Cybersecurity Newsfeed - 01/06/26
Daily cybersecurity news covering vulnerabilities, adversaries, trends, breaches, and other notable security developments.
Cybersecurity Newsfeed
📅 01/06/26
🛡️ Vulnerabilities
Palo Alto GlobalProtect Auth Bypass (CVE-2026-0257): PAN-OS severity ratings have been upgraded to High following reports of active exploitation. The flaw allows unauthenticated remote attackers to bypass security restrictions and establish unauthorized VPN connections via forged cookies. More info Rapid7 Analysis WP Maps Pro Admin Account Creation: A critical flaw in this WordPress plugin is being actively exploited to create unauthorized administrator accounts, giving attackers full control over site content and themes. More info
‘CIFSwitch’ Linux Local Privilege Escalation: A newly disclosed flaw in the Linux kernel’s CIFS subsystem allows unprivileged users to gain root access on multiple distributions by abusing root-privileged helpers. More info
- Chrome 148 Massive Security Patch: Google patched 151 vulnerabilities in its latest update, including 22 critical-severity defects in GPU and Network subsystems that could allow remote code execution. More info
🎯 Adversaries
“LLMShare” Campaign Abuses ChatGPT: Attackers are using ChatGPT’s content-sharing feature to host fake OpenAI outage pages. These pages deliver info-stealing malware for macOS and Windows via legitimate openai.com links. More info
Russian Spies Aggressively Seek Western Tech: Intelligence officials warn that Russian agencies are escalating cyber operations to steal military, space, and dual-use technology to bypass international sanctions. More info
Kimsuky Deploys “HTTPSpy”: The North Korean group has expanded its arsenal with HTTPSpy and HelloDoor, leveraging Visual Studio Code Tunnels to hide malicious C2 traffic within legitimate developer activity. More info
“GreyVibe” Integrates GenAI for Attacks: This Russia-linked group is using ChatGPT and Gemini to refine phishing lures and debug exploit payloads in campaigns against Ukraine. More info
📈 Trends
Autonomous AI Post-Exploitation: Threat actors are using an LLM agent named “Zealot” to automate decision-making during attacks, chaining reconnaissance and exfiltration scripts at machine speed. More info
“ChatGPhish” Vulnerability: Researchers discovered that ChatGPT’s trust in Markdown links can be weaponized to turn legitimate summaries into phishing surfaces, leaking IP addresses or serving malicious QR codes. More info
Device Bound Session Credentials (DBSC): Google Chrome has introduced a feature to bind session cookies to hardware security chips (TPM), effectively neutralizing cookie-theft malware. More info
📦 Supply Chain Security
CodexUI-Android Steals OpenAI Tokens: A malicious npm package with 27,000 downloads was found exfiltrating OpenAI refresh tokens. The malware was hidden in the published module to evade GitHub source audits. More info
Dependency Confusion Profiling: Microsoft uncovered 33 malicious npm packages targeting corporate developers. These packages use high-version numbers to hijack internal namespaces and perform system reconnaissance. More info
Cloud Credential Harvesting via Typosquatting: 14 npm packages impersonating OpenSearch and Elasticsearch libraries were found targeting AWS, HashiCorp Vault, and GitHub Actions tokens. More info