Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7

FBI warns Russian hackers now steal Signal backup recovery keys to hijack accounts

The FBI and CISA have updated an earlier warning about Russian intelligence targeting Signal accounts, noting the operators have added a step: tricking targets into handing over their Signal backup recovery key. With that key, an attacker can restore the account's backup, read its private and group message history, and take over the account, and the key keeps working afterward. The campaign uses social engineering against high-value targets such as government officials, military personnel, and journalists. It reflects a broader shift toward stealing the recovery and session secrets that sit behind multi-factor authentication rather than attacking the login directly.

Check
High-risk users should review who could have prompted them to share a Signal backup or recovery key, and check Signal for unexpected linked devices or signs their account history was restored elsewhere.
Affected
Signal users targeted by Russian intelligence, especially officials, military personnel, journalists, and activists; a stolen backup recovery key exposes full message history and grants lasting account takeover.
Fix
Never share your Signal backup or recovery key, store it offline, regenerate it if you suspect exposure, verify linked devices, and distrust anyone guiding you through backup steps.

DPRK macOS malware Gaslight plants fake errors to derail AI-assisted analysis

SentinelOne detailed Gaslight, a Rust-based macOS backdoor and information stealer tied with high confidence to North Korea, whose standout trick targets the analyst rather than the sandbox. The sample embeds a block of 38 fabricated "system" messages, formatted to mimic the prompt scaffolding of an AI triage assistant, that try to make an LLM-assisted analysis tool doubt its session and abort, truncate, or refuse the analysis. Beyond that, Gaslight steals browser data, Keychain secrets, and command history, using a Telegram bot for command and control and self-redacting its bot token from its own output. It is an early example of malware built to weaponize the AI tools now common in reverse engineering.

Check
If you use AI or LLM tools in malware triage, review whether sample contents are passed to the model as trusted input, and check macOS hosts for the Telegram-based persistence described.
Affected
macOS users targeted by this North Korea-linked stealer, and analysts whose AI-assisted triage pipelines can be manipulated when malicious sample text is fed to the model as if it were instructions.
Fix
Treat the contents of analyzed samples as adversarial input, never as instructions, and isolate hostile text from AI models. On endpoints, hunt for the published indicators and suspicious com.apple-style LaunchAgents.

Chrome ad blocker with 10 million installs hides dormant code-injection capability

Researchers at Island found that a popular Chrome extension, "Adblock for YouTube," with more than 10 million installs and a Featured badge, contains the machinery to run arbitrary JavaScript on any website the user visits. The extension works as advertised, but it can fetch a rule from its server that creates script elements with attacker-supplied content, giving access to page data, sessions, and forms. The capability is dormant, not absent: switching it on takes a single server-side change, with no extension update and no store review. The add-on changed ownership years ago, requests access to all sites, and is linked to other extensions previously pulled for malware.

Check
Inventory browser extensions across the organization, flag high-permission ones like ad blockers that request access to all sites, and identify extensions that fetch configuration or rules from external servers.
Affected
Anyone using the 'Adblock for YouTube' Chrome extension or similar high-install add-ons with all-site access and server-controlled logic; a single server change could turn them into code-injection tools.
Fix
Remove or restrict extensions whose permissions exceed their purpose, prefer those with self-contained rules over server-controlled ones, enforce an extension allowlist, and monitor for ownership and permission changes.

Bluekit phishing service adds browser-in-the-middle to steal logins and sessions

The Bluekit phishing-as-a-service platform has added a browser-in-the-middle technique that streams a real login page's contents to the victim over a WebSocket, capturing not just passwords but session cookies that let attackers bypass multi-factor authentication. Netcraft reports nearly 70 new Bluekit hostnames in the past week. The kit, which markets dozens of templates for services like Outlook, Gmail, GitHub, and crypto wallets and includes an AI assistant built on a safety-stripped open-weight model, layers on heavy evasion: randomized page styling to defeat screenshot detection, frequently rotating obfuscated code, custom CAPTCHAs, browser fingerprinting, and detection of proxies and security crawlers. Operators can watch victims in real time as they log in.

Check
Hunt for the Bluekit signals Netcraft lists, including randomized CSS filters on top-level elements, periodically rotated obfuscated JavaScript, and WebSocket traffic carrying encrypted data on login pages, across email and proxy logs.
Affected
Users of widely targeted services like Outlook, Gmail, GitHub, and crypto wallets; stolen session cookies let attackers replay authenticated sessions and bypass multi-factor authentication entirely.
Fix
Move to phishing-resistant, hardware-backed authentication like passkeys or FIDO2 keys, which resist session-theft phishing, shorten session lifetimes, monitor for anomalous session reuse, and train staff on login-page verification.

Scammers abuse Shopify's Shop app to plant fake receipts for callback phishing

Attackers are abusing Shop, the order-tracking app from Shopify, by getting fake purchase receipts to appear in users' order histories, then using them to lure victims into callback phishing. Because the bogus orders show up inside a legitimate, trusted app rather than in an easily spotted scam email, they look convincing. The fake receipts typically reference an unexpected charge and a phone number to call to dispute it; when the victim calls, the scammers pose as support staff and walk them into handing over sensitive information or account access. It is a twist on callback phishing that borrows credibility from a real shopping platform.

Check
Warn users that unexpected orders or receipts appearing in the Shop app may be fake, and that any phone number prompting them to call about a charge should be treated as suspicious.
Affected
Shop app users who see unfamiliar purchase receipts in their order history; the goal is to provoke a panicked phone call where scammers extract payment details, credentials, or remote access.
Fix
Verify charges only through official banking and merchant channels, never the phone number in an unexpected receipt, and report suspicious entries. Organizations should add callback phishing to security-awareness training.

Edgecution malicious Edge extension escapes the browser sandbox to plant a backdoor

Zscaler detailed Edgecution, a malicious Microsoft Edge extension used in ransomware-linked intrusions that abuses Chrome's native messaging feature, which normally lets extensions talk to desktop apps, to break out of the browser sandbox and run a Python backdoor on the host. The extension beacons to a command server and relays commands to the backdoor, giving attackers filesystem access and code execution, while running in a hidden headless browser to stay invisible. Attacks start with social engineering on Microsoft Teams, where the actor poses as IT support and directs employees to a fake "Outlook Updates" page. Researchers tie the activity to an access broker linked to the Payouts King ransomware operation.

Check
Review which browser extensions are installed across the organization and audit native messaging host registrations, and treat unsolicited Microsoft Teams messages from supposed IT support directing software installs as suspicious.
Affected
Organizations whose employees can install browser extensions and be reached by external Microsoft Teams messages; the technique escapes the browser sandbox to give attackers host-level access for ransomware staging.
Fix
Restrict browser extension installation through policy, control native messaging host configurations, lock down external Teams contact, and train staff to reject IT-support prompts pushing browser or software updates.

Stealthy Mistic backdoor gives ransomware access broker KongTuke lasting footholds

Symantec and Zscaler detailed Mistic, a stealthy new Windows backdoor used in intrusions since April and tied to KongTuke, an initial access broker that sells footholds to ransomware crews including Qilin, Akira, and Rhysida. Mistic is side-loaded through a legitimate Microsoft executable and a malicious DLL named to mimic endpoint-security software, runs payloads only in memory with nothing written to disk, and includes a self-delete kill switch, all aimed at long-term, low-visibility access. It is delivered through social-engineering lures such as fake CAPTCHAs and Microsoft Teams help-desk pretexts that trick users into running PowerShell commands. Defenders should watch for the unusual DLL side-loading pattern.

Check
Hunt for the legitimate MpExtMs.exe process side-loading unexpected DLLs, in-memory-only payloads, and signs of paste-and-run PowerShell delivered through fake CAPTCHAs or Microsoft Teams help-desk messages.
Affected
Enterprises across insurance, education, IT, and professional services targeted by KongTuke; a quiet, in-memory backdoor establishes durable access that is later sold to ransomware affiliates for deployment.
Fix
Train users against paste-and-run and fake IT-support lures, restrict PowerShell and script execution, deploy behavioral detection for DLL side-loading and in-memory backdoors, and apply the published indicators of compromise.

macOS ClickFix attack uses Terminal trick to silently install Atomic Stealer

Palo Alto's Unit 42 found a new macOS campaign that uses the ClickFix trick, a fake CAPTCHA or verification page, to get users to paste a command into Terminal. The command quietly downloads a disk image, mounts it without showing it in Finder, finds the app inside, and launches it, installing the Atomic macOS Stealer (AMOS). The malware then shows a fake system password prompt and steals browser credentials and cookies from many Chromium and Firefox-based browsers, cryptocurrency wallet data, Keychain contents, messaging app data, and documents. The single-command approach is stealthier than older campaigns that relied on the victim manually opening a downloaded image.

Check
Warn Mac users never to paste website-supplied commands into Terminal to pass a CAPTCHA, and watch endpoints for unexpected hdiutil mounts and curl downloads to the /tmp folder.
Affected
macOS users tricked by fake CAPTCHA or verification pages into running a Terminal command; crypto-wallet holders and anyone with browser-stored credentials and Keychain secrets are the main targets.
Fix
Train users to recognize ClickFix lures, restrict or monitor Terminal use on managed Macs, deploy endpoint protection that detects AMOS behavior, and store crypto wallets and secrets in hardware-backed protection.

Fake AI agent skill slips past every scanner to reach 26,000 agents

Security firm AIR showed how easily AI agent skills can be weaponized by building a benign-looking design skill, publishing it to marketplaces, and promoting it with an Instagram ad until it reached roughly 26,000 agents, including some on corporate accounts. Every skill-scanning tool they tested, including offerings from Cisco and Nvidia, marked it safe. The trick is that the skill itself stays clean but tells the agent to fetch instructions from an external page the attacker controls, which passes review while pointing at harmless content and can be swapped for a malicious install script later. Skills load into an agent with the same authority as a user's prompt.

Check
Inventory which AI agent skills your team has installed, especially any that instruct agents to fetch instructions or scripts from external URLs, and review what local access those agents have.
Affected
Teams using AI agents that install third-party skills, particularly skills that pull instructions from external sites; a one-time safety scan cannot catch content that changes after review.
Fix
Restrict agents to vetted skills from trusted sources, distrust skills that fetch external instructions, monitor agent access to privileged local resources, and never rely on a single scan to judge safety.

Malicious npm packages mimic PostCSS tools to plant Windows remote-access trojan

JFrog found malicious npm packages that impersonate PostCSS build tools to drop a multi-stage Windows remote-access trojan on developer machines. One package, postcss-minify-selector-parser, is named to look like the widely used postcss-selector-parser library, which sees over 127 million weekly downloads, and even lists the real package as a dependency to seem plausible during a quick review. Once installed, it writes and runs a PowerShell script that pulls down the trojan. A second cluster of five packages delivers a dropper during npm install, with one server-side component that only serves the payload to victims matching a specific signature. Affected developers should remove the packages and rotate credentials.

Check
Check developer machines and build systems for the named malicious npm packages and any unexpected PowerShell activity or dropped executables that started during a recent npm install.
Affected
Developers who installed the lookalike PostCSS packages or the related five-package cluster; the payload is a Windows remote-access trojan that runs at install time on developer and build machines.
Fix
Remove the malicious packages and their artifacts, rotate credentials from affected machines, pin and verify dependencies, block install-time scripts in CI, and watch for typosquatted names close to popular libraries.