Weekly Threat Intelligence Summary
Top 10 General Cyber Threats
Generated 2026-07-06T05:00:05.545502+00:00
- Verified X ad spreads Mac malware, while ConsentFix steals Microsoft accounts (www.malwarebytes.com, 2026-07-03T13:30:36)
Score: 9.759
Two new campaigns show how cybercriminals are increasingly relying on social engineering instead of software exploits to compromise devices and accounts. - Evaluating Mexico’s New Cybersecurity Plan (www.recordedfuture.com, 2026-06-25T00:00:00)
Score: 9.132
Explore an analysis of Mexico’s 2025–2030 National Cybersecurity Plan. Discover how Mexico is addressing critical threats like ransomware, organized crime, and AI-driven attacks while preparing its digital infrastructure for the 2026 FIFA World Cup and beyond - Browser Security: Zero-Days Are Only Part of the Problem (www.crowdstrike.com, 2026-06-30T05:00:00)
Score: 8.2 - Apple’s Hide My Email doesn’t hide it very well (www.malwarebytes.com, 2026-07-02T16:22:25)
Score: 7.612
A year ago a researcher found a vulnerability in Apple's Hide My Email feature and now he's tired of waiting for a fix. - Fake Google and Cloudflare verification pages spread multiple malware families (www.malwarebytes.com, 2026-07-02T16:05:08)
Score: 7.61
We uncovered ClickFix attacks using fake Google and Cloudflare pages to deliver everything from infostealers to a newly discovered malware loader. - Iran-Nexus TAG-182 Disseminates MarkiRAT Surveillance Tool (www.recordedfuture.com, 2026-07-01T00:00:00)
Score: 7.332
Discover how Iranian-nexus threat cluster TAG-182 uses MarkiRAT malware and fake VPN/media apps to conduct cyber surveillance operations against domestic targets. - 119 Edge extensions promised useful tools, instead downloaded malware (www.malwarebytes.com, 2026-06-29T14:41:18)
Score: 7.101
Microsoft has removed over 100 Edge extensions that were delivering malware hidden in images. - Chrome needs another whopper update to fix 382 security bugs (www.malwarebytes.com, 2026-07-01T11:40:49)
Score: 6.913
Google's released a huge update of 382 security fixes, 15 of which were rated as critical. So, it's time to update again! - Malware steals Chrome session cookies to take over your accounts (www.malwarebytes.com, 2026-06-26T12:44:01)
Score: 6.587
A phishing campaign installs a malicious Chrome extension to hijack browser sessions and compromise Windows devices. - Watch out for renewal scams pretending to be Malwarebytes (www.malwarebytes.com, 2026-06-24T14:18:13)
Score: 6.265
Scammers are sending fake software renewal notices that claim you've been charged for a subscription. Some even impersonate Malwarebytes.
Top 10 AI / LLM-Related Threats
Generated 2026-07-06T06:00:15.899261+00:00
- Formalizing Red Teaming Offensive Methodology as a Multi-Agent AI Architecture (www.rapid7.com, 2026-07-02T13:32:24)
Score: 17.622
Threat actors are integrating AI into their exploit chains, accelerating reconnaissance, automating vulnerability discovery, and scaling social engineering in ways that compress the timeline between initial access and impact. The barrier to sophisticated offensive operations is dropping fast. Rapid7's Red Team is doing the same. Over the past year we formalized our approach into a structured multi-agent system that follows our penetration testing methodology end-to-end from scoping an engag - HippoRAG: Neurobiologically inspired RAG using Amazon Bedrock, Amazon Neptune, and personalized PageRank (aws.amazon.com, 2026-07-01T18:01:32)
Score: 16.329
In this post, we demonstrate how to implement HippoRAG using a comprehensive AWS stack. We use Amazon Bedrock for LLM capabilities, Amazon Neptune for graph database functionality, Amazon Neptune Analytics for advanced graph algorithms including Personalized PageRank, and Amazon Titan Embeddings for vector representations. This implementation showcases how to build and deploy HippoRAG within AWS infrastructure for enterprise-scale applications. - Run NVIDIA Nemotron and OpenAI GPT OSS models on Amazon Bedrock in AWS GovCloud (US) (aws.amazon.com, 2026-07-01T18:14:34)
Score: 12.331
We're excited to introduce US-based frontier open-weight models in AWS GovCloud (US). With this release, Amazon Bedrock now supports OpenAI’s open-weight GPT OSS models (120B and 20B) and NVIDIA Nemotron (Nano 9B v2, Nano 12B v2, Nano 30B, Super 120B) models. In this post, we cover these models and their capabilities, the inference options for data residency, the available service tiers and how to get started. - Phantom Squatting: AI-Hallucinated Domains as a Software Supply Chain Vector (unit42.paloaltonetworks.com, 2026-07-01T01:00:11)
Score: 11.56
Attackers can exploit LLM domain hallucinations through phantom squatting to target supply chains. Read the analysis to learn more. The post Phantom Squatting: AI-Hallucinated Domains as a Software Supply Chain Vector appeared first on Unit 42 . - Implementing resilience patterns with Amazon Bedrock and LLM gateway (aws.amazon.com, 2026-06-30T16:40:47)
Score: 11.077
In this post, you will learn five practical patterns for building resilient generative AI applications on AWS, progressing from native Amazon Bedrock features to multi-model orchestration using an LLM gateway. These patterns address real-world challenges such as quota exhaustion during unexpected traffic surges, maximizing availability through geographic distribution of inference, and helping prevent noisy neighbor problems in multi-tenant environments. - Multi-tenant LLM analytics with row-level security: How we built a secure agent on AWS (aws.amazon.com, 2026-06-29T17:39:29)
Score: 10.849
In this post, we show you how PAR built a production-ready multi-tenant LLM analytics system that enforces row-level security through a three-layer architecture: cryptographic request signing with AWS SigV4, semantic validation on Amazon Bedrock, and programmatic data isolation via Split-Plane SQL. We demonstrate how each layer operates independently to reduce the risk of cross-tenant data exposure, even when the LLM itself is compromised or manipulated. - Build generative UI for AI agents on Amazon Bedrock AgentCore with the AG-UI protocol (aws.amazon.com, 2026-06-30T16:46:17)
Score: 10.478
This post walks through how AG-UI integrates into the Fullstack AgentCore Solution Template (FAST) to build interactive agent frontends on Amazon Bedrock AgentCore. We then show how CopilotKit extends this with generative UI, shared state, and human-in-the-loop interactions, all deployed on Amazon Bedrock AgentCore. - Introducing Claude Sonnet 5 on AWS: Anthropic’s most capable Sonnet model (aws.amazon.com, 2026-06-30T18:40:09)
Score: 10.097
Today, we’re excited to announce the availability of Anthropic’s most advanced Sonnet model, Claude Sonnet 5, on Amazon Bedrock and Claude Platform on AWS. Claude Sonnet 5 is the first Sonnet model of Anthropic’s latest generation and represents a meaningful step forward. It delivers top-tier intelligence at Sonnet pricing for coding, agents, and everyday professional […] - Pair Nova 2 Lite with Claude for cost-optimized document processing (aws.amazon.com, 2026-06-29T17:52:33)
Score: 9.851
In this post, we show how pairing Amazon Nova 2 Lite with Anthropic’s Claude Sonnet 4.6 delivers an efficient solution for digitizing scanned documents at scale. We built a two-model pipeline on Amazon Bedrock for digitizing scanned yearbook pages. Amazon Nova 2 Lite handles native multimodal extraction in a single call: detecting photos, extracting visible names with coordinates, and returning page-level metadata. Claude Sonnet 4.6 then performs spatial reasoning to match names to faces based o - Critical Cursor AI Code Editor Flaws Could Lead to OS-Level Remote Code Execution (www.securityweek.com, 2026-07-03T07:57:53)
Score: 9.805
The DuneSlide vulnerabilities enable zero-click prompt injection attacks that escape Cursor's sandbox and execute arbitrary code on the underlying operating system. The post Critical Cursor AI Code Editor Flaws Could Lead to OS-Level Remote Code Execution appeared first on SecurityWeek . - Modernizing Global Vulnerability Standards For The Age Of AI (www.rapid7.com, 2026-06-29T12:37:04)
Score: 8.899
As AI-driven vulnerability discovery accelerates, the cybersecurity ecosystem is being forced to examine whether the standards, disclosure processes, and prioritization frameworks defenders rely on can still keep pace. Many of those systems were built around human-speed discovery, manageable vulnerability volumes, and exploitability confirmed after the fact, which leaves them under increasing strain as frontier AI capabilities mature. During a private sector consultation with the White House in - Agentic AI Used to Conduct Ransomware Attack via Langflow (www.securityweek.com, 2026-07-03T11:00:00)
Score: 8.835
Attack demonstrates how LLM agents can combine known exploitation techniques with real-time reasoning to automate complex, multi-stage intrusions. The post Agentic AI Used to Conduct Ransomware Attack via Langflow appeared first on SecurityWeek . - How Amazon Bedrock catches AI-generated phishing (aws.amazon.com, 2026-07-02T17:55:41)
Score: 8.566
Social engineering through phishing remains one of the most common tactics for launching cyberattacks. AI-generated phishing email messages now pose a new challenge for security teams managing email systems, significantly raising the risk because of their advanced sophistication. Modern social engineers use generative AI and open source intelligence (OSINT) to craft thousands of unique messages […] - 5 Myths About AI in the SOC Security Teams Need to Rethink (www.rapid7.com, 2026-07-01T15:26:27)
Score: 8.403
AI is now part of almost every conversation in security operations. Most teams are already investing in it, experimenting with it, or trying to understand where it fits. The challenge is not whether to adopt AI, but how to apply it in a way that actually improves outcomes. At the Rapid7 Global Cybersecurity Summit, the session The AI Dilemma: Automating Defense Without Surrendering Judgment explores how AI is being used in the SOC today, and where it creates real value in practice. The discussio - The June 2026 Apple Security Update Review (www.thezdi.com, 2026-07-01T15:03:53)
Score: 8.399
We’re back with our look at the Apple macOS and iOS security updates. As this is a new feature for us, please let us know your feedback on the blog. For Jun 2026, Apple released 37 unique CVEs across iOS 26.5.2 / iPadOS 26.5.2, macOS Tahoe 26.5.2, Safari 26.5.2. Since Apple doesn’t provide CVSS scores or other severity information, we’re left to speculate on which of these bugs is the most severe. The overwhelming majority (31 of 37) are WebKit/WebRTC bugs reachable through malicious web content - How Inscribe uses Amazon Bedrock to stop document fraud in seconds (aws.amazon.com, 2026-07-01T17:53:16)
Score: 8.327
In this post, you will learn how Inscribe developed an agentic AI system using Amazon Bedrock that reasons across documents the way an expert fraud analyst would. With this new agentic AI system, Inscribe now detects tampered, fabricated, and AI-generated financial documents in under 90 seconds. This is a 20x improvement over traditional manual review, while maintaining the accuracy and explainability required by financial services regulations. - Simplify model selection in Amazon Bedrock with the open source Model Profiler (aws.amazon.com, 2026-07-01T17:46:54)
Score: 8.326
The Amazon Bedrock Model Profiler is an open source tool that aggregates model metadata from multiple AWS APIs and external sources into a single, searchable interface. In this post, you’ll learn what the Model Profiler provides, the real-world scenarios it supports, and how to deploy it in your own environment in under five minutes. - Safely Releasing Frontier Models to Customers (aws.amazon.com, 2026-07-01T03:13:19)
Score: 8.182
It’s our goal for AWS to be the most secure place to run any workload, and in support of that we’ve been deeply investing in security across our services since AWS's inception more than two decades ago. Our AI services like Amazon Bedrock are built on this foundation and with the same focus. - Run a vLLM Server on HF Jobs in One Command (huggingface.co, 2026-06-26T00:00:00)
Score: 8.159 - Simplify multi-account access to Amazon Bedrock models with managed entitlements (aws.amazon.com, 2026-06-30T16:42:49)
Score: 8.078
In this post, we show you how to use managed entitlements for Amazon Bedrock to subscribe once from a central account and distribute model access across your organization. This approach removes the need for AWS Marketplace permissions in workload accounts. - Building bilingual NER for cargo logistics with Amazon Bedrock (aws.amazon.com, 2026-06-30T16:33:46)
Score: 8.076
In this post, we share the technical approach using token-based distillation, lessons learned, and deployment architecture. If you face similar bilingual NER challenges, you can benefit from IBS Software’s experience with the Amazon Bedrock knowledge distillation capabilities. - ChatGPT produced graphic violent images that shocked researchers (www.malwarebytes.com, 2026-07-01T09:10:01)
Score: 8.041
AI assistants like ChatGPT are supposed to have appropriate guardrails to stop people creating harmful content. However, they don't always work. - Why Security Teams Need To Start Earlier (www.rapid7.com, 2026-06-18T14:45:55)
Score: 7.801
Security leaders are facing an unusual set of circumstances. The drumbeat for better security prioritization has been rising for years in boardrooms around the world. The desire is there, but the processes of the past aren’t meeting the needs of the new moment we find ourselves in. That gap is not a technology problem. It's an operating model problem. At the opening keynote of Rapid7’s 2026 Global Cybersecurity Summit, Craig Adams, Chief Product Officer, Rapid7, Brian Castagna, CSO, Rapid7 - Trump Administration Lifts Restrictions on Anthropic’s Claude Models After Cybersecurity Alarm (www.securityweek.com, 2026-07-02T11:01:48)
Score: 7.597
Anthropic said Tuesday night that its AI model called Claude Fable 5 is now widely available. The post Trump Administration Lifts Restrictions on Anthropic’s Claude Models After Cybersecurity Alarm appeared first on SecurityWeek . - Experimenting with the proposed Cross-Origin Storage API in Transformers.js (huggingface.co, 2026-06-23T00:00:00)
Score: 7.445
Auto-generated 2026-07-06
