Monday’s recap shows the same pattern in different places. A third-party tool becomes a way in, then leads to internal access. A trusted download path is briefly swapped to deliver malware. Browser extensions act normally while pulling data and running code. Even update channels are used to push payloads. It’s not breaking systems—it’s bending trust.

There’s also a shift in how attacks run. Slower check-ins, multi-stage payloads, andmore code kept in memory. Attackers lean on real tools and normal workflows instead of custom builds. Some cases hint at supply-chain spread, where one weak link reaches further than expected.

Go through the whole recap. The pattern across access, execution, and control only shows up when you see it all together.

⚡ Threat of the Week

Vercel Discloses Data Breach—Web infrastructure provider Vercel has disclosed a security breach that allows bad actors to gain unauthorized access to "certain" internal Vercel systems. The incident originated from the compromise of Context.ai, a third-party artificial intelligence (AI) tool, which was used by an employee at the company, it added. "The attacker used that access to take over the employee's Vercel Google Workspace account, which enabled them to gain access to some Vercel environments and environment variables that were not marked as 'sensitive,'" the company said. It's currently not known who is behind the incident, but a threat actor using the ShinyHunters persona has claimed responsibility for the hack. Context.ai also disclosed a March 2026 incident involving unauthorized access to its AWS environment. However, it has since emerged that the attacker also likely compromised OAuth tokens for some of its consumer users. Furthermore, Hudson Rock uncovered that a Context.ai employee was compromised with Lumma Stealer in February 2026, raising the possibility that the infection may have triggered the "supply chain escalation."

99% of What AI Found Is Still Unpatched. See the Defensive Answer

Anthropic's Mythos weaponized bugs that survived decades of human review. Atlassian's CISO, Frost & Sullivan, and leaders from Kraft Heinz and Glow Financial Services show how autonomous validation discovers what's exploitable, proves controls hold, and re-validates fixes.

Register for Free ➝

🔔 Top News

Law Enforcement Operation Brings Down DDoS-for-Hire Operation—Law enforcement agencies across Europe, the U.S., and other partner nations cracked down on the commercial DDoS-for-hire ecosystem, targeting both operators and customers of services used to target websites and knock them offline. As part of the effort, authorities took down 53 domains, arrested four people, and sent warning notifications to thousands of criminal users. The U.S. Justice Department said court-authorized actions were undertaken to disrupt Vac Stresser and Mythical Stress. The actions are a persistent cat-and-mouse game, as booted services often reappear under new names and domains despite repeated takedowns. While these disruptions tend to have short-term results, the resilience of the criminal activity indicates that arrests need to be combined with infrastructure seizures, financial disruption, and user deterrence for lasting impact.

Newly Discovered PowMix Botnet Hits Czech Workers—An active malicious campaign is targeting the workforce in the Czech Republic with a previously undocumented botnet dubbed PowMix since at least December 2025. "PowMix employs randomized command-and-control (C2) beaconing intervals, rather than persistent connection to the C2 server, to evade the network signature detections," Cisco Talos said. The never-before-seen botnet is designed to facilitate remote access, reconnaissance, and remote code execution, while establishing persistence by means of a scheduled task. At the same time, it verifies the process tree to ensure that another instance of the same malware is not running on the compromised host.

AI-Driven Pushpaganda Exploits Google Discover to for Ad Fraud—A novel ad fraud scheme has been found to leverage search engine poisoning (SEO) techniques and artificial intelligence (AI)-generated content to push deceptive news stories into Google's Discover feed and trick users into enabling persistent browser notifications that lead to scareware and financial scams. The Pushpaganda campaign has been found to target the personalized content feeds of Android and Chrome users. "This operation, named for push notifications central to the scheme, generates invalid organic traffic from real mobile devices by tricking users into subscribing to enabling notifications that presented alarming messages," HUMAN Security said. Google has since rolled out fixes and algorithmic updates to address the issue.

Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT—A social engineering campaign has abused Obsidian, a cross-platform note-taking application, as an initial access vector to distribute a previously undocumented Windows remote access trojan called PHANTOMPULSE in attacks targeting individuals in the financial and cryptocurrency sectors. Elastic Security Labs is tracking the activity under the name REF6598. It employs elaborate social engineering tactics through LinkedIn and Telegram to breach both Windows and macOS systems by tricking victims into opening a cloud-hosted vault in Obsidian. PHANTOMPULSE is an artificial intelligence (AI)-generated backdoor that uses the Ethereum blockchain for resolving its C2 server. On macOS, the attack is used to deliver an unspecified payload.

CPUID Downloads Hijacked to Serve STX RAT—Unknown threat actors hijacked the official CPUID download page to serve trojanized installers that ultimately led to the deployment of STX RAT, a remote access trojan with infostealer capabilities. The attack did not compromise CPUID's original signed binaries, the threat actors served their own trojanized packages via redirect. "The threat actor compromised the official CPUID download page to serve a trojanized package, employing DLL sideloading as the initial execution vector followed by a layered, five-stage in-memory unpacking chain designed to evade detection," Cyderes said. "The use of a timestomped compilation timestamp, reflective PE loading, and exclusively in-memory payload execution demonstrates a deliberate effort to hinder forensic analysis and bypass traditional security controls."

108 Malicious Chrome Extensions Steal Google and Telegram Data—A cluster of 108 Google Chrome extensions has been found to communicate with the same command-and-control (C2) infrastructure with the goal of collecting user data and enabling browser-level abuse by injecting ads and arbitrary JavaScript code into every web page visited. The extensions provide the expected functionality to avoid raising red flags, but malicious code running in the background connects to the threat actor's C2 server to perform the nefarious activities. At the center of the campaign is a backend hosted on a Contabo virtual private server (VPS), with multiple subdomains handling session hijacking, identity collection, command execution, and monetization operations. There is evidence indicating a Russian malware-as-a-service (MaaS) operation, based on the presence of a payment and monetization portal in its C2 infrastructure.

OpenAI Launches GPT-5.4-Cyber—OpenAI announced a new model, GPT-5.4-Cyber, specifically designed for use by digital defenders. Artificial intelligence (AI) companies have repeatedly warned that more capable AI models could create an opening for bad actors to exploit vulnerabilities and security gaps in software with new speed and intensity. Unlike Anthropic, which said its new Claude Mythos model is only being privately released to a small number of trusted organizations due to concerns that it could be exploited by adversaries, OpenAI said "the class of safeguards in use today sufficiently reduce cyber risk enough to support broad deployment of current models," but hinted at the ne