✨ The Containment Era is here. Secure AI workloads before they breach. →The Containment Era is here. →The Containment Era is here. →Explore ✨
Computer Software/Engineering
Breach intelligence, attack campaigns, and threat reports targeting the Computer Software/Engineering sector.
Explore Other Sectors
Computer Software/Engineering Threat Reports
Gaslight Malware: A New Challenge for AI-Based Security on macOS
In June 2026, cybersecurity researchers identified a new macOS malware named 'Gaslight,' attributed to a North Korean-linked threat actor. This Rust-based malware functions as a backdoor and information stealer, embedding 38 fabricated system messages within its binary. These messages, formatted to resemble legitimate developer logs and error reports, aim to mislead AI-assisted malware analysis tools by simulating analysis errors, potentially causing the tools to abort or misinterpret the malware's behavior. The emergence of 'Gaslight' underscores a growing trend where threat actors develop sophisticated techniques to evade detection by AI-driven security solutions. This incident highlights the need for continuous advancement in cybersecurity defenses to counteract evolving obfuscation methods employed by adversaries.
13 hours ago
Kill Chain
Cybercriminals Exploit Shop App in Advanced Phishing Attack - June 2026
In June 2026, threat actors exploited Shopify's order-tracking app, Shop, by inserting fraudulent purchase receipts into users' order histories. These fake receipts, impersonating brands like Norton and PayPal, included phone numbers leading to scammers posing as support agents. Victims were deceived into disclosing sensitive information or installing remote access software, facilitating unauthorized access to their devices. This method leverages the inherent trust users place in the Shop app, making the scam particularly effective. This incident underscores a significant evolution in phishing tactics, moving beyond traditional email-based schemes to infiltrate trusted applications directly. The rise of such sophisticated social engineering attacks highlights the urgent need for enhanced security measures and user vigilance within digital platforms.
13 hours ago
Kill Chain
Kaspersky SMB Threat Report 2026: Unveiling New Cyber Threats
In early 2026, Kaspersky's analysis revealed a significant surge in cyberattacks targeting small and medium-sized businesses (SMBs). Notably, over 92,000 malware attacks were disguised as popular AI services, with fake ChatGPT applications accounting for 49% of these incidents. This trend underscores cybercriminals' exploitation of trusted AI brands to distribute malicious software. Additionally, the report highlighted a rise in 'encryption-less' extortion attacks, where attackers focus on stealing and leaking sensitive data rather than encrypting systems. The emergence of ransomware groups adopting post-quantum cryptography standards further complicates the threat landscape. ([me-en.kaspersky.com](https://me-en.kaspersky.com/about/press-releases/kaspersky-detected-more-than-92000-malware-attacks-disguised-as-ai-services-in-2026?utm_source=openai)) This escalation in sophisticated cyber threats against SMBs emphasizes the urgent need for enhanced cybersecurity measures. The increasing use of AI as a lure, coupled with advanced extortion tactics, indicates a shift in cybercriminal strategies that SMBs must proactively address to safeguard their operations and sensitive data.
13 hours ago
Kill Chain
Critical Vulnerability in Popular Chrome Extension Puts Millions at Risk
In June 2026, security researchers discovered that the popular Chrome extension 'Adblock for YouTube' (ID: cmedhionkhpnakcndndgjdbohmhepckk), with over 11 million installs, contained a dormant capability to execute arbitrary JavaScript code on any website. This vulnerability could be activated remotely by a server-side configuration change, potentially allowing attackers to read user data, steal sensitive information, and perform actions on behalf of the user across various web applications. The extension's permissions and architecture facilitated this exploit without requiring an update or user intervention, posing a significant security risk to its extensive user base. This incident underscores the growing threat posed by malicious or compromised browser extensions, especially those with large user bases and extensive permissions. As browser ecosystems evolve, the potential for such extensions to be weaponized increases, highlighting the need for rigorous security assessments, continuous monitoring, and user education to mitigate risks associated with third-party extensions.
13 hours ago
Kill Chain
Gaslight Malware: A New Threat Targeting AI-Assisted Security on macOS
In June 2026, cybersecurity researchers identified 'Gaslight,' a Rust-based macOS malware attributed to North Korean threat actors. Gaslight employs a novel prompt injection technique, embedding 38 fabricated system messages to deceive AI-assisted malware analysis tools into aborting or refusing analysis. The malware establishes persistence via a LaunchAgent labeled 'com.apple.system.services.activity' and utilizes the Telegram Bot API for command-and-control communication. It collects sensitive data, including browser information, terminal histories, and the macOS Keychain database, exfiltrating this data through encrypted channels. ([infosecurity-magazine.com](https://www.infosecurity-magazine.com/news/macos-gaslight-rust-backdoor/?utm_source=openai)) This incident underscores the evolving tactics of threat actors who are now targeting AI-based security tools. The use of prompt injection to manipulate AI analysis represents a significant shift in cyberattack methodologies, highlighting the need for enhanced security measures to protect AI-driven systems from such adversarial inputs. ([infosecurity-magazine.com](https://www.infosecurity-magazine.com/news/macos-gaslight-rust-backdoor/?utm_source=openai))
13 hours ago
Kill Chain
Europe's Ransomware Epidemic: A 55% Surge in Early 2026
In the first four months of 2026, Europe experienced a significant surge in ransomware attacks, with incidents rising by 55% compared to the same period in 2025. This increase is attributed to factors such as attackers shifting focus from oversaturated markets like the U.S. to European targets, and the utilization of AI-assisted target research identifying vulnerabilities within European organizations. Notably, major economies including Germany, the UK, France, Italy, and Spain accounted for nearly 70% of these attacks, highlighting a concentration of cyber risk in Europe's largest markets. ([prnewswire.com](https://www.prnewswire.com/news-releases/black-kites-first-report-dedicated-to-europe-ransomware-incidents-rose-55-year-over-year-in-early-2026-as-supply-chains-become-a-key-attack-path-302808057.html?utm_source=openai)) This trend underscores the evolving tactics of ransomware groups, who are increasingly targeting supply chains to maximize impact. The Miljödata incident in August 2025 exemplifies this approach, where a ransomware attack on a Swedish HR software provider led to data breaches affecting numerous municipalities and corporations, including Volvo Group North America. ([incibe.es](https://www.incibe.es/en/incibe-cert/publications/cybersecurity-highlights/ransomware-attack-leads-data-breach-affecting-volvo-north-america-employees?utm_source=openai))
20 hours ago
Kill Chain
Understanding 'Prompt Injection as Role Confusion' and Its Implications for AI Security
In February 2026, researchers Charles Ye, Jasmine Cui, and Dylan Hadfield-Menell published a study titled "Prompt Injection as Role Confusion," highlighting a critical vulnerability in large language models (LLMs). The study reveals that LLMs often misinterpret the source of text based on its style rather than its origin, leading to 'role confusion.' This flaw allows malicious actors to craft inputs that mimic authoritative roles, effectively bypassing safety protocols and manipulating the model's behavior. The researchers demonstrated that by injecting deceptive reasoning into user prompts and tool outputs, they achieved success rates of 60% on StrongREJECT and 61% on agent exfiltration tasks across various LLMs. This indicates a significant security gap where models assign authority in latent space, making them susceptible to prompt injection attacks. ([arxiv.org](https://arxiv.org/abs/2603.12277?utm_source=openai)) The study underscores the urgent need for enhanced security measures in AI systems, as prompt injection attacks exploit fundamental weaknesses in LLMs' role recognition. As AI integration expands across industries, understanding and mitigating such vulnerabilities is crucial to prevent unauthorized data access and manipulation. ([arxiv.org](https://arxiv.org/abs/2603.12277?utm_source=openai))
22 hours ago
Kill Chain
DraftKings 2022 Credential Stuffing Attack: A Case Study
In November 2022, DraftKings, a prominent fantasy sports and betting platform, experienced a credential stuffing attack that compromised approximately 60,000 user accounts. The attackers, led by Nathan Austad, known online as "Snoopy," exploited reused login credentials to gain unauthorized access. In about 1,600 cases, they added new payment methods to the compromised accounts and withdrew funds, resulting in approximately $600,000 in losses. The remaining compromised accounts were sold on cybercriminal marketplaces. Austad was sentenced to 18 months in federal prison, ordered to serve three years of supervised release, pay over $1.3 million in restitution, and forfeit an additional $463,000. This incident underscores the persistent threat of credential stuffing attacks, particularly in the online betting industry, where user accounts often contain sensitive financial information. It highlights the critical need for robust password policies, multi-factor authentication, and user education to prevent unauthorized access and financial losses.
22 hours ago
Kill Chain
Klue OAuth Breach: A Wake-Up Call for Third-Party Integration Security
In June 2026, attackers exploited a legacy credential to breach Klue's backend servers, deploying malicious code that harvested OAuth tokens used to integrate with third-party platforms, including Salesforce. Utilizing these tokens, the attackers accessed and exfiltrated substantial CRM data—such as business contacts, price quotes, and sales communications—from multiple organizations, including Huntress and Recorded Future. The extortion group 'Icarus' claimed responsibility, threatening to leak the stolen data if ransom demands were not met. In response, Salesforce disabled the Klue Battlecards app integration to prevent further unauthorized access. This incident underscores the critical vulnerabilities associated with third-party integrations and the importance of stringent access controls and credential management. The exploitation of OAuth tokens highlights a growing trend in supply chain attacks, emphasizing the need for organizations to reassess and fortify their security postures against such sophisticated threats.
1 day ago
Kill Chain
Understanding the 'Cordyceps' Vulnerability: A Threat to CI/CD Workflows
In June 2026, a critical vulnerability named 'Cordyceps' was identified, affecting Continuous Integration and Continuous Deployment (CI/CD) workflows across major platforms including Microsoft's Azure Sentinel, Google's AI Agent Development Kit, Apache's Doris analytics database, Cloudflare's Workers SDK, and the Python Software Foundation's Black. This flaw allows unauthenticated attackers to exploit automated workflows via malicious pull requests, potentially leading to command injection, privilege escalation, and full control over affected repositories. The attack vector leverages the inherent trust in pull requests and the automated processes that handle them, exposing millions of repositories to potential hijacking. ([darkreading.com](https://www.darkreading.com/application-security/cordyceps-malicious-pull-requests-developer-workflows?utm_source=openai)) The discovery of 'Cordyceps' underscores the escalating risks within software supply chains, particularly as agentic coding practices proliferate, reproducing insecure patterns across numerous repositories. Organizations are urged to audit and secure their CI/CD configurations to prevent unauthorized access and mitigate the risk of supply chain compromises.
1 day ago
Kill Chain
Malicious OpenClaw Skills Threaten AI Supply Chain
In June 2026, security researchers identified five malicious skills on ClawHub, OpenClaw's dedicated marketplace, that could steal credentials, bypass security scans, and perform other malicious activities for financial gain. These skills, appearing legitimate, demonstrated that such platforms are emerging as significant AI supply chain attack surfaces. ClawHub sells these skills to add functionality to the open-source AI agent, which has seen rapid adoption among developers and businesses since its launch last November. The malicious skills included infostealers targeting macOS, evasion techniques using inflated file sizes to bypass detection, and agentic threats like affiliate injection and front-running, all posing significant risks to organizations using OpenClaw. ([darkreading.com](https://www.darkreading.com/cyber-risk/malicious-openclaw-skills-clawhub-threaten-ai-supply-chain?utm_source=openai)) This incident underscores the growing threat of supply chain attacks within AI ecosystems, highlighting the need for rigorous verification frameworks and continuous monitoring of third-party extensions to prevent unauthorized access and data exfiltration.
1 day ago
Kill Chain
Critical macOS Vulnerability Allows Disabling of Security Tools Without Admin Credentials
In June 2026, researchers at XM Cyber identified a macOS vulnerability that allows users with standard privileges to disable enterprise security tools and execute privileged functions without administrator credentials. This flaw exploits how macOS establishes and validates application trust information, enabling attackers to impersonate trusted application components and perform actions reserved for privileged processes. The technique was demonstrated to disable CrowdStrike Falcon Endpoint Detection and Response (EDR) and Kandji Mobile Device Management (MDM) without triggering alerts or requiring kernel exploits. The issue potentially affects other macOS applications that provide privileged Cross-Process Communication (XPC) services and rely on Apple's CDHash for verifying application authenticity. XM Cyber plans to release an open-source tool named XPC Hunter at Black Hat USA in August to help security researchers identify similar vulnerabilities across macOS applications. Apple has been notified but has not responded at press time. This vulnerability underscores the need for organizations to reassess their macOS security configurations and implement additional safeguards to prevent unauthorized access and manipulation of security tools.
1 day ago
Kill Chain
Stop Active Cloud Data Exfiltration
Aviatrix Breach Lock helps teams instantly identify what data is leaving the environment, from which workload, and where it’s going — during an active breach.
Looking for threats in a different sector?
Browse All Threat Reports