Monday, June 29, 2026
Ten items today, weighted toward two threads worth tracking together: trust-platform account hijacking (state and criminal) and a second Linux root exploit landing in the same family we flagged Thursday. A pattern note runs at the bottom.
Russian intelligence is hijacking encrypted messaging accounts at scale, not breaking the encryption
SSU and FBI jointly disclosed an ongoing campaign by Russian Intelligence Services actors to take over Signal and WhatsApp accounts belonging to officials, military personnel, journalists, and activists across Ukraine, Europe, and the US. CISA and the FBI updated their March 20 joint PSA on June 26, naming two clusters — UNC5792 and UNC4221 — running the operation. The technique is SMS and callback phishing impersonating platform "support" bots to harvest verification codes, device-linking approvals, or backup recovery keys; the FBI was explicit that the apps' encryption itself remains intact. This is a continuation, not a new campaign — the same RIS clusters were named in the March PSA, and April reporting on 170-plus compromised Ukrainian prosecutor email accounts fits the identical pattern of going around encryption rather than through it.
Watch for: whether the next PSA update broadens the named target categories beyond government/military into energy-sector and legal-services personnel — that would mark a deliberate widening, not incidental spillover.
Sources: SSU (Telegram statement, June 27, 2026); FBI/CISA joint PSA update, June 26, 2026; SecurityAffairs, June 27, 2026; The Hacker News, June 27, 2026.
A Chinese-speaking cluster active since 2022 is inside Southeast Asian power utilities, with a custom backdoor to prove it
Palo Alto Networks' Unit 42 published technical detail on June 25 tying a years-long campaign against Southeast Asian government and critical-infrastructure networks to CL-STA-1062, a Chinese-speaking cluster Unit 42 assesses with high confidence overlaps with UAT-7237 (the group Cisco Talos linked to web-hosting attacks in Taiwan). Between October and December 2025 alone, Unit 42 found the group had breached at least ten organizations in the region, including two state-owned energy infrastructure entities, getting in through ASPX web shells on vulnerable web apps and staging through SoftEther VPN, Mimikatz, and JuicyPotato.
The technical novelty is TinyRCT, a previously undocumented C# backdoor disguised as a Visual Studio telemetry process (PerfWatson2.exe) that beacons over plain HTTP with a hardcoded AES key every ten seconds. This next sentence is BCG analytical framing, not Unit 42's own language: pairing off-the-shelf tooling for the noisy parts of an intrusion with custom malware reserved for persistence is now a recurring signature across multiple PRC-nexus clusters this year, not something unique to this one.
Watch for: confirmation of which Southeast Asian country's energy entities were hit — Unit 42 didn't name it, and that gap will likely close as regional CERTs respond to the report.
Sources: Unit 42 (Palo Alto Networks), June 25, 2026; SecurityAffairs, June 25–26, 2026; The Hacker News, June 26, 2026; Infosecurity Magazine, June 26, 2026.
A second Linux root-via-page-cache bug joins the one we flagged Thursday, and most distros haven't patched either
CVE-2026-46331, nicknamed "pedit COW," is an out-of-bounds write in the kernel's traffic-control packet-editing action (act_pedit) that lets a local unprivileged user — including one confined to an unprivileged user namespace — corrupt the page cache backing a setuid binary like /bin/su and pop a root shell. Red Hat assigned the CVE at merge time on June 16; a working public exploit, packet_edit_meme, appeared on GitHub within 24 hours. As of Ubuntu's status page on June 27, every supported release from 18.04 through 26.04 is listed vulnerable; Debian has patched Trixie but 11 and 12 remain open. RHEL 8/9/10 are affected through the shared kernel, and NVD has not yet published its own CVSS score — Red Hat's "Important" rating is the only formal severity assessment in circulation. This is the same root-cause family as DirtyClone (CVE-2026-43503, our June 26 edition): a kernel fast path writes into memory it doesn't exclusively own, landing in the page cache instead of a private copy.
Watch for: a third entry in this family before NVD finishes scoring either of the first two — researchers tracking both bugs are explicitly hunting for siblings in other subsystems sharing the same copy-on-write logic.
Sources: Red Hat Security Bulletin RHSB-2026-008; TuxCare, June 2026; SentinelOne Vulnerability Database; SC Media, June 26, 2026; GBHackers, June 27, 2026.
Compromised WhatsApp accounts are now a malware distribution channel, not just a phishing lure
Kaspersky's Securelist documented an active campaign using already-compromised WhatsApp Desktop and Web accounts to send VBScript files — disguised as financial or business documents in multiple languages — directly to the account owner's own contacts. Researcher Fareed Radzi reported the chain installs a legitimate remote-management tool, ManageEngine Endpoint Central, silently and with elevated privileges, giving the operator persistent remote access rather than a one-shot payload. Kaspersky found infrastructure overlap with prior Gh0st RAT and ValleyRAT activity but stopped short of formal attribution. Highest victim concentration is in Malaysia, with confirmed hits in Brazil, India, Mexico, Singapore, the UK, Spain, Taiwan, Australia, Russia, and Vietnam — a spread arguing for an opportunistic, broadly distributed operation rather than a targeted one.
Watch for: how the initial account compromises happened — Kaspersky's writeup is explicit that this step is unexplained, and it's the actual point of failure the whole campaign depends on.
Sources: Securelist (Kaspersky), June 2026; The Hacker News, June 23, 2026.
Poland arrested four people behind a SIM-swap-to-crypto pipeline, and an on-chain investigator says he recognizes one of them
Poland's Central Bureau for Combating Cybercrime (CBZC), working with the FBI and Homeland Security Investigations, arrested four suspects on June 25 accused of breaching systems at companies that work with telecom carriers, then using harvested employee credentials to SIM-swap victims and take over cryptocurrency exchange accounts. CBZC says proceeds — "tens of millions of zlotys" — moved through Polish and foreign bank accounts, payment platforms, and multi-currency wallets; all four face organized-crime, hacking, and money-laundering charges carrying up to 25 years and are in pretrial detention pending the Kraków prosecutor's ongoing investigation. Separately, and unconfirmed by any official source, on-chain investigator ZachXBT claimed one of the detained matches the public profile of "Merry" (Wojtek Kulisz), a previously documented social-engineering operator, based on luxury items visible in raid footage matching items from Kulisz's social media. That identification is single-sourced researcher inference, not law-enforcement confirmation, and should be read that way.
Watch for: whether CBZC or DOJ formally names any suspect — that would convert ZachXBT's identification from plausible to confirmed, or contradict it outright.
Sources: Poland CBZC announcement, June 25, 2026; BleepingComputer, June 25, 2026; Help Net Security, June 26, 2026; The Block, June 2026 (ZachXBT claim, independently sourced and unconfirmed).
A phishing kit just made MFA irrelevant by putting the victim inside the attacker's own browser
Netcraft reported on June 25 that Bluekit — a phishing-as-a-service platform Varonis first documented in April with an AI-assisted template builder — has shipped a browser-in-the-middle (BitM) upgrade and grown to roughly 70 live hostnames in a single week. Instead of proxying traffic like older adversary-in-the-middle kits such as Evilginx, Bluekit loads the real target login page inside an attacker-controlled browser and streams the live DOM to the victim over a WebSocket using rrweb, an open-source session-replay library; the victim's keystrokes and clicks execute against the genuine site inside that attacker browser, so the resulting session — including whatever MFA step the victim completes — is created and consumed in the same place. Netcraft's writeup lists detectable side effects: input latency, WebRTC IP-mismatch leakage from the operator's infrastructure, and an oversized, periodically rotated JavaScript bundle. One open question the reporting hasn't settled: whether phishing-resistant, origin-bound authentication (WebAuthn/FIDO2) actually defeats this architecture or just complicates it — none of the writeups we reviewed test that specifically, and the blanket claim that "MFA is bypassed entirely" is carrying more weight than the evidence shown supports.
Watch for: a vendor or researcher publishing a direct WebAuthn-against-BitM test, which would settle the gap above either way.
Sources: Netcraft, June 25, 2026; Varonis Threat Labs, April 2026 (original disclosure); BleepingComputer, June 26, 2026; Cyber Security News, June 26, 2026.
A security vendor built a fake AI-agent skill to prove a point, and reached 26,000 installs doing it
Security firm AIR submitted a harmless fake skill — branded as a Google Stitch landing-page builder — to a GitHub-based AI-skill marketplace with roughly 36,000 stars, got it merged, then promoted it via Instagram ads. Every scanner tested against it, including tools from Cisco and Nvidia, cleared it as safe, because the skill itself carried no malicious code; instead it pointed agents to an external setup page AIR controlled, which initially mirrored real Google documentation and was swapped for a credential-harvesting script only after the skill had spread. AIR claims the skill reached approximately 26,000 agents, including some on corporate accounts, but didn't publish a platform breakdown — and is simultaneously marketing a managed skill-marketplace product, a commercial interest that should temper confidence in that specific install figure, even though the underlying scanner blind spot it demonstrates (a one-time package scan can't catch a payload living behind a mutable external link) checks out independently of AIR's pitch. This is BCG framing, not AIR's: the real significance here isn't the mutable-URL trick itself, it's that AI agent ecosystems are inheriting, on a compressed timeline, the same trust failures package managers like npm and PyPI took roughly fifteen years to learn the hard way — borrowed reputation, point-in-time review, and a payload that doesn't exist yet at approval time.
Watch for: whether any named scanner vendor — Cisco, Nvidia, or marketplace operator skills.sh — publicly ships a fix for post-approval URL mutation, the only part of this that's actually unresolved.
Sources: AIR, via The Hacker News, June 23, 2026; CSO Online, June 24, 2026; Cybernews, June 25, 2026.
Washington compressed its post-quantum migration deadline by four years; the contractor rules aren't written yet
President Trump signed an executive order on June 22 titled "Securing the Nation Against Advanced Cryptographic Attacks," requiring federal civilian agencies to migrate high-value assets and high-impact systems to NIST's post-quantum standards — ML-KEM for key establishment by December 31, 2030, ML-DSA for digital signatures by December 31, 2031 — replacing the 2022 National Security Memorandum 10 target of 2035. National Security Systems are excluded and run a separate NSA-managed track through 2033. The order also directs the Federal Acquisition Regulatory Council to propose a rule within 180 days requiring covered contractors to meet the same FIPS standards by 2030, and a second rule within 270 days folding cryptographic flaws into contractor vulnerability-disclosure requirements — both are proposed rules subject to notice-and-comment, not yet binding. Sourcing note: sources disagree on the order's official number — both EO 14409 and EO 14412 are cited for the same text across outlets — which we couldn't resolve against one authoritative citation; the substance of the deadlines is consistent across every source checked.
Watch for: OMB's implementation guidance, due within 90 days of signing, which determines whether 2030 produces real agency-level cryptographic inventories or becomes another slipped federal migration target.
Sources: The White House, June 22, 2026; Cybersecurity Dive, June 22–23, 2026; SecurityWeek, June 23, 2026; Cloudflare blog, June 2026.
The protocol holding together your AI agents' enterprise access is about to change shape, and the new attack surface isn't theoretical
Akamai Technologies published an analysis, reported by SC Media on June 25, of the incoming MCP 2026-07-28 specification — the most substantial architectural revision to Anthropic's Model Context Protocol since its release, due next month. The new spec closes protocol-level gaps from earlier versions (stateful initialization, server-initiated prompts) and mandates OAuth 2.1, which genuinely tightens authentication. But the shift to a stateless, cloud-native architecture pushes new risk onto developers and platform operators directly: Akamai flags a workflow-hijacking path where attackers manipulate client-held state objects since the server no longer tracks session state itself, plus a denial-of-service vector Akamai calls "hit-and-run" task abuse, where an attacker triggers costly server-side operations with no further user interaction required. This next sentence is BCG framing, not Akamai's: the pattern matches what we flagged with the AI-agent-skill marketplace story in this same edition (Item 7) — protocol and platform designers are closing the obvious holes while shifting the harder, implementation-specific security burden downstream to whoever deploys the thing, landing on teams that adopted MCP under the older, simpler trust model.
Watch for: whether major MCP gateway vendors ship default-on protections for the stateless and hit-and-run risks before the July 28 release lands, or leave it to individual server operators to catch up after the fact.
Sources: Akamai Technologies, via SC Media, June 25, 2026.
Jonathan Brown is a cybersecurity researcher and investigative journalist at bordercybergroup.com.
If you would like to support our work — useful, well-researched, ad-free cybersecurity intelligence — subscribe, comment, or buy us a coffee! Thanks.
Member discussion: