Weekly Threat Intelligence Summary

Top 10 General Cyber Threats

Generated 2026-06-15T05:00:04.982906+00:00

1. Update Chrome: Google patches actively exploited vulnerability and 73 others (www.malwarebytes.com, 2026-06-09T10:50:16)
   Score: 9.241
   Google's latest Chrome update fixes 74 security vulnerabilities, including one under active attack.
2. Microsoft’s biggest-ever Patch Tuesday fixes 206 bugs, including 3 zero-days (www.malwarebytes.com, 2026-06-10T12:43:48)
   Score: 8.42
   June 2026 is the largest Patch Tuesday in history, fixing 206 vulnerabilities and three publicly disclosed zero-days.
3. June 2026 Patch Tuesday: Microsoft Patches 206 Vulnerabilities Including Three Publicly Disclosed Zero-Days (www.crowdstrike.com, 2026-06-09T05:00:00)
   Score: 8.2
4. Free Spotify Premium hacks on social media are spreading infostealers (www.malwarebytes.com, 2026-06-10T16:27:32)
   Score: 7.446
   Cybercriminals are turning TikTok and Instagram Reels into malware delivery platforms, using free software tutorials to spread infostealers.
5. 88% of people struggle to tell what’s real online (www.malwarebytes.com, 2026-06-10T11:45:00)
   Score: 7.414
   As AI-generated scams, deepfakes, and impersonation spread, a new Malwarebytes report finds people increasingly unsure what to trust online.
6. Pirated PC games are delivering password-stealing malware (www.malwarebytes.com, 2026-06-08T10:53:06)
   Score: 7.074
   Cybercriminals are hiding malware in cracked and repacked games, infecting more than 400,000 devices worldwide.
7. May 2026 CVE Landscape (www.recordedfuture.com, 2026-06-08T00:00:00)
   Score: 6.799
   In May 2026, Insikt Group® identified 41 high-impact vulnerabilities that should be prioritized for remediation, all of which had a Very Critical Recorded Future Risk Score. This represents a 11% increase from last month.
8. Stolen iPhones could soon be worth a lot less to thieves (www.malwarebytes.com, 2026-06-12T14:03:16)
   Score: 5.763
   Apple and the Met Police are working together to make stolen iPhones harder to reset, resell, and profit from.
9. Fake verification pages are stealing Steam accounts from players (www.malwarebytes.com, 2026-06-12T09:27:49)
   Score: 5.731
   A convincing fake FACEIT verification page is stealing Steam accounts by using a fake login window that looks completely legitimate.
10. Why AI Projects Stall and How CIOs Can Respond (www.crowdstrike.com, 2026-06-12T05:00:00)
    Score: 5.7

Top 10 AI / LLM-Related Threats

Generated 2026-06-15T06:00:20.247597+00:00

1. Criminal AI-as-a-Service in 2026: How the Underground Market Is Operationalizing Cybercrime (www.rapid7.com, 2026-06-11T13:00:00)
   Score: 24.917
   Introduction The underground market for criminally oriented generative AI has moved beyond the early hype surrounding 'malicious chatbots.' The gradual integration of AI as a productivity layer within cybercrime operations has become the dominant story, indicating that while the potential for fully autonomous AI hacking systems is possible, attackers are not embracing them as expected. Instead, threat actors are increasingly using AI to accelerate routine, but operationally significant
2. NeST: Neuron Selective Tuning for LLM Safety (arxiv.org, 2026-06-15T04:00:00)
   Score: 20.78
   arXiv:2602.16835v2 Announce Type: replace
   Abstract: Safety alignment is essential for the responsible deployment of Large Language Models (LLMs). Yet, existing approaches often rely on heavyweight fine-tuning that is costly to update, audit, and maintain across model families. Full fine-tuning incurs substantial computational and storage overhead, while parameter-efficient methods, e.g., Low-Rank Adaptation (LoRA), trade efficiency for inconsistent safety gains and sensitivity to design choices
3. From Prompts to Responses: Dual-Sided Data Leakage and Defense in Split Large Language Models (arxiv.org, 2026-06-15T04:00:00)
   Score: 17.78
   arXiv:2606.14210v1 Announce Type: new
   Abstract: Large language models (LLMs) are increasingly deployed in privacy-sensitive domains, where users must balance the risk of data exposure through external APIs against the high computational cost of local deployment. Split learning has therefore emerged as a promising paradigm for LLM fine-tuning and inference under limited local resources. However, it introduces new privacy risks. Prior work primarily studies leakage of private input prompts, typic
4. Investigating Metamorphic Fuzz Oracle Enhancement via Large Language Models (arxiv.org, 2026-06-15T04:00:00)
   Score: 17.78
   arXiv:2606.14164v1 Announce Type: cross
   Abstract: Fuzz drivers are essential components of greybox fuzzing, as they encapsulate target interfaces, define test spaces, and largely determine fuzzing effectiveness. Existing fuzz drivers typically rely on crash-based oracles for security testing, overlooking library functionality and limiting bug detection capability.
   In this paper, we present the first study on metamorphic-based fuzz oracle enhancement (MFOE), which augments existing fuzz driver
5. Game-Theoretic Multi-Agent Control for Robust Contextual Reasoning in LLMs (arxiv.org, 2026-06-15T04:00:00)
   Score: 17.78
   arXiv:2606.10322v2 Announce Type: replace
   Abstract: Large Language Models (LLMs) in multi-turn interactions maintain evolving context rather than generating isolated responses, making them vulnerable to prompt-injection and context-poisoning attacks in which locally plausible adversarial fragments gradually distort reasoning trajectories. Existing defenses mainly filter individual outputs and often ignore context evolution across turns, leaving long-horizon reasoning exposed. Although the Model
6. Building Supercharger: How Rocket Close optimized title operations with agentic AI (aws.amazon.com, 2026-06-12T20:43:56)
   Score: 17.132
   In this post, we explore how Rocket Close built a solution using Strands Agents, large language models (LLMs), Amazon Bedrock, Amazon Bedrock Knowledge Bases, and Model Context Protocol (MCP) tools. We cover solution features, the rationale for the technology stack, lessons learned, and the business impact at Rocket Close.
7. SkillMutator: Benchmarking and Defending Language-and-Code Cross-modal Attacks on LLM Agent Skills (arxiv.org, 2026-06-15T04:00:00)
   Score: 16.78
   arXiv:2606.14154v1 Announce Type: new
   Abstract: Large language model (LLM) agents increasingly extend their capabilities at runtime by loading Agent Skills, which pair natural-language specifications (SKILL.md) with executable scripts and resources. Because a skill's behavior relies on both natural-language instructions and executable code, assessing its safety requires cross-modal reasoning, creating a new language-and-code attack surface. Attackers can present a benign workflow in SKILL.
8. Automated Threat Hunting: Turning Threat Intelligence into Executable Hunt Plans (www.rapid7.com, 2026-06-10T16:26:33)
   Score: 16.713
   Blake McDermott is Senior Threat Hunter at Rapid7. Every week, threat hunt teams are faced with a steady flow of blogs, advisories, and DFIR reports containing valuable intelligence about adversary behaviors, tactics, techniques, and procedures. The challenge is turning that intelligence into repeatable, behavior-based hunting logic quickly enough to be useful. Indicators of compromise still have value, but they age quickly. Behavioral detections give defenders a better way to look for how attac
9. From Shield to Target: Denial-of-Service Attacks on LLM-Based Agent Guardrails (arxiv.org, 2026-06-15T04:00:00)
   Score: 16.48
   arXiv:2606.14517v1 Announce Type: new
   Abstract: LLM-based guardrails have emerged as a highly effective defense against prompt injection and jailbreak attacks in autonomous agents. However, we reveal that the very reasoning and task-following capabilities enabling this protection introduce a novel vulnerability: attackers can inject crafted data to trap the guardrail in extended reasoning loops, effectuating a systematic denial-of-service (DoS) attack. To systematically expose this threat, we d
10. Patch Tuesday – June 2026 (www.rapid7.com, 2026-06-09T21:04:53)
    Score: 15.621
    Microsoft is publishing 200 vulnerabilities on June 2026 Patch Tuesday . Microsoft is not aware of exploitation in the wild for any of these vulnerabilities, and is aware of public disclosure for three. This is similar to last month’s Patch Tuesday, however several of last month’s vulnerabilities ended up on CISA KEV in the days following their publication. So far this month, Microsoft has provided patches to address 360 browser vulnerabilities, which is an order of magnitude more than has been
11. SEVRA-BENCH: Social Engineering of Vulnerabilities in Review Agents (arxiv.org, 2026-06-15T04:00:00)
    Score: 14.78
    arXiv:2606.13757v1 Announce Type: new
    Abstract: Large language model (LLM) reviewers are increasingly used in pull-request (PR) workflows, where their approvals help decide which code is merged into a repository. This raises a question that benchmarks for static vulnerability detection or code generation do not address: can an automated reviewer reject a malicious contribution when the attacker controls both the code change and the accompanying PR text? We introduce SEVRA-BENCH (Social Engineer
12. Bayesian-Calibrated Detection of Hallucinated Package Imports in AI-Assisted Code (arxiv.org, 2026-06-15T04:00:00)
    Score: 14.78
    arXiv:2606.13918v1 Announce Type: cross
    Abstract: We present a Bayesian calibration layer for slopsquat detectors — those that flag hallucinated package imports in code produced by large language models (LLMs). Where existing pipelines emit binary decisions (flag / do-not-flag), our layer emits a Beta-posterior probability per detection, derived from a 3-category epistemic taxonomy that explicitly classifies each prior as empirically calibrated, constructively argued, or engineering-judgement-
13. Evaluating LLMs for Obfuscation Detection and Classification in Android Apps (arxiv.org, 2026-06-15T04:00:00)
    Score: 14.78
    arXiv:2606.14233v1 Announce Type: cross
    Abstract: Android applications (apps) developers increasingly rely on code obfuscation techniques to hinder reverse engineering and protect intellectual property. However, obfuscation also reduces the effectiveness of static analysis and vulnerability detection tools, creating challenges for Android security analysis. Existing approaches for detecting obfuscation in Android apps predominantly rely on handcrafted heuristics, engineered features, or task-sp
14. COGNITION: From Evaluation to Defense against Multimodal LLM CAPTCHA Solvers (arxiv.org, 2026-06-15T04:00:00)
    Score: 14.78
    arXiv:2512.02318v4 Announce Type: replace
    Abstract: This paper studies how multimodal large language models (MLLMs) undermine the security guarantees of visual CAPTCHA. We identify the attack surface where an adversary can cheaply automate CAPTCHA solving using off-the-shelf models. We evaluate 7 representative MLLMs on 18 real-world CAPTCHA task types, measuring single-shot accuracy, success under limited retries, end-to-end latency, and per-solve cost. We further validate our findings through
15. Patcher: Post-Hoc Patching of Backdoored Large Language Models (arxiv.org, 2026-06-15T04:00:00)
    Score: 14.78
    arXiv:2606.02995v2 Announce Type: replace
    Abstract: Large language models remain vulnerable to jailbreak backdoor attacks, where adversaries poison safety alignment data to embed hidden triggers that bypass safety mechanisms. Existing defenses often require comprehensive attack information or multiple triggered examples, making them impractical when defenders only observe a single reported failure case without knowing whether it stems from a backdoor attack or a natural alignment bug. This pape
16. SARSteer: Safeguarding Large Audio-Language Models via Safe-Ablated Refusal Steering (arxiv.org, 2026-06-15T04:00:00)
    Score: 14.78
    arXiv:2510.17633v3 Announce Type: replace-cross
    Abstract: Large Audio-Language Models (LALMs) are becoming essential as a powerful multimodal backbone for real-world applications. However, recent studies show that audio inputs can more easily elicit harmful responses than text, exposing new risks toward deployment. While safety alignment has made initial advances in LLMs and Large Vision-Language Models (LVLMs), we find that vanilla adaptation of these approaches to LALMs faces two key limitati
17. Rapid7 Gains Access To Anthropic’s Project Glasswing To Explore Frontier AI For Cybersecurity (www.rapid7.com, 2026-06-09T13:35:36)
    Score: 13.147
    Wade Woolwine is Senior Director, Product Security at Rapid7. Rapid7 is excited to join Anthropic’s Project Glasswing, which includes access to Claude Mythos Preview, giving our teams the opportunity to explore how frontier AI can support legitimate, internal defensive security workflows led by experienced security practitioners. Anthropic has now expanded Project Glasswing from its initial cohort to a broader group of organizations, underscoring how quickly this conversation is moving from mode
18. The Insurability Frontier of AI Risk: Mapping Threats to Affirmative Coverage, Silent Exposures, and Exclusions (arxiv.org, 2026-06-15T04:00:00)
    Score: 12.28
    arXiv:2605.18784v2 Announce Type: replace-cross
    Abstract: The rapid diffusion of agentic AI has created a new coverage problem for commercial insurance: some AI-mediated losses are now affirmatively insured, some create silent-AI exposure under legacy cyber, technology errors-and-omissions (E&O), directors-and-officers (D&O), employment practices liability (EPLI), crime, and media policies, and others are being actively excluded.
    This paper maps that emerging boundary by coding 55 AI
19. Security in a Workflow: Exploring Role-Based Agentic Architectures for Vulnerability Handling (arxiv.org, 2026-06-15T04:00:00)
    Score: 11.48
    arXiv:2606.14261v1 Announce Type: new
    Abstract: Secure software engineering in practice is a multi-stage workflow involving vulnerability analysis, remediation, and fix verification. However, current LLM-based software security approaches often focus on isolated tasks such as detection or patch generation, with limited attention to agentic architectures reflecting industrial workflow. This creates a gap between existing LLM-based vulnerability-handling methods and real-world practices. In this
20. Rotation-Invariant Spherical Watermarking via Third-Order SO(3) Representation Coupling (arxiv.org, 2026-06-15T04:00:00)
    Score: 11.48
    arXiv:2605.26702v3 Announce Type: replace-cross
    Abstract: Reliable watermarking of panoramic imagery is fundamentally challenged by arbitrary 3D rotations. As panoramas are defined on the sphere, they naturally transform under the action of $SO(3)$, rendering conventional planar representations and augmentation-based robustness strategies inadequate and devoid of theoretical guarantees. To address this, we formulate panoramas as spherical signals and leverage $SO(3)$ representation theory to de
21. Build an AI-Powered Equipment Repair Assistant Using Amazon Bedrock AgentCore (aws.amazon.com, 2026-06-10T15:21:35)
    Score: 11.302
    In this post, you build an AI-powered equipment repair assistant using Amazon Bedrock AgentCore that helps farmers and field technicians diagnose equipment problems, identify required parts, and access manufacturer-approved repair procedures through natural language. The solution uses AgentCore Runtime with the Strands Agents SDK, Amazon Nova 2 Lite as the foundation model, Amazon Bedrock Knowledge Base for retrieval-augmented generation (RAG), and AgentCore Memory for conversation persistence.
22. Anthropic Disputes Fable 5 AI Jailbreak (www.securityweek.com, 2026-06-12T08:43:06)
    Score: 10.813
    An AI hacker claims to have achieved a prompt-based jailbreak shortly after Fable 5’s launch, but Anthropic says it’s not a real jailbreak. The post Anthropic Disputes Fable 5 AI Jailbreak appeared first on SecurityWeek .
23. The June 2026 Security Update Review (www.thezdi.com, 2026-06-09T18:12:18)
    Score: 10.592
    I’ve made it through Pwn2Own Berlin, had a little vacation, and now I’m back for Patch Tuesday. Microsoft and Adobe didn’t disappoint. In fact, they have heralded my return with the largest Patch Tuesday release ever. Thanks? Take a break from your regularly scheduled activities and let’s take a look at the latest security patches from Adobe and Microsoft. If you’d rather watch the full video recap covering the entire release, you can check it out here: Adobe Patches for June 2026 For May, June
24. Securing CI/CD in an agentic world: Claude Code Github action case (www.microsoft.com, 2026-06-05T16:46:47)
    Score: 10.226
    Microsoft Threat Intelligence identified a prompt injection pathway in Claude Code GitHub Action that allowed access to workflow secrets under specific conditions. This research examines the attack chain, responsible disclosure process, Anthropic's mitigation, and guidance for securing AI-powered CI/CD workflows. The post Securing CI/CD in an agentic world: Claude Code Github action case appeared first on Microsoft Security Blog .
25. Reconstructing AI activity in investigations (www.microsoft.com, 2026-06-09T17:35:06)
    Score: 9.586
    Learn how to investigate AI activity in Microsoft 365 Copilot and Azure AI services using a structured, telemetry-driven approach. This playbook helps security teams reconstruct events, assess data exposure, and detect potential threats faster. The post Reconstructing AI activity in investigations appeared first on Microsoft Security Blog .

Auto-generated 2026-06-15