Table of Contents
July 4, 2026 | Read Online
Malware campaigns, AI-powered attacks, and vulnerability exploits dominate recent cybersecurity news…
Executive Summary
Cybersecurity threats continue to evolve with malicious actors adapting to disruptions. Recent malware campaigns, including Avalon and BusySnake, demonstrate a shift toward consolidation of multiple offensive capabilities into a single recovered payload. Meanwhile, the use of AI in ransomware operations has become more prevalent, as seen in the JadePuffer campaign. Additionally, vulnerabilities in SMB protocols have been exposed.
Top Articles
Weekly Metasploit Update: Modules for SMB-to-Meterpreter, Peyara Remote Mouse RCE exploit, and more
Metasploit contributor Dean Welch has added an SMB to Meterpreter session upgrade module, enabling users to load the module with use windows/manage/smb_to_meterpreter and specify the session number they wish to upgrade. This functionality is also available with the command sessions -u. The update is part of a broader effort to enhance Metasploit’s capabilities.
rapid7.com
Avalon Malware Uses Legal Document Lure to Deliver CrownX Ransomware Capabilities A previously undocumented malware framework, tracked as Avalon, uses a spoofed legal-document lure and a multi-stage, fileless-oriented chain to deliver a ransomware component internally labeled CrownX. The campaign highlights the use of modern development practices, including AI assistance, in creating sophisticated malware. gbhackers.com
Armored Likho APT Deploys BusySnake Stealer Against Government and Power Sector Targets A focused phishing campaign operated by a previously unreported APT, Armored Likho (also tracked under the provisional alias Eagle Werewolf), targets government agencies and the electric power sector across Russia, Brazil, and Kazakhstan. The group demonstrates an evolving toolkit that blends commodity and bespoke tooling. gbhackers.com
BusySnake Stealer Targets Browser Passwords, Cookies, Telegram Sessions, and Crypto Keys BusySnake Stealer, a previously undocumented Python-based infostealer deployed by Armored Likho, is engineered to harvest high-value secrets: browser-stored passwords and cookies, Telegram desktop sessions, clipboard contents, system screenshots, and cryptocurrency keys and wallet files. cyberpress.org
U.S. Government Entity Paid Kairos $1 Million in Data-Theft Extortion Case A U.S. government entity paid about $1 million to keep stolen files from being leaked, according to a new case study by Rakesh Krishnan for Ransom-ISAC. The group that took the money calls itself Kairos, but it may not be a ransomware gang at all. thehackernews.com
CrownX Ransomware Embedded Inside Avalon Framework Targets Recovery and Backup Systems A previously undocumented multi-stage malware framework, tracked as Avalon, embeds a ransomware component internally labeled CrownX and specifically targets recovery and backup systems. The actor avoided email-layer scanning by placing malicious content inside an ISO image. cyberpress.org
North Korean Hackers Publish 108 Malicious Packages and Extensions in PolinRider Campaign The North Korean threat actors linked to the Contagious Interview campaign have been observed publishing 108 unique packages and web browser extensions spanning npm, Packagist, Go, and Google Chrome as part of an ongoing activity referred to as PolinRider. thehackernews.com
JadePuffer ransomware used AI agent to automate entire attack Researchers identified what they believe is the first documented case of a ransomware operation, JadePuffer, conducted entirely by a large language model (LLM) agent. bleepingcomputer.com
Parrot 7.3 released With new menu system and smoother day-to-day use Parrot 7.3 arrives focused on refinement rather than a tool glut, rebuilding all editions to deliver perceptible gains on modern hardware and a smoother desktop experience. gbhackers.com
Verified X Sponsored Ad Spreads Mac Malware While ConsentFix Hijacks Microsoft 365 Accounts A Mac-targeting ClickFix campaign amplified through a verified X sponsored ad, and a novel browser-based hijack technique called ConsentFix that exfiltrates Microsoft 365 session tokens without traditional malware. gbhackers.com
TimbreStealer Malware Targets Mexico Companies With Advanced Evasion Techniques A new campaign linked to the TimbreStealer information stealer that specifically targets Mexican companies, employing layered evasion and sophisticated runtime tricks to frustrate detection and analysis. gbhackers.com
AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.
