IronWorm Rust Malware Hits 36 npm Packages in Supply Chain Attack
June 5, 2026
JFrog researchers discovered IronWorm, a Rust-based infostealer with an eBPF rootkit, injected into 36 npm packages to steal AI API
Endpoint Security
IronWorm Rust Malware Hits 36 npm Packages in Supply Chain Attack
JFrog researchers discovered IronWorm, a Rust-based infostealer with an eBPF rootkit, injected into 36 npm packages to steal AI API keys and self-propagate.
Hola Browser for Windows Bundled Monero Miner in Supply Chain Hit
AppEsteem found a Monero cryptominer bundled inside Hola Browser's Windows installer, hidden as a Windows service and excluded from Windows Defender scanning.
CISA Orders Patch for Linux Container Escape CVE-2022-0492
CISA added the Linux kernel CVE-2022-0492 container escape flaw to the KEV catalog, confirming active exploitation with a three-day federal patch deadline.
AI Worm Exploits 73.8% of Test Enterprise Network with Free Model
University of Toronto researchers built an AI worm that exploited 73.8% of a test enterprise network using a free open-weight model and only known CVEs.
Fake Claude Code Installers on Google Sites Steal AI API Keys
An active campaign uses 32 Google Sites pages to distribute credential malware targeting AI API keys, browser logins, and password managers from developers.
Huntress Discloses Windows Search URI Flaw That Leaks NTLMv2 Hashes
Huntress disclosed a Windows Search URI handler flaw that silently sends NTLMv2 hashes to attacker servers with one click. Microsoft declined to patch.
Russia’s FSB Claims Foreign Spies Installed Phone Surveillance Malware
Russia's FSB claimed foreign spies installed surveillance malware on senior officials' smartphones, naming Cloudflare and Fastly as alleged C2 infrastructure.
Sophos: AI Ransomware Toolkit Uses Claude Opus 4.5 for EDR Evasion
Sophos discovered a criminal ransomware framework using Claude Opus 4.5 and multi-agent AI pipelines to build and test 80 evasion-optimized malware modules.
VS Code Zero-Day Exposes GitHub OAuth Tokens; No Patch Available
Researcher Ammar Askar publicly disclosed a VS Code zero-day that lets malicious extensions steal GitHub OAuth tokens, granting full repository access.
Google Patches Android Zero-Day CVE-2025-48595 Under Active Exploit
Google confirmed CVE-2025-48595, a no-interaction privilege escalation flaw in Android 14–16, is under active targeted attack. Patches arrive June 5.
Hola Browser for Windows Bundled Monero Miner in Supply Chain Hit
June 5, 2026
AppEsteem found a Monero cryptominer bundled inside Hola Browser’s Windows installer, hidden as a Windows service and excluded from Windows
CISA Orders Patch for Linux Container Escape CVE-2022-0492
June 4, 2026
CISA added the Linux kernel CVE-2022-0492 container escape flaw to the KEV catalog, confirming active exploitation with a three-day federal
AI Worm Exploits 73.8% of Test Enterprise Network with Free Model
June 4, 2026
University of Toronto researchers built an AI worm that exploited 73.8% of a test enterprise network using a free open-weight
Fake Claude Code Installers on Google Sites Steal AI API Keys
June 4, 2026
An active campaign uses 32 Google Sites pages to distribute credential malware targeting AI API keys, browser logins, and password
Huntress Discloses Windows Search URI Flaw That Leaks NTLMv2 Hashes
June 3, 2026
Huntress disclosed a Windows Search URI handler flaw that silently sends NTLMv2 hashes to attacker servers with one click. Microsoft
Russia’s FSB Claims Foreign Spies Installed Phone Surveillance Malware
June 3, 2026
Russia’s FSB claimed foreign spies installed surveillance malware on senior officials’ smartphones, naming Cloudflare and Fastly as alleged C2 infrastructure.
Sophos: AI Ransomware Toolkit Uses Claude Opus 4.5 for EDR Evasion
June 3, 2026
Sophos discovered a criminal ransomware framework using Claude Opus 4.5 and multi-agent AI pipelines to build and test 80 evasion-optimized
VS Code Zero-Day Exposes GitHub OAuth Tokens; No Patch Available
June 3, 2026
Researcher Ammar Askar publicly disclosed a VS Code zero-day that lets malicious extensions steal GitHub OAuth tokens, granting full repository
Google Patches Android Zero-Day CVE-2025-48595 Under Active Exploit
June 2, 2026
Google confirmed CVE-2025-48595, a no-interaction privilege escalation flaw in Android 14–16, is under active targeted attack. Patches arrive June 5.
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.