Last updated: July 6, 2026 at 12:53 AM UTC
All 559 Vulnerability 199 Breach 107 Threat 246 Defense 7

China-linked OP-512 hits Microsoft IIS servers with stealthy custom web shells

ReliaQuest has documented OP-512, a China-linked espionage cluster targeting Microsoft IIS web servers with a bespoke web-shell framework - the fourth such group after CL-STA-0048, DragonRank, and GhostRedirector to single out IIS in the past year. The framework uses three web shells that grant remote access while evading signature detection and complicating forensics: each deployment is uniquely generated, access is cryptographically restricted to the attacker, and compromised servers auto-report to centralized management. To hide, the web shells timestomp - scanning surrounding files, computing the median last-modified time, and overwriting their own timestamps to match. ReliaQuest notes close tactical proximity to CL-STA-0048, suggesting a revamped toolset or shared development.

Check
Hunt IIS servers for unfamiliar web shells, cryptographically-gated access, and timestomped files whose timestamps match the median of surrounding files. Apply ReliaQuest IoCs. Review IIS request logs for anomalous POSTs.
Affected
Internet-facing Microsoft IIS web servers, particularly at organizations aligned with China-linked intelligence priorities. OP-512's uniquely-generated, crypto-gated web shells evade signature detection and timestomp to hide.
Fix
Patch and harden IIS, restrict write access to web roots, and deploy file-integrity monitoring that flags timestomping. Hunt for the three-shell framework and centralized callback traffic per ReliaQuest.

Polyfill.io resurfaces, injecting fake login prompts on Toshiba and Muji sites

Toshiba and Muji have warned website visitors that suspicious sign-in screens appearing on their sites could harvest credentials, advising anyone who entered login data to change their passwords. The pop-ups were generated by the external polyfill[.]io service, which injected malicious code via its CDN after the domain was bought by a Chinese entity in 2024 - an incident that affected more than 100,000 websites. Japanese outlets report Zojirushi, FiNC Technologies, Ishiyaku Publishers, and Hobonichi were also hit, and a researcher observed Samsung Smart TVs and sites showing the prompt on June 1. Polyfill is a JavaScript compatibility CDN for legacy browsers; affected sites should remove all polyfill[.]io references immediately.

Check
Grep your web properties and third-party tags for any references to polyfill[.]io (scripts, CDN links, GTM containers). Check Samsung/IoT and legacy-browser-support code paths. Review recent customer credential-reset reports.
Affected
Any website still loading scripts from polyfill[.]io - the CDN compromised in 2024 and now serving credential-harvesting login prompts. Toshiba, Muji, Samsung Smart TVs, and several Japanese brands were hit.
Fix
Remove all polyfill[.]io references immediately and replace with a trusted fork (e.g. Cloudflare or Fastly mirrors). Force-reset credentials for any users who may have entered them into injected prompts.

IronWorm Rust npm worm hits 36 packages, steals Anthropic/OpenAI/AWS credentials via eBPF rootkit and Tor; GitHub Actions used for exfil

JFrog has documented IronWorm, a new npm supply-chain worm that has infected 36 packages with an infostealer targeting 86 environment variables and 20 credential files - including OpenAI, AWS, Anthropic, and npm credentials, Vault configs, SSH keys, and Exodus wallet files. Written in Rust, it hides behind an eBPF kernel rootkit and communicates over Tor. It self-propagates using stolen npm Trusted Publishing secrets to trojanize the victim's own packages. JFrog found the same commit names as Shai-Hulud (commit author 'claude,' timestamps faked up to 13 years old) and suspects an evolution of TeamPCP's payload. Notably, it exfiltrates secrets by uploading them as innocuous-looking GitHub Actions build artifacts, avoiding external C2.

Check
Audit npm dependencies and CI for the 36 IronWorm-affected packages and preinstall scripts dropping Rust ELF binaries. Search build artifacts for disguised secret files. Rotate npm, AWS, OpenAI, Anthropic credentials.
Affected
Developers and CI systems that installed IronWorm-trojanized npm packages. It steals OpenAI/AWS/Anthropic/npm credentials, Vault configs, SSH keys, and wallets, then self-propagates via stolen Trusted Publishing secrets.
Fix
Remove affected packages, pin via lockfile, and rotate every credential reachable from affected hosts. Hunt for eBPF rootkit artifacts and Tor traffic. Review GitHub Actions build artifacts for exfiltrated secrets.

PCPJack hijacks 230 AWS, Google Cloud, and Azure servers into covert SMTP relay network using Sliver and Chisel, removes TeamPCP

SentinelOne and Hunt.io have detailed PCPJack, a credential-theft framework that hijacks cloud servers across AWS, Google Cloud, and Azure into a covert SMTP relay network - while terminating artifacts of the rival TeamPCP group. Built around a Sliver-integrated SMTP proxy toolkit with Chisel tunneling for multiple Linux architectures, it drops a hidden binary at /var/tmp/.xs and assigns each Sliver beacon a SOCKS5 port derived from an MD5 of its UUID. A deployer script runs an SMTP 'quality gate' probing outbound smtp.gmail.com:587 - hosts that cannot relay email are discarded. A C2-side Python daemon continuously prunes Chisel tunnels for SMTP capability. Around 230 servers were compromised.

Check
Hunt cloud Linux hosts for /var/tmp/.xs, Sliver and Chisel binaries, and outbound SMTP probes to smtp.gmail.com:587. Check for cron or systemd persistence. Apply SentinelOne and Hunt.io IoCs.
Affected
Internet-reachable cloud servers (AWS, Google Cloud, Azure) that attackers can compromise and that have outbound SMTP capability - the criterion PCPJack uses to select hosts for its relay network.
Fix
Block unneeded outbound SMTP (port 587/25) from cloud workloads. Remove Sliver/Chisel artifacts and persistence. Restrict egress, monitor for SOCKS5 tunneling, and rotate credentials on affected hosts.

Hola Browser for Windows compromised in supply-chain attack delivering undeclared Monero miner disguised as HolaMonitorService.exe

The Windows version of the Chromium-based Hola Browser has been compromised in a supply-chain attack that delivered an undeclared cryptocurrency miner. The compromise was caught during AppEsteem certification checks, with Sophos and others finding an uncertified, unsigned, obfuscated executable, me.exe, under C:\Program Files\Hola\. Analysis identified it as a Monero miner: it adds a Windows Defender exclusion, copies itself to Program Files as HolaMonitorService.exe, creates an auto-starting service named hola_monitor_svc, and runs when the machine is idle. Hola - the Israeli company behind Hola VPN, long controversial for turning free users into proxies - confirmed the compromise (independently detected by Sygnia) but says only about 0.1% of users were affected.

Check
Inventory Windows endpoints for Hola Browser installs. Check for me.exe or HolaMonitorService.exe under C:\Program Files\Hola\, the hola_monitor_svc service, and Defender exclusion rules. Hunt for Monero-miner traffic.
Affected
Windows users who installed or updated Hola Browser during the compromise window. The undeclared Monero miner adds a Defender exclusion, persists as a service, and runs when idle.
Fix
Remove Hola Browser and the me.exe / HolaMonitorService.exe miner, delete the hola_monitor_svc service, and remove the malicious Defender exclusion. Block the mining pool and monitor for residual persistence.

FlutterShell macOS backdoor spreads via Google and YouTube ads from verified shell companies - CL-CRI-1089 / TamperedChef adware-to-backdoor

Palo Alto Networks Unit 42 has documented FlutterShell, a Flutter-built macOS backdoor distributed through malicious Google and YouTube ads served by a network of Google-verified shell companies. It is the latest stage of the CL-CRI-1089 cluster and part of the broader TamperedChef / EvilAI campaigns that push trojanized productivity software. The ads lure macOS users in the US, Canada, Australia, France, and Germany into installing fake desktop apps. Beyond adware, FlutterShell supports arbitrary shell-command execution, file-system manipulation, and environment-variable exfiltration, and on launch modifies Chrome config files to force browser traffic through an attacker-controlled intermediary. Activity was seen as recently as March 2026.

Check
Warn macOS users that Google/YouTube ads for productivity apps may be malicious. Hunt for Flutter-built apps that modify Chrome config files. Apply Unit 42 IoCs.
Affected
macOS users in the US, Canada, Australia, France, and Germany lured by malvertised fake desktop apps. FlutterShell adds backdoor command execution and Chrome-hijacking on top of adware.
Fix
Source software only from official vendor sites, not search ads. Apply Unit 42 IoCs and block the ad domains. Restore Chrome config on affected Macs and remove the apps.

Magecart skimmer abuses Stripe API and Google Tag Manager to host payload and exfiltrate cards, bypassing CSP on Magento checkouts

Sansec has discovered a new Magecart card-skimming campaign that abuses Stripe's API infrastructure and Google Tag Manager to host both the skimmer payload and the stolen data. Because online stores trust googletagmanager.com and api.stripe.com by default, the skimmer slips past Content Security Policy rules and network filters that would flag an unknown skimmer domain. Malicious code embedded in a legitimate-looking GTM container activates at checkout, queries a Stripe customer record, reads JavaScript from its metadata, and runs it via new Function(). It targets Magento/Adobe Commerce checkout pages, capturing card number, expiry, CVV, name, billing address, email, and phone, then XOR-obfuscates and stores the data locally before exfiltrating through Stripe.

Check
Audit Magento/Adobe Commerce checkout pages for unfamiliar Google Tag Manager containers and JavaScript reading from api.stripe.com customer-record metadata. Review GTM container change history for unauthorized edits.
Affected
Magento/Adobe Commerce stores using Google Tag Manager. The skimmer hides in GTM containers and routes payload and stolen cards through trusted api.stripe.com, bypassing CSP and network filters.
Fix
Lock down GTM container edit access and review all containers. Apply strict CSP and Subresource Integrity, and monitor checkout pages for unauthorized scripts. Treat trusted-domain traffic as a skimmer vector.

Hackers spied on a stock exchange executive's Outlook mailbox for five months via malicious OAuth app and inbox-rule persistence

Researchers have detailed a cyber-espionage campaign in which attackers maintained access to a global stock exchange executive's Microsoft Outlook mailbox for roughly five months. The intrusion relied on a malicious OAuth application and inbox-rule persistence to quietly read and forward mail while evading detection. By abusing OAuth consent rather than stealing a password, the attackers retained access that survived password changes and looked like routine application traffic in logs. The five-month dwell time on a single high-value executive points to a patient, intelligence-driven operation rather than opportunistic crime. The case reinforces the now-recurring pattern of OAuth-app abuse and malicious inbox rules as the core of stealthy Microsoft 365 mailbox compromise.

Check
Audit Microsoft 365 for unfamiliar OAuth app consents and mailbox inbox rules, especially on executive accounts. Review consent-grant and rule-creation logs for the past six months.
Affected
High-value Microsoft 365 mailboxes, particularly executives. OAuth-consent abuse plus malicious inbox rules grants persistent, password-change-surviving access that blends into normal application traffic.
Fix
Restrict third-party OAuth app consent to admin approval. Alert on new mailbox-forwarding rules. Enforce phishing-resistant MFA and periodically review granted OAuth applications on sensitive accounts.

SafeBreach 'Fake Context Alignment' hijacks Google Gemini on Android via malicious WhatsApp/Slack notifications - no malicious app needed, now patched

SafeBreach's Or Yair has demonstrated Fake Context Alignment, a technique that hijacks Google Gemini's voice assistant on Android through malicious notifications from apps like WhatsApp and Slack - no malicious app on the phone required. Gemini's Utilities feature reads and acts on notification text as if it were instructions, an attack surface Yair calls 'effectively infinite.' The bypass runs two illusions at once: it poses the real authorization question in a language the victim does not speak, defeating Google's post-Invitation prompt-injection mitigations. It can fake a boss's message, open windows, force a Zoom call, or poison long-term memory. Google has patched it; no CVE was assigned.

Check
Advise Android users with Gemini to disable or restrict its Utilities notification-reading feature where not essential. Treat unexpected spoken instructions referencing Drive uploads or calls with suspicion.
Affected
Android users with Google Gemini's notification-reading Utilities enabled. Any app or service that can push a notification could inject instructions; iOS and web are not affected. Now patched.
Fix
Ensure Gemini is updated to the patched version. Limit which apps can post notifications Gemini reads. For sensitive actions, require on-screen confirmation rather than voice-only approval.

Chinese cybercrime actor TA4922 expands to Europe with Atlas RAT and localized payroll/tax lures - likely LLM-accelerated malware

Proofpoint has detailed TA4922, a Chinese-speaking financially-motivated cybercrime group that has expanded from East Asia into Europe, deploying the previously undocumented Atlas backdoor against organizations in Germany, Italy, the UK, and South Africa. Since March its tempo has surged - Proofpoint says TA4922 now runs more unique campaigns than any other cybercrime actor in its data. Lures impersonate payroll notices, tax audits, VAT filings, compliance notices, invoices, and HR communications, with follow-up contact via WhatsApp, LINE, and Microsoft Teams. The group overlaps with activity reported as Silver Fox and Void Arachne. Proofpoint believes the rapidly expanding malware arsenal is being accelerated with LLMs, citing AI-generated code patterns and placeholder values.

Check
Hunt European endpoints for the Atlas backdoor and TA4922 custom loaders. Inspect email for payroll/tax/VAT/invoice lures and unsolicited WhatsApp, LINE, or Teams contact. Apply Proofpoint IoCs.
Affected
Organizations in Germany, Italy, the UK, and South Africa - TA4922's expanded European targets. Finance, HR, and tax-themed lures plus messaging-app outreach are the delivery vectors.
Fix
Apply Proofpoint IoCs and block Atlas RAT C2. Train finance and HR staff against tax/payroll/invoice lures and unsolicited messaging-app contact. Restrict execution of email-delivered loaders and scripts.