The internet did not break this week. It got used exactly as designed, which is worse. Searches were siphoned through shady browser add-ons. AI chat links turned into malware delivery paths. macOS attacks ran in memory and left almost nothing behind. Cloud agents looked like helpers until attackers treated them like open shells. Add exposed edge gear, poisoned packages, cash courier scams, stealers, loaders, and phishing that barely bothers pretending anymore. Here’s the full mess. DoH lands in Windows Server 2025 Microsoft has announced that DNS-over-HTTPS (DoH) for Windows DNS Server is generally available on Windows Server 2025 for client-to-server DNS traffic. "With general availability, organizations can now deploy encrypted and authenticated client-to-resolver DNS traffic directly within their existing on-premises DNS infrastructure," the company said . "The goal is to help improve privacy, reduce spoofing risk, and advance Zero Trust DNS without requiring a new resolver architecture. Enabling DoH on Windows DNS Server introduces encrypted communication for supported clients over HTTPS while preserving compatibility with most existing DNS deployments. Organizations can expect DoH traffic between DoH clients and Windows DNS Server to be encrypted via TLS, DNS queries to be transported as HTTPS requests, existing DNS functionality to continue operating as expected, and mixed environments, encrypted and traditional DNS, to be supported." Search hijacks hide monetization layer A cluster of 23 deceptive Chrome browser extensions has been found stealthily overriding users' default search engines and routing queries through monetization middleware before delivering results. "Each extension presents a different advertised purpose - satellite imagery, productivity tools, news readers, maps – while the actual business is search affiliate revenue," security researcher Jean-Marie R. said . "The campaign spans at least 8 distinct monetization brokers and ~758,000 affected users. While this might look like simple adware, it is a real security risk. First, it is a massive privacy violation: every search a user makes is sent to anonymous third-party brokers. Second, because the operators control the web traffic, they can easily switch from showing regular search results to injecting phishing links or malicious downloads at any time – all without ever updating the extension code itself." Fileless macOS ClickFix attack chain A Russian-speaking attacker has been observed targeting victims mainly in Asia, North America, and Oceania across technology, media, and business services sectors using ClickFix lures to deliver an AppleScript-based infostealer to macOS users. The ClickFix pages masquerade as downloads for a malware scanning utility. "To evade detection, the entire infection chain, starting from the initial clipboard paste to payload execution, is completely fileless, leaving no static artifacts on disk until persistence is established," Netskope Threat Labs said . "Victims are socially engineered into executing a curl command that fetches a gzip-compressed stager, which pipes the second-stage AppleScript directly into osascript memory." The second-stage, codenamed "Meow (DEBUG)," uses a fake system dialog to harvest credentials, browser data, session cookies, and keychain contents. It's also equipped with capabilities to trojanize legitimate desktop cryptocurrency wallet applications and maintain persistent command-and-control (C2) access, allowing the operator to run arbitrary payloads. Claude chat abuse fuels malware delivery In another ClickFix campaign, threat actors have been spotted weaponizing Anthropic Claude's shared chat feature , abusing the trust associated with a legitimate domain to deliver the MacSync credential-stealing malware. "Cybercriminals hijacked Google Ads searches for popular AI developer tools to funnel over 2,000 victims toward malicious download pages before quietly moving their operation onto claude.ai's own platform, turning the trusted domain into a delivery mechanism for credential-stealing malware," Trend Micro said . "The Asia-Pacific region bore the brunt of the campaign, accounting for 67.2% of all confirmed victims, with Taiwan alone representing 30.5% of total traffic, a concentration that points to deliberate geographic ad targeting rather than opportunistic spread." As many as 106 unique malicious hostnames have been identified over a span of seven weeks across six distinct attack waves.Anthropic has since banned the accounts responsible, disabled the malicious shared conversations, and is implementing additional abuse mitigations for its shared chat feature. WhatsApp booking fraud spreads globally Bitdefender haș warned of an ongoing phishing campaign impersonating hotels, resorts, and accommodation providers across more than 10 countries. "Unlike traditional travel scams that rely on generic phishing emails, this operation uses real booking information, localized messaging, and convincing hotel branding to trick travelers into handing over payment card details," the Romanian cybersecurity company said . "Victims receive personalized messages containing names, stay dates, reservation details, and cancellation warnings. The campaign relies exclusively on WhatsApp, with no matching email or SMS infrastructure observed." Observed languages include English, German, French, Spanish, Romanian, and Polish. Similar campaigns have been reported by Sekoia and Netcraft in the past. AI agent targets vulnerability chaos Amazon Web Services (AWS) has announced a new artificial intelligence (AI)-powered security agent called AWS Continuum for code vulnerabilities, as models like Claude Mythos by attackers and defenders accelerate the ability to find and exploit vulnerabilities. AWS Continuum "addresses the full lifecycle of managing code vulnerabilities at machine speed. It continuously discovers vulnerabilities, validates which are genuinely exploitable, prioritizes them by business context, and helps you remediate them across the full stack within guardrails you define," AWS said. The tech giant said the agent is model agnostic, and that it uses multiple frontier models where they perform best. AI export controls reshape model access In a new report, WIRED said the U.S. government's decision to restrict Anthropic's Claude Fable 5 and Mythos 5 models came after it ordered the AI company to revoke South Korea-based SK Telecom's access over its alleged ties to China. SD-WAN zero-day scope expands Cisco has updated its February 2026 advisory for CVE-2026-20127 , a critical privilege escalation flaw in Catalyst SD-WAN Controller and Catalyst SD-WAN Manager, to note that the vulnerability also affects Catalyst SD-WAN Validator. The security flaw has been exploited as a zero-day since 2023 by a sophisticated threat actor known as UAT-8616. It allows an unauthenticated remote attacker to bypass authentication and obtain administrative privileges on an affected system by sending a crafted request. AI coding agent trust bypass exposed Manifold Security has flagged two high-severity local code-execution paths on a developer's machine via a malicious repository in Cline , an AI coding agent VS Code extension with more than 4.3 million installs. The repository's content, in turn, tricks the agent into executing attacker-supplied shell commands under the developer's account, enabling access to credentials, source code, and other sensitive data. "Cline ships an Approve/Deny dialog and a 'Safe Commands' auto-approve filter that are supposed to stop exactly this. Both fail," Ax Sharma, head of research at Manifold Security, said . "Clicking the URL preview tile to verify where the agent is fetching from runs an OS-level command instead. The Approve/Deny dialog never gates the click. 'Safe Commands' doesn't inspect commands. It asks the AI agent whether its own command is safe, and trusts the answer, even after the same agent has been manipulated by attacker content." While the findings have been classified as "out of scope," Cline plans to release fixes in an upcoming release. HTTP/2 abuse shifts to live reconnaissance Earlier this month, Calif used OpenAI's Codex to discover an exploit called the HTTP/2 Bomb . Formally tracked as CVE-2026-49975, the vulnerability ironically chains together two features that were expressly designed to save internet bandwidth to help attackers amplify junk traffic by orders of magnitude. Imperva has since reported that attackers in the wild were "running specialized tools designed to map out" vulnerable servers. A working proof-of-concept (PoC) is publicly available. "Exposure in this set is led by communication services at 24.9% of observed assets, with information technology contributing 18.0% and healthcare close behind at 17.0%," CyCognito said . Exposed email server becomes phishing hub Cybersecurity researchers have discovered an "interesting attack" where an unknown actor leveraged a victim's internet-facing terminal server as a phishing stager. Huntress said it recovered the full staging directory, including a legitimate bulk email software application (Gammadyne Mailer), a project file named dracii.mmp , and six target lists holding 8,894,920 email addresses. "The campaign impersonated the U.K. pharmacy chain Boots, using a 'free gift' survey as a lure," the company said . "The payload it pointed victims at was hosted on a compromised Bolivian government website, ipelc.gob[.]bo." The payload is a Boots phishing web page hosted within the /boots_store/ subdirectory that urges users to complete a survey and redeem a free gift by entering their personal and financial information. Bank phishing delivers in-memory stealer An active phishing campaign is targeting banks to deliver Phantom Stealer , an infostealer that's sold under a subscription model for between $70 to $240 by a threat actor operating under the alias Oldphantomoftheopera. "The attack begins with phishing emails containing malicious attachments disguised as business documents," Fortra said . "Once executed, the malware runs entirely in memory, helping it evade traditional defenses. "The combination of targeted phishing delivery, advanced evasion techniques, broad credential harvesting capabilities, and a resilient multi-channel exfiltration infrastructure places this threat in the high-severity category." Phantom Stealer targets major web browsers as well as Discord, Telegram, and Steam. It is also used to steal financial information, cryptocurrency assets, and collect keystrokes, screenshots, and clipboard data. Quantum-safe mandate timeline set France's cybersecurity agency ANSSI said it would stop certifying security products that lack quantum-resistant encryption starting from 2027. It also requires businesses to purchase only quantum-safe products by 2030. State filters .ru email traffic According to local media reports , Estonia plans to implement additional security screening for emails sent from Russia's .ru top-level domain before they reach government officials, citing heightened cyber risk. The new measures are expected to take effect starting August 31, 2026. Imposter scams hit $3.5B losses The U.S. Federal Trade Commission (FTC) revealed that Americans lost a staggering $3.5 billion to imposter scams in 2025, with reported losses nearly tripling since 2020. "These scams lured consumers through text, phone, email, social media, search engine results, and other means. Some of the costliest impersonation scams start with a fake security alert, often from a bank," the FTC said . "People are convinced to move money to 'protect' it, with their losses often limited only by their available funds." In all, about $16 billion has been reported lost in 2025 to all types of fraud. Conti operator admits ransomware role Oleksii Oleksiyovych Lytvynenko, 44, has pleaded guilty to wire fraud conspiracy in connection with Conti, a ransomware variant that infected more than 1,000 computers and networks across the world. "Lytvynenko, of Cork, Ireland, conspired with others to deploy Conti ransomware to extort victims and steal their data," the U.S. Department of Justice said . "Lytvynenko admitted to joining the Conti conspiracy no later than approximately September 2021. He admitted to possessing data from eight U.S. and four overseas victims, which had been stolen by Conti conspirators. Lytvynenko further admitted to joining a team run by a Conti conspirator during which time Lytvynenko was directed to work on coding a 'loader,' which is typically a type of malware, or malicious software, that is used to load programs necessary to execute other malicious attacks." As of January 2022, Conti ransomware attacks resulted in at least $150 million in ransom payments. The Ukrainian national was extradited to the U.S. in October 2025. He is scheduled to be sentenced on September 10, 2026, and faces a maximum penalty of 20 years in prison. Steam wallpapers turn into account theft vector Threat actors are abusing Steam Workshop to spread malware hidden in dozens of wallpaper packages, putting gamers' accounts at risk. The activity has been active since late 2025. "The attackers are primarily targeting gamers in China and Russia, aiming to hijack their accounts," Kaspersky said . "To pull this off, they are exploiting Wallpaper Engine – a popular live wallpaper app available on Steam – specifically leveraging its Workshop sharing feature. The malware is hidden inside the wallpaper packages users share with one another. Running one of these compromised wallpapers can lead to a stolen Steam account or leave the victim’s system infected with backdoors or crypto miners." Rust C2 framework hits npm supply chain Three npm packages, [email protected], [email protected], [email protected], have been found to act as droppers for Linux, Windows, and macOS systems to deliver a previously undocumented post-exploitation framework codenamed NastyC2. "Written entirely in Rust, it implements over 80 commands spanning credential harvesting, Active Directory attacks, container escape, cloud metadata theft, and fileless execution," Panther said . "The framework is comparable in scope to Cobalt Strike or Sliver, overlapping with both on BOF/COFF execution, reflective DLL loading, multi-technique process injection, AD-native Kerberoasting and DCSync, AMSI/ETW patching, SOCKS5 pivoting, and encrypted sleep." npm package delivers worm + miner + LPE A malicious npm package named [email protected] has been observed installing three different payloads, including a supply chain worm that spreads across six build ecosystems (Rust, Cargo, Python, CMake, and npm), a Monero cryptocurrency miner, and an exploit for Dirty Frag , a local privilege escalation (LPE) vulnerability impacting the Linux kernel. "All three run from memory, leaving no named file on disk," Panther said .

Source: The Hacker News

Read Original Source →