In today’s cybersecurity news…
Microsoft malware hits Claude and Gemini users
On June 6th, OpenSourceMalware.com reported that GitHub had disabled 73 Microsoft repositories, including the entire Azure Functions organization, the Durable Task project family, and several AI sample app repositories. On June 8th, Microsoft told 404 Media it had “temporarily removed some repositories as we investigate potential malicious content” after attackers reportedly inserted credential-stealing malware into the durabletask development tool, an unusually large-scale shutdown that underscores the growing threat of software supply chain attacks targeting AI coding tools like Claude Code, Gemini CLI, Cursor, and VS Code. (404 Media)
Mythos can exploit new flaws in hours
Anthropic shared research with Axios showing that its Mythos Preview model can turn newly disclosed software vulnerabilities into working exploits in hours, generating a proof-of-concept exploit for a Windows kernel flaw in 31 minutes and building working exploits for multiple Windows and Firefox vulnerabilities disclosed after its knowledge cutoff. This suggests AI may accelerate the weaponization of already-known bugs as much as it accelerates bug discovery, potentially shrinking the window between public disclosure and real-world exploitation. (Axios)
AI tool abuse behind Instagram hacks
Instagram owner Meta told Maine’s Attorney General’s Office that 20,225 Instagram accounts may have been compromised after attackers exploited a bug in an AI-powered account recovery tool that let them redirect password reset links to their own email addresses. The flaw primarily affected users without two-factor authentication enabled, and Meta has since disabled the tool, reset affected accounts, and is notifying users while it investigates what data may have been accessed. (SecurityWeek)
Meta chases NSO over phishing attacks
Meta also says it will seek a federal contempt order against Israeli spyware maker NSO Group after WhatsApp disrupted new spear-phishing campaigns that it says violated a court injunction permanently barring NSO from targeting the platform and its users. The reported attacks used “one-click” phishing links similar to earlier campaigns, and come as NSO appeals last year’s ruling, which ordered it to stop targeting WhatsApp and was widely viewed as a major threat to the company’s Pegasus spyware business. (Reuters)
Huge thanks to our sponsor, Doppel
They use one connected attack chain to hit your brand externally, infiltrate your inbox, and manipulate your team.
Stop playing whack-a-mole with fragmented tools. Doppel unifies Digital Risk Protection, Human Risk Management, and Email Security into one unified platform.
One attack chain. Three pillars of defense. Zero blind spots.
Secure your enterprise relentlessly at doppel.com.
IBM denies whistleblower breach claims
Bloomberg reported that a lawsuit unsealed last week alleges IBM covered up multiple data breaches, including a suspected Chinese APT10 intrusion that an internal investigation reportedly found may have accessed IBM’s network more than 56,000 times between 2013 and 2016. Former IBM threat intelligence chief William Barlow claims the company failed to notify authorities or customers, despite evidence that hundreds of accounts and nearly 200 systems were compromised. IBM told TechCrunch that the complaint was filed six years ago, the U.S. Department of Justice declined to intervene, and it is confident its actions followed the law. (TechCrunch) (Bloomberg)
‘Hades’ puts new spin on Shai-Hulud
Socket researchers say attackers have launched a new “Hades” (HAY-deez) campaign targeting the Python Package Index (PyPI), compromising 37 malicious package releases across 19 projects with a variant of the persistent Shai-Hulud software supply chain worm. The latest version uses Python startup files to execute a Bun-powered credential stealer that targets developer, cloud, and CI/CD secrets, showing how the malware continues to evolve after earlier campaigns against npm and PyPI packages and reinforcing the need for organizations to audit and rotate credentials if affected packages were installed. (Dark Reading)
Professional platforms become spy tools
The Five Eyes intelligence alliance warned that Chinese intelligence operatives are using platforms like LinkedIn, Indeed, and Upwork to target security clearance holders, military personnel, journalists, and think tank workers with fake recruiting approaches designed to collect sensitive information. Recruitment-based espionage campaigns have been around forever, but security experts note attackers increasingly use AI-generated content and deepfake interviews to build trust over weeks or months before requesting sensitive information. (Security Magazine)
NFCShare hides in banking apps
Researchers at D3Lab say new versions of the NFCShare Android malware are being distributed as fake banking app updates hosted on GitHub, expanding from earlier attacks targeting Deutsche Bank customers to campaigns impersonating banks in Italy and Spain. Victims are lured to phishing sites, prompted to install malicious APKs, and then tricked into tapping their payment cards against their phones, allowing attackers to steal card details and PINs for use in NFC payment fraud schemes. (BleepingComputer)