcement bodies like Interpol do not demand payment by email or pop-up, and that any such message should be verified through official channels before acting.
Affected
Small and mid-sized businesses without dedicated security teams, across the US, Europe, and the Middle East; attackers use Interpol-themed intimidation to rush victims into paying rather than verifying the demand's legitimacy.
Fix
Train employees to recognize authority-impersonation scams, verify any law-enforcement contact independently, maintain tested offline backups, and give staff a clear, judgment-free way to report suspicious demands before they act.

SharePoint remote code execution flaw added to CISA KEV after active exploitation

CISA has added a SharePoint remote code execution flaw to its Known Exploited Vulnerabilities catalog after confirming active exploitation, months after Microsoft rated it less likely to be attacked. The bug (CVE-2026-45659, CVSS 8.8) comes from unsafe deserialization of untrusted data and lets an authenticated attacker with only Site Member permissions run code on a SharePoint server over the network, with low complexity and no user interaction. Microsoft patched it in May for SharePoint Server Subscription Edition, 2019, and Enterprise 2016. On-premises SharePoint is a repeated target because it holds sensitive data and is often internet-facing, and it has a long history of weaponized code execution flaws.

Check
Confirm the May 2026 SharePoint updates are applied to all on-premises servers, restrict internet exposure, and hunt for web shells, unexpected scheduled tasks, and unauthorized file changes on internet-facing SharePoint.
Affected
On-premises SharePoint Server Subscription Edition, 2019, and Enterprise 2016 missing the May 2026 patch (CVE-2026-45659); any authenticated user with Site Member permissions can run code remotely on the server.
Fix
Apply Microsoft's May 2026 SharePoint updates now, limit SharePoint to trusted networks or a VPN, tighten privileged access, and run a compromise assessment on internet-facing servers given confirmed exploitation.

Adobe patches seven critical code execution flaws in ColdFusion and Campaign Classic

Adobe has released patches for seven critical, top-rated code execution vulnerabilities in its ColdFusion web application platform and Campaign Classic marketing tool. Six of the flaws affect ColdFusion 2025 and 2023 and stem from unrestricted file uploads, improper input validation, and path traversal, each allowing arbitrary code execution; the seventh, in Campaign Classic, is an authorization flaw with the same impact on on-premises installations. All can be exploited in low-complexity attacks without user interaction. Adobe says it is not aware of any active exploitation but assigned its highest deployment priority, urging admins to patch quickly, since ColdFusion has repeatedly been targeted by attackers and ransomware crews.

Check
Identify ColdFusion 2025 and 2023 servers and on-premises Campaign Classic instances, confirm their update levels, and prioritize any that are internet-facing for immediate patching.
Affected
ColdFusion 2025 and 2023 before Update 10 and Update 21, and on-premises Adobe Campaign Classic before build 9397; unauthenticated or low-privilege attackers can achieve arbitrary code execution in low-complexity attacks.
Fix
Install ColdFusion 2025 Update 10, ColdFusion 2023 Update 21, and Campaign Classic build 9397 within days, as Adobe advises, and restrict these platforms from direct internet exposure where possible.

Unpatched Argo CD flaw lets attackers take over Kubernetes clusters

Researchers at Synacktiv disclosed an unpatched flaw in Argo CD, the popular GitOps tool for deploying to Kubernetes, that can lead to full cluster takeover. The problem is in repo-server, the component that turns Git repository files into Kubernetes manifests: its internal gRPC service requires no authentication, so anyone who can reach it on the cluster network can send a crafted request and run commands. Synacktiv reported it about eighteen months ago, but there is still no fix and no CVE, so it went public to warn users. With no patch, the practical defense is network isolation using Kubernetes network policies.

Check
Check whether Kubernetes network policies restrict access to Argo CD's repo-server and Redis, using kubectl get networkpolicy across namespaces; Helm installs leave these policies off by default, exposing the ports cluster-wide.
Affected
Argo CD deployments where the repo-server's unauthenticated internal service is reachable from the wider cluster network; any workload that can reach it can run commands and take over the cluster.
Fix
Enable Kubernetes network policies so only Argo CD components can reach the repo-server and Redis ports, isolate Argo CD on the cluster network, and watch for an official fix to apply.

Cursor flaws let a poisoned prompt escape the AI coding sandbox and run commands

Researchers at Cato AI Labs detailed two flaws, dubbed DuneSlide, in the AI code editor Cursor that let a prompt-injection attack break out of the sandbox Cursor uses to contain the commands its agent runs. The attacker never types anything: they plant instructions in content the agent reads on the user's behalf, such as a connected MCP service or a web page. One flaw abuses a working-directory setting to get an attacker path added to the allowed-write list, letting injected commands overwrite the sandbox helper itself and then run with no sandbox. Both are rated 9.8 and are fixed in Cursor 3.0; every earlier version is affected, so users should update.

Check
Confirm Cursor is updated to 3.0 or later on developer machines, and review whether your AI coding agents can be steered by content they read from MCP servers, web pages, or repositories.
Affected
Developers running Cursor versions before 3.0 (CVE-2026-50548 and CVE-2026-50549); a prompt injection hidden in content the agent reads can escape the command sandbox and run arbitrary commands on the machine.
Fix
Update Cursor to 3.0 or later, keep the agent's command sandbox enabled, and treat everything an AI coding agent reads, from MCP tools to web pages, as potentially hostile rather than trusted.

DHS confirms breach of unclassified Homeland Security information-sharing network

The US Department of Homeland Security has confirmed a breach of the Homeland Security Information Network, an unclassified but sensitive platform that federal, state, local, and private-sector partners use to share threat information and coordinate operations. The intrusion is believed to have happened between late May and early June, and according to reporting, the attackers targeted HSIN servers and an associated SharePoint collaboration system. DHS says it isolated the affected systems, that classified networks were not touched, and that the platform remains operational, but it has not attributed the attack or confirmed whether documents were stolen. Even without confirmed theft, compromising this coordination hub is operationally significant.

Check
Organizations that connect to or share data through HSIN should watch for follow-on phishing or misuse of any exposed coordination data, and confirm the security of their own SharePoint collaboration systems.
Affected
Federal, state, local, and private-sector partners who use HSIN to share sensitive information; the breach hit HSIN servers and a linked SharePoint system, though data theft is not confirmed.
Fix
Patch and harden SharePoint and other collaboration platforms, segment sensitive information-sharing systems, enforce phishing-resistant MFA, and monitor for unusual access, given attackers are actively targeting SharePoint and coordination hubs.

Medtronic notifies customers after ShinyHunters breach of corporate systems

Medical device maker Medtronic has begun notifying customers that their personal data was exposed in a breach of its corporate IT systems earlier this year, an attack claimed by the extortion group ShinyHunters. Medtronic noticed unusual activity in mid-April and its investigation found that an unauthorized actor had access between April 13 and 19. ShinyHunters claimed to hold roughly nine million records containing personal and internal corporate data, and Medtronic did not pay, with its listing later removed from the group's leak site. The company says its products, patient safety, and the networks running its medical devices were not affected, crediting separation between corporate and clinical systems.

Check
People who have dealt with Medtronic as customers, patients, providers, or partners should watch for their notification and stay alert to phishing or fraud that references Medtronic or medical accounts.
Affected
Individuals whose personal data sat in Medtronic's corporate IT systems, accessed between April 13 and 19; ShinyHunters claimed about nine million records, though device networks and patient safety were not affected.
Fix
Affected people should monitor for targeted phishing and identity fraud. Organizations should segment corporate IT from operational and clinical systems, harden SaaS and identity against social engineering, and enforce phishing-resistant MFA.

ChocoPoC malware hides in fake exploit dependencies to hit security researchers

Sekoia found a campaign that targets security researchers by planting a Python remote access trojan, ChocoPoC, in proof-of-concept exploits published on GitHub. Rather than putting malware in the exploit code itself, the attackers add a malicious package to the PoC's dependency list on the Python Package Index, so simply installing and running the exploit pulls down the trojan, which can run commands and steal data. At least seven repositories posed as PoCs for flaws in products like FortiWeb, PAN-OS, Ivanti Sentry, and Check Point VPN, with downloads spiking after each new vulnerability made headlines. One malicious package was fetched about 2,400 times, mostly on Linux.

Check
When testing proof-of-concept exploits from GitHub, inspect their dependency lists and any packages they pull from PyPI, and run everything in an isolated, disposable virtual machine rather than a working environment.
Affected
Security researchers, penetration testers, and others who download and run PoC exploits; a trojanized dependency, not the exploit code, delivers a remote access trojan that steals data and runs commands.
Fix
Vet and pin dependencies before running any PoC, review package sources on PyPI, and detonate untrusted exploits only in sandboxed virtual machines with network access removed unless the test requires it.