šŸ” IT News Analyzer

// AI-powered news analysis

Latest Top 10 Articles

1
236,000 DCloud Uni-App Sites Used in Crypto Scams, Phishing, and Wallet Drainers

236,000 DCloud Uni-App Sites Used in Crypto Scams, Phishing, and Wallet Drainers

New findings unearthed by Infoblox show that more than 236,000 websites are using investment scam templates built using a legitimate Chinese open-source, cross-platform application development framework called DCloud Uni-App . The templates power bogus cryptocurrency exchanges, multi-language pig-butchering operations, WhatsApp phishing networks, fake gambling platforms, brand-impersonation sites, and crypto wallet drainers. A total of 236,493 distinct second-level domains have been identified by the DNS threat intelligence company. "For the last two years, there's been a dramatic scaling up of scam websites using the DCloud framework, and operators of these sites continue to launch complex real-world schemes to trick victims," Infoblox said in an exhaustive report published last week. It's being assessed that unknown threat actors are selling DCloud investment scam templates, although there are indications of centralized ownership across a significant chunk o...

ī ‚Jun 29, 2026
3
Why Post-Quantum Cryptography Starts With Credentials

Why Post-Quantum Cryptography Starts With Credentials

Today’s encrypted data, such as credentials, may no longer remain confidential in the future because the public-key cryptography protecting it will soon be broken by quantum computers. Although no machine today can break elliptic curve cryptography or RSA, quantum hardware is advancing rapidly and will inevitably change how organizations protect their data. Ciphertext and credentials captured by attackers can now be stored and decrypted as soon as quantum computing catches up. How urgent is quantum-resistant cryptography? The Global Risk Institute’s 2025 Quantum Threat Timeline report shows that surveyed security specialists believe a cryptographically relevant quantum computer is likely to be available within 15 years, with 51-70% indicating so. The threat dates back to 1994, when Peter Shor proved that a powerful quantum computer could efficiently factor large numbers and compute discrete logarithms. However, Shor’s algorithm applies to public-key cryptography, posing no meani...

ī ‚Jun 29, 2026
4
Gamaredon Expands Ukraine Attacks with New Malware and Cloud Service Abuse

Gamaredon Expands Ukraine Attacks with New Malware and Cloud Service Abuse

A Russian advanced persistent threat (APT) group has continued to evolve and expand its malware arsenal as part of its ongoing cyber onslaught against Ukraine throughout 2025. Slovakian cybersecurity company ESET said it observed 35 distinct spear-phishing campaigns mounted by Gamaredon against new targets, with most of them taking place in the second half of the year. Primary targets of these efforts include Ukrainian governmental and military institutions. "Throughout 2025, Gamaredon stayed highly active and remained focused solely on Ukraine," ESET said . "The group's ultimate goal continues to be the exfiltration of sensitive information and other critical data that could be exploited to support Russian interests in the ongoing war in Ukraine." The spear-phishing campaigns make use of archive attachments or XHTML files that employ HTML smuggling to deliver malicious HTA downloaders that are responsible for dropping additional payloads, such as PteroS...

ī ‚Jun 29, 2026
5
Microsoft Removes 119 Edge Extensions That Hid Malware in Images and Fonts

Microsoft Removes 119 Edge Extensions That Hid Malware in Images and Fonts

Microsoft has shut down a long-running malicious extension operation on the Edge Add-ons store that hid its payloads inside ordinary image and font files, then woke up days after install to steal credentials and run ad fraud. The company calls itĀ  StegoAd , a mash-up of steganography and adware, and ties 119 extensions to a single threat actor it says has been active since at least 2021. The extensions were the kind people install without a second thought: ad blockers, VPNs, translators, video downloaders. Each one did its job and earned reviews. The malicious code stayed dormant until the extension cleared a stack of evasion checks, which is how it sat in the store for years. Combined, the 119 extensions had an install base of up to 2.6 million users. Microsoft is clear that this is a ceiling, not a victim count. A multi-day delay, server-side validation, and a 10% execution gate on some variants meant the payload never fired for many installs. How many people were actual...

ī ‚Jun 29, 2026
6
Public PoC Released for Critical libssh2 CVE-2026-55200 Client-Side SSH Flaw

Public PoC Released for Critical libssh2 CVE-2026-55200 Client-Side SSH Flaw

A public proof-of-concept is now out for CVE-2026-55200 , a critical flaw in libssh2 that lets a malicious or compromised SSH server trigger memory corruption on a connecting client, with possible code execution. No credentials, no user interaction. The bug affects every release up to and including 1.11.1 and carries a CVSS 4.0 score of 9.2 . libssh2 is a client-side SSH library, not a server. That distinction matters. It is embedded in curl, Git, PHP, backup agents, firmware updaters, and a long tail of appliances. Anything that links it and reaches out to an untrusted SSH endpoint is a potential target. Many of those copies are statically linked, so a distro package update will not touch them, and you may not know they are there. How the bug works The flaw lives inĀ ssh2_transport_read()Ā inĀ transport.c, the function that parses incoming SSH packets during the handshake. It read the attacker-controlledĀ packet_lengthĀ field and rejected only values belo...

ī ‚Jun 29, 2026
8
Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealer

Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealer

Cybersecurity researchers have uncovered two hijacked npm packages and a cluster of Go packages that are designed to deploy a Python-based information stealer on compromised Windows, Linux, and macOS hosts. "This attack avoids the most common npm execution paths through lifecycle scripts, perhaps in an attempt to remain 'compatible' with npm v12's security hardenings ," JFrog said in a technical analysis. "The package hides execution inside a VS Code task, configured to run automatically when the project folder is opened in VS Code. From there, the malware retrieves encrypted JavaScript from blockchain transaction data, connects to attacker-controlled infrastructure, launches a socket.io backdoor, and eventually deploys a Python infostealer. The names of the identified npm packages are listed below - html-to-gutenberg fetch-page-assets (which lists html-to-gutenberg as a dependency) The two packages were uploaded to npm on May 25, 2026, an...

ī ‚Jun 29, 2026
9
Ukraine Says Russian Intelligence Used Fake Support Texts to Steal Messaging Credentials

Ukraine Says Russian Intelligence Used Fake Support Texts to Steal Messaging Credentials

The Security Service of Ukraine (SSU) said it, together with the U.S. Federal Bureau of Investigation (FBI), uncovered a long-running campaign orchestrated by Russian intelligence services to break into the messaging accounts of government officials, military personnel, politicians, and activists in Ukraine, Europe, and the U.S. The systematic cyber attacks aimed at stealing sensitive information from the victims, the agency added. "The goal of these 'hacks' is to gain access to sensitive military, political, and economic information exchanged by users, as well as to steal their personal data," the agency warned in a post shared on Telegram. To pull off the operation, the attackers send SMS messages that masquerade as the messaging platform's support bot and urge users to disclose their account credentials.Ā  The SSU noted that these attacks include not only organizations, officials or public figures, but also personal accounts belonging to Ukrainian nati...

ī ‚Jun 27, 2026
10
OpenAI Previews GPT-5.6 Sol With Restricted Access and Stronger Cyber Safeguards

OpenAI Previews GPT-5.6 Sol With Restricted Access and Stronger Cyber Safeguards

OpenAI on Friday released three versions of GPT-5.6 , called Sol, Terra, and Luna , as a limited preview to a small number of companies as part of an ongoing engagement with the U.S. government. While Sol is the latest flagship model and the most powerful, Terra strikes a balance between efficiency and power, and Luna is fine-tuned for speed and affordability. "GPT‑5.6 Sol launches with our most robust safety stack to date. We strengthened protections for higher-risk activity, sensitive cyber requests, and repeated misuse, and spent multiple weeks finding weaknesses, pressure-testing our system, and hardening it against real-world attacks," OpenAI said . The model has also been touted as the "most capable model yet" for cybersecurity, making it much more suitable for vulnerability research and exploitation. On ExploitBench , GPT‑5.6 Sol is competitive with Anthropic Mythos Preview using only about one-third of the output tokens, OpenAI noted. The goal, ...

ī ‚Jun 27, 2026