Last updated: July 6, 2026 at 12:53 AM UTC
All 559 Vulnerability 199 Breach 107 Threat 246 Defense 7

REMUS infostealer profiled - 64-bit Lumma successor with EtherHiding C2 and Chromium ABE bypass

Flare published a deep profile of REMUS, the 64-bit infostealer that emerged in early 2026 after Lumma Stealer's core operators were doxxed in late 2025. Gen Threat Labs links REMUS directly to Lumma's codebase through 'Tenzor' transitional builds from September 2025, identical string obfuscation, anti-VM checks via cpuid leaf 0x40000000, and a refined Application-Bound Encryption bypass for Chromium browsers. The malware harvests browser passwords, cookies, autofill, crypto wallets, and clipboard data, and uses EtherHiding (blockchain-based C2 resolution) for resilience. Flare's 128-post analysis of REMUS forum activity from Feb 12 to May 8 shows the operation has moved from rapid feature expansion into platform stabilization, with active customer-facing MaaS development.

Check
Hunt for processes reading Chromium browser process memory to extract master keys, look for outbound traffic resolving C2 through Ethereum or other blockchain RPC endpoints (EtherHiding), and review browser cookie store access patterns.
Affected
Enterprises with users running Chromium-based browsers (Chrome, Edge, Brave) and saved passwords or session cookies. Crypto-holding individuals and finance, accounting, and developer roles with broad SaaS account access face elevated session-theft risk.
Fix
Roll out Application-Bound Encryption hardening on managed Chromium browsers, enforce conditional access with continuous access evaluation to invalidate stolen sessions, block known REMUS C2 indicators, and replace browser-stored passwords with an enterprise password manager.

TeamPCP Shai-Hulud aftermath: OpenAI rotates macOS code-signing certificates after employee devices breached, TeamPCP advertises 450 Mistral AI source repositories for $25K

Two days after the Mini Shai-Hulud worm tore through TanStack and Mistral AI packages, the named-victim count grew sharply. OpenAI confirmed that two employee devices were compromised through the TanStack supply-chain chain and that a limited subset of internal source code repositories had credential material exfiltrated; the company is rotating its macOS code-signing certificates and tells Mac users they must update ChatGPT Desktop, Codex, and Atlas apps by June 12, 2026, or the apps will stop launching. TeamPCP separately listed 450 Mistral AI private repositories on a criminal forum for 25,000 dollars. Mistral confirmed a codebase management system was temporarily compromised on May 12 but says hosted services and user data were not impacted.

Check
Audit which developer workstations had any TanStack, Mistral AI, UiPath, OpenSearch, or Guardrails AI npm or PyPI packages installed since May 8, and review GitHub audit logs for token use from those machines.
Affected
Mac users of OpenAI ChatGPT Desktop, OpenAI Codex CLI, and Atlas browser apps - signed with the rotated certificates and must update before June 12, 2026. Customers of Mistral AI relying on private repos for SDK pinning.
Fix
Update affected OpenAI macOS apps before June 12. Rotate GitHub PATs, npm and PyPI tokens, cloud secrets, and SSH keys exposed on impacted developer machines. Pin Mistral and TanStack packages to known-clean releases.

Belarus-aligned FrostyNeighbor (Ghostwriter) running a new geofenced PDF phishing campaign against Ukrainian government - Ukrainian IPs get malware, everyone else gets a clean PDF

ESET researchers documented a new wave of activity from FrostyNeighbor (a.k.a. Ghostwriter, UNC1151, UAC-0057), the Belarus-aligned group that has been targeting Ukraine, Poland, and Lithuania since 2016. Since March 2026, the group has been sending spear-phishing PDFs impersonating Ukrainian telecom operator Ukrtelecom. The lure server checks the visitor's IP: Ukrainian addresses get a malicious RAR archive that drops a JavaScript version of PicassoLoader, which in turn pulls down a Cobalt Strike Beacon, while everyone else just sees a clean decoy PDF. Operators appear to manually approve which fingerprinted victims actually get the implant.

Check
Hunt email gateways and proxies for spear-phishing PDFs impersonating Ukrtelecom, search endpoint telemetry for JavaScript children of wscript.exe or cscript.exe running PicassoLoader behavior, and review outbound C2 callbacks from defense-sector users.
Affected
Ukrainian government, military, and defense organizations. Polish and Lithuanian industrial manufacturing, healthcare and pharma, logistics, and government bodies. Risk is highest for any organization with Eastern European operations.
Fix
Block known FrostyNeighbor domains and IPs from ESET's report at the network edge, deploy detections for JavaScript-stage PicassoLoader and Cobalt Strike, restrict execution of downloaded scripts via AppLocker, and brief Eastern European staff on the Ukrtelecom lure.

Iran-linked MuddyWater (Seedworm) spent a week inside a major South Korean electronics maker - DLL sideloading off Fortemedia audio and SentinelOne binaries, ChromElevator credential theft

Symantec's Threat Hunter Team detailed a global cyber-espionage campaign by MuddyWater (a.k.a. Seedworm, Static Kitten, Temp Zagros), an APT linked to Iran's Ministry of Intelligence and Security. The group hit at least nine organizations on four continents in Q1 2026 - including a major unnamed South Korean electronics manufacturer where attackers maintained access from February 20 to 27. They abused signed legitimate binaries fmapp.exe (a Fortemedia audio utility) and sentinelmemoryscanner.exe (a SentinelOne component) to sideload malicious DLLs called fmapp.dll and sentinelagentcore.dll, both carrying the ChromElevator post-exploitation tool that lifts data from Chrome-based browsers. Stolen files were staged through public file-transfer service sendit[.]sh to blend in.

Check
Hunt endpoints for fmapp.exe or sentinelmemoryscanner.exe loading non-standard DLLs, search proxy and DNS logs for connections to sendit[.]sh from non-IT users, and review Chrome profile access patterns from sideloaded DLL contexts.
Affected
High-tech manufacturing, electronics, industrial firms, financial services, and government agencies with intellectual-property or downstream-customer value to Iran. Operations in Asia and the Middle East are most exposed, but victims span four continents.
Fix
Add detection rules for fmapp.dll and sentinelagentcore.dll in unexpected paths, block sendit[.]sh outbound where it has no business need, watch for unusual Node.js process trees spawning cmd.exe, and review LSASS access events around the 90-second beaconing window.

Initial access broker KongTuke pivots from web lures to Microsoft Teams - impersonates IT help desk, drops ModeloRAT in five minutes

ReliaQuest researchers say initial access broker KongTuke has shifted from web-based ClickFix and FileFix lures to Microsoft Teams social engineering, taking as little as five minutes to gain persistent access. The attacker reaches employees from one of five rotating Microsoft 365 tenants, uses Unicode whitespace tricks to make the display name look like internal IT help desk, then talks the victim through pasting a PowerShell command. That command downloads a ZIP from Dropbox containing a portable WinPython runtime and a Python-based RAT called ModeloRAT. The new ModeloRAT variant adds a five-server C2 pool with automatic failover, self-update, and randomized URL paths, and several major EDR products did not detect it.

Check
Search Microsoft 365 audit logs for inbound external Teams chats from new or low-trust tenants, hunt endpoint telemetry for pythonw.exe running from %APPDATA%\WPy64-31401 (or similar WinPython paths), and review PowerShell logs for clipboard-paste-driven commands.
Affected
Any enterprise that accepts inbound Microsoft Teams chats and calls from external tenants, especially help-desk-themed approaches. Initial access broker activity is typically resold to ransomware operators within days of compromise.
Fix
Restrict external Teams chat to allowlisted partners, enforce verified caller display in Teams admin, train staff that real IT never asks for a PowerShell paste, and add EDR rules for portable Python interpreters spawning from %APPDATA%.

China-linked FamousSparrow spent three months breaking back into an Azerbaijani oil and gas company through the same Microsoft Exchange flaw - first known China APT hit on South Caucasus energy

Bitdefender researchers documented a China-linked espionage group called FamousSparrow repeatedly compromising an Azerbaijani oil and gas company between late December 2025 and late February 2026. Each time the victim cleaned up, the attackers came back through the same unpatched Microsoft Exchange Server and dropped a new backdoor - first Deed RAT (a ShadowPad relative used by several Chinese groups), then TernDoor. The group overlaps with the Earth Estries cluster, which itself overlaps with Salt Typhoon. This is the first time FamousSparrow has been seen targeting South Caucasus energy infrastructure, a region whose role in supplying gas to Europe grew sharply after Russia's Ukraine transit deal expired.

Check
Audit Microsoft Exchange Server patch status across the estate, hunt for DLL sideloading patterns where signed executables load suspicious libraries, and search proxy and DNS logs for connections to sentinelonepro[.]com.
Affected
Internet-exposed Microsoft Exchange Server instances. Energy sector organizations operating in or partnering with Azerbaijan, Armenia, and Georgia, plus their European downstream gas customers.
Fix
Patch Exchange to the current security update and confirm ProxyNotShell-class fixes are applied. Rotate credentials exposed during prior intrusions, hunt for Deed RAT and TernDoor IoCs from Bitdefender's report, and block sentinelonepro[.]com.

GemStuffer campaign turned RubyGems into a clandestine data drop - 150+ malicious gems hid scraped UK council portal pages inside Ruby packages

Socket researchers found more than 150 RubyGems packages doing something the registry was never built to do: smuggling scraped data out of UK council websites. The malicious gems fetch pages from Lambeth, Wandsworth, and Southwark's public meeting portals, bundle the responses into a normal-looking .gem archive, and push it back to RubyGems using a hardcoded API key. The attacker then downloads the data as a public gem version. Whether GemStuffer is registry spam, a worm being tested, or a deliberate trial of package-registry abuse, the mechanics are intentional - and it landed the same week RubyGems froze new account signups over a separate flood of malicious packages.

Check
Search dependency manifests and gem caches for gems published from newly registered RubyGems accounts in May 2026 with junk names, and review outbound traffic from CI runners for connections to council .gov.uk subdomains.
Affected
Any developer workstation, CI agent, or container image that allows arbitrary outbound gem installs from rubygems.org. UK local government portals (Lambeth, Wandsworth, Southwark) had public pages scraped through this channel.
Fix
Restrict gem installs to internal mirrors with allowlists, block outbound HTTP to council .gov.uk domains from build agents, and use Socket's published GemStuffer indicators to block known malicious gems.

Backend of 'The Gentlemen' ransomware operation leaked - 9 named operators, ransom chat transcripts, and chain-victimization tactics now public

The Gentlemen, the second most prolific public ransomware operation of 2026 with over 320 listed victims, has had its own internal database leaked. Check Point Research and others obtained the data after a breach of the group's hosting provider 4VPS exposed their Rocket backend. The leak unmasks roughly 9 named operators centered on an administrator known as zeta88 (aka hastalamuerte), who built the RaaS panel in three days using DeepSeek and Qwen AI coding assistants, runs payouts, and joins encryption events personally. Internal chats also confirm chain-victimization: in April the group hit a UK software consultancy and then weaponized stolen client credentials to compromise one of the consultancy's customers in Turkey.

Check
Pull historical access logs for Fortinet and Cisco edge appliances and check for credentials matching infostealer log dumps, then hunt for NTLM relay activity consistent with CVE-2025-33073 in Windows event logs.
Affected
Organizations exposed to The Gentlemen include any running FortiGate or Cisco edge gear with CVE-2024-55591, CVE-2025-32433, or CVE-2025-33073 unpatched, and downstream clients of compromised IT service providers.
Fix
Patch CVE-2024-55591, CVE-2025-32433, and CVE-2025-33073. Enforce MFA on every edge-management interface, rotate credentials that appear in infostealer logs, and load Check Point's 'Thus Spoke The Gentlemen' IoCs into your EDR and firewall blocklists.

TeamPCP supply-chain worm 'Mini Shai-Hulud' hits TanStack, Mistral AI, UiPath, OpenSearch, and Guardrails AI - 170 packages, 401 malicious versions, 518 million weekly downloads (CVE-2026-45321)

TeamPCP launched its largest supply-chain attack to date on May 11, compromising 170+ npm and PyPI packages with 518 million combined weekly downloads. The attackers chained three GitHub Actions vulnerabilities to publish 401 malicious versions carrying valid SLSA Build Level 3 attestations - cryptographically indistinguishable from legitimate releases. Affected packages include TanStack, Mistral AI (npm and PyPI), UiPath, OpenSearch, and Guardrails AI. The worm installs a persistent gh-token-monitor daemon that triggers 'rm -rf ~/' if tokens get revoked, and includes a probabilistic full-disk-wipe routine for Israeli and Iranian locales.

Check
Audit lockfiles for @tanstack/* (84 affected versions), @uipath/* (66 versions), @mistralai/*, opensearch-project/opensearch 3.5.3-3.8.0, guardrails-ai 0.10.1, mistralai 2.4.6.
Affected
Any Node.js or Python environment that installed compromised packages between May 11 and registry takedown. CI/CD pipelines, developer workstations, AI/ML environments. Crypto wallets and password managers (1Password, Bitwarden) are primary exfil targets.
Fix
Remove gh-token-monitor daemon BEFORE revoking tokens (~/Library/LaunchAgents macOS, ~/.config/systemd/user/ Linux) - removal first prevents triggering the wipe. Pin lockfiles to clean versions. Rotate all npm tokens, GitHub PATs, cloud credentials, and crypto wallet seeds.

Checkmarx Jenkins AST plugin backdoored by TeamPCP - third Checkmarx supply chain hit since late March

TeamPCP, the group behind the March Trivy breach and Shai-Hulud npm worm, used credentials stolen in that March attack to publish a backdoored version of Checkmarx's Jenkins AST plugin to the Jenkins Marketplace. This is the third Checkmarx supply-chain hit since late March. The rogue version 2026.5.09 went up on May 9, outside Checkmarx's normal release process - no git tag, no GitHub release. Checkmarx says its GitHub repos are isolated from customer production and no customer data is stored there, but anyone who installed the bad plugin should assume their CI credentials are compromised, rotate them all, and hunt for lateral movement.

Check
Check whether your Jenkins instances have the Checkmarx AST plugin installed. If yes, verify the running version - anything dated 2026.5.09 in the version string is the malicious build.
Affected
Any Jenkins instance running the rogue Checkmarx Jenkins AST plugin version 2026.5.09, which was published to the Jenkins Marketplace on May 9, 2026, between then and Checkmarx's takedown. The plugin was outside Checkmarx's normal release pipeline and lacked both a git tag and a GitHub release.
Fix
Roll back to version 2.0.13-829.vc72453fa_1c16 published December 17, 2025, or any earlier officially-tagged build. Rotate every credential the Jenkins host had access to, including cloud API keys, source-repo tokens, deployment keys, and signing certificates. Hunt for lateral movement from the Jenkins host. Pull Checkmarx's published IoC list from their Support Portal and run it across your environment.