Weekly Threat Intelligence Summary

Top 10 General Cyber Threats

Generated 2026-06-29T05:00:05.629480+00:00

1. Evaluating Mexico’s New Cybersecurity Plan (www.recordedfuture.com, 2026-06-25T00:00:00)
   Score: 10.299
   Explore an analysis of Mexico’s 2025–2030 National Cybersecurity Plan. Discover how Mexico is addressing critical threats like ransomware, organized crime, and AI-driven attacks while preparing its digital infrastructure for the 2026 FIFA World Cup and beyond
2. Malware steals Chrome session cookies to take over your accounts (www.malwarebytes.com, 2026-06-26T12:44:01)
   Score: 7.754
   A phishing campaign installs a malicious Chrome extension to hijack browser sessions and compromise Windows devices.
3. Watch out for renewal scams pretending to be Malwarebytes (www.malwarebytes.com, 2026-06-24T14:18:13)
   Score: 7.431
   Scammers are sending fake software renewal notices that claim you've been charged for a subscription. Some even impersonate Malwarebytes.
4. “Total access to all your devices.” Sextortion scammers strike again (www.malwarebytes.com, 2026-06-24T10:48:20)
   Score: 7.407
   They say they have videos, malware, and total control of your devices. Here's how to read a sextortion email like a security researcher instead of a victim.
5. Inside the dark web: Stolen identities for 95¢, malware, and scams-for-hire (www.malwarebytes.com, 2026-06-23T15:52:17)
   Score: 7.275
   We spent 48 hours exploring the dark web and found stolen identities, malware, scams, and a thriving cybercrime economy.
6. Update Chrome to patch critical browser security flaws (www.malwarebytes.com, 2026-06-25T11:04:48)
   Score: 7.076
   Chrome has patched 18 vulnerabilities, including four critical flaws. Two WebGL bugs could allow attackers to escape the browser's security sandbox.
7. PixelSmash flaw turns video files into attack tools (www.malwarebytes.com, 2026-06-24T17:23:41)
   Score: 6.953
   Researchers have found a critical FFmpeg flaw that could let attackers use a malicious video file to compromise vulnerable systems.
8. Nearly 15,000 infected websites cleaned in SocGholish crackdown (www.malwarebytes.com, 2026-06-19T16:05:53)
   Score: 6.61
   Thousands of everyday websites were cleaned as part of a global operation targeting the malware network behind fake browser update scams.
9. Apple patches Beats Studio Buds flaw that could turn earbuds into a wiretap (www.malwarebytes.com, 2026-06-19T11:47:16)
   Score: 6.58
   Apple has patched a year-old Bluetooth vulnerability that could have let nearby attackers listen through Beats Studio Buds' microphone.
10. Microsoft working on a fix for RoguePlanet, a flaw that grants full PC control (www.malwarebytes.com, 2026-06-18T12:58:30)
    Score: 6.422
    Microsoft says it's working on a fix for an unpatched Defender vulnerability that can give attackers the highest level of access on Windows.

Top 10 AI / LLM-Related Threats

Generated 2026-06-29T06:00:16.062398+00:00

1. Criminal AI-as-a-Service in 2026: How the Underground Market Is Operationalizing Cybercrime (www.rapid7.com, 2026-06-11T13:00:00)
   Score: 21.584
   Introduction The underground market for criminally oriented generative AI has moved beyond the early hype surrounding 'malicious chatbots.' The gradual integration of AI as a productivity layer within cybercrime operations has become the dominant story, indicating that while the potential for fully autonomous AI hacking systems is possible, attackers are not embracing them as expected. Instead, threat actors are increasingly using AI to accelerate routine, but operationally significant
2. A Plug-and-Play Method for Improving Imperceptibility and Capacity in Practical Generative Text Steganography (arxiv.org, 2026-06-29T04:00:00)
   Score: 19.78
   arXiv:2412.19652v5 Announce Type: replace
   Abstract: Linguistic steganography embeds secret information into seemingly innocuous text to safeguard privacy under surveillance. Generative linguistic steganography leverages the probability distributions of language models (LMs) and applies steganographic algorithms during generation, and has attracted increasing attention with the rise of large language models (LLMs). To strengthen security, prior work has focused on distribution-preserving stegano
3. MetaBreak: Jailbreaking Online LLM Services via Special Token Manipulation (arxiv.org, 2026-06-29T04:00:00)
   Score: 19.78
   arXiv:2510.10271v2 Announce Type: replace
   Abstract: Unlike regular tokens derived from existing text corpora, special tokens are artificially created to annotate structured conversations during the fine-tuning process of Large Language Models (LLMs). Serving as metadata of training data, these tokens play a crucial role in instructing LLMs to generate coherent and context-aware responses. We demonstrate that special tokens can be exploited to construct four attack primitives, with which malicio
4. On the Inseparability of Instructions and Data in Shared-Embedding Sequence Models (arxiv.org, 2026-06-29T04:00:00)
   Score: 18.48
   arXiv:2606.27567v1 Announce Type: new
   Abstract: Prompt injection is the top security risk for LLM-integrated applications, yet every defense proposed so far has been broken. We prove this is not a coincidence: in shared-embedding architectures that lack enforced control-data separation, perfect prompt-injection prevention is mathematically impossible. We formalize prompted systems as Prompted Action Models whose outputs include control-authoritative actions: refusal decisions, tool authorizatio
5. When the Aggregator Cheats: Data-Free Backdoors in Federated LLM-based QA Systems (arxiv.org, 2026-06-29T04:00:00)
   Score: 17.78
   arXiv:2606.27511v1 Announce Type: new
   Abstract: Large Language Model (LLM)-based question-answering (QA) systems are increasingly deployed in sensitive domains such as healthcare, mental health counseling, and legal consultation. Federated learning (FL) enables collaborative training without sharing raw client data, for which locally trained models are aggregated at a central server (i.e., a cloud service provider) to obtain a global model. In this paper, we explore the potential vulnerability
6. Robust Harmful Features Under Jailbreak Attacks: Mechanistic Evidence from Attention Head Specialization in Large Language Models (arxiv.org, 2026-06-29T04:00:00)
   Score: 17.78
   arXiv:2606.28153v1 Announce Type: new
   Abstract: Jailbreak attacks bypass LLM safety alignment, yet their mechanisms remain poorly understood. We provide evidence that attacks do not comprehensively eliminate safety features, but instead selectively suppress specific attention heads. We identify two functionally differentiated types: Adversarially Compromised Heads (ACHs) concentrated in early layers, which are suppressed under attacks, and Safety-Aligned Heads (SAHs) in mid-layers, which mainta
7. PRISON: Unmasking the Criminal Potential of Large Language Models (arxiv.org, 2026-06-29T04:00:00)
   Score: 17.78
   arXiv:2506.16150v4 Announce Type: replace
   Abstract: As large language models (LLMs) advance, concerns about their misconduct in complex social contexts intensify. Existing research overlooked the systematic understanding and assessment of their criminal capability in realistic interactions. We propose a unified framework PRISON, to quantify LLMs' criminal potential across five traits: False Statements, Frame-Up, Psychological Manipulation, Emotional Disguise, and Moral Disengagement. Using
8. ToolPrivacyBench: Benchmarking Purpose-Bound Privacy in Tool-Using LLM Agents (arxiv.org, 2026-06-29T04:00:00)
   Score: 14.78
   arXiv:2606.28061v1 Announce Type: new
   Abstract: Large language models (LLMs) have increasingly moved from standalone text generation systems to agents that invoke external tools, access environments, and execute multi-step tasks. However, conventional function-calling benchmarks mainly evaluate task completion and API correctness, while privacy evaluation benchmarks typically focus on final responses or privacy judgments. Neither perspective captures purpose-bound information flow across an exe
9. DMind Benchmark: Toward a Holistic Assessment of LLM Capabilities across the Web3 Domain (arxiv.org, 2026-06-29T04:00:00)
   Score: 14.78
   arXiv:2504.16116v4 Announce Type: replace
   Abstract: The Web3 ecosystem, underpinned by cryptographic primitives and decentralized consensus, represents a high-stakes environment where software vulnerabilities and incentive misalignments translate directly into financial loss. As Large Language Models (LLMs) are increasingly integrated into this domain for tasks ranging from smart contract auditing to decentralized finance analytics, ensuring their reliability is paramount. However, general-purp
10. Seven Security Challenges That Must be Solved in Cross-domain Multi-agent LLM Systems (arxiv.org, 2026-06-29T04:00:00)
    Score: 14.78
    arXiv:2505.23847v4 Announce Type: replace
    Abstract: Large language models (LLMs) are rapidly evolving into autonomous agents that cooperate across organizational boundaries, enabling joint disaster response, supply-chain optimization, and other tasks that demand decentralized expertise without surrendering data ownership. Yet, cross-domain collaboration shatters the unified trust assumptions behind current alignment and containment techniques. An agent benign in isolation may, when receiving me
11. Build a protein research copilot with Amazon Bedrock AgentCore (aws.amazon.com, 2026-06-23T16:39:34)
    Score: 14.777
    This post shows you how to build a conversational protein research assistant that combines three capabilities: Natural language query parsing to extract structured search parameters, vector similarity search over protein embeddings using a specialized language model and ai-generated scientific summaries of search results.
12. PYPILINE: Malicious PyPI Package Detection via Suspicious API Knowledge and Agent Workflow (arxiv.org, 2026-06-29T04:00:00)
    Score: 14.48
    arXiv:2606.19063v3 Announce Type: replace
    Abstract: Detecting malicious PyPI packages is crucial for maintaining the security of the open source software supply chain. Traditional static rule detection methods require continuous maintenance by experienced security personnel, resulting in high labor costs. Dynamic analysis methods require actual execution of the target package code, posing a risk of malicious code proliferation, and incurring significant runtime overhead and low detection effici
13. Automated Threat Hunting: Turning Threat Intelligence into Executable Hunt Plans (www.rapid7.com, 2026-06-10T16:26:33)
    Score: 13.38
    Blake McDermott is Senior Threat Hunter at Rapid7. Every week, threat hunt teams are faced with a steady flow of blogs, advisories, and DFIR reports containing valuable intelligence about adversary behaviors, tactics, techniques, and procedures. The challenge is turning that intelligence into repeatable, behavior-based hunting logic quickly enough to be useful. Indicators of compromise still have value, but they age quickly. Behavioral detections give defenders a better way to look for how attac
14. Patch Tuesday – June 2026 (www.rapid7.com, 2026-06-09T21:04:53)
    Score: 12.288
    Microsoft is publishing 200 vulnerabilities on June 2026 Patch Tuesday . Microsoft is not aware of exploitation in the wild for any of these vulnerabilities, and is aware of public disclosure for three. This is similar to last month’s Patch Tuesday, however several of last month’s vulnerabilities ended up on CISA KEV in the days following their publication. So far this month, Microsoft has provided patches to address 360 browser vulnerabilities, which is an order of magnitude more than has been
15. Agentic AI-Powered Re-Identification: An Emerging, Scalable Threat to Mobility Microdata Privacy (arxiv.org, 2026-06-29T04:00:00)
    Score: 11.78
    arXiv:2606.27936v1 Announce Type: new
    Abstract: The widespread collection of fine-grained location data by commercial data brokers creates a re-identification risk that is not widely recognised by the public. While prior research has established that mobility traces are highly unique and that individuals can, in principle, be identified from a handful of spatio-temporal points, such attacks have historically required significant manual effort from skilled analysts, limiting their practical scal
16. SHARD: cell-keyed residual splitting for alignment-resistant private dense retrieval (arxiv.org, 2026-06-29T04:00:00)
    Score: 11.48
    arXiv:2606.27976v1 Announce Type: new
    Abstract: Dense embeddings underpin semantic search and RAG, yet a leaked vector store hands much of the underlying text back to whoever holds it. The attacks that make this possible (few-shot alignment, zero-shot inversion, unsupervised cross-space translation) share one weakness: the protected store is a single global geometry that can be aligned to a known one. A secret global rotation, the usual lightweight defence, is no exception: orthogonal Procruste
17. MIRAGE: Protecting against Malicious Image Editing via False Moderation (arxiv.org, 2026-06-29T04:00:00)
    Score: 11.48
    arXiv:2606.26199v2 Announce Type: replace
    Abstract: The proliferation of AI-powered image editing systems raises serious concerns because it allows personal images to be arbitrarily manipulated at scale, with minimal effort, and a lower barrier to entry. Prior work on image immunization adds imperceptible perturbations to an image to protect against unauthorized manipulations. However, these methods usually require access to the model weights and the image manipulating prompt. This significantl
18. Embed the world: Multimodal AI for searchable aerial imagery at scale (aws.amazon.com, 2026-06-22T16:32:15)
    Score: 9.838
    In this post, we walk through the problem space, our architecture on Amazon Bedrock and Amazon OpenSearch Serverless, the evaluation methodology we built on OpenStreetMap ground truth, four experiments that compared embedding models, fusion strategies, captioning, and search methods, and the practical guidance you can apply when building a similar system. You’ll learn which design choices move the needle for geospatial semantic search, including why Amazon Nova Multimodal Embeddings delivered th
19. Run a vLLM Server on HF Jobs in One Command (huggingface.co, 2026-06-26T00:00:00)
    Score: 9.826
20. Rapid7 Gains Access To Anthropic’s Project Glasswing To Explore Frontier AI For Cybersecurity (www.rapid7.com, 2026-06-09T13:35:36)
    Score: 9.813
    Wade Woolwine is Senior Director, Product Security at Rapid7. Rapid7 is excited to join Anthropic’s Project Glasswing, which includes access to Claude Mythos Preview, giving our teams the opportunity to explore how frontier AI can support legitimate, internal defensive security workflows led by experienced security practitioners. Anthropic has now expanded Project Glasswing from its initial cohort to a broader group of organizations, underscoring how quickly this conversation is moving from mode
21. How Cara pioneers domain-specific AI for enterprise insurance brokerages with AWS (aws.amazon.com, 2026-06-26T14:42:20)
    Score: 9.772
    In this post, we explore how Cara, built in cooperation with AWS, addresses these challenges. We walk through the technical design decisions and the AWS services that support the solution. We also share measurable outcomes Cara has delivered for enterprise brokerages.
22. Retrofit, don’t rebuild: Agentic overlays for transforming legacy enterprise services (aws.amazon.com, 2026-06-25T17:55:10)
    Score: 9.566
    In this technical collaboration between AWS and the authors, we present a pragmatic solution: agentic overlays. Agentic overlays are thin wrapper layers that transform traditional REST-based services into agents capable of participating in A2A interactions. They also expose REST APIs as tools compatible with the Model Context Protocol (MCP). Together, they let enterprises add A2A capabilities to existing REST services without rewriting business logic, without duplicating code, and without runnin
23. Exploring and Exploiting Synchrony Limitations of Time-Triggered Network-Agnostic Guardians (arxiv.org, 2026-06-29T04:00:00)
    Score: 9.48
    arXiv:2606.27819v1 Announce Type: new
    Abstract: Time-triggered communication protocols rely on trusted components known as guardians to enforce adherence to predetermined network schedules. Network-agnostic guardians offer an efficient and scalable distributed solution with reduced implementation cost and complexity compared to network-aware alternatives. However, this efficiency is based on the guardian's dependence on the controlled node for clock synchronization, which introduces a vuln
24. AdvancedShelLM: A Stateful Multi-Agent LLM Honeypot for SSH Deception (arxiv.org, 2026-06-29T04:00:00)
    Score: 9.48
    arXiv:2606.27990v1 Announce Type: new
    Abstract: LLM-based SSH honeypots can generate believable interactions, but evaluations indicate they remain somewhat identifiable to determined attackers, indicating the need for a better scaffolding. We present a new LLM-based honeypot design that uses a multi-agent, multi-LLM architecture to address the limitations of the previous shelLM LLM honeypot. Our honeypot, called AdvancedShelLM, uses two LLM agents, a Manager and a Worker, that better understand
25. ToE: A Hierarchical and Explainable Claim Verification Framework with Dynamic Multi-source Evidence Retrieval and Aggregation (arxiv.org, 2026-06-29T04:00:00)
    Score: 9.48
    arXiv:2606.27736v1 Announce Type: cross
    Abstract: The rapid spread of fake news poses increasing threats to information ecosystems, especially as AI-generated misinformation under Generative Engine Optimization (GEO) poisoning allows adversarially crafted content to be systematically surfaced by retrieval systems, contaminating LLM reasoning. In this paper, we propose Tree of Evidence (ToE), a hierarchical evidence reasoning framework for automated fact-checking that models each claim as a dyna

Auto-generated 2026-06-29