Skip to content
Microsoft Warns of Photo ZIP Phishing Campaign Targeting Hotels with Node.js Implant

Microsoft Warns of Photo ZIP Phishing Campaign Targeting Hotels with Node.js Implant

Swati KhandelwalJun 26, 2026Phishing / Malware An active phishing campaign has been targeting hotel and other hospitality organizations across Europe and Asia since April 2026, using photo-themed ZIP files to drop a Node.js implant and… 

Russia Used Cellebrite on Jailed Activist’s iPhone Months After Sales Cutoff

Russia Used Cellebrite on Jailed Activist’s iPhone Months After Sales Cutoff

Russian authorities used Cellebrite’s UFED forensic tools to break into the iPhone of detained opposition activist Andrey Pivovarov in June 2021, three months after Cellebrite said it would stop selling its tools and services to… 

Google Details Turla’s New STOCKSTAY Backdoor Used in Ukraine Espionage Attacks

Google Details Turla’s New STOCKSTAY Backdoor Used in Ukraine Espionage Attacks

The Russian state-sponsored threat actor known as Turla has been attributed to a previously undocumented .NET backdoor called STOCKSTAY that has been deployed against government and military organizations in Ukraine, and entities that have an… 

Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability

Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability

An analysis of a popular Google Chrome ad block extension for YouTube has uncovered the ability to execute arbitrary JavaScript code. According to Island, the extension, named Adblock for YouTube (ID: cmedhionkhpnakcndndgjdbohmhepckk), has more than… 

New Gaslight macOS Malware Uses Prompt Injection to Disrupt AI-Assisted Analysis

New Gaslight macOS Malware Uses Prompt Injection to Disrupt AI-Assisted Analysis

Ravie LakshmananJun 25, 2026AI Security / Malware A previously undocumented Rust-based macOS implant and information stealer has been found to embed a prompt injection payload designed to trick a malware analyst’s artificial intelligence (AI) tools… 

New Mistic Backdoor Linked to KongTuke in ClickFix and ModeloRAT Campaigns

New Mistic Backdoor Linked to KongTuke in ClickFix and ModeloRAT Campaigns

Ravie LakshmananJun 25, 2026Initial Access Broker / Ransomware A new, stealthy backdoor named Mistic has been deployed as part of suspected financially motivated attacks aimed at multiple organizations spanning insurance, education, IT, and professional services… 

Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Gain Root Access

Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Gain Root Access

Ravie LakshmananJun 25, 2026Vulnerability / Threat Intelligence An unknown threat actor exploited a recently disclosed high-severity security flaw impacting Cisco Catalyst SD-WAN as a zero-day at least two months before it was publicly disclosed, according…