Researchers uncovered PamStealer, a two-stage macOS infostealer that uses a disk-image lure masquerading as Maccy, a self-contained JavaScript for Automation downloader, and a Rust-based second stage. It validates passwords locally through macOS PAM before exfiltrating credentials, while staying stealthy by disguising as Finder, encrypting C2 traffic, and delaying prompts to avoid detection.
Security firm LayerX exposed BioShocking, a prompt-injection attack that can force AI browsers/assistants to exfiltrate credentials by turning a web page into a game; six AI agents were tested, including OpenAI's ChatGPT Atlas, Perplexity's Comet, and Anthropic's Claude extension; the exploit leverages how pages and instructions arrive as a single text stream, blurring safety rules and enabling data access from signed-in sessions; OpenAI patched Atlas, Perplexity did not act, and other vendors either did not respond or patches did not hold; defenses include requiring explicit consent before reading from logged-in accounts and implementing hard limits on what an agent can access, with users and security teams treating AI browsers as elevated tools with narrow permissions.
Microsoft has removed 119 Edge Add-ons that hid payloads inside ordinary image and font files (StegoAd), tied to a single threat actor active since 2021 and potentially affecting millions, by deploying ad fraud and credential theft via a remote backdoor. The campaign used steganography in PNGs, WebP and WOFF2, with layered checks and decoy responses to avoid detection. Microsoft urges users to review installed extensions, change passwords, enable 2FA, and use hardware security keys, and has published indicators of compromise for Chrome, Firefox, and other Chromium browsers.
Kaspersky reports a year-long campaign distributing malware on Steam by bundling malicious payloads with Wallpaper Engine desktop wallpapers. The malware can run unverified third-party code, steal credentials, hijack live sessions, and exfiltrate data to attacker-controlled servers, with China representing the vast majority of affected downloads; Steam has removed the malicious wallpapers and users are advised to run antivirus scans before applying wallpapers that include executables.
Security researchers identified at least 15 malicious JetBrains Marketplace plugins, published under seven vendor accounts, that secretly exfiltrate AI provider API keys entered by users in plugin settings to a remote server. The plugins, which pretend to be AI coding assistants, code-review tools, and Git utilities, rely on services like OpenAI, DeepSeek, and SiliconFlow and share nearly identical code across multiple packages. They even offer a paid tier that may hand out API keys to paying users. The campaign ran from Oct 2025 to Jun 2026 and has been installed roughly 70,000 times, with the DeepSeek AI Assist and CodeGPT AI Assistant as the top downloads. JetBrains has not publicly commented as of publication.
A coordinated TrapDoor campaign targets npm, PyPI, and Crates.io, distributing 34 malicious packages across hundreds of versions to steal developer secrets, crypto wallets, SSH keys, cloud credentials, and environment data. npm payloads run trap-core.js to harvest credentials and establish persistence via cron, systemd, Git hooks, and SSH lateral movement; Rust crates search keystores and exfiltrate data to GitHub Gists; Python packages auto-execute on import and fetch a remote JavaScript payload executed via node -e. The attack also hides instructions in .cursorrules and CLAUDE.md to trick AI tools through PRs, signaling an evolution of developer-workflow attacks across multiple ecosystems.
Security researchers warn of a broad compromise of Laravel-Lang PHP packages (laravel-lang/lang, http-statuses, attributes, actions) that injected a malicious src/helpers.php into autoloaded vendor files. The attack involved rapid tagging of 700+ package versions in May 2026, suggesting access to the Laravel Lang release infrastructure. The embedded dropper runs on startup and delivers a ~5,900-line PHP credential stealer that exfiltrates cloud tokens, service credentials, browser data, VPN configs and more to flipboxstudio.info, encrypts results with AES-256, and self-deletes. Windows uses a Visual Basic Script launcher; Linux/macOS execute the payload via shell. Remediation includes auditing dependencies, rotating credentials, upgrading to clean versions, and monitoring for indicators of compromise.
Security researchers warn of a Checkmarx supply-chain breach: attackers overwrote tags in the official checkmarx/kics Docker Hub (notably v2.1.20, alpine; adding v2.1.21) with a compromised KICS binary that exfiltrates data and can encrypt and send scan reports to an external endpoint; separately, Checkmarx VS Code extensions (cx-dev-assist and ast-results, versions 1.17.0/1.19.0) load a remote mcpAddon.js via a hard-coded GitHub URL, enabling credential theft and propagation as attackers injected a backdated commit to introduce a large payload; the attack uses stolen tokens to create public repos, GitHub Actions workflows, and to exfiltrate GitHub, AWS/Azure/GCP credentials, npm configs, SSH keys, and environment variables to public repos and to an endpoint controlled by the attackers; the operation also spreads through the npm ecosystem by republishing ~250 compromised packages; 51 repos reference Checkmarx Configuration Storage in READMEs; TeamPCP is suspected; mitigation includes removing affected artifacts, rotating credentials, auditing GitHub workflows, reviewing npm packages, and monitoring access logs.
The Register reports that Canva is among about 100 targets affected by the Shiny Hunters credential-theft operation, with the piece listing numerous advertising-tech vendors and the types of data and cookies involved. The broad scope underscores a sizable attack surface across the ad-tech ecosystem and highlights the need for strong credential hygiene and monitoring for suspicious activity across partnered platforms.
Cybersecurity researchers uncovered a targeted spear-phishing campaign using 27 malicious npm packages to host browser-based phishing lures mimicking document-sharing portals and Microsoft sign-in pages, primarily targeting organizations in critical infrastructure sectors across multiple countries. The campaign leverages package CDNs for resilient hosting, employs anti-analysis techniques, and hard-codes specific email addresses, with the goal of stealing login credentials. The activity highlights ongoing threats in the software supply chain, emphasizing the need for stringent dependency verification and monitoring.
Cybersecurity researchers have identified three malicious VS Code extensions linked to the GlassWorm campaign, which uses invisible Unicode characters to hide malware, steal credentials, and spread in a worm-like fashion. Despite removal efforts, the threat has resurfaced, leveraging blockchain-based command-and-control infrastructure to maintain resilience. The attack has affected victims worldwide, including a major Middle Eastern government, and has expanded to target GitHub repositories.
Google reports a significant increase in account hacking attacks, primarily through phishing and credential theft, with an 84% rise last year and ongoing threats in 2025. The company provides a step-by-step guide for users to recover their accounts, emphasizing the importance of using trusted devices and following security protocols. Experts highlight that attackers often use legitimate email accounts for credential harvesting, posing risks beyond Google users. Users are advised to stay vigilant and follow recommended security practices to protect their accounts.
Cybersecurity researchers have discovered a new undetected Linux backdoor called Plague, which exploits PAM modules to silently bypass authentication, maintain persistent SSH access, and evade detection through advanced obfuscation and environment tampering, posing a significant threat to Linux systems.
A massive leak of over 16 billion passwords from major online services like Apple, Google, and Facebook raises significant security concerns, especially for crypto users, as it could lead to increased account takeovers and thefts. The breach highlights vulnerabilities such as password reuse and weak authentication, urging users to update passwords, enable 2FA, and secure recovery data.
Pakistan's National Cyber Emergency Response Team has urged citizens to change all social media passwords following a massive global data leak exposing 184 million account credentials, which poses risks like account takeovers, identity theft, and targeted scams. Immediate action, including creating strong, unique passwords and enabling multi-factor authentication, is recommended to mitigate potential damages.