Sophos: AI Ransomware Toolkit Uses Claude Opus 4.5 for EDR Evasion
June 3, 2026
Sophos discovered a criminal ransomware framework using Claude Opus 4.5 and multi-agent AI pipelines to build and test 80 evasion-optimized
Endpoint Security
Sophos: AI Ransomware Toolkit Uses Claude Opus 4.5 for EDR Evasion
Sophos discovered a criminal ransomware framework using Claude Opus 4.5 and multi-agent AI pipelines to build and test 80 evasion-optimized malware modules.
VS Code Zero-Day Exposes GitHub OAuth Tokens; No Patch Available
Researcher Ammar Askar publicly disclosed a VS Code zero-day that lets malicious extensions steal GitHub OAuth tokens, granting full repository access.
Google Patches Android Zero-Day CVE-2025-48595 Under Active Exploit
Google confirmed CVE-2025-48595, a no-interaction privilege escalation flaw in Android 14–16, is under active targeted attack. Patches arrive June 5.
Red Hat npm Packages Backdoored with Miasma Credential Worm
Attackers backdoored 32 Red Hat npm packages with the Miasma worm, stealing CI/CD secrets, cloud keys, and SSH keys across roughly 80,000 weekly downloads.
SideCopy APT Targets Afghan Finance Ministry with Xeno RAT
Pakistan-attributed SideCopy APT used Pashto-language LNK lures against Afghanistan's Finance Ministry, deploying Xeno RAT for full system access and exfil.
PureLogs Infostealer Uses MSBuild.exe for Fileless Deployment
FortiGuard Labs documents PureLogs infostealer delivered via fake purchase order emails, using MSBuild.exe process hollowing to execute entirely in memory.
Gamaredon Hides USB Worm in NTFS Alternate Data Streams
Sekoia documents an active Gamaredon campaign using NTFS Alternate Data Streams to conceal USB worm modules targeting Ukrainian government networks.
Gamaredon Hides USB Worm in NTFS Alternate Data Streams
Sekoia documents an active Gamaredon campaign using NTFS Alternate Data Streams to conceal USB worm modules targeting Ukrainian government networks.
PureLogs Infostealer Uses MSBuild.exe for Fileless Deployment
FortiGuard Labs documents PureLogs infostealer delivered via fake purchase order emails, using MSBuild.exe process hollowing to execute entirely in memory.
SideCopy APT Targets Afghan Finance Ministry with Xeno RAT
Pakistan-attributed SideCopy APT used Pashto-language LNK lures against Afghanistan's Finance Ministry, deploying Xeno RAT for full system access and exfil.
VS Code Zero-Day Exposes GitHub OAuth Tokens; No Patch Available
June 3, 2026
Researcher Ammar Askar publicly disclosed a VS Code zero-day that lets malicious extensions steal GitHub OAuth tokens, granting full repository
Google Patches Android Zero-Day CVE-2025-48595 Under Active Exploit
June 2, 2026
Google confirmed CVE-2025-48595, a no-interaction privilege escalation flaw in Android 14–16, is under active targeted attack. Patches arrive June 5.
Red Hat npm Packages Backdoored with Miasma Credential Worm
June 2, 2026
Attackers backdoored 32 Red Hat npm packages with the Miasma worm, stealing CI/CD secrets, cloud keys, and SSH keys across
SideCopy APT Targets Afghan Finance Ministry with Xeno RAT
June 2, 2026
Pakistan-attributed SideCopy APT used Pashto-language LNK lures against Afghanistan’s Finance Ministry, deploying Xeno RAT for full system access and exfil.
PureLogs Infostealer Uses MSBuild.exe for Fileless Deployment
June 2, 2026
FortiGuard Labs documents PureLogs infostealer delivered via fake purchase order emails, using MSBuild.exe process hollowing to execute entirely in memory.
Gamaredon Hides USB Worm in NTFS Alternate Data Streams
June 2, 2026
Sekoia documents an active Gamaredon campaign using NTFS Alternate Data Streams to conceal USB worm modules targeting Ukrainian government networks.
Gamaredon Hides USB Worm in NTFS Alternate Data Streams
June 2, 2026
Sekoia documents an active Gamaredon campaign using NTFS Alternate Data Streams to conceal USB worm modules targeting Ukrainian government networks.
PureLogs Infostealer Uses MSBuild.exe for Fileless Deployment
June 2, 2026
FortiGuard Labs documents PureLogs infostealer delivered via fake purchase order emails, using MSBuild.exe process hollowing to execute entirely in memory.
SideCopy APT Targets Afghan Finance Ministry with Xeno RAT
June 2, 2026
Pakistan-attributed SideCopy APT used Pashto-language LNK lures against Afghanistan’s Finance Ministry, deploying Xeno RAT for full system access and exfil.
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.