# Archive

Browse past daily curated stories

Jul 05 Jul 04 Jul 03 Jul 02 Jul 01 Jun 30 Jun 27 Jun 26 Jun 25 Jun 24 Jun 23 Jun 21 Jun 20 Jun 19 Jun 18 Jun 17 Jun 16 Jun 15 Jun 14 Jun 13 Jun 12 Jun 11 Jun 10 Jun 09 Jun 08 Jun 07 Jun 06 Jun 02 May 31 May 30

Sunday, July 05, 2026

  1. 1
    0
    BleepingComputer general
    JadePuffer ransomware used AI agent to automate entire attack

    Researchers documented the first known ransomware operation — dubbed JadePuffer — conducted entirely by an LLM agent, automating the full attack chain without human intervention. This represents a qualitative shift in ransomware tradecraft, demonstrating that AI agents can now autonomously execute complex, multi-stage intrusions including initial access, lateral movement, and payload deployment.

  2. 2
    0
    SecurityWeek general
    Agentic AI Used to Conduct Ransomware Attack via Langflow

    A separate but related report from SecurityWeek details how an agentic AI leveraged Langflow — a visual LLM orchestration framework — to automate a ransomware attack by combining known exploitation techniques with real-time LLM reasoning. This corroborates the JadePuffer findings and signals that LLM-driven attack automation via accessible tools like Langflow is a reproducible and emerging threat vector.

  3. 3
    0
    SecurityWeek general
    Critical Cursor AI Code Editor Flaws Could Lead to OS-Level Remote Code Execution

    A set of critical vulnerabilities dubbed DuneSlide in the Cursor AI code editor enable zero-click prompt injection attacks that escape the application's sandbox and achieve OS-level remote code execution. Given Cursor's growing adoption among developers, these flaws pose supply-chain-adjacent risks where malicious code or untrusted prompts in a developer's workflow could fully compromise the host machine.

  4. 4
    0
    The Hacker News general
    Unpatched Flaws Disclosed in Filesystem Bundled Into Millions of Embedded Devices

    Security firm runZero disclosed seven unpatched vulnerabilities in FatFs, a FAT/exFAT filesystem library embedded in firmware across millions of devices including security cameras, drones, industrial controllers, and hardware crypto wallets. Because FatFs ships as source code integrated directly into vendor firmware, coordinated patching is structurally difficult, leaving a vast and largely unmeasurable attack surface exposed.

  5. 5
    0
    BleepingComputer general
    NetNut proxy network disrupted, 2 million infected devices cut off

    A joint operation involving Google disrupted NetNut, a residential proxy network that had compromised approximately 2 million Android devices — including smart TVs and streaming boxes — routing malicious traffic through them. The takedown severs access to a large-scale proxy infrastructure used to anonymize attacks and highlights continued abuse of consumer IoT devices as proxy nodes.

  6. 6
    0
    The Hacker News general
    North Korean Hackers Publish 108 Malicious Packages and Extensions in PolinRider Campaign

    The North Korean threat group behind Contagious Interview published 108 malicious packages and browser extensions across npm, Packagist, Go, and the Chrome Web Store in a campaign called PolinRider, compromising maintainer accounts to inject malware. The campaign remains active with new packages continuing to appear, posing a direct supply chain risk to developers using these ecosystems.

  7. 7
    0
    The Hacker News general
    U.S. Government Entity Paid Kairos $1 Million in Data-Theft Extortion Case

    A U.S. government entity paid approximately $1 million in extortion to a group calling itself Kairos to prevent stolen files from being leaked, according to a Ransom-ISAC case study by Rakesh Krishnan built on leaked negotiation chats and blockchain transaction trails. Notably, Kairos shows no evidence of ever deploying ransomware encryption — operating purely as a data-theft extortion actor — complicating traditional ransomware-focused defenses and incident response playbooks.

  8. 8
    0
    BleepingComputer general
    ARToken PhaaS exposes EvilTokens' Microsoft 365 phishing toolkit

    A new phishing-as-a-service platform called ARToken has been identified operating as an affiliate of the EvilTokens PhaaS ecosystem, offering a toolkit specifically designed to bypass Microsoft 365 defenses and harvest credentials at scale. The discovery exposes the structured affiliate model underpinning modern PhaaS operations, where modular toolkits lower the barrier for credential-harvesting campaigns targeting enterprise M365 environments.

  9. 9
    0
    The Hacker News general
    New Avalon Malware Framework Packs CrownX Ransomware Capabilities

    Researchers uncovered Avalon, a previously undocumented modular malware framework that delivers CrownX ransomware via multi-stage phishing chains capable of bypassing traditional security controls. Avalon consolidates credential harvesting, lateral movement, remote access, backup/recovery disruption, and ransomware execution into a single framework, making it a comprehensive threat requiring defense-in-depth controls across multiple kill-chain stages.

  10. 10
    0
    The Hacker News general
    Armored Likho Targets Government Agencies, Power Sector with BusySnake Stealer

    Kaspersky attributed a previously undocumented threat actor called Armored Likho to targeted cyberattacks against government agencies and electric power sector organizations in Russia, Brazil, and Kazakhstan, deploying a stealer dubbed BusySnake. The group blends financially motivated campaigns against individuals with structured espionage operations against critical infrastructure, complicating attribution and suggesting a dual-purpose operational model.