Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7

WhatsApp malware spreads fake invoices that install remote-access admin tools

Kaspersky is tracking an active campaign that spreads through WhatsApp by hijacking real accounts and sending their contacts a script file disguised as a business or financial document, with no accompanying message. If a Windows user opens it, the script disables User Account Control protections and silently installs ManageEngine Endpoint Central, a legitimate IT remote-management tool, configured to connect to attacker servers and hand them remote control of the machine. Using trusted contacts and signed, legitimate software helps the attack slip past suspicion and many security tools. The campaign spans several countries, with most confirmed victims in Malaysia, and how the WhatsApp accounts are compromised is still unknown.

Check
Warn staff to treat unexpected document or invoice files sent over WhatsApp as suspect, even from known contacts, and watch for remote-management tools installed outside approved IT processes.
Affected
Windows users who receive and open script files sent through compromised WhatsApp contacts; the campaign is global, with most confirmed victims in Malaysia, and abuses legitimate remote-management software for access.
Fix
Verify unexpected files through a separate channel before opening, block script attachments, allowlist approved remote-management software and alert on unauthorized installs, and keep User Account Control enabled with endpoint protection active.

OXLOADER malvertising poses as Node.js installer to drop an infostealer

Elastic Security Labs detailed OXLOADER, a previously undocumented Windows loader that reaches victims through malicious Google Ads impersonating the Node.js download page and other developer tools. A developer searching for Node.js clicks a sponsored result, lands on a convincing fake site, and runs a script that quietly installs the loader, which then deploys an in-memory infostealer called CastleStealer to harvest credentials and other data. OXLOADER is heavily obfuscated, runs several anti-analysis checks, and skips machines set to Russian or in Russian-aligned regions, pointing to a financially motivated Russian-speaking operator. Google removed the advertiser account, but the technique of buying ads against developer searches remains widespread.

Check
Remind developers and staff not to install tools from sponsored search ads, and check endpoints for unexpected installs that began with a downloaded Node.js or developer-tool installer from a non-official site.
Affected
Developers and technical users who search for tools like Node.js and click sponsored ads leading to fake download sites; the payload is an infostealer that harvests credentials and sensitive data.
Fix
Download developer tools only from official project sites or package managers, use ad-blocking or DNS filtering to cut malvertising, and deploy endpoint detection that flags in-memory loaders and credential-stealing behavior.

AryStinger botnet hijacks thousands of outdated D-Link routers as proxies

Researchers at XLab have documented a previously unknown botnet called AryStinger that has taken over more than 4,000 outdated routers, mostly D-Link DIR-850L and DIR-818LW models, and turned them into proxies for malicious traffic. It spreads by exploiting old, unpatched vulnerabilities and can scan networks, tunnel and proxy traffic, run commands, and tamper with DNS settings to hijack users' browsing. A more advanced Go-based variant targets NAS devices and adds internal network reconnaissance using open-source pentest tools. Infections cluster in South Korea and China but reach Sweden and Southeast Asia too. The compromised devices are end-of-life and will not receive fixes.

Check
Identify end-of-life D-Link routers and internet-exposed NAS devices on your networks, check for unexpected DNS settings, outbound proxy or tunneling traffic, and signs of remote command execution or scanning.
Affected
Outdated, end-of-life D-Link routers (notably DIR-850L and DIR-818LW) and exposed NAS devices running unpatched firmware; tampered DNS can silently hijack browsing for every device behind the router.
Fix
Replace end-of-life routers with supported models, update firmware on NAS devices, change default credentials, disable remote management and internet-exposed admin interfaces, and reset DNS settings to trusted resolvers.

New Prinz Eugen ransomware breaches organizations via stolen RDP credentials

Researchers at ThreatDown have detailed a new ransomware operation called Prinz Eugen that breaks from convention in two ways: it prioritizes recently modified files for encryption, hitting the data victims most likely still need, and it leaves no ransom note on the system. The operators break in manually using stolen RDP credentials, deploy remote management tools, steal data for double extortion, and encrypt with a modern cipher combination. At least five victims have been identified, including South Africa's Standard Bank, where the attacker demanded one bitcoin and was refused. The lack of a ransom note can delay detection and complicate incident response.

Check
Review internet-exposed RDP and remote-access services for weak or reused credentials and missing MFA, and check for unauthorized remote management tools and unexpected encryption of recently modified files.
Affected
Organizations exposing RDP or remote access with weak authentication; Prinz Eugen has hit at least five victims so far, including financial institutions, entering through stolen RDP credentials and hands-on intrusion.
Fix
Require phishing-resistant MFA on all remote access, restrict and monitor RDP, control remote management tools through allowlisting, segment networks, and keep tested offline backups to recover without paying.

AutoJack turns AI browsing agents into a path to host code execution

Microsoft researchers detailed AutoJack, an attack that turns an AI browsing agent into a route for running code on the user's machine. If the agent is steered to open an attacker's web page, that page's JavaScript can reach a privileged local service on the same host and spawn a process, with no credentials and no further interaction once the page loads. A planted link, poisoned URL field, or prompt injection is enough to trigger it. The demonstrated flaw sits in AutoGen Studio, the prototyping interface for Microsoft's AutoGen agent framework. The lesson: once an agent browses the open web and can reach local services, localhost is no longer a trust boundary.

Check
Inventory AI agents and assistants that can both browse the web and reach local services, and check whether any expose privileged localhost endpoints, such as AutoGen Studio, without authentication.
Affected
Developers and teams running web-browsing AI agents that can reach unauthenticated local services on the same host; the public demonstration targets Microsoft's AutoGen Studio prototyping interface.
Fix
Authenticate local control-plane services rather than trusting localhost, keep agent process execution behind an allowlist, give agents their own least-privilege identity, and isolate agent runtimes from sensitive hosts and developer sessions.

Stolen Klue OAuth tokens let 'Icarus' group raid Salesforce data

A new extortion group called Icarus stole Salesforce CRM data from multiple organizations by abusing Klue, a competitive-intelligence app that integrates with Salesforce. Attackers compromised Klue's backend through a dormant credential, pushed a malicious update that harvested customers' OAuth tokens, and used those tokens to run automated queries against Salesforce's API, exfiltrating contacts, sales communications, and account data over about a day. Salesforce has disabled the Klue Battlecards integration. It is the same OAuth-abuse playbook seen in the Salesloft Drift and Gainsight incidents, exploiting trusted third-party integrations that carry broad, lightly-monitored access. Researchers expect more such attacks through 2026.

Check
Inventory third-party apps connected to your Salesforce and other SaaS, especially Klue, review their OAuth scopes, and hunt API logs for unusual query volume or access from unexpected integrations.
Affected
Organizations using Klue's Salesforce integration, and more broadly any business relying on third-party SaaS integrations whose OAuth tokens grant broad, under-monitored access to CRM and other sensitive data.
Fix
Revoke and rotate OAuth tokens for Klue and other affected integrations, terminate active sessions, restrict integration and API access to known infrastructure, and continuously monitor SaaS integration activity for anomalies.

Microsoft warns of USB worm that hijacks crypto wallets over Tor

Microsoft has detailed a cryptocurrency-stealing campaign, active since February, that spreads through USB drives and hides its command channel inside the Tor network. Infection starts when someone opens a malicious Windows shortcut on a USB stick; the malware then hides real documents and replaces them with lookalike shortcuts, copies itself to other drives, and sets scheduled tasks for persistence. Its clipper component watches the clipboard about twice a second, swapping copied wallet addresses for the attacker's and grabbing seed phrases and private keys, which it sends out over a bundled Tor client. It can also run attacker-supplied code, doubling as a lightweight backdoor.

Check
Watch endpoints for script interpreters spawning unexpected child processes, local Tor proxy use on port 9050, clipboard monitoring, and shortcut files replacing documents on USB drives.
Affected
Windows users, especially cryptocurrency holders, who plug in untrusted USB drives or open shortcut files from them; the malware also spreads worm-like to any removable drive connected afterward.
Fix
Block or tightly control USB removable media, disable autorun, verify wallet addresses after pasting, and use endpoint protection that flags Tor-proxy abuse, clipboard hijacking, and suspicious shortcut-driven script execution.

Hacked WordPress plugin updates push credential-stealing backdoor to paying sites

Attackers compromised the build pipeline of ShapedPlugin, a WordPress plugin maker, and slipped malware into legitimate updates delivered to paying customers through the vendor's own update system. The tainted releases install a fake plugin that impersonates WooCommerce components, steals site credentials, and gives attackers the ability to write files remotely. Three paid plugins are affected: Product Slider Pro for WooCommerce, Real Testimonials Pro, and Smart Post Show Pro. The backdoor was injected into Pro builds on May 21, with the first customer reports on June 10. Versions on WordPress.org stayed clean, pointing to a compromise of the vendor's release infrastructure rather than the plugins themselves.

Check
Check whether your WordPress sites run ShapedPlugin's Product Slider Pro, Real Testimonials Pro, or Smart Post Show Pro, and look for unfamiliar plugins impersonating WooCommerce components and new admin or file-write activity.
Affected
WordPress sites that updated the paid plugins Product Slider Pro (before 3.5.4), Real Testimonials Pro 3.2.5, or Smart Post Show Pro (before 4.0.2) between May 21 and the fix (tracked as CVE-2026-10735).
Fix
Update the affected ShapedPlugin products to fixed versions, remove any rogue WooCommerce-impersonating plugin, rotate all site and admin credentials, and scan the site for web shells and unauthorized file changes.

FortiBleed leak exposes VPN credentials for nearly 74,000 Fortinet firewalls

A newly surfaced dataset dubbed FortiBleed exposes what appear to be Fortinet and FortiGate VPN credentials tied to 73,932 firewall URLs at organizations around the world. Separately, researchers at SOCRadar report roughly 30,000 compromised Fortinet firewalls exposing networks to attack. Exposed VPN credentials are a direct route into corporate networks, letting attackers log in as legitimate users, bypass perimeter defenses, and stage ransomware or data theft. Fortinet gear is a perennial target, with many of these exposures stemming from past unpatched flaws and credential harvesting. Organizations cannot assume old Fortinet credentials are safe just because devices were later patched.

Check
Check whether your Fortinet or FortiGate VPN appliances appear in the exposed dataset, review VPN authentication logs for logins from unfamiliar locations, and confirm whether previously exposed devices were fully remediated.
Affected
Organizations running internet-facing Fortinet and FortiGate VPNs whose credentials appear among the 73,932 exposed firewall URLs; reused or never-rotated VPN passwords are most at risk.
Fix
Force-reset all Fortinet VPN credentials, enable phishing-resistant MFA on VPN access, restrict management interfaces, and fully patch or replace appliances, treating any potentially exposed device as compromised until verified.

Malicious JetBrains plugins steal developers' AI API keys on entry

Aikido Security uncovered a coordinated campaign of at least 15 malicious plugins on the JetBrains Marketplace that pose as AI coding assistants but secretly steal the AI provider API keys developers enter. The plugins offer real features like chat, code review, and commit messages, so they work as advertised, but the moment a user pastes in an OpenAI, DeepSeek, or SiliconFlow key and clicks Apply, the key is silently sent to an attacker server over plain HTTP, with no prompt. The campaign has run since late October 2025, with new plugins as recent as June 10, and uses inflated downloads and fake reviews. Separately, malicious Chrome extensions were found capturing chatbot conversations.

Check
Review which JetBrains IDE plugins and browser extensions developers have installed, especially AI-assistant tools, and check whether any AI provider API keys were entered into third-party plugins rather than official integrations.
Affected
Developers who installed the malicious JetBrains AI-assistant plugins and entered OpenAI, DeepSeek, or SiliconFlow API keys; users of malicious Chrome extensions that harvest chatbot conversations are also exposed.
Fix
Remove untrusted AI plugins and extensions, rotate any AI provider API keys that were entered into them, restrict key permissions and spend limits, and source AI tooling only from vetted, official publishers.