CISA, the FBI, the NSA, the Department of Energy, and partners have warned that threat actors are targeting internet-exposed automatic tank gauge (ATG) systems used to monitor fuel and liquid storage across the Energy, Chemical, Food and Agriculture, and Transportation sectors. Attackers gain access via authentication-bypass flaws, hardcoded credentials, OS command-execution bugs, SQL injection, and privilege escalation, then modify network settings, product identifiers, tank volumes, and pump controls, and can disable alerts - raising the risk of leaks or equipment failure. The advisory does not formally attribute the activity, but it follows May CNN reporting linking Iranian hackers to similar ATG breaches. Agencies urge removing ATG systems from the internet.
Sophos has detailed a threat actor using an AI-assisted ransomware toolkit that automates Active Directory discovery and EDR evasion. Tool and payload development was aided by Cursor and Claude Opus agents across coding, analysis, and revision, with some agents tasked to scrape security-research posts for fresh bypass techniques; resulting malware was tested in VMs against Sophos, CrowdStrike, and Microsoft EDR. The framework includes Cobalt Strike profiles mimicking legitimate web traffic, a Telegram-bot C2, Python shellcode injectors preserving host-binary functionality, and a Cloudflare Worker front-end redirector. Despite the AI orchestration, the workflow is entirely human-driven. Operator logs and a ransomware-leak-site reference confirmed criminal, not red-team, use.
Sekoia has documented Gamaredon - a Russian state-sponsored intrusion set officially linked to the FSB - exploiting WinRAR via booby-trapped RAR archives to deliver the GammaWorm and GammaSteel malware against Ukrainian targets. The infection chain is described as resilient, massive, and highly obfuscated with a modular design whose configurations operators can update on the fly, making reuse likely. Gamaredon has a long history of targeting Ukrainian government, military, and critical-infrastructure entities through spear-phishing with malicious attachments. The disclosure coincides with related Ukraine-focused activity by UAC-0184 (PassMark BurnInTest LNK lures), UAC-0247 (HTA droppers against drone operators), and APT28's evolving PixyNetLoader delivering a COVENANT implant via CVE-2026-21509.
Seqrite Labs has documented Operation XENOFISCAL, a campaign by the Pakistan-linked SideCopy group (under the Transparent Tribe / APT36 umbrella) targeting Afghanistan's Ministry of Finance, provincial revenue and finance directorates, and Pashto-speaking government officials. The attack opens with spear-phishing delivering a ZIP archive containing a malicious LNK file bearing a Pashto-language filename - a deliberate choice reflecting familiarity with Afghan government circles. The LNK uses mshta.exe to fetch a remote HTA from a compromised Afghan education domain, running obfuscated in-memory JavaScript. It establishes Registry persistence mimicking Microsoft Edge and drops Xeno RAT 1.8.7 plus a decoy document via a DLL loader. Xeno RAT supports keylogging, screenshots, and SOCKS5 tunneling.
McAfee has detailed WeedHack, a malware-as-a-service infostealer campaign that has infected more than 116,000 systems since January by targeting Minecraft players. The malware spreads through malicious Minecraft mods, clients, cheats, and utilities promoted via YouTube videos (some with voice-over narration and thousands of views) and SEO poisoning of keywords matching popular clients like Meteor, Wurst, LiquidBounce, and Impact. WeedHack averages 2,000-3,000 infections daily, mostly in the US, Germany, India, and the UK, across 240+ distribution URLs and 3,820 unique malicious JAR files. It offers customers a dashboard to view stolen credentials and victim data. Some fake sites even link to legitimate GitHub repos to fabricate credibility.
Dark Reading reports that Kali365 - the phishing-as-a-service platform the FBI flagged for fueling Microsoft 365 attacks in April - is expanding its reach. Rather than stealing passwords, Kali365 captures OAuth access and refresh tokens by tricking victims into completing attacker-initiated Microsoft device-login requests, granting immediate mailbox access. The service generates branded lures impersonating Adobe, DocuSign, and SharePoint in many languages and sells in tiers from $250 for 30 days to $2,000 annually. Its continued growth signals that OAuth device-code consent phishing remains a high-yield technique, and that defenders should prioritize blocking device-code flows for non-mobile platforms and enforcing phishing-resistant MFA across Microsoft 365 tenants.
More than 30 npm packages under Red Hat's @redhat-cloud-services namespace were backdoored in a supply-chain attack distributing a new Shai-Hulud variant dubbed 'Miasma.' Aikido and OX Security found dozens of package versions laced with malware that steals developer credentials, cloud secrets, SSH keys, and CI/CD tokens. Aikido says the compromised packages pull roughly 117,000 weekly downloads. Red Hat told BleepingComputer it removed the affected packages after becoming aware of the incident and that the compromise was limited to internal development tooling, with no impact on production products or services. The Miasma variant continues the self-propagating worm behavior that made the original Shai-Hulud campaign so disruptive.
Aikido Security has disclosed that codexui-android, an npm package advertised as a remote web UI for OpenAI Codex with over 29,000 weekly downloads, has been silently exfiltrating users' Codex authentication tokens for the past month. Unlike a typosquat, the malware was embedded into a functional, actively-developed package roughly a month after publication to build trust; the GitHub repo stayed clean. The code reads ~/.codex/auth.json and ships the access_token, refresh_token, id_token, and account ID to sentry.anyclaw[.]store, a server masquerading as Sentry. The non-expiring refresh_token lets an attacker silently impersonate the developer indefinitely with full Codex account access. The package remains available; the npm account is 'friuns.'
SilentPush has detailed DriveSurge, a threat actor running large-scale malware-distribution campaigns by compromising thousands of websites and using ClickFix and FakeUpdates social engineering. ClickFix tricks visitors into copying and running malicious commands under the pretense of fixing a technical issue; FakeUpdates uses fraudulent browser-update prompts. DriveSurge operates primarily as an initial-access broker on a pay-per-install model, enabling follow-on attacks by other criminals. Compromised-site visitors are routed through a Traffic Distribution System called zTDS that profiles them before redirecting to malware-delivery infrastructure. The model lets DriveSurge monetize hijacked traffic at scale while downstream actors deploy infostealers, loaders, or ransomware. The campaign overlaps with the broader ClickFix surge across the ecosystem.
GoDaddy has documented a WordPress malware campaign that hides command-and-control data inside Steam Community profile comments, abusing Valve's platform to avoid running separate C2 infrastructure and evade detection. Around 1,980 WordPress sites have been infected since July 2025. The first-stage malware loads a Steam profile on each page view and extracts text from benign-looking comments that conceal a payload encoded with six invisible Unicode characters such as zero-width joiners. The decoder maps the invisible characters to bytes, reconstructs a URL to hello-mywordl[.]info, and injects JavaScript disguised as a legitimate library into every frontend page. The final stage is a backdoor that responds to POST requests carrying a specific authentication cookie.