Weekly Threat Intelligence Summary

Top 10 General Cyber Threats

Generated 2026-06-08T05:00:05.461831+00:00

1. Fake virus alerts are invading mobile games (www.malwarebytes.com, 2026-06-02T09:03:55)
   Score: 7.228
   "Your device is infected!" Fake account warnings and virus alerts are turning some in-game ads into malware traps.
2. Fake BlueWallet steals passwords, accounts, and crypto from Macs (www.malwarebytes.com, 2026-06-01T14:40:25)
   Score: 7.101
   A fake BlueWallet download tricks Mac users into running malware that steals passwords, crypto wallets, and clipboard data.
3. Fake ChatGPT download site infects Windows and Mac users with malware (www.malwarebytes.com, 2026-05-28T10:18:26)
   Score: 6.404
   Searching for ChatGPT? This fake download site serves malware to both Windows and Mac users, using separate payloads tailored to each platform.
4. AI: Threat, tool, or both? (www.malwarebytes.com, 2026-06-05T08:56:57)
   Score: 5.727
   Public concern about AI is rising. We look at what's driving it, and why cybersecurity occupies a unique place in this debate.
5. 3 Principles to Safely Scale Agentic AI (www.crowdstrike.com, 2026-06-05T05:00:00)
   Score: 5.7
6. Why Holistic Sourcing Wins: The Numbers Behind the Recorded Future Advantage (www.recordedfuture.com, 2026-06-05T00:00:00)
   Score: 5.665
   Recorded Future’s Intelligence Graph® uses holistic sourcing across 1M+ sources for complete threat intelligence and proactive defense.
7. Travel scams are everywhere. Here’s how to avoid them (www.malwarebytes.com, 2026-06-04T11:28:12)
   Score: 5.578
   Learn how to spot travel scams, avoid risky bookings, and keep your personal information out of the wrong hands.
8. Meta’s AI support bot happily handed Instagram accounts to hackers (www.malwarebytes.com, 2026-06-04T09:09:09)
   Score: 5.562
   Hackers convinced an AI support bot to hand over Instagram accounts by changing recovery email addresses.
9. ISO 42001:2023 and the New Reality of Cloud AI Data Risk (www.crowdstrike.com, 2026-06-04T05:00:00)
   Score: 5.533
10. Threats to the 2026 FIFA World Cup (www.recordedfuture.com, 2026-06-04T00:00:00)
    Score: 5.499
    Threat assessment for the 2026 FIFA World Cup (US, Mexico, Canada) covering organized crime, AI-powered cyber fraud, state espionage, and political influence operations.

Top 10 AI / LLM-Related Threats

Generated 2026-06-08T06:00:20.048346+00:00

1. RAVEN: Retrieval-Augmented Vulnerability Exploration Network for Memory Corruption Analysis in User Code and Binary Programs (arxiv.org, 2026-06-08T04:00:00)
   Score: 20.78
   arXiv:2604.17948v2 Announce Type: replace
   Abstract: Large Language Models (LLMs) have demonstrated remarkable capabilities across various cybersecurity tasks, including vulnerability classification, detection, and patching. However, their potential in automated vulnerability report documentation and analysis remains underexplored. We present RAVEN (Retrieval Augmented Vulnerability Exploration Network), a framework leveraging LLM agents and Retrieval Augmented Generation (RAG) to synthesize com
2. DPAgent-in-the-Middle: Agentic Defense and Repair Against AI-Groomed Deceptive Patterns (arxiv.org, 2026-06-08T04:00:00)
   Score: 19.58
   arXiv:2606.06914v1 Announce Type: new
   Abstract: Privacy deceptive patterns in web interfaces systematically manipulate users into disclosing personal data, yet existing defenses are fragmented, static, and increasingly vulnerable to manipulation by large language models. Moreover, data voids, areas of information scarcity within the web ecosystem, create fertile ground for adversaries to inject misleading content that can be scraped and learned by AI systems, thereby amplifying both deceptive d
3. MalSkillBench: A Runtime-Verified Benchmark of Malicious Agent Skills (arxiv.org, 2026-06-08T04:00:00)
   Score: 18.48
   arXiv:2606.07131v1 Announce Type: new
   Abstract: AI coding agents such as Claude Code and Gemini CLI increasingly extend themselves with third-party skills: markdown packages bundling natural-language instructions, executable scripts, and tool permissions. Because a skill is at once code and agent-facing instruction, it introduces a supply chain dependency whose risk is neither pure code nor pure prompt. Detection tools have never been measured against verified ground truth spanning this hybrid
4. Subtle Injection for Ground-truth Inference of LLM Training Data (arxiv.org, 2026-06-08T04:00:00)
   Score: 17.78
   arXiv:2606.06502v1 Announce Type: new
   Abstract: As large language models (LLMs) are increasingly trained on scraped web corpora without authorisation, content owners require forensic methods to prove that their documents were included in a model's training set. We propose \textbf{SIGIL} (\textbf{S}ubtle \textbf{I}njection for \textbf{G}round-truth \textbf{I}nference of \textbf{L}LM training data), a framework that embeds imperceptible \emph{canary sequences} into protected text and code su
5. Defending Jailbreak Attacks on Large Language Models via Manifold Trajectory Kinetics (arxiv.org, 2026-06-08T04:00:00)
   Score: 17.78
   arXiv:2606.07335v1 Announce Type: new
   Abstract: Jailbreak prompts can bypass alignment guardrails in large language models (LLMs) and elicit unsafe outputs, making reliable deployment-time detection critical. Prior detection approaches largely rely on a fixed metric space, e.g., raw inputs, gradients, or hidden features, in which benign and jailbreak prompts are linearly separable. We show this assumption breaks under (i) pseudo-malicious prompts that are benign by intent but contain safety-rel
6. Empirical Evaluation of Large Language Models for Migration of Code Fragments to Post-Quantum Cryptography (arxiv.org, 2026-06-08T04:00:00)
   Score: 17.78
   arXiv:2606.07341v1 Announce Type: new
   Abstract: The transition to post-quantum cryptography (PQC) requires not only replacing vulnerable cryptographic primitives, but also refactoring the surrounding software logic. While existing PQC migration frameworks provide organizational guidance, practical code-level remediation remains largely manual and error-prone. This paper evaluates whether large language models (LLMs) can be trained to assist in the migration of pre-quantum cryptographic code fra
7. From Storage to Steering: Memory Control Flow Attacks on LLM Agents (arxiv.org, 2026-06-08T04:00:00)
   Score: 17.78
   arXiv:2603.15125v3 Announce Type: replace
   Abstract: Modern agentic systems allow Large Language Model (LLM) agents to tackle complex tasks through extensive tool usage, forming structured control flows of tool selection and execution. Existing security analyses often treat these control flows as ephemeral, one-off sessions, overlooking the persistent influence of memory. This paper identifies a new threat from Memory Control Flow Attacks (MCFA) that memory can dominate the control flow, forcing
8. Training Azerbaijani language models on Amazon SageMaker AI (aws.amazon.com, 2026-05-28T21:54:06)
   Score: 16.239
   Azercell Telecom LLC, Azerbaijan's leading telecommunications provider, wanted to build an Azerbaijani large language model (LLM) on Amazon SageMaker AI for telecom use cases and a customer-facing chatbot. The challenge: adapting foundation models (FMs) to a morphologically rich language with limited training data and no existing blueprint for efficient LLM training in Azerbaijani. In a six-week collaboration, Azercell worked with the AWS Generative AI Innovation Center to establish a produ
9. Hearing the Unspoken: Language Model Priors for Acoustic Adversarial Attacks (arxiv.org, 2026-06-08T04:00:00)
   Score: 14.78
   arXiv:2606.06833v1 Announce Type: cross
   Abstract: Automatic Speech Recognition (ASR) systems operating in real-time settings must process acoustic input under strict temporal constraints, where transcription decisions are inherently made on incomplete information. This causal constraint serves as an information bottleneck on attackers, significantly limiting attack performance. Our new Semantic Gambit attack breaks this causal limitation by augmenting the adversary with predictive context deriv
10. Accelerate LLM model loading and increase context windows with GPUDirect on Amazon FSx for Lustre and TurboQuant (aws.amazon.com, 2026-06-01T16:07:19)
    Score: 14.134
    If you’re iterating on deploying large language models (LLMs) on AWS GPU instances, you’ve probably noticed the larger the model to be loaded into GPU High Bandwidth Memory (HBM), the longer the painful wait until the GPUs are ready for inference. As models grow to hundreds of billions of parameters and GPU environments grow ever […]
11. Extracting Recurring Vulnerabilities from Black-Box LLM-Generated Software (arxiv.org, 2026-06-08T04:00:00)
    Score: 12.48
    arXiv:2602.04894v4 Announce Type: replace
    Abstract: LLMs are increasingly used for code generation, but their outputs often follow recurring templates that can induce predictable vulnerabilities. We study vulnerability persistence in LLM-generated software and introduce Feature–Security Table (FSTab) with two components. First, FSTab enables a black-box attack that predicts likely backend vulnerabilities from observable frontend features and knowledge of the source LLM, without access to the b
12. Certified Robustness to Data Poisoning in Gradient-Based Training (arxiv.org, 2026-06-08T04:00:00)
    Score: 12.48
    arXiv:2406.05670v3 Announce Type: replace-cross
    Abstract: Modern machine learning pipelines leverage large amounts of public data, making it infeasible to guarantee data quality and leaving models open to poisoning and backdoor attacks. Provably bounding model behavior under such attacks remains an open problem. In this work, we address this challenge by developing the first framework providing provable guarantees on the behavior of models trained with potentially manipulated data without modif
13. Securing CI/CD in an agentic world: Claude Code Github action case (www.microsoft.com, 2026-06-05T16:46:47)
    Score: 11.893
    Microsoft Threat Intelligence identified a prompt injection pathway in Claude Code GitHub Action that allowed access to workflow secrets under specific conditions. This research examines the attack chain, responsible disclosure process, Anthropic's mitigation, and guidance for securing AI-powered CI/CD workflows. The post Securing CI/CD in an agentic world: Claude Code Github action case appeared first on Microsoft Security Blog .
14. Lost in Migration: Exposing Android Framework Vulnerabilities in Parallel Java-Kotlin Implementations (arxiv.org, 2026-06-08T04:00:00)
    Score: 11.78
    arXiv:2606.07420v1 Announce Type: new
    Abstract: Android has adopted Kotlin alongside Java across apps and core system components. During this shift, we observe parallel implementations in the Android Open Source Project (AOSP) where the same component is implemented in both Java and Kotlin. In principle, their functional purposes are identical. In practice, subtle semantic divergences can appear. Such divergences are not vulnerabilities by themselves, but they provide useful clues that may reve
15. ADAGE: Active Defenses Against GNN Extraction (arxiv.org, 2026-06-08T04:00:00)
    Score: 11.48
    arXiv:2503.00065v4 Announce Type: replace
    Abstract: Graph Neural Networks (GNNs) achieve high performance in various real-world applications, such as drug discovery, traffic states prediction, and recommendation systems. The fact that building powerful GNNs requires a large amount of training data, powerful computing resources, and human expertise turns the models into lucrative targets for model stealing attacks. Prior work has revealed that the threat vector of stealing attacks against GNNs i
16. Bit-Exact AI Inference Verification Without Performance Tradeoffs (arxiv.org, 2026-06-08T04:00:00)
    Score: 11.28
    arXiv:2606.00279v2 Announce Type: replace
    Abstract: Verifying claims about AI workloads is a prerequisite for credible AI governance of covert adversaries (who comply with monitoring only when detection likelihood is high), yet the apparent non-determinism of GPU floating-point arithmetic forces auditors to accept approximate output matches. Covert adversaries can exploit unverifiable degrees of freedom in monitored computation. Attack vectors include steganography, unreported modification of i
17. How Baz improved its AI Agent Code Review accuracy using Amazon Bedrock AgentCore (aws.amazon.com, 2026-06-02T15:45:11)
    Score: 11.068
    This post walks through how Baz built their Spec Review agent using Amazon Bedrock and Amazon Bedrock AgentCore. We'll cover the architecture decisions, implementation details, and the business outcomes they achieved by leveraging these AWS services to automate their code review process
18. In Other News: Anthropic Maps AI Threats, Unpatched Comodo Flaw, Palantir Chief Eyed for CISA (www.securityweek.com, 2026-06-05T13:05:06)
    Score: 10.656
    Other noteworthy stories that might have slipped under the radar: Ultrahuman data leak, The Gentlemen ransomware analysis, Hola Browser bundles miner. The post In Other News: Anthropic Maps AI Threats, Unpatched Comodo Flaw, Palantir Chief Eyed for CISA appeared first on SecurityWeek .
19. Metasploit Wrap Up 05/29/2026 (www.rapid7.com, 2026-05-29T19:34:41)
    Score: 10.254
    More Linux LPEs Hark the age of the Linux LPE has arrived. This week’s release follows up on recent work bringing new Linux LPEs to Metasploit users. Copy Fail seemed to have kicked off a trend of similar bugs and hot on its heels is Dirty Frag. Dirty Frag is actually two vulnerabilities in a trenchcoat, individually identified as CVE-2026-43284 and CVE-2026-43500. Each is exploitable individually and comes with a new Metasploit module. New module content (5) Citrix ADC (NetScaler) CVE-2026-3055
20. Seeking Counsel: Ongoing Targeted Campaign Against US Law Firms (cloud.google.com, 2026-06-05T14:00:00)
    Score: 9.765
    Written by: Chad Reams, Tufail Ahmed, Keith Knapp, Ashley Frazer, Tyler McLellan Introduction From January through May 2026, Mandiant identified a financially motivated data theft extortion campaign executed by the threat cluster UNC3753 (also tracked as "Luna Moth," “Chatty Spider,” and "Silent Ransom Group") targeting dozens of organizations across professional, legal, and financial services in the United States. UNC3753 leverages voice phishing (vishing) and social enginee
21. OpenAI models and Codex on Amazon Bedrock are now generally available (aws.amazon.com, 2026-06-01T21:31:12)
    Score: 9.587
    GPT-5.5, GPT-5.4, and Codex are now generally available on Amazon Bedrock. Deploy them in production applications and agents today, on Bedrock’s high performance inference engine.
22. AgileOS: A GPU Operating System Layer for Protected CUDA Services (arxiv.org, 2026-06-08T04:00:00)
    Score: 9.48
    arXiv:2606.06697v1 Announce Type: new
    Abstract: Modern GPU applications increasingly interact with storage systems, network devices, vendor libraries, and GPU-resident services rather than executing only isolated compute kernels. This shift creates a need for operating-system-like protection around GPU services, where service metadata, device queues, memory-mapped I/O regions, and library-internal state should not be directly exposed to untrusted application kernels. However, today's CUDA
23. FDM: A Framework for Decision-making to build ML-based Malware detection systems (arxiv.org, 2026-06-08T04:00:00)
    Score: 9.48
    arXiv:2606.06894v1 Announce Type: new
    Abstract: Selecting appropriate machine learning (ML) configurations for malware detection is a complex, multi-criteria problem. Model choice, feature engineering, and update mechanisms must jointly satisfy operational constraints that vary across deployment contexts. This paper proposes the Framework for Decision-making (FDM) to build ML-based malware detection systems. The FDM formalises this selection process using the Weighted Configuration Compatibilit
24. From Privacy to Workflow Integrity: Communication-Graph Metadata in Autonomous Agent Interoperability (arxiv.org, 2026-06-08T04:00:00)
    Score: 9.48
    arXiv:2606.07150v1 Announce Type: new
    Abstract: Agent-interoperability protocols such as A2A and MCP standardize what agents say to one another, but assume address-based transport over HTTP(S). Such transports protect message content, increasingly with end-to-end encryption. What they leave in the clear is the communication graph: which agent contacts which, when, and how often. In agent systems this graph is more consequential than a privacy framing suggests. Endpoints are often capability-lab
25. Authorized and Verifiable Searchable Encryption Based on Public Key Equality Test for Cloud Storage (arxiv.org, 2026-06-08T04:00:00)
    Score: 9.48
    arXiv:2606.07319v1 Announce Type: new
    Abstract: Cloud storage revolutionizes data management but raises conflicts between functionality and privacy. Public Key Encryption with Equality Test (PKEET), an advanced cryptographic technique, can enable multi-user searchable encryption (SE) through cross-key ciphertext comparison without shared keys. However, existing PKEET-based SE schemes lack ciphertext-file-level authorization, public verifiability, or SE-level support. This paper first proposes a

Auto-generated 2026-06-08