AI, Supply Chain Attacks, and New Backdoors Dominate Cybersecurity News
Summary
The cybersecurity landscape continues to evolve rapidly, with significant updates and new threats emerging. The npm ecosystem is under siege from successors to the Shai-Hulud attack, now targeting the Go language with the Hades malware and exploiting GitHub Actions for credential theft. Phishing attacks are also on the rise, with a 28% spike attributed to AI-powered, multi-channel campaigns that leverage legitimate services like Calendly and Google redirects to bypass security. The Five Eyes Intelligence Alliance warns that AI-powered cyberattacks, particularly in ransomware, are "months away" and will lower the barrier for entry while enhancing advanced threats.
Supply chains remain a prime target, with ransomware attacks in Europe surging by 55%. Cisco SD-WAN zero-day vulnerabilities (CVE-2026-20245) have been exploited for months to achieve root access, following a chain of authentication bypass flaws. New threats include the Russian APT Turla's deployment of the STOCKSTAY backdoor in Ukraine espionage, and the 'Prinz Eugen' ransomware, written in Go, which employs stealthy extortion tactics by not dropping ransom notes.
CISA has added actively exploited PTC and Cisco flaws to its KEV catalog, mandating federal patching. The FCC has adopted new cybersecurity rules for the Emergency Alert System (EAS). Several healthcare data breaches have been reported, including at MN Epilepsy Group, Campbell University, and the City of Middletown, exposing patient information. The LemonDuck cryptomining malware is spreading via PowerShell, and Black's Insurance and Financial Services disclosed a breach affecting Social Security numbers. Finally, a new 'TinyRCT' backdoor has been deployed by Chinese-speaking hackers in attacks on Southeast Asian governments.
Today New Articles
Russian APT Turla Unleashes New 'STOCKSTAY' Backdoor in Ukraine Espionage Attacks
The Russian state-sponsored threat group Turla has been observed deploying a new, continuously developed .NET backdoor named STOCKSTAY. According to Google's Threat Analysis Group (GTIG), the malware targets Windows systems and has been used in cyber espionage...
New 'Prinz Eugen' Ransomware Written in Go Features Stealthy Extortion Tactics
Researchers at CYFIRMA have discovered a new ransomware strain named 'Prinz Eugen,' written in the Go programming language. This modern malware uses the efficient ChaCha20-Poly1305 encryption algorithm and processes files in parallel for maximum speed. A key d...
CISA Adds Actively Exploited PTC and Cisco Flaws to KEV Catalog, Mandates Federal Patching
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, confirming they are under active exploitation. The flaws are CVE-2026-12569, an improper input validation b...
FCC Adopts New Cybersecurity Rules to Safeguard Emergency Alert System (EAS)
On June 25, 2026, the U.S. Federal Communications Commission (FCC) adopted new rules requiring operators of the Emergency Alert System (EAS) to implement specific cybersecurity measures to protect the critical public warning infrastructure. The rules mandate a...
Several U.S. organizations have recently disclosed data breaches affecting sensitive patient information. Minnesota Epilepsy Group reported a breach impacting patients' names, Social Security numbers, and medical data after a network intrusion in March-April 2...
LemonDuck Cryptomining Malware Spreads via PowerShell in New Campaign
Researchers at Barracuda have identified a recent campaign involving the LemonDuck malware, a botnet known for hijacking system resources for cryptocurrency mining. The malware spreads across networks by exploiting vulnerabilities and weak credentials. Once on...
Black's Insurance and Financial Services Discloses Data Breach Affecting SSNs
CG Black Financial Services, operating as Black's Insurance and Financial Services, has reported a data breach that may have compromised sensitive personal information, including Social Security numbers. A notification was filed with the Vermont Attorney Gener...
Security researchers have identified a sustained espionage campaign by a Chinese-speaking threat actor, tracked as CL-STA-1062 (also known as UAT-7237), targeting government and critical energy infrastructure entities in Southeast Asia throughout 2025. The gro...
Article Updates
npm Ecosystem Under Siege as Shai-Hulud Successors Weaponize CI/CD Pipelines
Update:The persistent supply chain attack, involving Miasma and Mini Shai-Hulud, has expanded its targeting to include the Go programming language ecosystem. A new malware family, Hades, has been identified. Attackers recently hijacked the 'semantic-release-action' G...
Phishing Attacks Spike 28% as AI-Powered, Multi-Channel Campaigns Bypass Security
Update:A sophisticated phishing campaign is targeting the hospitality industry by leveraging legitimate services like Calendly and Google's URL redirection to bypass email security. Emails sent via Calendly's notification system pass authentication checks, leading to...
AI-Powered Cyberattacks 'Months Away,' Five Eyes Intelligence Alliance Warns
Update:New expert insights from Infosecurity Europe 2026 confirm AI's role in fundamentally reshaping the cybercrime economy, particularly ransomware. Former FBI officials highlight AI's ability to lower the barrier for novice attackers while enhancing advanced threa...
Cisco SD-WAN Zero-Day Exploited for Months to Achieve Root Access
Update:Further analysis of the Cisco SD-WAN zero-day exploitation (CVE-2026-20245) confirms that threat actors likely gained initial access by chaining two previously undisclosed authentication bypass flaws, CVE-2026-20127 and CVE-2026-20182. This multi-staged attack...
Ransomware Attacks in Europe Skyrocket by 55% as Supply Chains Become Prime Targets
Update:This update provides further analysis of the Black Kite report, highlighting the strategic shift by ransomware groups to compromise third-party suppliers and IT service providers as a primary vector for supply chain attacks. New hunting hints include monitorin...