ICYMI: 2026-06-25
Latest Headlines
Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability
ThreatsDay Bulletin: Smart TV Proxyware, 24-Year curl Bug, AI Crime Forums + 13 More Stories
Surviving the Mythos Era: Richard Bejtlich on the Case for NDR
New Gaslight macOS Malware Uses Prompt Injection to Disrupt AI-Assisted Analysis
New Mistic Backdoor Linked to KongTuke in ClickFix and ModeloRAT Campaigns
Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Gain Root Access
British Police Built a Sprawling Crime-Prediction Machine. Some Results Couldn’t Be Trusted
Cal Water Says No OT Systems Breached in Iranian Handala Cyberattack
Lantronix Serial-to-IP Converter Flaw Exploited in Attacks After OT Threat Warning
GitLab Patches Code Execution, Information Disclosure Vulnerabilities
SecurityWeek ICS Cybersecurity Conference Heads to Nashville for Special 25-Year Anniversary Edition
Russia Used Cellebrite Tool to Hack Activist’s iPhone Despite Contract Cancellation
Windows Secure Boot Certificate Expired — Billions of PCs Affected Including Linux Distros
25-Year-Old Vulnerability in cURL Used by 30 Billion Devices Finally Patched
LokiBot Campaign Uses JScript Attachment, .NET Injector, and Process Injection to Steal Credentials
Shai-Hulud Payload Steals GitHub, npm, Cloud, CI/CD, and SSH Credentials From Developers
AWS AiTM Phishing Kit Steals Console Credentials and MFA Codes in Real Time
Rust macOS Backdoor Uses Interactive Shell and Telegram File Uploads for Data Theft
ManageEngine AD360 Integration Flaw Exposes User Identity and Role Information to Attackers
Gemini 3.5 Flash Released With Computer Use Capabilities that Build Agents
Poland busts SIM-swapping gang tied to millions in crypto theft
Order-tracking app Shop abused to push callback phishing attacks
Microsoft quietly extends free Windows 10 ESU support to October 2027
New macOS malware embeds fake errors to confuse AI analysis tools
PirloTV sports piracy network disrupted as 44 domains seized
Bluekit phishing kit adopts browser-in-the-middle for login theft
Webinar: Why account takeovers remain one of the hardest threats to stop
– MTZ