I. Apple Notification System Abused for Tech Support Scams
Attackers inserted fraudulent charge alerts (e.g., “Your PayPal account has been charged $899”) into the personal information field of their own Apple account, then repeatedly modified the account information to trigger Apple’s automatic “Your Apple account has been updated” security notification email. These emails were sent through Apple’s genuine servers and passed all technical authentication measures including SPF, DKIM, and DMARC. Believing they had suffered an unauthorized transaction after receiving an official email, victims called the fake customer service number provided in the message and ultimately fell for a tech support scam.
🔗 Original link
II. Google Application Platform Used for Large-Scale Corporate Phishing
Hackers used Google AppSheet—a legitimate no-code application platform—to send phishing emails. These emails also passed email security authentication, easily bypassing traditional filters. Approximately 30,000 Facebook business accounts (mainly those with paid pages and advertising balances) were compromised. Attackers automated the exfiltration of stolen credentials using a Telegram bot and even offered paid “account recovery” services to victims, generating secondary profits.
🔗 Original link
III. Malicious Trading Website Distributes Browser‑Control Malware
A website named TradingClaw impersonated an AI‑powered TradingView trading tool and tricked users into downloading a ZIP archive. Executing the contained file loaded Needle Stealer, an information stealer, via DLL hijacking. Written in Golang, the malware can take screenshots, steal browser passwords and cryptocurrency wallets, install malicious browser extensions, and fully hand over control of the victim’s browser to the attacker.
🔗 Original link
IV. Fake Claude Search Results Trick Mac Users into Executing Malicious Code
Attackers purchased sponsored search ads. When users searched for “Claude Mac download,” the ads directed them to a fake Claude shared chat page. That page instructed users to open Terminal and paste a Base64‑encoded command, which actually executed an osascript remote code execution script, ultimately stealing browser credentials and cryptocurrency wallet data. This attack relied entirely on social engineering and did not exploit any system vulnerability.
🔗 Original link
V. Claude Desktop Application Raises Privacy Controversy
Security researchers discovered that after installing Claude Desktop for macOS, the application automatically writes Native Messaging Host manifests into the configuration directories of several Chromium‑based browsers (Chrome, Edge, Brave, etc.). This authorizes the specific Claude browser extension to communicate with a local helper application via the connectNative API. Even if the user deletes these files, they are recreated the next time Claude is launched. Researchers have described this behaviour as a “backdoor” or “spyware,” sparking debate over user consent.
🔗 Original link
VI. Google Chrome Silently Downloads Large AI Model
Without any prompt or consent from the user, Google Chrome automatically downloads a local AI model named Gemini Nano, storing it as an approximately 4 GB weights.bin file in the user’s configuration directory. Even if the user deletes the file, Chrome downloads it again. It is estimated that if this feature were pushed to one billion users, the download alone would consume 240 GWh of electricity and generate 60,000 tons of carbon emissions. Additionally, the AI mode in the address bar still sends queries to cloud servers.
🔗 Original link
VII. Major Data Breach in the Education Sector
Instructure, the company that supports the Canvas learning management system, confirmed a data breach. Approximately 8,809 school districts, universities, and online education platforms were affected, and more than 275 million records containing student and staff information were stolen. The attacker claimed to be part of the “ShinyHunters” ransomware group. This is one of the largest data breaches in the education sector in recent years.
🔗 Original link
VIII. WhatsApp Releases Critical Security Update
Meta patched two vulnerabilities affecting WhatsApp: CVE-2026-23866 allows an attacker to craft an AI‑generated “rich response message” that tricks the operating system’s custom URL scheme handler into redirecting to malicious content; CVE-2026-23863 (Windows version) uses a filename containing a NUL byte to disguise an executable as a harmless file (e.g., a PDF). Meta said it has no evidence that the vulnerabilities have been exploited in the wild, but strongly advises all users to update the application immediately.
🔗 Original link
Defensive Recommendations
