PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Tales

Palo Alto Networks has launched the primary spherical of fixes to handle CVE-2026-0300, a important buffer overflow vulnerability within the Consumer-ID Authentication Portal service of PAN-OS software program that might enable an unauthenticated attacker to execute arbitrary code with root privileges by sending specifically crafted packets. The corporate mentioned it has noticed the flaw being exploited in restricted assaults since at the least final month, with unknown menace actors leveraging it to drop payloads like EarthWorm and ReverseSocks5.

Meta has introduced Incognito Chat with Meta AI in its namesake app and WhatsApp. Incognito Chat is “a very personal technique to work together with AI, just like how end-to-end encryption means nobody can learn your conversations, even Meta or WhatsApp,” CEO Mark Zuckerberg mentioned. “Incognito Chat handles all AI inference in a Trusted Execution Atmosphere that ensures your messages will not be accessible to us. The conversations in your cellphone additionally disappear whenever you exit the session.” The function is powered by Non-public Processing, which already underlies its message summarization and composition instruments.

A protection expertise firm with Division of Protection contracts uncovered person data and navy coaching supplies by API endpoints that lacked significant authorization checks. The difficulty affected Schemata, an AI-powered digital coaching platform utilized in navy and protection settings. In accordance with Strix, an extraordinary low-privilege account was in a position to entry information throughout a number of tenants, together with person listings, group data, course info, coaching metadata, and direct hyperlinks to paperwork hosted on Schemata’s Amazon Internet Providers situations. In a press release posted on the corporate’s web site, Schemata mentioned it didn’t have “proof that any third celebration exploited the vulnerability to entry buyer information.”

The U.S. Federal Communications Fee (FCC) has prolonged the deadline for homeowners of banned web routers to supply security updates to U.S.-based customers by two years. In March 2026, the FCC banned the import and sale of all “consumer-grade” web routers produced out of the country, citing unacceptable nationwide security dangers. In a brand new public discover printed final week, the Fee’s Workplace of Engineering and Know-how (OET) mentioned it’s extending this deadline till “at the least” January 1, 2029. That mentioned, the extension solely applies to software program and firmware updates in order to make sure the continued security of already deployed routers within the U.S. and mitigate potential hurt. “These embody all software program and firmware updates to make sure the continued performance of the gadgets, akin to people who patch vulnerabilities and facilitate compatibility with completely different working programs,” per the FCC.

A brand new state-sponsored menace cluster dubbed Operation GriefLure has been noticed focusing on Vietnam’s telecom and the Philippines’ healthcare sectors with a RAR archive distributed by way of spear-phishing emails to deploy a distant entry trojan on compromised hosts, whereas leveraging credible decoy paperwork to present them a veneer of legitimacy and belief. The malware is able to course of enumeration, screenshot seize, file and listing itemizing, credential harvesting, and file execution capabilities.

A multi-stage intrusion marketing campaign has been noticed leveraging a weaponized PowerShell payload disguised as a reputable JPEG picture file to ship a trojanized occasion of ConnectWise ScreenConnect to stealthy distant entry. “The intrusion doubtless originated by social engineering strategies akin to phishing emails, malicious attachments, misleading file-sharing interactions, or pretend replace lures involving a malicious file named sysupdate.jpeg,” CYFIRMA mentioned. “The payload was particularly crafted to use person belief and bypass typical file-extension validation mechanisms whereas mixing malicious exercise with reputable enterprise software program.”

A focused cyber espionage marketing campaign is leveraging social engineering and trusted infrastructure to determine persistent entry to sufferer programs. The exercise, which employs lure themes centred round humanitarian support, is assessed to focus on Russian-speaking people or entities. “The assault is delivered by way of phishing emails containing a malicious LNK file disguised inside a RAR archive, utilizing a Russian humanitarian support request kind to use contextual belief,” Cyble mentioned. “Execution triggers a stealthy, multi-stage an infection chain wherein a decoy doc is offered to the person whereas a closely obfuscated, fileless (PE-less) Python-based implant is silently deployed.” The payload is retrieved from GitHub Releases, permitting the operator to mix in with reputable enterprise exercise. The implant operates as a “full-spectrum surveillance platform,” facilitating credential harvesting, keystroke logging, clipboard and screenshot seize, delicate information exfiltration, and covert distant entry.

A brand new proof-of-concept (PoC) device dubbed GhostLock, created by Kim Dvash of Israel Aerospace Industries, has revealed that it is doable for a website person with learn entry to a file share to disclaim entry to information with out the necessity for deploying any ransomware or requiring elevated privileges. “By calling CreateFileW with dwShareMode = 0x00000000 throughout a goal share, a low-privileged person holds information in an completely locked state indefinitely,” Dvash mentioned. “Different shoppers obtain STATUS_SHARING_VIOLATION (0xC0000043) on each entry try. ERP programs fail. Workflow queues stall. The impression is indistinguishable from encrypted ransomware. The assault produces not one of the alerts that encrypted ransomware produces.” The disruptive approach isn’t a vulnerability, however reasonably documented conduct required for information integrity. GhostLock impacts “any group working SMB-backed shared file infrastructure the place customers have customary area credentials and community entry to file shares.”

cURL developer Daniel Stenberg mentioned that Anthropic Mythos mannequin’s scan of the utility 5 “confirmed security vulnerabilities,” out of which one was a low-severity bug, whereas the remainder have been false positives. “The only confirmed vulnerability goes to finish up a severity low CVE deliberate to get printed in sync with our pending subsequent curl launch 8.21.0 in late June,” Stenberg mentioned. “The flaw isn’t going to make anybody grasp for breath. All particulars of that vulnerability will ofcourse not get public earlier than then, so it’s essential maintain out for particulars on that.” Stenberg, nevertheless, acknowledged that synthetic intelligence powered code analyzers are considerably higher at discovering security flaws and errors in supply code than any conventional code analyzers.

The Indian Cyber Crime Coordination Centre (I4C), together with the Ministry of Dwelling Affairs, and Reserve Financial institution Innovation Hub (RBIH), have signed a Memorandum of Understanding (MoU) to “facilitate cooperation within the areas of fraud-risk intelligence sharing, analytical assist, and operational coordination for strengthening proactive fraud detection and prevention mechanisms.” The objective is to fight cyber-enabled monetary fraud and curtail mule accounts throughout the banking and digital funds ecosystem.

Attackers are engaging customers in search of “free OnlyFans accounts” to obtain a seemingly innocent ZIP file that comprises the crpx0 ransomware. The exercise targets each Home windows and macOS programs. “Inside that ZIP file is a small trick, a malicious shortcut disguised as one thing reputable. When the person clicks it, it quietly executes hidden instructions,” Aryaka mentioned. “A VBScript loader prepares the system and silently installs the parts wanted to run Python-based code. That is the place the assault turns into extra versatile. Reasonably than counting on a single static payload, the attackers now have a programmable surroundings. As soon as the Python script is working, it connects to a distant server.” The Python-based malware permits the attackers to ship instructions, replace the malware, or deploy new payloads. This allows system profiling, clipboard hijacking to conduct cryptocurrency theft, seed phrase harvesting, andransomware deployment.

A brand new ClickFix marketing campaign carried out by way of a compromised web site has been noticed utilizing scheduled duties for persistence and PySoxy, an open-source Python SOCKS5 proxy, to determine encrypted proxy entry. “Within the noticed chain, one user-executed command led to persistence, area reconnaissance, an preliminary PowerShell-based command-and-control (C2) channel, and a second C2 path by PySoxy, giving the attacker encrypted proxy entry with out counting on well-known malware or distant monitoring and administration (RMM) instruments,” ReliaQuest mentioned. “This growth exhibits ClickFix shifting past one-time person execution into modular post-exploitation, the place older open-source instruments can create redundant entry paths which are more durable to categorise and comprise.”

HiddenLayer has demonstrated a method referred to as tokenizer tampering that particulars how modifying the “tokenizer.json” file in Hugging Face AI fashions can provide an attacker direct management over mannequin output, enabling an attacker to exfiltrate delicate information by way of, say, stealthy device name injections. The assault works throughout Safetensors, ONNX, and GGUF codecs. “Tokenizer.json ships with the mannequin in a HuggingFace repository, as proven above, and is loaded mechanically when the mannequin is initialized for inference, making it a direct assault floor,” HiddenLayer mentioned. “This could have an effect on conversational responses, tool-call arguments, and another generated textual content, with out weight modifications, adversarial enter, or information of the mannequin’s structure.”

Menace actors are sending Microsoft Groups messages from a pretend IT Assist account to set off an assault chain that permits distant entry, malware deployment, privilege escalation, credential theft, lateral motion, and exfiltration. “By abusing Groups exterior entry, the menace actor delivered a Dropbox-hosted Python payload [called ModeloRAT] that established command-and-control, deployed a number of backdoors, and started mapping the interior surroundings,” Rapid7 mentioned. “The attacker then escalated privileges to SYSTEM utilizing CVE-2023-36036 earlier than deploying a pretend Home windows lock display designed to reap the person’s area password.” The attackers then moved laterally to a second host, used reputable tooling akin to DumpIt to collect system reminiscence, and sure exfiltrated the info by way of an nameless file-sharing service. ReliaQuest has attributed the exercise to a financially motivated preliminary entry dealer (IAB) tracked as KongTuke.

The infamous menace actor generally known as TeamPCP, which was not too long ago linked to the compromise of TanStack’s npm packages, has teamed up with Breached discussion board to announce a provide chain assault competitors with a $1,000 prize in Monero. As a part of the announcement, the Shai-Hulud worm has been open-sourced and hosted on the discussion board’s content material supply community. Whereas it was additionally made obtainable on GitHub, it has since been eliminated. In accordance with screenshots shared by Darkish Internet Informer on X, the competitors guidelines require members to make use of the worm of their assaults and submit proof that they’ve obtained entry to a goal’s surroundings. “The largest provide chain based mostly on the quantity of weekly/month-to-month downloads will win,” the menace actor mentioned. “If you happen to compromise many small packages, it is going to be added up.” The event marks a newfound escalation of TeamPCP’s tradecraft.

An unknown menace actor has been noticed utilizing a NATS server as a command-and-control (C2) channel reasonably than counting on conventional HTTP-based panels or chat platforms. The novel approach has been codenamed NATS-as-C2 by cloud security firm Sysdig. The exercise pertains to the exploitation ofCVE-2026-33017, an unauthenticated distant code execution (RCE) vulnerability in Langflow. “Over roughly half-hour of hands-on exercise, the operator at 159.89.205.184 (DigitalOcean) downloaded a Python employee and a Go binary,” the corporate mentioned. Whereas menace actors have adopted reputable platforms and companies as covert communication channels, that is the primary time NATS, a high-performance communications system, has been leveraged for this objective.