✨ The Containment Era is here. Secure AI workloads before they breach. →The Containment Era is here. →The Containment Era is here. →Explore ✨
Computer/Network Security
Breach intelligence, attack campaigns, and threat reports targeting the Computer/Network Security sector.
Explore Other Sectors
Computer/Network Security Threat Reports
Gaslight Malware: A New Challenge for AI-Based Security on macOS
In June 2026, cybersecurity researchers identified a new macOS malware named 'Gaslight,' attributed to a North Korean-linked threat actor. This Rust-based malware functions as a backdoor and information stealer, embedding 38 fabricated system messages within its binary. These messages, formatted to resemble legitimate developer logs and error reports, aim to mislead AI-assisted malware analysis tools by simulating analysis errors, potentially causing the tools to abort or misinterpret the malware's behavior. The emergence of 'Gaslight' underscores a growing trend where threat actors develop sophisticated techniques to evade detection by AI-driven security solutions. This incident highlights the need for continuous advancement in cybersecurity defenses to counteract evolving obfuscation methods employed by adversaries.
13 hours ago
Kill Chain
Poland's Crackdown on SIM-Swap Crypto Theft: A 2026 Case Study
In June 2026, Polish authorities, with support from the FBI and Homeland Security Investigations, arrested four individuals involved in a sophisticated SIM-swapping scheme targeting cryptocurrency exchanges. The perpetrators breached IT systems of entities collaborating with telecom operators, using specialized software and social engineering to access employee email accounts. This enabled them to hijack victims' phone numbers, intercept SMS messages, and gain control over cryptocurrency exchange accounts, resulting in the theft and laundering of digital assets exceeding tens of millions of Polish zloty. ([thecoinomist.com](https://thecoinomist.com/news/poland-detains-four-sim-swap-crypto-heist-merry-linked/?utm_source=openai)) This incident underscores the escalating threat of SIM-swapping attacks in the cryptocurrency sector, highlighting the need for enhanced security measures beyond SMS-based two-factor authentication. The collaboration between Polish authorities and U.S. agencies reflects the global nature of cybercrime and the importance of international cooperation in combating such threats.
13 hours ago
Kill Chain
Gaslight Malware: A New Threat Targeting AI-Assisted Security on macOS
In June 2026, cybersecurity researchers identified 'Gaslight,' a Rust-based macOS malware attributed to North Korean threat actors. Gaslight employs a novel prompt injection technique, embedding 38 fabricated system messages to deceive AI-assisted malware analysis tools into aborting or refusing analysis. The malware establishes persistence via a LaunchAgent labeled 'com.apple.system.services.activity' and utilizes the Telegram Bot API for command-and-control communication. It collects sensitive data, including browser information, terminal histories, and the macOS Keychain database, exfiltrating this data through encrypted channels. ([infosecurity-magazine.com](https://www.infosecurity-magazine.com/news/macos-gaslight-rust-backdoor/?utm_source=openai)) This incident underscores the evolving tactics of threat actors who are now targeting AI-based security tools. The use of prompt injection to manipulate AI analysis represents a significant shift in cyberattack methodologies, highlighting the need for enhanced security measures to protect AI-driven systems from such adversarial inputs. ([infosecurity-magazine.com](https://www.infosecurity-magazine.com/news/macos-gaslight-rust-backdoor/?utm_source=openai))
13 hours ago
Kill Chain
Russia's Continued Use of Cellebrite Tools Raises Concerns
In June 2021, Russian authorities utilized Cellebrite's Universal Forensic Extraction Device (UFED) to access the iPhone of detained human rights activist Andrey Pivovarov. This occurred despite Cellebrite's public announcement in March 2021 that it had ceased all sales and services to Russian government agencies. The extracted data reportedly included communications from encrypted messaging apps, which were subsequently used to surveil other dissidents. This incident underscores the challenges technology companies face in controlling the use of their tools post-sale, especially when they are employed for political repression. The case highlights the need for robust mechanisms to prevent the misuse of surveillance technologies by authoritarian regimes, even after contractual relationships have been terminated.
22 hours ago
Kill Chain
DraftKings 2022 Credential Stuffing Attack: A Case Study
In November 2022, DraftKings, a prominent sports betting platform, experienced a credential stuffing attack that compromised approximately 68,000 user accounts. Attackers exploited reused or weak passwords to gain unauthorized access, leading to the theft of nearly $300,000 from customer accounts. The company promptly reimbursed affected users and emphasized the importance of unique passwords and two-factor authentication to enhance account security. This incident underscores the growing threat of credential stuffing attacks, where cybercriminals leverage stolen credentials from previous breaches to infiltrate accounts on other platforms. The DraftKings case highlights the critical need for robust password practices and multi-factor authentication to mitigate such risks.
1 day ago
Kill Chain
Klue OAuth Breach: A Wake-Up Call for Third-Party Integration Security
In June 2026, attackers exploited a legacy credential to breach Klue's backend servers, deploying malicious code that harvested OAuth tokens used to integrate with third-party platforms, including Salesforce. Utilizing these tokens, the attackers accessed and exfiltrated substantial CRM data—such as business contacts, price quotes, and sales communications—from multiple organizations, including Huntress and Recorded Future. The extortion group 'Icarus' claimed responsibility, threatening to leak the stolen data if ransom demands were not met. In response, Salesforce disabled the Klue Battlecards app integration to prevent further unauthorized access. This incident underscores the critical vulnerabilities associated with third-party integrations and the importance of stringent access controls and credential management. The exploitation of OAuth tokens highlights a growing trend in supply chain attacks, emphasizing the need for organizations to reassess and fortify their security postures against such sophisticated threats.
1 day ago
Kill Chain
Understanding the 'Cordyceps' Vulnerability: A Threat to CI/CD Workflows
In June 2026, a critical vulnerability named 'Cordyceps' was identified, affecting Continuous Integration and Continuous Deployment (CI/CD) workflows across major platforms including Microsoft's Azure Sentinel, Google's AI Agent Development Kit, Apache's Doris analytics database, Cloudflare's Workers SDK, and the Python Software Foundation's Black. This flaw allows unauthenticated attackers to exploit automated workflows via malicious pull requests, potentially leading to command injection, privilege escalation, and full control over affected repositories. The attack vector leverages the inherent trust in pull requests and the automated processes that handle them, exposing millions of repositories to potential hijacking. ([darkreading.com](https://www.darkreading.com/application-security/cordyceps-malicious-pull-requests-developer-workflows?utm_source=openai)) The discovery of 'Cordyceps' underscores the escalating risks within software supply chains, particularly as agentic coding practices proliferate, reproducing insecure patterns across numerous repositories. Organizations are urged to audit and secure their CI/CD configurations to prevent unauthorized access and mitigate the risk of supply chain compromises.
1 day ago
Kill Chain
Malicious OpenClaw Skills Threaten AI Supply Chain
In June 2026, security researchers identified five malicious skills on ClawHub, OpenClaw's dedicated marketplace, that could steal credentials, bypass security scans, and perform other malicious activities for financial gain. These skills, appearing legitimate, demonstrated that such platforms are emerging as significant AI supply chain attack surfaces. ClawHub sells these skills to add functionality to the open-source AI agent, which has seen rapid adoption among developers and businesses since its launch last November. The malicious skills included infostealers targeting macOS, evasion techniques using inflated file sizes to bypass detection, and agentic threats like affiliate injection and front-running, all posing significant risks to organizations using OpenClaw. ([darkreading.com](https://www.darkreading.com/cyber-risk/malicious-openclaw-skills-clawhub-threaten-ai-supply-chain?utm_source=openai)) This incident underscores the growing threat of supply chain attacks within AI ecosystems, highlighting the need for rigorous verification frameworks and continuous monitoring of third-party extensions to prevent unauthorized access and data exfiltration.
1 day ago
Kill Chain
Critical macOS Vulnerability Allows Disabling of Security Tools Without Admin Credentials
In June 2026, researchers at XM Cyber identified a macOS vulnerability that allows users with standard privileges to disable enterprise security tools and execute privileged functions without administrator credentials. This flaw exploits how macOS establishes and validates application trust information, enabling attackers to impersonate trusted application components and perform actions reserved for privileged processes. The technique was demonstrated to disable CrowdStrike Falcon Endpoint Detection and Response (EDR) and Kandji Mobile Device Management (MDM) without triggering alerts or requiring kernel exploits. The issue potentially affects other macOS applications that provide privileged Cross-Process Communication (XPC) services and rely on Apple's CDHash for verifying application authenticity. XM Cyber plans to release an open-source tool named XPC Hunter at Black Hat USA in August to help security researchers identify similar vulnerabilities across macOS applications. Apple has been notified but has not responded at press time. This vulnerability underscores the need for organizations to reassess their macOS security configurations and implement additional safeguards to prevent unauthorized access and manipulation of security tools.
1 day ago
Kill Chain
OpenClaw AI Supply Chain Attack: A Wake-Up Call for AI Security
In early 2026, the OpenClaw AI agent ecosystem experienced a significant supply chain attack. Malicious actors uploaded over 800 compromised skills to ClawHub, OpenClaw's official skill marketplace, embedding infostealers and enabling agentic financial fraud. This breach exposed more than 135,000 instances, highlighting critical vulnerabilities in AI agent platforms. The incident underscores the urgent need for enhanced security measures in AI supply chains, as attackers increasingly exploit these platforms to distribute malware and conduct sophisticated cyber operations.
1 day ago
Kill Chain
Cordyceps Vulnerabilities Threaten Over 300 GitHub Repositories
In June 2026, cybersecurity firm Novee identified a systemic class of vulnerabilities, dubbed 'Cordyceps,' within GitHub Actions workflows. These flaws enable unauthenticated attackers to hijack continuous integration and continuous deployment (CI/CD) pipelines by exploiting insecure configurations in YAML files. The vulnerabilities affect repositories from major organizations, including Microsoft, Google, Apache, Cloudflare, and the Python Software Foundation, potentially compromising software supply chains and exposing sensitive credentials. ([securityweek.com](https://www.securityweek.com/exploitable-ci-cd-vulnerabilities-expose-millions-of-repositories-to-hijacking/?utm_source=openai)) This incident underscores the escalating risks associated with CI/CD pipeline security, especially as AI-driven coding tools proliferate. Organizations must prioritize securing their development workflows to prevent similar supply chain attacks, which are becoming increasingly sophisticated and widespread. ([mallory.ai](https://www.mallory.ai/stories/019ef4cf-b141-7c22-b785-3b7e99e1c73f?utm_source=openai))
1 day ago
Kill Chain
LastPass Data Breach via Klue Supply Chain Attack in 2026
In June 2026, LastPass experienced a data breach resulting from a supply chain attack on Klue, a third-party market intelligence platform integrated with LastPass's Salesforce environment. Attackers exploited compromised OAuth tokens obtained from Klue to access LastPass customer data, including names, phone numbers, email addresses, physical addresses, support case information, and sales-related data. Importantly, LastPass's core products, services, and customer vaults remained unaffected. ([blog.lastpass.com](https://blog.lastpass.com/posts/klue-supply-chain-incident-and-lastpass-response?utm_source=openai)) This incident underscores the escalating risks associated with third-party integrations and supply chain vulnerabilities. Organizations must reassess their security postures, particularly concerning external partnerships, to mitigate potential threats arising from interconnected systems.
2 days ago
Kill Chain
Stop Active Cloud Data Exfiltration
Aviatrix Breach Lock helps teams instantly identify what data is leaving the environment, from which workload, and where it’s going — during an active breach.
Looking for threats in a different sector?
Browse All Threat Reports