DJBSEC's CyberNews 2026-06-02

Today’s daily news covers the following categories: Phishing Privacy Threat Intelligence Malware Policy & Legislation Authentication


Hackers Use Fake Adobe Document Cloud Pages to Steal Credentials

Phishing
Cybercriminals are creating convincing fake Adobe Document Cloud pages to trick users into surrendering login credentials and sensitive information. The phishing pages closely mimic legitimate Adobe branding and workflows, making them difficult for users to identify as fraudulent. Victims are often lured through email messages that appear to contain shared documents or urgent business communications. Once credentials are harvested, attackers can gain access to corporate accounts and launch follow-on attacks. Researchers recommend verifying URLs carefully and using phishing-resistant authentication methods wherever possible.
Read More

California Sues 23andMe’s New Owners Over Data Breach Fallout

Privacy
California Attorney General Rob Bonta has filed legal action against the new owners of 23andMe related to the company’s 2023 data breach. The lawsuit focuses on concerns surrounding consumer genetic data, privacy protections, and how sensitive information is being handled following the company’s ownership changes. Officials argue that customers deserve stronger safeguards for highly personal genetic information. The case highlights growing regulatory scrutiny surrounding biometric and genetic data security. Privacy advocates view the lawsuit as a significant test of accountability in the consumer genomics industry.
Read More

Attackers Use LLM Agents for Post-Exploitation Operations

Threat Intelligence
Researchers have observed threat actors using large language model agents to assist with post-exploitation activities after gaining access to victim environments. The AI-powered agents can help automate reconnaissance, privilege escalation planning, lateral movement analysis, and operational decision-making. Security experts say this marks a significant evolution in attacker capabilities as AI becomes integrated into real-world intrusion workflows. While human operators still direct campaigns, AI is increasingly being used to accelerate tasks that once required substantial expertise. The trend underscores the growing importance of defending against AI-assisted cyber threats.
Read More

Microsoft Identifies 33 Malicious NPM Packages Using Dependency Confusion

Malware
Microsoft researchers have uncovered 33 malicious NPM packages abusing dependency confusion techniques to target developer environments. The packages were designed to exploit weaknesses in package management workflows, allowing attackers to inject malicious code into software development pipelines. Once installed, the packages could profile systems, collect sensitive information, and potentially facilitate further compromise. Dependency confusion remains one of the most effective software supply chain attack techniques because it abuses trusted package ecosystems. Developers are encouraged to implement strict package validation and repository management controls.
Read More

Fake Anthropic Websites Target Claude Code Users With Fileless Infostealers

Malware
Researchers have identified fake Anthropic websites designed to target Claude Code users with fileless infostealer malware. Victims are tricked into interacting with malicious content that executes directly in memory, avoiding traditional file-based detection methods. The malware is capable of stealing credentials, session tokens, and other sensitive data from compromised systems. Attackers are increasingly targeting AI-related tools and communities due to their rapid growth and privileged access to development environments. Users should verify website authenticity and avoid downloading software from unofficial sources.
Read More

Dutch Authorities Dismantle Major Botnet Infrastructure

Policy & Legislation
Dutch authorities have successfully dismantled a large botnet operation used to facilitate cybercrime activities. The operation involved coordination between law enforcement agencies and private-sector partners to identify and seize malicious infrastructure. Botnets are commonly used for malware distribution, phishing campaigns, credential theft, and distributed denial-of-service attacks. Officials say the takedown significantly disrupted criminal operations and removed a major threat from the internet. Investigators continue analyzing seized systems to identify additional victims and operators.
Read More

Codex UI Tool Found Stealing OpenAI Refresh Tokens

Authentication
Researchers discovered that a compromised Codex-related user interface tool was secretly collecting OpenAI refresh tokens from users. These tokens could potentially provide long-term access to user accounts and associated services if abused by attackers. The incident highlights the growing risks associated with third-party AI tools and extensions that request elevated permissions. Security experts warn that refresh tokens are particularly valuable because they can often outlive passwords and active sessions. Users are encouraged to review connected applications and revoke unnecessary access privileges.
Read More

Attackers Abuse Forged VPN Cookies Against Multiple Organizations

Authentication
Rapid7 researchers report that attackers are actively exploiting CVE-2026-0257 by forging VPN authentication cookies to gain unauthorized access to enterprise networks. The attacks allow threat actors to bypass normal authentication workflows and impersonate legitimate users. Multiple organizations have reportedly been targeted through the abuse of forged session artifacts. Researchers warn that attackers often use this access as a stepping stone for lateral movement, credential theft, and broader compromise. Organizations are urged to apply vendor patches immediately and review VPN logs for suspicious authentication activity.
Read More




Enjoy Reading This Article?

Here are some more articles you might like to read next:

  • DJBSEC's CyberNews 2026-07-16
  • DJBSEC's CyberNews 2026-07-15
  • DJBSEC's CyberNews 2026-07-14
  • DJBSEC's CyberNews 2026-07-13
  • DJBSEC's CyberNews 2026-07-10