This week was a reminder that attackers do not always need big tricks. One small mistake, one old access path, one missed patch, and suddenly the door is open.
The noise is not all noise, either. Forums are talking, researchers are finding easy cracks, and defenders have more cleanup waiting.
Here’s the full Monday recap.
⚡ Threat of the Week
New DirtyClone Linux Kernel Flaw Lets Local Users Gain Root via Cloned Packets — Cybersecurity researchers detailed a new variant of the Dirty Frag Linux kernel flaw. Called DirtyClone (aka CVE-2026-43503), it allows local users to gain root privileges via cloned packets. The exploit works successfully on Debian, Ubuntu, and Fedora systems with default namespace configurations. “Any local user on a server or device running a vulnerable kernel who holds or can acquire the CAP_NET_ADMIN capability (frequently obtainable via unprivileged user namespaces) [is exploitable],” JFrog said. “This poses the highest risk to multi-tenant cloud environments, Kubernetes clusters, and containerized workloads where user namespaces are enabled, or privileged containers are deployed.”
🔔 Top News
- Critical PTC Windchill PDMlink and PTC FlexPLM Flaw Exploited — A critical remote code execution vulnerability impacting PTC Windchill PDMlink and PTC FlexPLM enterprise Product Data Management (PDM) and Product Lifecycle Management (PLM) software has come under active exploitation in the wild to deploy JSP web shells on susceptible systems. The vulnerability, tracked as CVE-2026-12569, is a case of improper input validation that could allow an attacker to execute arbitrary code by sending a malicious request to the network. Patches for the vulnerability have been released.
- OpenAI Previews GPT-5.6 Sol, Terra, and Luna — OpenAI officially unveiled GPT-5.6 Sol, Terra, and Luna, with Sol described as the most capable model yet for cybersecurity. The models are being released in a staggered manner with approval from the U.S. government. The release came days after the company released an improved version of its GPT‑5.5‑Cyber model to trusted defenders as part of the Daybreak initiative and launched a new project called Patch the Planet in collaboration with Trail of Bits to help secure open-source projects. OpenAI has also warned about the dual-use nature of the technology, acknowledging that the same capability that helps a red teamer find a zero-day can also assist a bad actor in exploiting one, and that it will prioritize patching jailbreak techniques against the model. In addition, it has framed the effort as getting the tools in the hands of more defenders before attackers gain the same edge. Much of the concern surrounding the frontier models stems from the fact that artificial intelligence can now identify existing bugs within codebases and work towards creating exploits for them. While the automation of cybercrime is not new, these tools undoubtedly have the potential to further lower the barrier to entry for bad actors.
- New Gaslight macOS Malware Discovered — A newly discovered macOS malware dubbed Gaslight is designed to confuse AI-assisted malware analysis tools through embedded prompt injection strings and fake debugging data within the executable. With cybersecurity researchers using AI-powered tools to assist with malware analysis and reverse engineering, the malware attempts to gaslight such tools into thinking there is some issue, potentially causing them to abort, truncate, or refuse an analysis of the artifact. Gaslight has been attributed with high confidence to a North Korean-linked threat actor. The malware itself is a Rust binary with backdoor and information-stealing functionality, enabling the operator to gain a persistent foothold over the infected host. The findings highlight how threat actors are experimenting with anti-analysis methods designed specifically to bypass AI-assisted security platforms.
- Turla Uses STOCKSTAY Backdoor in Ukraine Attacks — The Russian state-sponsored threat actor known as Turla has leveraged a previously undocumented .NET backdoor called STOCKSTAY in attacks targeting government and military organizations in Ukraine, and entities that have an interest in Italian foreign policy. STOCKSTAY shares significant code and functional overlaps with Kazuar, a staple implant put to use by the adversary since 2017. Suspected development activity of malware dates back to December 2022.
- Amadey, StealC Malware Operations Disrupted in Operation Endgame — A coordinated law enforcement operation, in partnership with private sector companies, dismantled criminal infrastructure powering Amadey and StealC. According to Europol, the operation led to the disruption of 326 servers and 142 domains, the identification of more than €41 million ($47 million) in cryptocurrency linked to criminal activity, and the recovery of approximately 27 million credentials stolen from over 385k compromised systems. Amadey and StealC are sold to cybercriminals under a malware-as-a-service (MaaS) model. Microsoft said criminals use Amadey to gain an initial foothold on victim devices to deploy additional malware, such as StealC, which then steals credentials, cryptocurrency wallets, and other sensitive information that can later be sold or leveraged in follow-on attacks. The two malware families were linked to more than 140,000 infected devices during the first two weeks of May 2026 alone. That said, no arrests were announced as part of the operation.
️🔥 Trending CVEs
Bugs drop weekly, and the gap between a patch and an exploit is shrinking fast. These are the heavy hitters for the week: high-severity, widely used, or already being poked at in the wild.
Check the list, patch what you have, and hit the ones marked urgent first — CVE-2026-47729 aka Squidbleed (Squid), CVE-2026-12957 (Amazon Q Developer), CVE-2026-12569 (PTC Windchill PDMlink and PTC FlexPLM), CVE-2026-43503 aka DirtyClone, CVE-2026-46331 aka pedit COW (Linux Kernel), CVE-2026-30040, CVE-2026-30041 (FastStone Image Viewer), CVE-2026-45585 (Microsoft WinRE), CVE-2026-8461 aka PixelSmash (FFmpeg), CVE-2026-55200 (libssh2), CVE‑2026‑20971 (Samsung KNOX kernel), CVE-2026-10086, CVE-2026-10712, CVE-2026-12053 (GitLab CE and EE), CVE-2026-13028, CVE-2026-13032, CVE-2026-13033, CVE-2026-13038 (Google Chrome), CVE-2026-53605 (Reachy Mini Wireless image), CVE-2026-13136, CVE-2025-15660, CVE-2026-13135 (Synology MailPlus Server), CVE-2026-11374 (ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus and ADAudit Plus), and a critical Infoblox NIOS privilege escalation vulnerability (no CVE).
🎥 Cybersecurity Webinars
- Stop AI-Driven Cyberattacks Before They Stop Your Business → Hackers are now using AI to launch cyberattacks at machine speed. If your defenses are built for human-speed threats, you are at risk. Join this webinar to get a step-by-step blueprint to fight back. Learn exactly how to block AI-driven attacks and protect your company before a crisis hits.
- When AI Goes Rogue: How to Secure the New Cyber Attack Surface → As companies rush to adopt AI, hackers are turning these tools into a massive liability by hijacking AI agents and leaking trade secrets. Join this urgent webinar to see exactly how attackers weaponize AI against businesses. You’ll get a practical blueprint to lock down your setups, fix risky configurations, and stop your own tech from going rogue.
- Building at Machine Speed: How to Secure AI Software Delivery → AI tools are generating code faster than security teams can review it, introducing hidden risks into software pipelines. Join this webinar to learn how to catch vulnerabilities and govern AI risk without slowing down development. You’ll get a practical roadmap to protect your software supply chain and scale AI engineering safely.
📰 Around the Cyber World
- China’s New Zhipu AI Reportedly Matches Claude Mythos in Vulnerability Discovery — The Wall Street Journal reported that a new model released by China’s Zhipu AI, GLM-5.2, matches the performance of Anthropic Mythos when it comes to finding vulnerabilities, narrowing the gap between top U.S. models and those developed by Chinese companies. The ability of AI systems to autonomously find security defects in software has created new urgency to efforts that entail the use of models to quickly close them before they can be exploited by bad actors. There are also worries that these models, in the wrong hands, can become potential enablers of cyber warfare. The Trump administration has called for the creation of a framework that grants the federal government the ability to evaluate AI models’ capabilities and determine which qualify as “covered frontier models,” a designation for AI systems with advanced cyber capabilities.
- Indirect Prompt Injection in Agentic Coding Tools — Mozilla’s Zero Day Investigative Network (0DIN) characterized indirect prompt injection as a “very real and serious attack vector that can result in catastrophic damage, much of which will be irreversible.” In the case of agentic IDEs and coding agents, they can request access to various tools, which, once approved, can pave the way for code execution, file system operations, and network calls. Specifically, an attacker can obtain code execution using a seemingly harmless repository by chaining trusted setup instructions, routine error handling, and automated agent behavior. The attacker-controlled repository does not even have to contain any malicious code. Instead, it’s fetched at runtime from a DNS TXT record by framing it as an essential step during the installation phase when a developer copies the repository link and instructs the agent to get it running. “In short, agentic coding tools have access to everything they need for this: private data, including environment variables, credentials, API keys, and local configuration files,” 0DIN said. “Untrusted content, such as repositories, documentation, and error messages from recently installed packages, can inject malicious models to steal this data.”
- New KuinaExtractor Rust Infostealer Spotted — A new Rust-based information stealer called KuinaExtractor comes fitted with capabilities to harvest web browser data, crypto wallets and credentials for services such as Roblox, Steam and Discord. Said to be in active development since December 2025, the stealer also includes a Chrome app-bound encryption (ABE) bypass. In parallel, the malware developer worked on two short-lived projects known as KuinaCookieExtractor and Zenith C2 before they were abandoned. KuinaCookieExtractor goes beyond browser cookies to include Roblox and Steam sessions, Minecraft and FileZilla logins, Telegram tdata and Discord tokens, and exfiltrates over a Discord webhook rather than Telegram.
- New LokiBot Campaign Surfaces After a Hiatus — A new email phishing campaign has been observed delivering LokiBot via a JavaScript attachment. Once launched, the script triggers the execution of a PowerShell loader that runs a .NET injector payload that deploys the LokiBot malware. LokiBot is capable of harvesting credentials from password managers like 1Password, Enpass, and KeePass, and contacts an external server to receive and execute commands.
- Phishing Campaign Drops Malicious Chrome Extension — Invoice-themed email phishing lures written in Italian are being used to launch JavaScript attachments masquerading as PDF documents. “The most interesting part of this infection was not the initial JavaScript. The malware installed a malicious Google Chrome extension and paired it with a Native Messaging Host,” D3 Lab said. “This combination allowed code running inside Chrome to request PowerShell commands on the Windows system.”
- Time as an Attack Surface — New research from NCC Group has argued the need for treating time as a “first‑class attack surface,” stating clock drift, time synchronisation failures, and deliberate oscillator manipulation can be exploited to undermine cryptography, authentication, industrial automation, and safety systems. “The risk is amplified by broader technological trends,” NCC Group’s Andy Davis said. “Cloud computing, containerisation, and virtual machines abstract time away from physical hardware, placing it under the control of hypervisors and orchestration layers. At the same time, Industrial Control Systems, IoT devices, and safety-critical platforms increasingly rely on low‑cost oscillators and commodity components that are vulnerable to environmental influence and physical manipulation. Systems that once relied on isolated, deterministic timing sources are now interconnected, synchronised, and exposed.”
- Threat actors Exploit Xiongmai DVR Flaw to Deliver Proxy SDK — Threat actors have been exploiting CVE-2024-3765, a vulnerability in Xiongmai DVR, to deploy commercial residential proxy SDKs using a Mirai botnet-derived HTTP downloader. “All DDoS and scanning capability has been stripped,” the Nokia Deepfield Emergency Response Team (ERT) said. “What remains is a minimal HTTP client and an embedded userspace ELF loader – Mirai reduced to a delivery truck.” The main stager installed following a successful compromise deploys a proxy binary called PacketSDK, which is part of the IPIDEA residential proxy network disrupted by Google earlier this year. The stager also contains a remote code execution backdoor that polls an external server for updates every 2 minutes.
- Nation-State Targeting of Water Systems — DomainTools warned that water and wastewater infrastructure have become strategic pressure points for state and state-aligned actors from China, Iran, and Russia. “The combination of chronic underinvestment and weak baseline operational technology (OT) security makes many of these critical systems easy to compromise,” the company said. “Such intrusions can have both physical and psychological impact, and disruptions often affect civilian life, public health, and trust in government.”
- Anthropic Accuses Alibaba of Obtaining Illicit Access to Claude — Anthropic has accused the Chinese company Alibaba of what it described as the “largest campaign to illicitly extract Claude’s capabilities.” The attacks occurred between April 22 and June 5, 2026, when “operators affiliated with Alibaba and Alibaba Qwen, Alibaba’s AI lab,” allegedly generated “more than 28.8 million exchanges with Claude through almost 25,000 fraudulent accounts,” per Anthropic. The distillation campaign targeted its capabilities, such as agentic reasoning, software engineering, and long-horizon tasks, while evading detection using obfuscation techniques and proxy networks.
- Linux Foundation Unveils Akrites and OSERA — The Linux Foundation has announced Akrites as a coordinated effort to address and disclose vulnerabilities in critical open-source software as AI accelerates both the scale and speed of vulnerability discovery. “The initiative provides a single, trusted place to coordinate, remediate, and disclose, with a shared SIRT [Security Incident Response Team] serving as a predictable partner for maintainers rather than a flood of uncoordinated reports,” the foundation said. The initiative also plans to work with critical infrastructure operators to help deploy fixes before in-the-wild exploitation. The Linux Foundation has also announced its intent to form an Open Source Enterprise Resiliency Alliance (OSERA) that aims to strengthen the open-source components that underpin the financial services sector through a vendor-neutral, upstream-aware approach. “OSERA complements the recently announced Akrites, the cross-industry effort enabling coordinated disclosure and upstreaming,” the foundation said. “As financial-services downstream complement to Akrites, OSERA will collaborate with Akrites in the upstreaming process and, together with the Open Source Security Foundation, to represent the voice of the industry in defining remediation standards.”
- Microsoft Extends Windows 10 Consumer Extended Security Updates by a Year — Microsoft quietly extended the Extended Security Updates (ESU) program for Windows 10 consumers by a year, letting eligible users get updates through October 12, 2027. To enroll in the consumer Windows 10 ESU program, devices need to be running Windows 10, version 22H2 Home, Professional, Pro Education, or Workstations edition and cannot be offered for devices in kiosk mode or those that are joined to an Active Directory domain or Microsoft Entra and/or enrolled in a Mobile Device Management (MDM) solution.
- Microsoft’s Secure Boot Certificates Have Expired — In related Microsoft news, the certificates that manage UEFI Secure Boot trust – namely, Microsoft Corporation KEK CA 2011, Microsoft UEFI CA 2011, and Microsoft UEFI CA 2011 — expired on June 24 and 27 2026. A third certificate, Microsoft Windows Production PCA 2011, will expire on October 19, 2026. “Many Windows PCs manufactured since 2024 already have the updated 2023 certificates,” Microsoft said. “For the remaining devices, Microsoft is delivering new Secure Boot certificates through Windows monthly updates, with partner original equipment manufacturers (OEMs) making firmware updates available to help ensure compatibility.” Google Cloud has also released guidance on how to update Compute Engine Shielded VM instances to trust the updated Microsoft Secure Boot certificates for UEFI Secure Boot. To apply Secure Boot certificate updates for Linux on Azure virtual machines, it’s recommended to follow the actions outlined by Microsoft here. Separately, Linux users are advised to update their shims to the latest versions signed by the new key. It’s important to note that devices that haven’t received the newer 2023 certificates will continue to function normally, and standard Windows updates will continue to install. However, these devices will no longer receive new security protections for the early boot process, including updates to Windows Boot Manager, Secure Boot databases, revocation lists, or mitigations for newly discovered boot-level vulnerabilities.
Fake OpenAI Organization Invites Used in New Poisoned Tenant Campaign — Phishing emails are being sent from threat actor-controlled ChatGPT tenants, inviting recipients to join an organization with the likely goal of harvesting sensitive information shared in the AI chatbot. “The emails came from OpenAI’s legitimate notification address (noreply@tm.openai.com), passed all standard email authentication checks, and referenced our company by name,” Push Security said. “They looked exactly like a routine organizational invitation because, technically, they were one.” The development comes as threat actors are abusing AI chatbot chat sharing functionality to distribute pages containing malicious instructions, turning them into malware delivery platforms. “The attacker has used ChatGPT’s code rendering feature to build a fully designed fake page that mimics a ChatGPT service disruption, redirecting victims to a convincing clone of ChatGPT’s download page that delivers a malicious executable,” Push Security noted. The activity has been codenamed LLMShare.
🔧 Cybersecurity Tools
- Sulla → It is an open-source security tool by Praetorian that scans internal network SMB file shares to find exposed credentials and sensitive data. Operating as a fast, low-noise static binary, it maps Active Directory environments and uses multi-layered filtering with the Titus engine to perform in-memory analysis for cloud keys, passwords, and tokens. It outputs structured, real-time results to help security teams identify and remediate internal data exposure before it can be exploited.
- Karna → It is a Web Application Firewall (WAF) module specifically engineered for the Kong Gateway to provide modern, scalable security for web applications. By integrating directly into the Kong ecosystem, it allows organizations to enforce fine-grained security policies and filter malicious traffic at the gateway layer, ensuring that protection is applied consistently across distributed services without adding significant latency.
Disclaimer: This is strictly for research and learning. It hasn’t been through a formal security audit, so don’t just blindly drop it into production. Read the code, break it in a sandbox first, and make sure whatever you’re doing stays on the right side of the law.
Conclusion
This week, keep it simple. Break the small thing, find the forgotten access, wait for someone to say they meant to patch it.
No genius required. Just old mistakes with fresh damage. Shut the door. Check the locks.
