Last updated: July 6, 2026 at 12:53 AM UTC
All 559 Vulnerability 199 Breach 107 Threat 246 Defense 7

MuddyWater (Seedworm) 'Operation Olalampo' espionage hits 9 countries with DLL sideloading via sentinelmemoryscanner.exe and ChromElevator browser theft

Symantec and Carbon Black, working with Huntress, have documented Operation Olalampo, a new MuddyWater (also tracked as Seedworm) espionage campaign that has hit at least nine countries. The Iran-linked actor uses DLL sideloading by abusing two trusted binaries - sentinelmemoryscanner.exe sideloads sentinelagentcore.dll - to deploy the open-source ChromElevator tool, which steals passwords, cookies, and payment-card data from Chromium browsers while bypassing App-Bound Encryption. The campaign also uses Node.js-based implants that drop PowerShell scripts for reconnaissance, SAM-hive theft, screenshot capture, and SOCKS5 reverse-proxy tunneling. Stolen data has been staged on the public file-transfer service sendit[.]sh.

Check
Hunt Windows endpoints for sentinelmemoryscanner.exe with a sideloaded sentinelagentcore.dll. Check outbound traffic to 157.20.182[.]49 and sendit[.]sh. Watch for Node.js execution on non-developer hosts.
Affected
Organizations in MuddyWater's typical target sectors (telecom, government, defense, energy) across nine countries. Symantec/Carbon Black/Huntress confirm at least one South Korean electronics manufacturer hit.
Fix
Block 157.20.182[.]49 and sendit[.]sh at egress. Apply Huntress and Symantec IoCs. Hunt for ChromElevator browser-credential theft. Restrict Node.js execution on non-developer endpoints.

CERT-In mandates 12-hour patching window for internet-facing KEV vulnerabilities to counter AI-assisted attacks; full risk-tiered SLA blueprint

India's national CERT has published a risk-tiered patch SLA blueprint in response to AI-assisted attack acceleration. Internet-facing systems with KEV-listed vulnerabilities must be remediated within 12 hours; critical externally exposed flaws within 1 day; internal-system KEV within 1 day unless documented compensating controls exist; critical internal flaws on high-value systems within 3 days; high-severity issues within 5 days. CERT-In urges defenders to assume breach, adopt Zero Trust and defense-in-depth, embed secure-by-design into AI workflows, validate via red teaming, and treat AI-system visibility as a first-class governance concern. Mitigations (isolation, WAF, monitoring) are expected when no patch is available.

Check
Inventory your current patch SLAs against CERT-In's tiers. Identify any internet-facing systems with KEV CVEs older than 12 hours. Map AI workflows and governance gaps.
Affected
Any organization with patch SLAs measured in weeks/months on internet-facing systems. AI-assisted attacks compress exploit-development to hours/days; old SLAs are now structurally inadequate.
Fix
Adopt CERT-In's tiered SLA: 12hr for internet-facing KEV, 1d for critical exposed or internal KEV, 3d for critical internal high-value, 5d high-severity. Pair with Zero Trust isolation and WAF controls.

Iran's Nimbus Manticore (UNC1549) accelerated wartime ops with AI-assisted MiniFast backdoor, trojanized Zoom installers, and SEO poisoning of SQL Developer

Check Point has documented Iranian APT Nimbus Manticore (also tracked as UNC1549) accelerating its operations during US Operation Epic Fury rather than going quiet. The campaign hits aviation, software, and defense organizations in the US, Europe, and the Middle East via three waves: career-themed phishing using AppDomain hijacking to deploy MiniJunk (February), a trojanized Zoom installer that hijacks legitimate scheduled tasks to deliver the new MiniFast backdoor (March), and the group's first SEO poisoning campaign distributing a weaponized Oracle SQL Developer installer via getsqldeveloper[.]com (April). MiniFast shows signs of AI-assisted development: defensive coding patterns, verbose error strings, and modular structure.

Check
Search EDR for AppDomain hijacking patterns spawning unsigned DLLs from Microsoft-signed executables. Hunt for trojanized Zoom installers and visits to getsqldeveloper[.]com via DNS logs.
Affected
Aviation, software, defense, and telecom organizations in the US, Europe, and Middle East. Nimbus Manticore targets employees via fake career offers, fake Zoom meetings, and SEO poisoning.
Fix
Apply Check Point IoCs. Block getsqldeveloper[.]com and known Nimbus Manticore C2 infrastructure. Train staff against unsolicited career or meeting-invitation downloads. Strengthen endpoint allowlisting against unsigned DLL sideloading.

Anthropic preparing to roll Claude Mythos into Claude Code and Claude Security - 'claude-mythos-1-preview' toggle briefly appeared publicly

Anthropic appears to be preparing the public rollout of Claude Mythos - the restricted security-focused frontier model that uncovered 10,000 high or critical vulnerabilities in its first month under Project Glasswing. References to 'claude-mythos-1-preview' have briefly appeared in the public Claude Code and Claude Security products, with at least one user reportedly seeing a toggle to enable Mythos before it was pulled. Anthropic originally announced Mythos in early preview on April 7 and held back the public release pending guardrails, warning the model 'can automatically develop functional cyberattacks at a highly professional level.' Pricing and tier availability are not yet disclosed.

Check
If you use Claude Code or Claude Security, watch for the Mythos toggle to appear. Review your Claude Max/Pro/Team subscription tier and any organizational data-handling policies for AI-coding tools.
Affected
Any organization using Claude Code or Claude Security where users may surface critical-severity flaws in supplier or open-source code that have not yet been responsibly disclosed.
Fix
Define an internal disclosure policy for Mythos findings before enabling broadly. Coordinate with the Anthropic Cyber Verification Program. Pair Mythos usage with patch-cycle compression on internet-facing services.

Lazarus RemotePE memory-only RAT targets DeFi and crypto firms - DPAPILoader + RemotePELoader chain, Hell's Gate, ETW patching

NCC Group's Fox-IT has documented RemotePE, a previously private cross-platform RAT used by the North Korea-linked Lazarus Group against DeFi, financial, and cryptocurrency organizations. The chain starts with social engineering on Telegram (impersonating a trading-firm employee with fake Calendly and Picktime meeting links), then drops DPAPILoader (Iassvc.dll) which uses Windows DPAPI to decrypt RemotePELoader. That loader fetches RemotePE entirely in memory from aes-secure[.]net, evading EDR via Hell's Gate and ETW patching. RemotePE itself is a C++ RAT supporting six command categories. Fox-IT believes the toolset is reserved for high-value, long-dwell access leading to large-scale financial theft. Activity dates from mid-2023.

Check
Hunt for Iassvc.dll on Windows endpoints (especially DeFi-adjacent developer machines). Search EDR for outbound traffic to aes-secure[.]net. Review Telegram and Calendly social-engineering reports from your finance and crypto teams.
Affected
Financial-services, DeFi, and crypto firms - Lazarus' primary targets. Initial access via Telegram impersonation of trading-firm employees and fake Calendly / Picktime meeting links.
Fix
Block aes-secure[.]net at egress. Train finance and developer teams against Telegram-initiated meeting requests with crypto/trading themes. Deploy EDR rules detecting Hell's Gate syscall patterns and ETW patching.

TrapDoor cross-ecosystem supply chain hits npm, PyPI, Crates.io with 34+ malicious packages; plants .cursorrules and CLAUDE.md to trick AI assistants

Socket has detailed TrapDoor, a coordinated cross-ecosystem supply-chain campaign that has published 34+ malicious packages across 384+ versions on npm, PyPI, and Crates.io since May 22. Targets are crypto, DeFi, Solana, and AI developers. The npm packages deploy trap-core.js, which scans for credentials, validates AWS and GitHub tokens via API, and persists via cron, systemd, Git hooks, shell rcfiles, and SSH; Rust crates use build.rs to trigger; Python packages auto-execute on import to fetch JavaScript from ddjidd564.github[.]io. Notable twist: the campaign also plants .cursorrules and CLAUDE.md in PRs to popular AI repos to trick AI coding assistants into running 'security scans' that exfiltrate secrets.

Check
Search npm, pip, and cargo install logs across CI/CD and developer machines for any of the 34+ TrapDoor packages. Check repos for unsolicited .cursorrules or CLAUDE.md additions in PRs.
Affected
Crypto, DeFi, Solana, and AI developers who install packages by name without lockfile pinning. Users of AI coding assistants (Cursor, Claude) that read .cursorrules or CLAUDE.md.
Fix
Pin via lockfiles. Block ddjidd564.github[.]io at egress. Audit .cursorrules and CLAUDE.md across repos. Configure AI coding assistants to require explicit confirmation before running arbitrary commands from project files.

FBI Director Kash Patel's merchandise site (basedapparel.com) infected with WooCommerce ClickFix macOS infostealer; site taken offline

FBI Director Kash Patel's merchandise website basedapparel[.]com was taken offline on Friday after researchers documented a multi-stage WooCommerce compromise that stole payment data and targeted Mac users with a ClickFix attack. The site displayed a fake Cloudflare CAPTCHA prompting visitors to paste a command into their terminal; the macOS-specific shell command then downloaded a script-based infostealer that targets browsers, password vaults, and cryptocurrency wallets before compressing the data, exfiltrating to monterushy[.]com, and deleting itself. Researchers WifiRumHam and 'debbie' analyzed the live campaign on May 21-22; the site went offline on May 22. Similar infections seen across many compromised WooCommerce sites.

Check
Search outbound traffic for connections to monterushy[.]com and similar ClickFix C2 hosts since early May. Inventory WooCommerce sites your organization operates and confirm plugin integrity.
Affected
WooCommerce-powered e-commerce sites with vulnerable or unverified plugins. Mac users who visit compromised storefronts and are prompted to paste shell commands. Brand reputation risk for high-profile site owners.
Fix
Block monterushy[.]com at egress. Audit WooCommerce plugin authenticity via official channels. Train users (especially macOS) to never paste shell commands from a website. Apply EDR rules for ClickFix patterns.

Ghost CMS CVE-2026-26980 SQL injection exploited at scale - 700+ sites including Harvard, Oxford, DuckDuckGo serve ClickFix lures

Qianxin XLab has documented a large-scale ClickFix campaign exploiting CVE-2026-26980, an SQL injection in Ghost CMS that was disclosed and patched on February 19. The vulnerability lets unauthenticated attackers read arbitrary database content including admin API keys, which are then used to inject malicious JavaScript into articles. More than 700 domains are confirmed compromised, including Harvard, Oxford, and Auburn universities and DuckDuckGo. Victim browsers receive a fingerprinted iframe overlay impersonating a Cloudflare prompt that instructs users to paste a command into the Windows command prompt, dropping DLL loaders, JS droppers, or the UtilifySetup.exe Electron-based payload. Two distinct activity clusters compete for compromised sites.

Check
Inventory Ghost CMS sites by version. Search article HTML for unexpected inline JavaScript, iframe overlays, or fake Cloudflare prompts since February 19, 2026. Check admin-API audit logs for suspicious reads.
Affected
Ghost CMS versions 3.24.0 through 6.19.0 with the admin API exposed (default). More than 700 sites confirmed compromised, including major universities and tech companies.
Fix
Upgrade Ghost CMS to 6.19.1 or later. Rotate all admin API keys regardless of compromise status. Apply XLab IoCs and review articles for injected JavaScript. Train editors against ClickFix prompts.

Anthropic Project Glasswing reveals 1,094 confirmed high/critical flaws and WolfSSL CVE-2026-5194 (CVSS 9.1) in first month with Apple, AWS, Microsoft, Google partners

Anthropic has named the program behind its Claude Mythos Preview model 'Project Glasswing' and disclosed the first-month results. Working with AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks, the program flagged 6,202 high or critical vulnerability candidates across 1,000+ open-source projects; 1,726 were validated by human reviewers and 1,094 confirmed as genuine high or critical severity. A WolfSSL certificate-forgery flaw (CVE-2026-5194, CVSS 9.1) is the named-and-shamed example. 97 upstream patches and 88 security advisories have landed. Anthropic itself warns that finding flaws is far easier than fixing them.

Check
Audit your dependency manifest for WolfSSL across all projects and check the version (CVE-2026-5194 fix). Map your overall SBOM coverage of the 1,000+ open-source projects on Glasswing's scope.
Affected
Software relying on WolfSSL for certificate validation (IoT, network equipment, industrial systems). Broader: any defender whose patch SLAs are slower than AI-assisted vulnerability discovery rates.
Fix
Patch WolfSSL to the version fixing CVE-2026-5194. Compress patch SLAs on internet-facing services. Monitor Glasswing's public advisories for additional CVEs landing across the next 30-60 days.

Packagist supply-chain attack hits 8 Composer packages with cross-ecosystem package.json hook downloading Linux binary to /tmp/.sshd

Socket has detailed a coordinated supply-chain campaign that planted malicious code in eight Composer packages on Packagist, including moritz-sauer-13/silverstripe-cms-theme, crosiersource/crosierlib-base, devdojo/wave, devdojo/genesis, katanaui/katana, elitedevsquad/sidecar-laravel, r2luna/brain, and baskarcm/tzi-chat-ui. The attackers placed the payload not in composer.json but in package.json - meaning teams scanning only PHP dependencies would miss the Node.js lifecycle hook bundled inside. The postinstall script downloads a Linux binary from a GitHub Releases URL (github[.]com/parikhpreyash4/systemd-network-helper-aa5c751f), saves it as /tmp/.sshd, and runs it backgrounded with execute permissions. Socket found the same payload referenced in 777 GitHub files, including two GitHub Actions workflows - hinting at a broader campaign.

Check
Audit composer.lock and package.json across PHP projects for the 8 affected packages installed since 2026-05-20. Block egress to github[.]com/parikhpreyash4/* and check /tmp/.sshd presence on Linux build hosts.
Affected
Any project that installed moritz-sauer-13/silverstripe-cms-theme, crosiersource/crosierlib-base, devdojo/wave, devdojo/genesis, katanaui/katana, elitedevsquad/sidecar-laravel, r2luna/brain, or baskarcm/tzi-chat-ui via Composer. Hidden in package.json so PHP-only scanners miss it.
Fix
Roll affected packages back to clean versions; pin via composer.lock and package-lock.json. Rotate developer and CI credentials reachable from affected hosts. Scan PHP repos for package.json lifecycle hooks.