DJBSEC's CyberNews 2026-06-25

Today’s daily news covers the following categories: Data Breach Authentication Threat Intelligence Nation-State/APT Policy & Legislation Malware


«««< Updated upstream

ServiceNow Fixes API Issue Following Suspicious Tenant Activity

Vulnerability ServiceNow has addressed an API-related issue after reports surfaced of suspicious activity affecting certain customer tenants. The company says it investigated unusual behavior and implemented fixes designed to prevent unauthorized access or misuse of tenant environments. While no widespread compromise has been confirmed, the incident raised concerns about multi-tenant cloud platform security. Researchers note that APIs remain a frequent target because they often provide direct access to sensitive business data and workflows. Organizations using ServiceNow are encouraged to review logs and validate security configurations as a precaution. Read More

Claude Mythos Accelerates Exploit Development for Known Vulnerabilities

Threat Intelligence Researchers report that Anthropic’s Claude Mythos platform is demonstrating an ability to dramatically reduce the time required to develop exploits for known vulnerabilities, turning “N-days into N-hours.” The findings suggest AI can significantly accelerate vulnerability analysis, proof-of-concept creation, and exploit research. Security experts view this as both a defensive opportunity and a potential offensive concern, depending on how the technology is used. The development highlights the growing impact of AI on the vulnerability lifecycle. Organizations may need to shorten patching timelines as AI reduces the gap between disclosure and exploitation. Read More

GitHub Automates Disabling of Risky NPM Script Installs

Malware GitHub has introduced automated protections designed to disable potentially dangerous NPM installation scripts that are commonly abused in software supply chain attacks. The change aims to reduce the risk of malicious packages executing harmful code during installation. Researchers say attackers increasingly rely on install-time scripts to deploy malware, steal credentials, or compromise developer environments. By limiting automatic execution of risky scripts, GitHub hopes to strengthen security across the JavaScript ecosystem. The move represents another step toward improving open-source software supply chain defenses. Read More

Researchers Demonstrate AI-Based Attack Against Google Infrastructure

Threat Intelligence Security researchers have demonstrated how AI-assisted techniques could be used to identify weaknesses and potentially compromise portions of Google-related infrastructure under controlled conditions. The work highlights how advanced AI systems can accelerate reconnaissance, vulnerability analysis, and attack planning. Researchers stress that the exercise was intended to evaluate defensive readiness rather than facilitate real-world attacks. The findings reinforce concerns that AI will increasingly be used by both defenders and adversaries. Experts say organizations should prepare for a future where AI significantly accelerates cyber operations on both sides. Read More

The Gentlemen Ransomware Group Claims Hundreds of Victims

Ransomware The Gentlemen ransomware operation has claimed responsibility for attacks against 478 organizations, making it one of the more active ransomware groups currently operating. Researchers say the group combines data theft, extortion, and encryption tactics to maximize pressure on victims. The scale of the claims demonstrates how ransomware remains one of the most profitable and disruptive forms of cybercrime. Analysts are monitoring the group’s infrastructure, victim disclosures, and evolving tactics. Organizations are advised to maintain strong backup strategies and incident response plans to reduce ransomware risk. Read More

Nightmare Eclipse Claims BitLocker Bypass Technique

Vulnerability A security researcher operating under the name Nightmare Eclipse has publicly disclosed what is claimed to be a method for bypassing Microsoft BitLocker protections under specific circumstances. The technique reportedly targets weaknesses in how encryption protections interact with system configurations and recovery mechanisms. Microsoft and independent researchers are reviewing the claims to determine the practical impact and applicability of the technique. If validated, the findings could have implications for organizations relying heavily on BitLocker for device security. The disclosure highlights the ongoing scrutiny of endpoint encryption technologies. Read More

New Attacks Manipulate OpenClaw AI Agents

Vulnerability Researchers have identified attacks capable of manipulating OpenClaw AI agents into performing unintended actions through carefully crafted inputs and instructions. The attacks exploit weaknesses in how autonomous AI systems process and trust information from external sources. Security experts warn that AI agents with access to tools, files, or external services may be particularly vulnerable to these techniques. The findings underscore the importance of secure AI agent design, input validation, and permission controls. As AI agents become more widely adopted, defending against prompt and workflow manipulation will become increasingly important. Read More

Max-Severity Ivanti Sentry Flaw Exploited Within 24 Hours

Vulnerability A critical vulnerability affecting Ivanti Sentry was reportedly exploited within 24 hours of public disclosure, demonstrating the speed at which attackers weaponize new flaws. The vulnerability received the maximum severity rating and can potentially provide attackers with significant access to affected environments. Researchers warn that organizations often struggle to patch systems quickly enough to keep pace with modern exploitation timelines. The incident highlights the growing challenge posed by shrinking vulnerability remediation windows. Security teams are being urged to prioritize rapid patch deployment for internet-facing systems. Read More

ShinyHunters Linked to University of Nottingham Student Data Leak

Data Breach The ShinyHunters cybercriminal group has been linked to the exposure of student data belonging to the University of Nottingham. Reports indicate that personal information associated with students may have been leaked or offered for distribution following the breach. Educational institutions continue to be attractive targets due to the large volume of personal and research-related data they maintain. The incident raises concerns about identity theft, fraud, and long-term privacy risks for affected individuals. University officials and investigators are continuing to assess the scope and impact of the exposure. Read More =======

Security Vendors Among Hundreds of Victims in Klue Data Breach

Data Breach New details have emerged about the Klue data breach, revealing that hundreds of organizations—including numerous cybersecurity vendors—were affected. Attackers reportedly gained access to customer information through the competitive intelligence platform, exposing internal business data and potentially sensitive operational details. The incident demonstrates that even security-focused organizations remain vulnerable through third-party providers. Experts warn that software-as-a-service platforms continue to present attractive supply chain targets for cybercriminals. Organizations are encouraged to review third-party risk management programs and monitor for follow-on phishing or social engineering attacks. Read More

Microsoft Entra Strengthens Access Policies for Nested Applications

Authentication Microsoft has introduced enhancements to Entra access policies that improve how administrators manage nested application permissions. The changes provide finer-grained controls over application relationships, helping organizations enforce least-privilege access across increasingly complex identity environments. Identity-based attacks continue to rise, making stronger application governance an important defensive measure. Microsoft says the updates will improve visibility into inherited permissions while reducing unintended access paths. The new capabilities support broader zero-trust identity strategies. Read More

Five Eyes Warn Advanced AI Hacking Models Are Only Months Away

Threat Intelligence The Five Eyes intelligence alliance has warned that highly capable AI models designed specifically for offensive cyber operations could emerge within months. Officials believe future AI systems will dramatically accelerate vulnerability discovery, exploit development, and automated attack planning. While today’s AI already assists with many security tasks, intelligence agencies expect the next generation to significantly increase both defensive and offensive capabilities. The warning calls for governments and industry to prepare for a rapidly evolving threat landscape. Experts emphasize that responsible AI development and stronger security controls will be critical in the years ahead. Read More

Texas Parks and Wildlife Data Breach Impacts 3 Million Customers

Data Breach Texas Parks and Wildlife has disclosed a data breach affecting approximately three million hunting and fishing license customers. Exposed information reportedly includes customer records associated with licensing services, raising concerns about identity theft and fraud. Officials are investigating the incident while notifying affected individuals and reviewing security controls. Public sector organizations continue to face increasing pressure from cybercriminals seeking large repositories of personal information. Customers are advised to remain alert for phishing attempts and monitor financial accounts for suspicious activity. Read More

Microsoft Copilot Adds Ability to Block Office Files

Threat Intelligence Microsoft has expanded Copilot’s security capabilities by allowing organizations to block certain Office files from being processed by the AI assistant. The feature gives administrators greater control over sensitive content and helps prevent confidential documents from being unintentionally analyzed. Organizations adopting generative AI continue seeking stronger governance features that align with compliance and security requirements. Microsoft says the capability supports enterprise data protection while enabling AI productivity features. The update reflects growing demand for granular AI access controls in business environments. Read More

FortiBleed Investigation Reveals Sophisticated Russian Credential Harvesting Campaign

Nation-State/APT Researchers have published one of the most detailed analyses to date of the FortiBleed operation, linking it to a sophisticated Russian credential harvesting campaign. Attackers reportedly targeted vulnerable infrastructure to collect authentication credentials and maintain long-term access to victim networks. The operation demonstrates careful planning, stealth, and persistence typical of advanced nation-state activity. Analysts say stolen credentials remain one of the most valuable assets for espionage operations. Organizations are urged to strengthen identity protections, rotate exposed credentials, and prioritize remediation of vulnerable systems. Read More

Microsoft Encourages Organizations to Prepare for Windows 11 26H2

Policy & Legislation Microsoft is encouraging enterprise customers to begin planning deployments of the Windows 11 26H2 feature update. The release includes security improvements, platform enhancements, and updated management capabilities intended to strengthen enterprise environments. Microsoft recommends organizations begin compatibility testing well before broad deployment. Security experts note that staying current with supported operating system versions reduces long-term security risk. Early planning can also minimize disruption during large-scale enterprise upgrades. Read More

Arystinger Malware Hijacks Over 4,300 Outdated Routers

Malware Researchers have discovered that more than 4,300 outdated internet routers have been compromised by the Arystinger malware to build a covert espionage infrastructure. The malware converts vulnerable routers into proxy nodes that can hide attacker activity, relay malicious traffic, and support intelligence-gathering operations. Older networking equipment often remains deployed long after security support has ended, making it an attractive target for threat actors. Analysts warn that compromised network devices can be difficult to detect because they operate outside traditional endpoint monitoring. Organizations are encouraged to replace unsupported hardware and restrict remote management access. Read More

North Korean Hackers Abuse Mastra NPM Supply Chain

Nation-State/APT Researchers have linked North Korean threat actors to a supply chain campaign abusing Mastra-related NPM packages. The attackers inserted malicious code into packages intended for developers, enabling credential theft and broader compromise of software development environments. Supply chain attacks remain a favored tactic because they allow threat actors to compromise multiple downstream organizations simultaneously. Security teams are urged to carefully validate package integrity and continuously monitor development pipelines. The campaign demonstrates North Korea’s continued investment in software supply chain operations. Read More

Chinese Cyber Contractors Use Malware, Botnets, and Stolen Data

Nation-State/APT New reporting details how Chinese government-linked cyber contractors leverage malware, botnets, and previously stolen data to support intelligence collection operations. Rather than relying exclusively on government infrastructure, contractors reportedly blend commercial cybercrime techniques with state-sponsored objectives. This approach provides plausible deniability while expanding operational reach. Researchers say the findings further blur the line between financially motivated cybercrime and nation-state espionage. The report highlights the increasingly complex ecosystem supporting modern cyber operations. Read More

Malicious JetBrains and VS Code Extensions Steal API Keys

Malware Researchers have discovered malicious extensions targeting both JetBrains IDEs and Visual Studio Code that are designed to steal API keys and developer credentials. The extensions masquerade as legitimate productivity tools while secretly collecting sensitive information from development environments. Stolen API keys can provide attackers with access to cloud platforms, source code repositories, and enterprise services. The discovery highlights the continued focus on developers as high-value targets for supply chain attacks. Organizations should carefully vet extensions and restrict installation to trusted publishers whenever possible. Read More

Anthropic Expands Availability of Mythos AI Security Model

Threat Intelligence Anthropic continues expanding access to its Mythos AI cybersecurity model, positioning it as an advanced platform for vulnerability discovery, threat analysis, and defensive security research. The company says the model incorporates additional safeguards designed to reduce misuse while preserving its value for legitimate security professionals. Researchers believe tools like Mythos could significantly accelerate vulnerability identification and remediation across large software ecosystems. At the same time, experts stress the importance of strong governance as AI capabilities continue advancing. The announcement reinforces the growing role of AI as a core component of modern cybersecurity operations. Read More

Stashed changes




Enjoy Reading This Article?

Here are some more articles you might like to read next:

  • DJBSEC's CyberNews 2026-07-16
  • DJBSEC's CyberNews 2026-07-15
  • DJBSEC's CyberNews 2026-07-14
  • DJBSEC's CyberNews 2026-07-13
  • DJBSEC's CyberNews 2026-07-10