Author: Robert Timlick

  • ThreatsDay Bulletin: AI Agents Gone Wrong, Sketchy C2 Tools, ClickFix Tricks, JS Backdoors & 20+ New Stories

    ThreatsDay Bulletin: AI Agents Gone Wrong, Sketchy C2 Tools, ClickFix Tricks, JS Backdoors & 20+ New Stories

    It got stupid again.

    The internet still feels held together with tape. Bad plugins, old bugs, fake tools, trusted apps doing shady things. Same mess, new wrapper. And now the weird stuff is normal. Forums go down and come back worse. Cheap hackers get better toys. AI starts breaking real systems. Great.

    Read the whole thing before it ruins your week anyway.

    Unauthenticated

  • China-Linked TA4922 Expands Phishing Attacks to UK, Germany, Italy, and South Africa

    A new China-linked cybercrime group known as TA4922 has expanded its targeting focus to target European organizations in the U.K., Germany, Italy, and South Africa.

    These efforts have been complemented by a “rapid operational tempo” and a continually evolving malware arsenal comprising known families like ValleyRAT (aka Winos 4.0) and Atlas RAT (aka AtlasCross RAT), as well as previously

  • Fake Sites Mimicking Open-Source Tools Rank High on Google to Deliver Malware via TDS

    Fake Sites Mimicking Open-Source Tools Rank High on Google to Deliver Malware via TDS

    Cybersecurity researchers have flagged a large-scale operation that impersonates open-source and freeware projects to funnel unsuspecting users through a Traffic Distribution System (TDS) and deliver malware families like Remus Stealer, AnimateClipper, and the SessionGate framework.

    “The sites are well-designed and often look like legitimate project portals at a glance, sometimes referencing

  • CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical flaw impacting Mirasvit Cache Warmer, a popular Magento full-page cache extension, to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild.

    The vulnerability, tracked as CVE-2026-45247 (CVSS score: 9.8), is a case of deserialization of untrusted

  • DoJ Disrupts Southeast Asia Crypto Fraud Networks, Freezes $3.8 Million in Assets

    DoJ Disrupts Southeast Asia Crypto Fraud Networks, Freezes $3.8 Million in Assets

    The U.S. Department of Justice (DoJ) on Wednesday announced the results of a sweeping action undertaken by government authorities and private sector companies to combat cyber-enabled and cryptocurrency fraud targeting Americans.

    The “Disruption Week” operation began May 18, 2026, leading to the takedown of millions of social media, email, and internet access accounts used by transnational

  • WhatsApp, Slack Notifications Could Hijack Google Gemini on Android

    WhatsApp, Slack Notifications Could Hijack Google Gemini on Android

    A single poisoned notification from WhatsApp, Slack, SMS, Signal, Instagram, or Messenger could have hijacked Google Gemini’s voice assistant on Android and made it open a victim’s connected windows, fake a message from their boss, push the phone into a Zoom call, or quietly poison its long-term memory.

    No malicious app on the phone is required. The assistant just had to treat a hostile

  • One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens

    One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens

    Cybersecurity researchers have disclosed a one-click attack via Microsoft Visual Studio Code (VS Code) that makes it possible to steal a user’s GitHub token.

    “Just by clicking a link, it’s possible for an attacker to steal a GitHub token that can read and write to your repos, including private ones,” security researcher Ammar Askar said.

    GitHub supports a feature called GitHub.dev that runs as

  • Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)

    Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)

    The Fragmented State of Modern Enterprise Identity

    Enterprise IAM is approaching a breaking point. As organizations scale, identity becomes increasingly fragmented across thousands of applications, decentralized teams, machine identities, and autonomous systems.

    The result is Identity Dark Matter: identity activity that sits outside the visibility of centralized IAM and beyond the reach of

  • Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes

    Cybersecurity researchers have disclosed details of an unpatched issue that could be exploited to disclose a user’s NTLMv2 hash to the attacker.

    Like in the case of CVE-2026-33829, which impacted the Windows Snipping Tool’s ms-screensketch: URI handler, the newly flagged issue resides in the search: URI handler, per Huntress.

    CVE-2026-33829 refers to a spoofing vulnerability that could expose

  • New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare

    New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare

    Cybersecurity researchers have discovered a remote denial-of-service exploit that affects major web servers, including NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora.

    The vulnerability has been codenamed HTTP/2 Bomb by Calif.

    “The vulnerable behavior exists in each server’s default HTTP/2 configuration,” the company said, adding it was discovered by OpenAI Codex by chaining