News

As if the Miasma situation weren't bad enough, now this weapon is spreading like wildfire. Someone open sourced the entire Miasma worm supply-chain attack toolkit, likely using previously compromised developers' accounts to publish GitHub repositories containing the self-spreading malware’s source code over the last 24 hours. SafeDep, a company focused on open source supply chain security that developed Package Management Guard (PMG), spotted the malicious repos, named “Miasma-Open-Source-Release,” and said that they started appearing on Monday. Its researchers analyzed one of these before GitHub nixed it, and described the code as more than just a supply chain worm. “It is a full supply chain attack toolkit that allows the operator to execute various attacks via stolen credentials against arbitrary or targeted packages on public registries (PyPI, npm, RubyGems), JFrog Artifactory, GitHub repositories and GitHub Actions, AI coding tools config poisoning, SSH based lateral movement and other attack vectors,” the SafeDep team said. While we don’t know who is behind this publicly released worm, it follows in the footsteps of TeamPCP, which developed and then open sourced the mini Shai-Hulud worm last month, announcing a supply-chain attack contest on BreachForums and spawning copycat open source package poisonings. One of these copycat worms, Miasma, first hit upwards of 100 Red Hat and Microsoft open source projects before spreading to other victims, with app-security firm Socket tracking 473 affected package artifacts as of Tuesday. “The Miasma repository is an evolution of the Mini Shai-Hulud toolkit, and was open-sourced June 8 via four previously compromised users,” Rami McCarthy, principal threat researcher at Wiz, told The Register. “Since we had already reversed the payload, this public release isn’t particularly useful for sophisticated defenders, and we haven't observed any opportunistic adoption of it yet.” This, he added, mimics what happened when TeamPCP open sourced mini Shai-Hulud last month. “We didn't see attackers weaponize it either,” McCarthy said. “It's not clear [whether] attackers benefit from adopting this out-of-the-box toolkit versus vibe coding their own. And while it raises concerns about muddying attribution, attackers tend to continue developing their private fork of the malware, providing a clear payload progression to track and deconflict from anyone utilizing the open-source version.” An interesting aspect of both of these worms and other recent attacks like this one dubbed “Comment-and-Control” by AI bug hunter Aonan Guan is that they run entirely in GitHub - they don’t require any custom command-and-control (C2) infrastructure - and use the code-hosting platform for all stages of the attack including remote command execution, configuration, and data exfiltration. “This is a key behavioural shift because traditional network based detection and protection tools rely on baselining and anomaly detection,” SafeDep researchers noted. “Defenders now have to operate closer to application protocol to identify behavioural anomaly instead of network based anomalies.” The Miasma worm uses three independent GitHub commit search channels for C2, and each has a different search string and purpose. One of these, "DontRevokeOrItGoesBoom," discovers attacker-controlled personal access tokens (PATs) to exfiltrate credentials and other sensitive data. These PATs are AES-256-CBC encrypted in the commit message. The second, "TheBeautifulSandsOfTime," delivers JavaScript for immediate command execution. It’s checked once at startup, and, after validation, it passes the payload to eval() to execute at runtime. Finally, “firedalazer” delivers Python script URLs for the persistent monitor. All three are unauthenticated by default, use GitHub’s public commit search API, and use a different validation or decryption key, which means compromising one doesn’t automatically compromise the other two.®

Apple says that its next-gen operating system will allow users to update their weak and compromised passwords with a single tap. Upgrades coming to iOS 27, announced at Tim Cook’s last Worldwide Developers Conference (WWDC) this week, introduce a significant change to the way users manage their passwords. “Building on its ability to alert users about weak and compromised passwords, Passwords can now automatically fix these for users with just a tap,” Apple said on Monday. “Using Apple Intelligence and Safari to agentically take action on a user’s behalf, Passwords securely navigates through websites to sign in and upgrade their accounts to strong passwords.” The iGadget-maker’s existing password manager already flags passwords that are known to be included in prior data breaches, checking whether they appear in known data leaks. However, current Passwords still requires users to update affected accounts themselves and does not offer a way to change multiple compromised credentials at once. Selecting one of those alerts typically takes users to the relevant account page, where they must complete the password change manually. The new update is designed to remove much of that legwork, with iOS 27 automatically navigating supported websites and updating eligible accounts to stronger passwords after user approval. Of course, in the very brief section of the video in which the new capability was announced, the feature worked flawlessly. In practice, however, it remains to be seen how effective Passwords is at agentically navigating different websites’ login processes on behalf of users, especially if MFA is also set up on the account. And for those of you who remember a story The Register covered earlier this year about the (in)security of AI-generated passwords, fret not. Apple’s Passwords app generates solid passwords by default – strings that, according to NordPass’ online password checker, are “strong” and would take centuries to crack. Security company Irregular’s research from February looked at scenarios where users were querying LLM chatbots for password ideas, rather than looking at those generated by purpose-built password managers. Siri state of affairs As predicted by many, this year’s WWDC put Siri, now known as Siri AI, front and center as Apple looks to deliver on its promises made two years ago. It announced Apple Intelligence in 2024, but the offering has underdelivered on pretty much every count. Analysts who spoke to The Register after the event on Monday were optimistic about what they saw on the AI front, but described Apple’s ability to deliver value for developers and users on its second roll of the dice as a credibility test. The company announced a wide range of small AI-enabled upgrades coming soon to iOS 27, powered by Apple's Foundation Models, developed in collaboration with Google and its Gemini technology, in addition to the agentic password-fixing tease. Individually, these features, such as enabling users to create shortcuts or Safari extensions by prompting Apple Intelligence using natural language, and Safari’s Notify Me, which allows users to monitor specific web pages for updates, are not revolutionary. They’re also not the type of features that are poised to set the AI industry alight. But for some, winning the AI race is less about being first to market with the biggest, baddest model; it’s about using AI in the most useful way. "Rebuilt from the ground up, Apple is trying to make AI feel native, useful, and invisible across the devices people already use every day," said Francisco Jeronimo, IDC VP of client devices. "This matters because the winning AI experience for consumers will not be the loudest or most technically complex. It will be the one that understands context, respects privacy, works reliably across apps, and reduces friction without forcing users to change behaviour." Apple’s iOS 27 will launch to the wider public in the fall, while devs can get their hands on the beta version now. This won’t come with the new dedicated Siri AI app, though. You’ll have to join a waiting list for that one. ®

Signal insists that plans to compel tech companies to scan devices for nude images of children announced by UK Prime Minister Keir Starmer on Monday at London Tech Week "will not keep children safe." "It endangers us all," the encrypted messaging platform said, adding that the mechanism required to implement it would be "dangerous." And it wouldn't be a pro-privacy statement without calling it "dystopian." Signal argues that the proposed technology could at some point be repurposed to enable state-sponsored surveillance of all citizens' comms, or used as a mass censorship tool. "Forcing all UK residents to prove their age and/or have all their content scanned, simply to exercise their fundamental right to communicate, is a perilous proposition," Signal stated. "We know that mass surveillance and censorship capabilities, however sincere-sounding the promises of those who initiate them are, never remain narrowly scoped. Once created, they will be expanded, forming a dangerous tool that will be wielded both in the UK and abroad to censor and surveil whatever they might consider 'threats' or 'harmful content.'" Similar accusations have been leveled against the UK government in response to its various attempts to improve online safety via legislation. For example, the government has long presented the Investigatory Powers Act as a way to enshrine in law necessary powers available to law enforcement and UK intelligence to intercept communications for the sake of preventing terrorist attacks. More recently, the Online Safety Act was introduced to impose new obligations on digital platforms to prevent children from accessing online harms. However, privacy proponents have shunned both. Rather than simply providing powers to prevent terror attacks, critics say the IPA enables public bodies to spy on people's calls or texts. It's colloquially known as "The Snooper's Charter." Digital rights organizations have also claimed the OSA is more about online censorship than it is about restricting the types of content children are allowed to view on the web. The PM's proposals are not law yet. Instead, Starmer's speech amounted to a three-month ultimatum to tech companies: make the changes the UK wants to see or the government will legislate. Essentially, whichever way the likes of Apple, Google, Microsoft, and others want to play it, some form of device-level scanning appears likely to be pushed onto UK devices soon. "When it comes to the safety of our children, standing by is not an option. Nobody gets a free pass. That is why I'm making sure Britain is the first country in the world to make it impossible for children to take, share or view nude images," Starmer said. "And I expect tech firms to make that happen. This is not an impossible challenge – these are some of the most innovative companies in the world. But if they choose not to, then we will act and change the law." The government's announcement was backed by a slew of campaigners and charities that argued child protection has not been as big a part of tech innovation as it should have been in recent years. Roxy Longworth, author and founder of Behind Our Screens, said: "I told myself, back in 2021, that if I went public with what happened to me and it stopped one life from being ruined, then it was worth it, but the more I campaigned the angrier I became. "Every child needs to be protected from platforms who for far too long have been allowed to turn a blind eye to the damage being done to them. This announcement makes me hopeful that there won't be kids sat in their room feeling the same pressure and shame that consumed my teenage years." Likewise, Chris Sherwood, chief exec at the NSPCC, said: "Every day these protections are not in place, more children will continue to face devastating harm in the online world. That's why we strongly support the government's decision to make it mandatory for these companies to block inappropriate material at device level. This marks a major step forward in our fight against online child sexual abuse." The UK government singled out Apple and Google, saying that it demands both block nudity by default across their devices. That includes cameras, third-party apps, and messaging services, which would prevent children from taking, viewing, or sending nude images. It proposed that the nude-block-by-default approach would keep children safe, while still allowing adults to remove the block by verifying their ages. Client-side scanning remains a highly controversial technology, but supporters present it as striking a balance between privacy and safety. Advocates argue it should appeal to the pro-privacy crowd by keeping all data on the device, rather than blurring nude images in transit, for example, which would involve sending that data to an intermediary. However, in the case of Signal, an encrypted messenger, it breaks the private comms trust model, even if the message content is not sent to a third party. Client-side scanning can involve checking content against a database of known objectionable material. In the context of child exploitation, image hashes would be checked against a database of other hashes associated with abuse material. If the hashes match, then the image would be blocked. Some implementations scan using AI, rather than against a database. So while the image in this scenario is not sent to a third party, it does mean that Signal could no longer say that message content stays between sender and receiver only. Further, because the databases of objectionable material would need to be updated, this introduces additional problems. Updated databases or models would need to be pushed to devices, creating another trust and security dependency. The attack surface also widens, as it is conceivable that attackers could try to manipulate them. As Signal points out, it would be technically possible for the same scanning mechanisms to be updated to block other things, like messages criticizing the government, to take one hypothetical example. Authorities could also feasibly implement ways of seeing which device contains images or other content that has registered matches with its objectionable material database, potentially opening the door to surveillance. The company's statement [PDF] called for public funds to be funneled into other areas to improve child safety, including education, social services, and guardrails on AI technologies and platforms, instead of drafting legislation to block children's nudes by default on devices. "What the UK government wants instead is invisible surveillance infrastructure, switched on by default and potentially rushed into law under cynical pretexts," it said. "All of this with scant care for the actual needs of the children they claim to be protecting or the horrifying and far-ranging consequences that will ensue in practice." Signal has not threatened to pull out of the UK, however, despite the government's promises to enact the plans, via legislation or the threat of it. The company has previously mulled exiting Sweden over proposed encryption-busting laws, and more recently Canada, as it debates a bill that would compel platforms like Signal to gather its users' metadata, which could include their locations and who they are talking to. ®

Google has fixed its fifth actively exploited Chrome zero-day of 2026, and this one earned its finder a $55,000 bounty. The flaw, tracked as CVE-2026-11645, is an out-of-bounds memory access bug in Chrome's V8 JavaScript engine. Google confirmed that the vulnerability is being exploited in the wild, but has disclosed little beyond the bare technical details. The company patched the issue in the latest Stable Channel releases for Windows, macOS, and Linux. It also awarded a $55,000 bounty to the researcher using the handle "303f06e3," who reported the bug on April 27. The reward suggests Google viewed the report as potentially serious, particularly given its location in V8, the JavaScript engine at the heart of Chrome. Bugs in V8 have featured regularly in both Chrome security advisories and exploit chains over the years, making it one of the browser's more closely watched components. As is standard when active exploitation is involved, Google has withheld technical details that could help others carry out the attack before users have had a chance to patch. CVE-2026-11645 is the fifth exploited Chrome zero-day fixed this year. Google started 2026 by patching CVE-2026-2441, a use-after-free flaw in CSS. Two more zero-days followed in March, CVE-2026-3909 and CVE-2026-3910, before another actively exploited vulnerability, CVE-2026-5281, was patched in April. For Google's browser engineers, 2026 is shaping up to be another busy year. The company patched eight Chrome zero-days across all of 2025, and it’s already more than halfway to that figure with more than six months still to go. There is no indication that the latest flaw has been used in broad, indiscriminate attacks. Zero-days are often reserved for targeted operations until patches become available, after which researchers and criminals alike begin dissecting the fixes to understand what changed. For Chrome users, the advice remains much the same as it was after the first four zero-days this year: restart the browser, install the update, and avoid giving attackers an unnecessary head start. ®

French officials are investigating a compromise of the government’s encrypted messaging service Tchap after attackers hijacked an account and gained access to public chat rooms. The incident came to light on June 7 when France's National Cybersecurity Agency (ANSSI) detected suspicious activity on Tchap, the government's homegrown messaging service used across ministries and public sector organizations. The French Digital Affairs Directorate (DINUM), which operates the platform, said it immediately began investigating the compromise and moved to block the affected account. French officials insist the damage was limited and said the attacker could only see messages posted in public chat rooms, which are accessible to all Tchap users. Private conversations, the government says, are encrypted, and their contents remain inaccessible even when an account is compromised. Not everyone is buying that version of events. A cyber criminal has claimed responsibility for the attack and said they were able to gain access after they “social engineered” a valid agent account associated with Tchap's education environment. The alleged hacker claims they accessed more than 73,000 user accounts, 643,000 messages, nearly 60,000 media files, and hundreds of chat rooms. The post, shared by Dark Web Intelligence, also claimed user enumeration was possible through a directory search function and suggested the data included references to documents marked "Diffusion Restreinte," a French government restricted-distribution classification. None of those claims have been independently verified, and DINUM's statement makes no mention of user directory exposure, restricted documents, or the volumes of data cited by the hacker. What French officials have confirmed is that investigators are still working through logs to determine exactly which conversations were accessed and whether any data was exfiltrated. The agency has also notified France's data protection watchdog, CNIL, after determining that personal information may have been exposed through content shared in conversations accessible to the attacker. “A message has been sent to all Tchap users reminding them that a public chat room can be found and joined by any user and that its content is not encrypted,” French officials added. “In accordance with Tchap's terms of service, no personal, sensitive, or confidential information should be exchanged in public chat rooms: such exchanges should be reserved for private chat rooms.” Whether the incident amounts to a limited exposure of public chat rooms or something considerably larger will depend on what investigators find in the logs, but for now, the government and the attacker are telling very different stories. ®

The patient tally from the Synnovis ransomware attack continues to grow two years later, with Mid and South Essex NHS Foundation Trust confirming it was caught up in the breach. The trust told The Register that the Synnovis breach affected about 2,380 records relating to patients who underwent specialist diagnostic testing. The disclosure follows a similar announcement by Bedfordshire Hospitals NHS Foundation Trust, which earlier this month said that almost 33,000 patient records had been caught up in the same breach. According to Mid and South Essex, some of the compromised data cannot yet be directly linked to individual patients, meaning the trust is still unable to determine the final number of people affected. It also said the precise time period covered by the stolen records has yet to be established, although patients tested after June 3, 2024, the day of the attack, were not affected. "We are still waiting for confirmation on exact numbers," Dawn Scrafield, deputy chief executive of Mid and South Essex, told The Register. "Once we have established who those patients are, we will be in contact with any who have been affected." The disclosure highlights the drawn-out fallout from the attack. Synnovis told us it completed its forensic review by the end of last summer and said it had notified all affected organizations by November. However, Mid and South Essex said it was only informed in December 2025 and is still trying to work out exactly which patients are tied to the compromised records six months later. "Any decision on patient notification, including the number of patients to be notified, is made by the affected organization as part of their assessment," a Synnovis spokesperson said in a statement. "Synnovis, as the Processor of the data, is not involved in any of the assessments regarding if, when or how many patients a Controller determines necessary to notify." The company said it does not believe the stolen information presents a high risk to individuals because of its fragmented nature, but acknowledged that affected organizations are still assessing what was taken and whether patients should be contacted. The breach was one of the most disruptive cyber incidents ever to hit the NHS. The Qilin attack crippled pathology services across south east London, forcing hospitals to cancel thousands of appointments and operations while clinicians struggled with delays to blood testing and transfusion services. Patient data was later published online after the gang's extortion attempt failed. However, the fallout wasn't limited to canceled operations and delayed blood tests. Last year, King's College Hospital NHS Foundation Trust confirmed that delays caused by the outage contributed to the death of a patient, marking one of the first officially acknowledged fatalities linked to a ransomware attack. ®

There's another likely North Korean-linked scam hitting developers and their employers, while snarfing up credentials and cryptocurrency - and this one doesn't even involve embedding IT workers at high-profile tech giants. A previously unseen phishing crew, suspected to have DPRK ties, sent more than 250 emails to people working in almost 100 organizations, mostly based in the US, over six weeks in April and May. According to security sleuths, it is yet another digital-heist attempt designed to steal cryptocurrency wallets and developers’ credentials. Proofpoint threat researchers spotted this campaign and tracked the digital thievery as UNK_DeadDrop. Like earlier phishing expeditions from the Norks, including the Contagious Interview campaign, this one uses developer recruitment or code review lures to target victims, primarily in technology, education, business services, and financial services, and ultimately steal credentials and cryptocurrency. In another common tactic seen with DPRK-linked credential-stealing activities, the lures attempt to send victims to attacker-controlled GitHub repositories hosting malicious scripts that execute cross-platform malware across macOS, Linux, and Windows machines. “However, there are several differences between the activity sets, such as the shift in social engineering from arranging fake interviews to unsolicited job offer or code review approaches as well as the move from delivery platforms such as LinkedIn to email,” researchers Saher Naumaan and Carlos Rubio said in a Monday blog, citing other differences between UNK_DeadDrop and Contagious Interview. “Based on the use of email for initial access, the high volume of emails, industrialization and scale of repository creation, a new self-contained payload, and distinct infrastructure from previous Proofpoint observations of Contagious Interview campaigns, Proofpoint Threat Research continues to track UNK_DeadDrop activity as an independent cluster,” the researchers wrote. Full-stack engineer wanted The attacks begin with an email that looks like it originated from a real company, with job offers for developer roles including “Full-Stack Engineer” or “Agent Lead Developer” positions. Proofpoint caught the crooks spoofing a handful of companies to send these emails from attacker-owned sender domains including: Ondo Finance: a decentralized finance (DeFi) platform Empower Pharmacy: a pharmaceutical company NXLog: a log collection and centralization tool OnePlan: a strategic portfolio and work management platform Hypen Connect: a Web3 and AI Talent Agency Valon: a mortgage service provider Nourish: a telehealth company The emails contain links to GitHub repos disguised as coding assignments or cryptocurrency-related projects - part of the phony job application process. All of the emails instructed the target to clone the repository and open it in a code editor like VS Code or Cursor. Proofpoint’s report lists all 10 repositories, all focused on four themes - cryptocurrency platforms, exploit archives, Foundry testing, and AI payments - and all hosted by different GitHub accounts, so be sure to check out the vendor’s list. In May, the attackers switched tactics and began sending victims requests for peer reviews on open-source projects, with a potential job offer based on the fixes. These emails purported to come from cryptocurrency trading or prediction companies, including Pulsynk and Trixauvex. Another UNK_DeadDrop campaign in late May targeted finance and technology companies, requesting recipients to test an ERC-4626 vault in Foundry, a toolkit for Ethereum and smart contract development. In all of these instances, when the victim opens what they believe to be a legit repository folder in an integrated development environment, a pre-configured task silently executes and triggers a platform-specific loader that decodes embedded payloads on whatever system the developer uses, working across Linux, macOS, and Windows machines. The loader installs a malicious VS Code extension (VSIX) masquerading as a legitimate Google service. Every time the user opens the code editor on macOS or Linux, the VSIX extension activates, and relaunches the infection-chain if it’s not already running. The persistence mechanism doesn’t work on Windows machines, however. After installing VSIX, the infection chain looks different, depending on what platform the target uses. The Linux and macOS attacks use a native Go binary that connects to the command-and-control (C2) infrastructure as a persistent remote access trojan (RAT). The Windows chain, however, runs a Node.js pipeline inside the editor's Electron process. Both use the same C2 infrastructure and exfiltration endpoints. Linux, macOS backdoors The Linux and macOS binaries are based on the open-source Overlord C2 framework - this is a legitimate red-team tool that automates covert infrastructure setup and management, and orchestrates post-exploitation activities. This, of course, also makes it a very handy tool for attackers. For this campaign, the North Koreans added three custom modules: browserlogin (Chrome and Firefox credential theft), companywallet (crypto-wallet stealer and exfiltration), and cleanup (anti-forensic removal of workspace artifacts). On macOS, Overlord first collects wallet extension data, browser profile artifacts, and standalone wallet directories, compressing them into a ZIP and uploading them to the C2 server. Five minutes later, the malware moves on to credential theft, using a second embedded Mach-O binary that displays a fake system dialogue and prompts the user to enter their password. The Overlord process validates the credentials, and assuming they are legit, the malware modifies keychain access-control lists across Chrome, Brave, Edge, Opera, Vivaldi, Arc, Yandex, and other Chromium-based web browsers, before extracting Safe Storage keys and sending all of the stolen goods - collected credentials, Safe Storage keys, and keychain data - to the attacker-controlled server. The backdoor also re-launches itself as root, using the stolen password. The Linux malware follows a similar pattern, first scooping up wallet-related data and sending that via ZIP to the C2 server before moving on to credential theft. It, however, uses Zenity, a standard GTK dialog tool, to create a prompt and collect victim credentials. This backdoor attempts to steal passwords from GNOME Keyring by spawning Python 3 processes for each browser, and ultimately re-launches itself as root using a swiped password. Windows attacks Windows attacks run entirely as JavaScript inside the editor's Electron process, which appears as Code.exe in Task Manager. The malware first steals wallet info, targeting 35 wallet extension IDs (MetaMask, Phantom, Rabby, Keplr, and others), 18 standalone wallet applications (Exodus, Electrum, Ledger Live, Monero, Solana CLI, Bitcoin, and others), and Firefox profiles. Next, it installs Python and executes a stealer (detect_malware.py) for each browser profile that collects a ton of credentials across Chromium and Firefox browsers, steals cookies from Chrome/Edge/Brave and uses COM Elevation Moniker to access credentials across these browsers protected by App-Bound Encryption. It also attempts to read locked databases using five cascade methods, and ultimately uploads all the secrets to the same endpoint before terminating. “UNK_DeadDrop activity suggests North Korea-aligned operations targeting developers for financial gain are maturing and evolving,” Naumaan and Rubio wrote. “The shift from active social engineering over social media platforms to conduct fake interviews to large campaigns of recruitment-themed phishing emails distributing links to malicious repositories could indicate an actor industrializing and scaling operations.” ®

Check Point released an emergency fix on Monday for a critical authentication bypass vulnerability affecting its Remote Access VPN and Mobile Access deployments - but attackers, including ransomware criminals, got a month-long head start. Attacks against the bug, tracked as CVE-2026-50751, began on May 7, according to Check Point VP of research Lotem Finkelstein, and picked up in early June. The security software vendor spotted suspicious activity and began investigating the zero-day on June 4, Finkelstein said in a Monday blog. “We have observed indications that exploitation has been limited to a relatively small number of targeted organizations (several dozen globally), primarily over the past few days,” Finkelstein wrote, adding that, in at least one case, investigators observed post-compromise activity associated with a Qilin ransomware affiliate. This same ransomware scum is also likely exploiting other VPN-related vulnerabilities in Palo Alto Networks, Fortinet, and F5 products, Finkelstein said. CVE-2026-50751 is due to a logic-flow weakness in the Remote Access and Mobile Access certificate validation process, and it allows remote attackers to bypass authentication and establish a remote access VPN connection without a user password. It affects Mobile Access/SSL VPNs, Remote Access VPNs, and Spark Firewalls configured to use the deprecated IKEv1 key exchange protocol. While investigating CVE-2026-50751 and affected VPN components, Check Point found another vulnerability, CVE-2026-50752, in its Security Gateways and Spark Firewall products. It’s due to a bug in the certificate validation logic of the deprecated IKEv1 key exchange method, and can lead to man-in-the-middle attacks on the VPN site-to-site configuration. Check Point says that it hasn’t received any reports of in-the-wild exploitation of CVE-2026-50752. Check Point urges customers running vulnerable gateways and firewalls to apply the hotfixes, and the vendor also provided alternative mitigation options with instructions in the security advisories. The software provider also published a list of indicators of compromise, including attacker IPs, and recommends customers search Check Point SmartConsole logs for possible VPN certificate authentication attempts associated with observed attacker infrastructure and certificate subject names for at least May 7 through June 5. ®

An Illinois high school won't reopen until Wednesday at the earliest after suffering a ransomware attack on Sunday, June 7. Evanston Township High School (ETHS), located 14 miles north of Chicago, said it would be closed today and tomorrow, and that the closure also affected summer school, sports camps, and on-campus activities, which are all canceled. "Upon discovering the incident, we immediately activated our incident response procedures and engaged external cyber breach attorneys and cybersecurity forensic experts to assist with the investigation and recovery process," ETHS said in a statement issued via a dedicated information page. "We are working with these specialists to determine precisely what information may have been accessed or acquired and to restore normal systems operations as quickly as possible. The district is cooperating with the Federal Bureau of Investigation (FBI) as part of the ongoing investigation." It said that phone systems are down and staff have limited access to emails. Children and their families may also not be able to access certain online resources, all of which suggests the institution may still be in the containment phase of remediation. Among the online resources currently offline is Home Access Center, which is powered by PowerSchool. PowerSchool itself was was at the center of a cybersecurity disaster in late 2024. However, ETHS has not linked the platform to the ransomware attack. All staff other than safety and operations workers were told to work from home, although their work will be limited since, for the time being, they're locked out of the district's Google accounts and "other network systems, including eSchool." "We understand this situation is disruptive and appreciate your patience and flexibility," ETHS went on to say. "Additional updates and instructions will be provided as they become available." No major ransomware group has claimed responsibility for the intrusion at the high school yet. Education under attack The ETHS incident follows a separate attack on the education sector disclosed on June 4 that affected 13 schools in Powys, Wales. Powys Council set up its own information page about the attack, although it has not revealed much, saying it is awaiting the outcome of investigations by external specialists. However, it said the attack has affected "some school systems" and personal data belonging to both staff and pupils was accessed. The council identified 13 affected schools, although the compromised data only appears to have been taken from one of these, according to current information. Its information page repeatedly uses the phrase "because of the sensitive nature of the data." The council cites this as the reason for not revealing information such as which schools were affected, how many individuals are affected, what types of data have been accessed, and whether this included sensitive or safeguarding-related data. It also refused to say whether the attack involved ransomware or who was responsible for it. However, it said the risk of identity fraud would vary by individual, hinting that different types of personal data may have been accessed. Powys Council confirmed that all schools across the region remain open, and the cyberattack does not affect their day-to-day safety or operations. Education remains a strong target for cybercriminals. Given the sensitivity of the data these organizations store, it makes the sector one of the most attractive for financially motivated criminals looking for an extortion payment. In the UK, the Information Commissioner's Office said that between 2022 and 2024, pupils were responsible for 57 percent of 214 school data breaches, often using stolen login details. ®

Microsoft’s GitHub has disabled over 70 repositories after they were reportedly compromised by a worm in the latest open source supply chain attack. The code shack took down 73 repos within the space of 105 seconds after its alarms were tripped on Friday, June 5, after detecting signs of the Miasma worm infecting its projects, according to StepSecurity’s co-founder and CTO, Ashish Kurmi. Users reported issues quickly on Friday, after visits to those repos all resulted in the same message displayed, indicating that they had been disabled due to terms of service violations. According to StepSecurity’s analysis, the attack kicked off after a compromised contributor account pushed a malicious commit to Azure/durabletask. The commit dropped configuration files that triggered remote code execution on machines when a developer opened the repo in an IDE or AI coding tool, such as Claude Code, Gemini CLI, and Cursor. Several developers soon reported broken CI/CD pipelines, a support thread showed, although a moderator said at the time this was due to “an internal management issue.” "The repo that most immediately caused issues was Azure/functions-action,” Kurmi wrote, used to deploy code to Azure. With it being taken down, every workflow that referenced Azure/functions-action@v1 stopped resolving. GitHub stepped in a few hours after the repos were infected by the malicious commit. Its automated detections kicked in and disabled the repos in under two minutes, in two separate waves. However, it was the borking of the durabletask family that hinted at the bigger picture, that the attack was indeed a re-opening of the previous Miasma worm attack that hit Microsoft last month. Microsoft’s durabletask PyPi package was a previous target of the Miasma worm on May 19. Within a 35-minute window, three versions of the package were uploaded to PyPi, which planted infostealers on developers’ machines, specifically sniffing out cloud secrets and developer tool configurations on Linux systems. Crucially, the re-targeting of durabletask suggests the tokens associated with the compromised developer account used to execute the PyPi attack were not fully rotated, allowing an attacker to gain access and push commits to GitHub, Kurmi said. It was either that, or the contributor was re-compromised through the worm's own propagation loop, or a different contributor's token was used but the attacker altered the metadata to make it look like a repeated attack. Security shop Snyk described Miasma as a descendant of the Mini Shai Hulud worm. It’s the same one that ravaged open source packages over at the npm registry, including Red Hat’s, earlier this month. Cybercrime group TeamPCP claimed responsibility for developing Mini Shai Hulud, which itself is named after an earlier worm of the same name, sans “mini.” However, because TeamPCP open-sourced Mini Shai Hulud, it’s difficult to tell whether it was also behind Miasma or if someone else took the reins on the follow-up project. StepSecurity also reported that two days before the Microsoft attack, the same worm was making a nuisance of itself at npm, compromising more than 50 packages, including a Vapi.ai SDK with more than 408,000 monthly downloads. The Register asked Microsoft for comment, but it did not immediately respond. ®

Meta has asked a federal judge to hold Israeli spyware maker NSO Group in contempt of court after claiming it caught the surveillance vendor targeting WhatsApp users again despite a permanent injunction ordering it to stop. In a blog post on Monday, Meta said it had disrupted "NSO-linked social engineering attempts" after investigating reports from users. According to the company, the activity involved attempts to lure targets into clicking malicious links that redirected them to websites outside WhatsApp, as well as the creation of test accounts and groups on the messaging platform. "We successfully disrupted NSO-linked social engineering attempts after investigating user reports," Meta said. "They tried to trick people into clicking on malicious links to drive them to external websites outside of WhatsApp, similar to previously reported 1-click phishing campaigns linked to NSO." WhatsApp also published a handful of domains it linked to the campaign, including ikhwancast[.]com, ghazacast[.]com, and fr24cast[.]com, and said it was releasing indicators to help organizations identify related activity. The move marks the latest chapter in the long-running legal battle between Meta and the Israeli spyware maker. A US court found NSO liable in December 2024 for hacking WhatsApp users via its Pegasus spyware. In May 2025, a jury awarded Meta roughly $168 million in damages, but the judge later cut that to $4 million while issuing a permanent injunction barring NSO from targeting WhatsApp or its users. Meta, however, says NSO didn't get the memo. "Last year, WhatsApp made history by securing a landmark verdict and permanent injunction barring NSO Group ... from targeting WhatsApp and its users ever again," the company wrote. "Today, we're asking the court to hold them in contempt of that order." The company provided few technical details about the activity, such as when it occurred, how many users were targeted, whether any compromises were successful, or how it attributed the operation to NSO. Meta did not respond to The Register’s questions. However, the blog post adopts a hard line on the spyware industry than previous updates, repeatedly describing commercial spyware as a national security issue. "When a malicious company on the US government's Entity List continues to defy US courts, existing restrictions must remain firmly in place," WhatsApp wrote. "Easing them would undermine US national security and put American companies and billions of people worldwide who depend on secure communications at risk." If Meta's allegations are accurate, the episode suggests that a court loss is not enough to persuade a spyware vendor to leave a high-value target alone. ®

Oxford University students seeking work will be dismayed to learn that crooks have breached a second external platform provider for the university in as many months. The institution’s CareerConnect platform, provided by Group GTI, was the target of the intrusion, which exposed users’ full names and email addresses. Those who don’t use single sign-on (SSO) had their encrypted passwords leaked, too. CareerConnect forms part of Oxford University’s career services department, supporting students and alumni to find work opportunities. It is available to students, alumni, research staff, and recruiters. The same underlying technology powering the platform, which GTI markets as TargetConnect, is used by other universities in the UK and overseas, according to its website. OxfordUni said the May 28 attack was enabled by a “security vulnerability,” which has since been fixed. GTI has not publicly disclosed the security snafu itself, and did not respond to our requests for more information. The London-based tech company has not confirmed how many individuals were affected by the break-in, nor whether any data was stolen. It has also not explicitly stated which types of individuals were affected, although Oxford’s announcement listed “alumni, research staff, and employer users” as those who had their passwords forcibly reset following the attack. “There is no evidence that course information, uploaded files, appointment information, or financial information were involved in this incident,” the announcement went on to say. “GTI has stated this breach appeared to be focused on gathering credentials which may lead to phishing attempts.” The university did not list current students as among those affected, but told student newspaper Cherwell that names and email addresses might be compromised, and said the attack was entirely separate from the one which hit Instructure’s Canvas last month. Twice bitten Oxford University was just one of the circa 8,800 educational institutions affected by the mega breach at Canvas, a separate platform that’s also relied upon by schools, colleges, and universities. Seemingly timed by ShinyHunters to coincide with exam season, students across multiple countries were left without access to learning materials, tests, and grades at a pivotal time of the year. The scale of the attack was vast, affecting the usernames, email addresses, course names, enrollment information, and messages of up to 275 million students, teachers, and staff. The severity of the situation, coupled with the inopportune timing, led to Instructure “reaching an agreement” with ShinyHunters to prevent the criminal gang from leaking all the data online. In cyberese, this implies Instructure paid the criminals an extortion fee in exchange for their word that they would delete the stolen data. "We received digital confirmation of data destruction (shred logs)," Instructure said, adding "We have been informed that no Instructure customers will be extorted as a result of this incident, publicly or otherwise." ®

If they don't get you online, they'll try in person. A data-theft and extortion gang has targeted “dozens” of banks, law firms, and other professional services companies in the US from January through May, using fake help desk calls and other social-engineering techniques to gain access to corporate IT environments, according to Google’s Mandiant incident response team. And when those remote-deception methods don’t work, the criminals sometimes show up at victims’ physical offices, posing as IT technicians, and attempt to steal sensitive files using thumb drives. Google’s threat hunters track the extortion threat group as UNC3753, while other analysts call it Luna Moth, Chatty Spider, and Silent Ransom Group. The crew has been around since 2022, originally using fake software renewal emails and other billing lures, typically with PDF attachments containing phone numbers for attacker-controlled call centers, as their means of gaining initial access to corporate networks. Beginning around March 2025, the crims shifted tactics and started posing as IT help desk staff. “While UNC3753 primarily relies on digital vectors, GTIG assesses that associated threat actors have also attempted direct data theft using physical, in person access,” Google incident responders and researchers Chad Reams, Tufail Ahmed, Keith Knapp, Ashley Frazer, and Tyler McLellan said in a Friday blog. The authors also pointed to a May FBI alert to corroborate this in-person tactic. According to the feds, Silent Ransom Group crooks have been walking into law firms’ physical offices as recently as this spring. Once they are on-site, they claim to be IT support staff needing to image a device or create local backups for security reasons. If that line works, they plug a thumb drive into the victim’s computer and steal data the old-fashioned way. “Although limited forensic evidence and the absence of a subsequent extortion attempt prevent formal attribution, GTIG assesses that these physical intrusions are likely associated with UNC3753 based on structural, timeline, and targeting overlaps,” the blog said. Google won’t say how many dozens of firms have been targeted in these attacks, or how many ended in the data thieves paying a visit to the victims’ locations. “While we can’t share additional details regarding specific investigations, Mandiant CTO Charles Carmakal notes that this tactic has been observed over the years,” a spokesperson told The Register. “Mandiant has investigated various matters where adversaries planted insiders, bribed employees, or physically entered buildings to facilitate cyberattacks.” Another noteworthy thing about UNC3753’s attacks: they are very fast. In many of Mandiant’s investigated incidents, the entire operation from initial contact to data extortion occurred in just one day. “Recently, Mandiant observed data searches, staging, and theft initiated in under an hour,” the threat analysts warned. These intrusions typically begin with an invoice-themed email - but these don’t usually contain any malicious links or attachments. The email’s sole purpose is to give the miscreants a plausible reason to follow up via phone, so that the recipient is more likely to believe the call is legitimate. Most of the crew’s entry mechanisms involve voice-phishing, using a method that has worked so well for other groups like ShinyHunters and Scattered Spider over the past few years. UNC3753 calls organizations’ employees directly and purports to be a help desk worker or member of the security team. The criminals say they need the target’s help addressing a security issue or aiding with a corporate data migration project, and convince the individual to join a screen-sharing session via Zoom, Microsoft Terminal Services, Microsoft Teams, or Quick Assist. In one such intrusion, using Teams to gain access to the victim’s computer, the attacker jumped on five separate calls with the same target over a three-day period, we’re told. And in more than one incident that Mandiant responded to, UNC3753 established Zoom sessions directly on targets' personal laptops, using these machines to access corporate virtual desktop infrastructure (VDI) using native client platforms, such as Windows 365 or Citrix clients. Once they’re in the corporate systems, the intruders map local directories and network drives, and target specific legal and document storage repositories. The crooks also use very-specific keyword searches to find sensitive folders containing tax logs (Forms W-2, W-9, and 1099), audit files, corporate client agreements, and Social Security numbers, before staging this data for exfiltration. UNC3753 uses several methods to sneak the data out of the corporate IT environment without setting off any security alarm bells, including using portable versions of free Windows file manager WinSCP or another open source filesystem like Rclone. The crew has also been known to log into a file-sharing account from the victim’s browser and upload the stolen files that way - or even instruct the victims to send the files to an attacker-controlled email address. After stealing the data, they send the extortion email, usually within 30 minutes of exiting the victim’s environment, and set a three-day deadline to respond and begin the negotiation process. “We hope to find a financial solution that will be acceptable for both parties,” reads one such extortion email. It continues: In case of ignorance or no agreement, We will notify your employees, partners and customers, after which We will publish your data. You will receive claims from individuals, and legal entities for information leakage and breach of contracts, your current deals will be terminated. Journalists and others will dig into your documents, finding inconsistencies or violations in them. Your organization will lose its reputation, shares will fall in price, and your organization will be forced to close. Stay safe, friends In the Friday report, Google’s threat hunters list IP addresses and other indicators of compromise, including these phishing domains that UNC3753 uses in its social-engineering attacks, all designed to look like the target organization’s help desk: -itdesk[.]com, -it[.]com, and -helpdesk[.]com. The security shop also suggests a range of things companies can do to avoid falling victim to this group and other voice-phishing scams or physical office intrusions. Some of the physical controls include requiring visitors to display official credentials and photo identification, and mandating front-desk staff log all visitor IDs before granting access. Also, check pre-scheduled work orders to ensure the “technician” at the front desk is who they say they are, and make sure any visiting technical service workers are always accompanied by a corporate, in-office supervisor. Because the bulk of these intrusions occur without any physical entry into the office, however, companies should also implement remote access conditional access policies to ensure only corporate-owned devices can authenticate to any VDIs or VPNs. Plus, block the installation and execution of unauthorized remote monitoring and support utilities. ®

The threat is real. Unknown miscreants are exploiting a high-severity, zero-day bug in Cisco’s SD-WAN management software, and the networking giant hasn’t said when it will patch the flaw. Cisco issued an advisory on Thursday for the Catalyst SD-WAN Manager vulnerability, tracked as CVE-2026-20245, and it sounds like attackers have been exploiting this security failure for at least the last week. It’s due to a validation error - the software fails to properly validate user-supplied input - and an authenticated, local attacker can exploit the flaw by uploading a specially crafted file to vulnerable systems. From there, they can escalate privileges and execute commands with root privileges. The vulnerability affects all versions of the SD-WAN software, regardless of device configuration, and across all deployment types including on-premises, cloud-based, and FedRAMP-certified deployments. Switchzilla says it became aware of attacks against this vulnerability in June. “To exploit this vulnerability, an attacker must have netadmin privileges on an affected system,” the vendor said. “This would require valid credentials or exploitation of CVE-2026-20182 or CVE-2026-20127. Cisco is not aware of successful exploitation by other methods.” Both of these earlier SD-WAN security holes have also been hit by attackers in previous months. The good news: an attacker needs valid credentials to abuse the new hole. The bad news: exposed credentials aren’t hard to find (or buy) online. We don’t know the scope of exploitation or exactly when attackers began hitting this SD-WAN hole. Cisco declined to answer The Register’s questions, and instead sent us a statement via email. “Cisco recommends customers upgrade to the fixed software released in May 2026 for CVE-2026-20182 as a protective measure,” a spokesperson said. “A patch for this vulnerability will be provided on a future date. Customers needing assistance should contact Cisco TAC.” This latest bug is the sixth SD-WAN vulnerability listed as under attack since the start of the year, and the second zero-day in two months. The most recent is the one the Cisco spokesperson mentioned in an email to The Register. In May, Switchzilla disclosed a max-severity make-me-admin bug (CVE-2026-20182) affecting Catalyst SD-WAN Controller and Manager, and warned that attackers had already found and exploited the hole before it issued a patch. A month earlier, America's lead cyber-defense agency said that three Cisco Catalyst SD-WAN Manager bugs (CVE-2026-20128, CVE-2026-20133, and CVE-2026-20122) were under attack, and gave federal agencies just four days to patch the security holes. Cisco fixed all three CVEs in late February, and in March warned of attackers abusing two of them. Also in February, the networking vendor patched a max-severity improper authentication flaw (CVE-2026-20127) affecting the same SD-WAN software, prompting a Five Eyes countries’ joint intelligence alert urgently warning defenders to patch it - plus an old SD-WAN vulnerability (CVE-2022-20775) - or risk root takeover. "Malicious cyber threat actors are targeting Cisco Catalyst SD-WAN used by organizations globally," the UK's lead cyber agency said at the time. "These actors are compromising SD-WANs to add a malicious rogue peer and then conduct a range of follow-on actions to achieve root access and maintain persistent access to the SD-WAN." And while this one isn't listed as under active exploitation (yet), on Wednesday, Cisco warned about a proof-of-concept exploit for CVE-2026-20230, a critical bug in its Unified Communications Manager that also allows attackers to gain root privileges. ®

Humanitarian organization World Food Programme (WFP) says one of its systems was breached, and around 600,000 Gazan households receiving aid had their details improperly accessed. Its announcement, made via Telegram on May 31, confirmed there was “a security incident” in the self-registration application used by Gazans to register for aid and applicants’ names, ID numbers, phone numbers, and location information were among the data types accessed. “We understand this may be concerning, and we want to assure you that protecting your data and privacy is our top priority,” the WFP said. “The program is treating this situation with the utmost seriousness and priority.” The organization said it temporarily suspended the registration platform to urgently apply the necessary security improvements. Its most recent update on the situation came on June 2, when it said the platform was still down, but added that aid recipients did not need to do anything, while their support would continue to be delivered uninterrupted. “The WFP wants to assure all those registered via the link that food assistance, cash assistance, nutritional supplementation, and all other WFP programs are continuing as usual,” it said. “If you are already registered on the Self-Registration Application (SRA), your registration remains valid. There is no need to update, delete, or re-register your information at this time.” WFP told The New Humanitarian, which first reported the story, that the attack was detected on May 14, and confirmed the scale to be in the region of 600,000 households. The news organization also claimed, citing a whistleblower’s account of matters, that an anonymous “independent expert” contacted WFP’s Palestine team, alerting it to vulnerabilities in the SRA two days before the organization detected the breach. The Register contacted WFP’s Rome headquarters for more details, but it did not immediately respond. WFP, which is a division of the UN and the largest welfare organization in the world, supports 1.6 million Palestinians every month who face a malnutrition crisis amid fierce conflict between the territory and neighboring Israel. This represents around 77 percent of the country’s population, and an estimated 80 percent of the population is unemployed, unable to earn the money required to pay for a nutritionally sound diet. WFP delivers wheat flour, high-energy biscuits, and fortified snacks to families, community kitchens, and bakeries in its effort to push back famine, as well as facilitating cash transfers. The organization is also helping individuals get back into paid work, maintains roads, and says that when conditions allow, it will stay in the region and help local people rebuild communities, markets, and other food systems. ®

A City of York Council email mishap exposed the email addresses of hundreds of Blue Badge holders in the ancient Viking capital, inadvertently revealing their status as disabled residents and triggering a data breach investigation. The council confirmed to The Register that it’s investigating what it described as a "personal data breach" after emails sent to residents last week were distributed without using the blind carbon copy (BCC) function, allowing recipients to see everyone else on the mailing list. According to local reports, the council sent three emails containing Blue Badge-related updates before issuing a fourth message acknowledging the error and asking recipients to delete the previous emails, including from their deleted items folders. Recipients were also warned to remain alert for suspicious messages following the incident. While the exposed information appears to have been limited to email addresses, the breach is especially sensitive because everyone on the distribution list was receiving communications intended for Blue Badge holders. In practice, that meant recipients could identify hundreds of people as members of a group generally associated with disabilities or mobility impairments. One affected resident told local media that the disclosure had left her upset because most people in her life were unaware she held a Blue Badge. "Honestly, I think it's just disgusting – we've been given the details of hundreds of disabled people, which feels unsafe," she said. In a statement to The Register, a spokesperson at City of York Council said it activated its data breach procedures as soon as the error was identified and is conducting a risk assessment in line with guidance from the UK Information Commissioner's Office. "We're working carefully to establish exactly what's happened, alongside conducting a thorough risk assessment ... to understand any potential impact on individuals," a spokesperson said. “Our investigation is ongoing, and we’ll continue to be as open as possible while ensuring the accuracy of the information we provide.” The spokesperson declined to say how many individuals were affected or whether the issue was caused by human error or a technical issue. The council added that it was assessing whether the incident meets the threshold for notification to the ICO within the statutory 72-hour reporting window. That may depend less on the email addresses themselves than on what the mailing list revealed. A spokesperson at the ICO told The Register: "We can confirm that we have received a data breach report on this matter, and following an assessment of the information provided we have closed the case with advice given.” For all the talk of AI-powered cyber threats, it seems some organizations remain committed to the classics. ®

UPDATED A new extortion brand called Pink – which may be a rebrand of BlackFile – uses voice phishing and fake help-desk calls to gain initial access to organizations’ IT environments, steal their sensitive data, and threaten to leak it unless the victims pay a ransom demand. Palo Alto Networks' Unit 42 first spotted the gang, which it tracks as cluster CL-CRI-1147, and its data-leak site, which went live on May 31. “Pink uses vishing and IT impersonation to phish credentials/MFA, then exfiltrates enterprise cloud storage and productivity data to extort victims,” the threat-intelligence biz said in a LinkedIn post. Google Threat Intelligence is not so sure it's a new gang, however. "After retiring the BlackFile brand in May 2026, we assess the group launched the 'Redact' brand and has now potentially surfaced as 'Pink,," Austin Larsen, Principal Threat Analyst at Google Threat Intelligence Group, told us. "This new operation exhibits hallmarks of UNC6671, including similar credential-harvesting infrastructure, data leak site (DLS), and recurring messaging that claims to 'improve the security' of victims who pay. Additionally, we attribute the Pink (CL-CRI-1147) domains recently published by Unit42 to UNC6671." Regardless whether it's brand new or just a new coat of paint, the tactics are very familiar. Pink is one of many goon squads to use these social-engineering tactics to steal employees’ credentials and bypass multi-factor authentication, using this access to burgle companies’ cloud storage and databases. Chaotic crime crew Lapsus$, during its 2021 and 2022 extortion spree that hit Nvidia, Microsoft, and Okta, among others, popularized this style of phone-based intrusions before Scattered Spider picked up the mantle. Scattered Spider is perhaps best known for its 2023 Las Vegas casino digital heists, and reportedly bragged that all it took to break into MGM's networks was a 10-minute call with the help desk. Over the last few years, ShinyHunters has used this same playbook to steal sensitive data from Ticketmaster, AT&T, and other Salesforce customers, and thousands of schools and universities that use Canvas’ digital learning platform. Despite multiple arrests across all three gangs, they keep coming back to victimize more organizations. Most incident responders, including Google’s Mandiant and Unit 42, link many of these criminal collectives to The Com, a loosely knit group of primarily English speakers made up of several interconnected networks of hackers, SIM swappers, and extortionists, with some of its subgroups offering real-life violent crime for hire. According to Unit 42, this latest cluster of extortion activity is also “likely a Com-affiliated actor.” And after investigating “multiple” of these extortion attacks over the past few months, on Monday, they spotted something that led them to Pink’s name-and-shame website. “On June 1, 2026, an existing extortion negotiation that had never received a response, attributed to a likely Com-related cluster, received new communication from a threat actor via a free webmail account,” Unit 42 analysts Richard Emerson and Cuong Dinh said in a Wednesday threat-intel post. “The actor provided a new qTox ID and a leak site associated with the Pink brand, but referenced exfiltrating almost identical information from the original extortion notice.” Pink data thieves set a 72-hour deadline for the victim to respond before leaking the stolen goods. After gaining access to the victim’s account, the criminals snoop around for valuable corporate and customer data from platforms like SharePoint and OneDrive. After exfiltrating the stolen files, Pink attackers use compromised victim accounts and internal Teams messages to extort the company. “The actor reuses second-level domains to target multiple organizations, and the third-level domain typically thematically represents the target,” Emerson and Dinh wrote. They also listed the following phishing domains as indicators of compromise: passkeyadd[.]com passkeydeploy[.]com deploypasskey[.]com Along with these three IP addresses: 185[.]178.208[.]153 (hosted phishing domains) 172[.]93.100[.]252 (accessed compromised accounts) 96[.]232.20[.]66 (residential proxy IP responsible for extortion email creation) Plus, these user-agent strings were observed during data exfiltration: Microsoft.Graph.Client/5.62.0 python-requests/2.28.1 python-requests/2.33.1 Network defenders can use these to assist in threat-hunting efforts. And be very wary of help desk calls, both from people claiming to be employees locked out of corporate accounts and from those purporting to be support staff rolling out a mandatory MFA update or other emergency. ®

The next threat your server faces may have been helped along by a bot. OpenAI's Codex agent helped uncover a remote denial-of-service (DoS) exploit that can be launched from a single machine to render vulnerable web servers inaccessible in seconds, according to Calif security researchers. The attack works on default HTTP/2 configurations of major web servers including nginx, Apache HTTP Server, Microsoft IIS, Envoy, and Cloudflare Pingora. As of Thursday, Microsoft IIS and Cloudflare Pingora still don’t have a patch, according to the researchers, although Cloudflare disputes this finding. “Cloudflare's existing architecture and DDoS mitigations automatically detect and protect against this attack, making customers resilient to this vulnerability,” a spokesperson told The Register. “No patch is needed.” “We are aware and actively investigating appropriate mitigations to help keep customers protected," a Microsoft spokesperson told The Register. Calif researcher Quang Luong discovered the exploit, named it HTTP/2 Bomb, and will present the full technical details of the attack at the Real World AI Security conference later this month. In the meantime, there are proof-of-concept exploit scripts on GitHub along with a warning from the AI red teaming security shop: “Please don't point these at infrastructure you don't own.” In a Tuesday blog, Luong says Codex chained two existing DoS attack techniques that have been known for more than a decade - HPACK compression bomb and Slowloris-style hold - and warns that upwards of 880,000 websites supporting HTTP/2 and running one of the vulnerable web servers may be affected. An HPACK bomb attack (also known as CVE-2016-6581) exploits the HTTP/2 header compression algorithm (HPACK) by sending thousands of tiny messages to the server, forcing it to rapidly allocate memory and ultimately crash. Then the Slowloris DoS attack (CVE-2016-8740 and CVE-2016-1546) overwhelms the server by opening legitimate connections and maintaining them as long as possible. Combining the two exhausts the server’s memory and forces it offline. “A home computer on a 100Mbps connection can render a vulnerable server inaccessible within seconds,” Luong wrote. “Against Apache httpd and Envoy, a single client can consume and hold 32GB of server memory in roughly 20 seconds.” The Calif research team disclosed the issue to nginx in April, and the web server’s maintainers fixed it the next day in version 1.29.8, which imports the max_headers directive from freenginx. Apache issued a fix (mod_http2 v2.0.41) the same day that Calif submitted its report, and assigned it CVE-2026-49975. “The fix commits above are public and disclose the vectors directly; any capable AI model can turn those diffs into a working exploit, which is exactly how we found that Microsoft IIS, Envoy, and Pingora are also vulnerable,” the threat hunting team wrote, adding that all three have been notified. In a Wednesday update, Calif pointed to Envoy patches “that appear to mitigate this attack,” and notes that its researchers are still validating the fix to ensure it works. For Microsoft IIS and Cloudflare Pingora, the security sleuths recommend disabling HTTP/2 if possible, or enforcing a cap on the number of HTTP headers a client can send in a single request to the server. The fact that a coding agent - not a human - discovered this attack is notable, according to Calif. “Both halves have been public for a decade,” Luong wrote. “What Codex did was read the codebases, recognize that the two compose, and build the combined attack. That combination is obvious once you see it, and yet as far as we can tell no human had put it together against these servers.” ® Updated at 2023 with statement from Microsoft.

MI5 and its international allies are once again warning that China is shopping for state secret leakers on popular recruitment platforms, including LinkedIn, Indeed, and Upwork. In a fresh advisory published on Wednesday evening, the UK’s domestic counter-intelligence agency said China is using an increasing number of platforms to recruit those who have access to classified or privileged information. Chinese military intelligence officers specifically target security clearance holders, including marks working in defense, security, and foreign affairs, military personnel, and those with indirect access to government information, such as academics, journalists, think tank employees, and others. Anyone who fits the bill is being urged to remain vigilant to potential attempts from Chinese operatives to cultivate long-term relationships. “These actors use an aggressive online recruitment strategy whereby intelligence officers or their affiliates pose as employees of private consultancies, think tanks, or human resources firms, and place online job advertisements for foreign policy and defence analysts (or similar),” the advisory [PDF] states. “Successful candidates are pressured to provide 'non-public' information for unspecified clients who are associated with the Chinese government. China’s military intelligence services ultimately seek to acquire privileged military, political, and economic intelligence that can provide China with a strategic and tactical advantage over the Five Eyes.” According to MI5, after the job and gig-work ads are posted online, China’s spies will rank the resumes they receive based on how likely a given individual is to have information of interest before interviewing them. It warned that even by sending a resume over, which includes personal details, a person is risking their own security and privacy. Targets face probing questions about who they know in government. For those in the military, they might be asked about where they were based, and what tasks they were responsible for. After demanding potential recruits complete a trial report on matters related to China, the spies will often shift conversations to encrypted messaging platforms where recruits are offered payments in exchange for increasingly privileged information. Payments may arrive through a number of online platforms, including reputable services like PayPal, Zelle, and Wise, to others more commonly associated with associated with illegality, such as Western Union and cryptocurrency. MI5 closed out its advisory with a warning to anyone even considering a life of peddling secrets to China: doing so comes with severe consequences. “Certain types of data can place the lives of frontline military or other personnel at risk, can weaken our economic prosperity, and enable interference in our democratic processes,” it said. “Individuals engaged in the unauthorized disclosure of sensitive or classified information could face a number of consequences, including prosecution under national laws such as those relating to espionage.” A common theme This week’s admonition is far from the first issued by the UK in response to this particular aspect of Chinese spies’ tradecraft. The most recent came in November when UK security minister Dan Jarvis reminded the UK's House of Commons that members should have received information about Chinese attempts to recruit parliamentarians through identical means. In those information packs disseminated by MI5, Brit politicos were given the names of two online profiles that the counter-intelligence agency suspected of being involved in recruitment campaigns. MI5 dished out an earlier warning in 2021, saying that around 10,000 Britons had been targeted by Chinese spies over the previous five years using work platforms, posing as headhunters. The 10,000 figure, it added, was thought to be a conservative estimate, with the agency's head, Ken McCallum, saying workplace platforms were being exploited “on an industrial scale.” The US said it was seeing similar tactics used when President Trump took office for the second time, which shortly after led to mass redundancies across federal agencies. Experts at the Foundation for Defense of Democracies (FDD) named five supposed consulting companies targeting the recently jobless via LinkedIn, Craigslist, and others, all in search of state secrets. The companies would present the fired workers with job opportunities, and as FDD senior analyst Max Lesser told The Register at the time, the layoffs, which began in February 2025, would have likely raised the risk level associated with state secrets being spilled. ®

Two former RAC workers in the UK have three months to pay more than £118,000 ($158,500) collectively after being convicted of selling crash victims’ data, according to the Information Commissioner’s Office (ICO). Debbie Okparavero and Maliha Islam, of Salford and Manchester respectively, were sentenced to six-month prison stints, suspended for 18 months, and 150 hours’ unpaid work in 2024, after being found guilty of offenses under the Computer Misuse Act 1990 and the Data Protection Act 2018. The pair, who worked for roadside accident biz RAC, were caught selling the personal data of car crash victims – just shy of 30,000 lines of data to an unknown buyer, the ICO revealed following an investigation. Okparavero and Islam were in a WhatsApp chat together, where they discussed the data and its sale to the unknown third party. RAC clocked on to the activity after deploying unspecified monitoring software, which detected Okparavero copying the data from RAC systems. A resulting investigation showed that around 29,500 lines of data were shared with Islam via WhatsApp. Islam was ordered to repay £39,522.50 ($48,274.45) for her part in the scheme in November, and the ICO noted in a Thursday announcement that she paid this in full. Reflecting more serious offending, at Manchester Crown Court on May 29, Okparavero was ordered to repay £89,277.32 ($119,962.38) within three months. Failure to do so will result in her serving 18 months in prison. Andy Curry, head of investigations at the ICO, said: “This outcome demonstrates justice did not end at sentencing. Our powers enabled us to continue to pursue these two individuals in order to strip them of assets gained through their serious criminal activity. Through the Proceeds of Crime Act, we are ensuring people do not financially benefit from their criminal activity. “I would like to once again thank the RAC for informing us about this breach and fully supporting the ICO’s investigation, which enabled us to hold these two individuals to account.” ®