I go through about 25 cybersecurity news portals and blogs every week and pull out the most interesting stories. Then I turn them into this short, digestible summary, so you can stay up to date without trying to follow 25 different sources yourself. 😱

My aim is to create a summary that gives you the gist without needing to open up the source article. But if you do want to dig deeper, all the sources covering the event are linked below each story.

If you enjoy these, come back next Monday

scroll to the bottom to subscribe to the e-mail newsletter.

Free smart TV apps embedded a Bright Data SDK that routes paid web-scraping traffic through the device’s network connection

Researchers reported that some free apps on smart TV platforms can enroll devices into a commercial “residential proxy” network that relays paying customers’ web-scraping traffic via the user’s home connection using an SDK from Bright Data. The findings highlight how an “opt-in” consent screen and SDK design choices can make always-on connected TVs and other consumer devices attractive exit nodes for AI-oriented data collection.

Key Details

  • Relayed traffic can damage the IP reputation of your connection. Threat intelligence services flag IPs associated with scraping activity, which can result in CAPTCHAs, soft-blocks, or outright bans from sites and services you use legitimately, even though you were not the source of the behaviour.
  • Beyond the IP address itself, the SDK’s cross-platform identity stitching (linking a user’s iOS, Windows, and macOS installs into a single tracked entity server-side) means scraping-associated behaviour can attach to a broader digital fingerprint — one that persists even if your IP rotates.
  • Include Security and an independent researcher said the SDK turns a connected TV (CTV) or mobile device into an exit node by establishing a persistent peer channel (WebSocket) to proxyjs.brdtnet.com:443, with TLS certs observed for *.luminatinet.com (Bright Data’s former Luminati name).
  • Configuration values reviewed by the researchers indicated a default Wi‑Fi relay cap of 200 GB/month per device and flags suggesting the device can be eligible to relay traffic even while in use (e.g., while a screen is on).
  • On Apple devices, the research claims the SDK can bind traffic to the physical Wi‑Fi/cellular interface using NWParameters.requiredInterface, bypassing a user-configured VPN; it also uses CFHTTPMessage primitives (instead of URLSession) for parts of its control traffic.

Next Steps

  • At DNS or secure web gateway layers, block proxyjs.brdtnet.com, proxyjs.luminatinet.com, and clientsdk.bright-sdk.com to prevent devices from joining the relay network.
  • If you manage smart TV devices, scan installed apps/binaries for Bright Data SDK symbols such as BrdWebSocketFacade and BrdNetwork.DNSResolver to identify apps that may include the proxy component.

Read more at Include Security, Cyber Security News, The Hacker News

FROST side-channel lets a website infer your other open tabs and apps by timing SSD activity via OPFS

Researchers demonstrated FROST, a browser-based technique where a malicious page infers what other websites and apps are open by measuring SSD I/O timing variations. It works by exploiting the Origin Private File System (OPFS) — a browser API that gives websites access to fast, large, disk-backed private storage on your device. A malicious page creates a large OPFS file and repeatedly reads it, then listens for tiny slowdowns caused by SSD contention: when your SSD is busy serving another app or tab, those slowdowns form a recognizable timing pattern that a trained ML model can classify. Crucially, this requires no user clicks or permissions, and doesn’t break same-origin sandboxing — the physical SSD is shared hardware, and that shared resource leaks information through timing regardless of software isolation.

Key Details

  • Runs entirely in the browser using JavaScript + OPFS, no permission required from the user.
  • Could be potentially weaponised for corporate espionage- inferring which software, internal tools, dev environments etc. employees have open could leak information about a company’s tech stack or ongoing operations.
  • Could be used for privacy invasion at scale. An ad network or data broker embedding a malicious script could silently profile visitors — inferring which banking apps, health platforms, or messaging tools they use — without any permission or detectable footprint in network logs.
  • Cross-tab and cross-browser inference was shown—activity in other tabs and even other browsers can affect SSD contention measurable from the attacker’s page.
  • Reported test results on an Apple M2 Mac: ~89% accuracy identifying websites and ~96% accuracy identifying running apps
  • Practical constraints: the attack needs a very large OPFS file (on the order of a gigabyte+) and the activity must be on the same SSD where the OPFS file is stored; apps using a different drive may not be detectable.

Next Steps

  • No mainstream browser currently offers a way to disable OPFS or require permission before a site uses it. The most practical mitigation is to monitor for unusually large allocations in browser site storage — any site holding gigabytes of data with no clear legitimate purpose warrants investigation.

Read more at Wired, Yahoo Tech

SOC-CMM survey: AI adoption in SOCs is surging, but only 10% report “excellent value” so far

Survey data from ~200 SOCs in the SOC-CMM 2026 Maturity Report found that while AI use in security operations has grown rapidly, only about 10% of respondents said AI has delivered excellent value. The report and analysis attribute the gap largely to “point” AI features embedded in siloed tools that speed up individual tasks but don’t fix workflow handoffs and governance needed for end-to-end outcomes.

Key Details

  • Across respondents, 71% reported only “some value” or “no value” from AI (with 19% reporting “good value”).
  • Adoption increased across AI categories year over year, including AI co-pilots (+145%) and AI agents (+118%) (plus off-the-shelf LLMs +55%, supervised ML +96%, customized LLMs +64%).
  • The dominant adoption pattern was the “taker” model (65%)—deploying off-the-shelf AI without customization; 20% were “shapers” (customizing purchased AI) and 15% “builders” (training on their own data), with takers reporting the least value.

Read more at The Hacker News

ChatGPhish shows how web pages can trivially inject phishing prompts into ChatGPT’s page summaries, including rendered links, images, and QR codes

Researchers documented “ChatGPhish,” a technique where attacker-controlled instructions embedded in a normal web page can influence ChatGPT’s page-summary output when the page content is passed into an AI summarization workflow. In their proof of concept, the manipulated summary appears inside the trusted ChatGPT UI and can include phishing lures (links or QR codes) that look like platform-issued notifications.

Key Details

  • The issue is framed as a “trust transfer” problem: third-party web content is processed and then presented inside a trusted assistant interface, making injected instructions and their output easier to believe.
  • In testing, the flow was: visit a page in a browser, invoke ChatGPT’s page summarization, and embedded prompt text steers the resulting summary; the response is displayed with rendered Markdown (including links/images).
  • The researchers stress this is not a browser vulnerability; the concern applies to browser-integrated LLM summarizers that render untrusted Markdown without clear separation from assistant-generated content.
  • One demo injected a fake “account security” alert after an otherwise legitimate summary, including a clickable attacker-controlled URL that could be mistaken as an official ChatGPT notification.
  • A more advanced variant replaced the link with a rendered QR code image hosted from an attacker-controlled location (S3), shifting the click to a phone scan and bypassing common desktop URL inspection and reputation signals.

Next Steps

  • If you use AI page summarization features, treat rendered links/images in summaries as untrusted and require users to verify destinations before clicking
  • Consider disabling or restricting browser/assistant summarization features

Read more at The Cyber Express, Permiso

5,000+ election-themed domains registered ahead of US midterms, alongside leaked fundraising and government-service credentials

Check Point reported that more than 5,000 US election-themed domains were registered between April and May, a pattern often associated with phishing pages, impersonation sites, donation scams, and lookalike “official” election communications. The company also observed about 17,000 exposed credentials tied to fundraising organizations, political parties, and government-related services, enabling attackers to pair convincing infrastructure with account access.

Key Details

  • Check Point counted domain growth from earlier in the year: in January it observed ~1,300 domains containing “election” and ~2,957 containing “vote”; between April 13 and May 14 it saw ~1,140 new “election” domains and the “vote” total rising to ~4,010.
  • Credential exposure cited by the report included ~9,500 ActBlue.com credentials and ~6,500 WinRed.com credentials, plus ~600 from gop.com, ~130 from democrats.org, and ~150 from usa.gov.

Next Steps

  • Inform US employees on this emerging attack / phishing vector.

Read more at The Register

WordPress malware abuses Steam profile comments to store hidden C2 data via invisible Unicode characters

A WordPress malware campaign infected roughly 1,980 sites and uses Steam Community profile comments as a covert channel for command-and-control instructions that infected sites fetch and decode during normal page activity. The decoded data is used to inject external JavaScript into front-end pages and maintain persistence via a server-side backdoor that can modify WordPress files.

Key Details

  • GoDaddy observed the campaign since July 2025 and reported infections across about 1,980 WordPress sites.
  • The Steam-hosted payload is embedded as invisible Unicode characters (U+200C, U+200D, U+2061–U+2064) inside otherwise benign-looking comment text (sometimes styled as ASCII art).
  • In the analyzed sample, the decoded instructions built a URL on hello-mywordl[.]info to load a JavaScript file disguised as a common library (e.g., lodash.core.min.js) and injected via WordPress script-loading behavior.
  • GoDaddy found a cookie-gated backdoor where a specific cookie enables acceptance of base64-encoded PHP via a POST parameter (new_code), allowing attackers to update/restore malicious code by rewriting matching lines in plugin/theme files.
  • Additional hunting signals mentioned include references to steamcommunity.com in theme/plugin PHP, suspicious WordPress transient entries with a _transient_caption prefix, and POST requests carrying the authentication cookies DEpjndDbNc or tEcaKKXEsb.

Read more at Hackread, BleepingComputer

Meta patches Instagram account-takeover flaw after AI support bot was tricked into changing victims’ recovery email

Attackers exploited Instagram’s new Meta AI support assistant to add a new email address to victim accounts and complete password resets by just asking it to, leading to high-profile account takeovers and defacements.

Key Details

  • High-profile accounts impacted included Sephora, a U.S. Space Force chief master sergeant, security researcher Jane Wong, and the archived Obama White House Instagram account (which was briefly defaced with pro-Iranian content).
  • Instructions and videos on Telegram circulated a step-by-step method that used the bot’s standard recovery flow to link a target account to an attacker-controlled email and receive a one-time code enabling a password reset.
  • The published method reportedly included using a VPN endpoint near the target’s usual location to reduce suspicion during the recovery attempt.
  • Meta spokesperson Andy Stone said the issue was resolved and Meta was working to secure impacted accounts.
  • Reports tied the incident to theft of valuable short Instagram handles that attackers could resell.

Read more at KrebsOnSecurity, BleepingComputer, Hackread, Check Point Blog, 404 Media, Schneier on Security

Leftover debug flag in Microsoft 365 Android apps let any installed app request and steal Microsoft account refresh tokens

A debug setting accidentally shipped in multiple Microsoft 365 Android apps disabled the “trusted app” check used for single sign-on token sharing, allowing any other app on the same device to request and receive the user’s Microsoft authentication token. Microsoft has patched affected apps; the issue matters because stolen FOCI refresh tokens can be reused and refreshed to access Microsoft 365 data with little visible user impact.

Key Details

  • Affected apps included Word, Excel, PowerPoint, Microsoft 365 Copilot, Loop, and OneNote; Teams was reported as not affected because the flag was set differently.
  • The vulnerable behavior came from a shared Microsoft SDK, causing the same weakness to appear across multiple apps.
  • The bug enabled theft of FOCI (family) refresh tokens, which can persist and be refreshed over long periods, making attacker activity blend in with normal app traffic.
  • Microsoft assigned CVEs on May 12: CVE-2026-41100, CVE-2026-41101, CVE-2026-41102, and CVE-2026-42832 (spoofing / improper access control), covering Copilot, Word, PowerPoint, and Excel.
  • NVD lists a patched Word for Android build as 16.0.19822.20190 (earlier versions affected); other impacted apps were fixed via Google Play updates.

Next Steps

  • Update Word/Excel/PowerPoint/OneNote/Loop/Microsoft 365 Copilot on Android and verify devices are not running vulnerable versions
  • For accounts used on devices that may have had affected versions installed alongside untrusted apps, revoke refresh tokens / force re-authentication so any previously obtained FOCI tokens are no longer usable.
  • Consider updating Secure Coding Policy to require a security review before any shared internal library touching auth is updated.
  • Add SAST (Static Application Security Testing) or linting rules that block production builds containing debug flags.

Read more at The Hacker News, SecurityWeek, Dark Reading

Android Gemini could be hijacked via WhatsApp/Slack notifications using “Fake Context Alignment” prompt injection

SafeBreach disclosed a now-patched Android Google Gemini issue where a single malicious messaging notification could be treated as assistant “context” and drive Gemini responses and actions without installing any malicious app. Android’s Gemini assistant has a feature (“Utilities”) that reads incoming notifications from apps like WhatsApp and Slack and can act on them. SafeBreach found that an attacker could craft a malicious message to the victim — no app install needed — and Gemini would treat the notification content as a trusted command and execute it silently. The bypass (“Fake Context Alignment”) exploited a gap between what Gemini spoke aloud and what it actually processed. A message could embed the real authorization text in a foreign language, or hide it inside a hyperlink (which Gemini’s text-to-speech silently skips), while speaking something innocent to the user. Gemini’s safety check would prompt the user for confirmation — but the spoken confirmation described the harmless part, not the actual command being run.

Key Details

  • The attack surface was Gemini’s Android-only Utilities feature that can read/reply to notifications
  • SafeBreach reported the issue Aug 17, 2025; Google confirmed mitigation Nov 14, 2025 via server-side content-classifier improvements; no CVE was assigned and the researchers reported no evidence of in-the-wild exploitation.

Next Steps

  • On Android devices, consider disabling Gemini’s notification access by disconnecting Utilities under Gemini → Connected Apps, or remove the Google app permission “Notification read, reply & control.”

Read more at The Hacker News, SecurityWeek, Dark Reading

Commerce Department watchdog: NIST’s NVD backlog doubled to 27,000+ entries after contractor pause and poor coordination with CISA

A Commerce Department inspector general report found NIST’s National Vulnerability Database has become less effective after the backlog of unprocessed vulnerabilities grew from ~13,000 (Feb 2024) to 27,000+ (end of 2025), following mismanagement and a failure to execute on planned throughput increases. The report also found NIST and CISA ran overlapping “enrichment” efforts with limited coordination, reducing efficiency and eroding confidence in NVD data consumers rely on for triage and prioritization.

Key Details

  • NIST missed its own backlog-reduction plan: the IG said NIST pledged to fix the issue by Sept 2024 but did not meet a target of processing ~6,200 vulnerabilities per month and historically had not exceeded ~5,000/month.
  • Duplicate enrichment work occurred at least ~21,000 times between May 2024 and Dec 2025 as NIST and CISA operated in parallel; the IG estimated this duplication wasted about $200,000 since May 2024.
  • NIST declined a CISA invitation to collaborate when CISA launched Vulnrichment in May 2024, and at one point the two agencies hired the same contractor to perform identical work, per the report.
  • NIST’s CVSS severity scoring was often inconsistent: the IG found NIST’s scores matched independent assessors only 12% of the time, while ~80% of vulnerability submissions already include severity scores on intake.
  • The IG recommended reducing NIST’s scoring workload, estimating NIST could redirect about $800,000 over two years by spending less time on severity scoring and focusing on sustainable processing and coordination.

Read more at The Record, CSO Online

Claude Code GitHub Action permission bypass let attackers use a single issue to run AI-driven exfiltration and potentially poison downstream supply chains

Researchers showed that a permission-check flaw in Anthropic’s Claude Code GitHub Action could let a non-collaborator trigger the action via a GitHub App “bot” identity, feeding the agent untrusted issue content despite the workflow’s broad default write permissions. The attacker could then use indirect prompt injection to coerce the agent into leaking workflow secrets and obtaining tokens that enable repository write access, creating a path to compromise repos—including potentially the action’s own repo and downstream users—until fixes shipped in v1.0.94.

Key Details

  • Root cause: the trigger gate allowed any actor name ending in “[bot]”, assuming GitHub Apps are trusted—yet anyone can register a GitHub App and use it to open issues/PRs on public repos.
  • “Agent mode” lacked an additional validation present in “tag mode”, leaving the bypass usable in common configurations.
  • Exfiltration chain used prompt injection to get the agent to expose environment variables (including credentials used to request GitHub Actions OIDC tokens) and return them in attacker-visible issue content.
  • Anthropic’s example workflow configuration set allowed_non_write_users: ”*”, enabling anyone to trigger the workflow; the public workflow-run summary output was also highlighted as an exfiltration channel that copied configs inherited.
  • Fix timeline and severity: reported in January; fixed within four days with further hardening through spring; mitigations are in claude-code-action v1.0.94, with Anthropic rating the issues 7.8 (CVSS v4.0) and paying a bug bounty.

Read more at Microsoft Security Blog, The Hacker News, GMO Flatt Security

Meta AI app includes dormant smart-glasses face recognition (“NameTag”) code shipped to 50M+ downloads

WIRED reports Meta has embedded a not-yet-enabled face-recognition pipeline for its smart glasses inside the widely downloaded Meta AI companion app, despite public statements framing face recognition as still under consideration. The feature (“NameTag,” surfaced in UI traces as “Connections”) would turn faces seen by the glasses into biometric templates and notify wearers on matches, raising questions about how recognition datasets are sourced and updated.

Key Details

  • Core face-recognition components were added via app updates as early as January, according to WIRED’s code review, even as Meta said in April it would take a “thoughtful approach” before any rollout.
  • The app is reported as downloaded 50M+ times and required for key smart-glasses features across Ray-Ban and Oakley models, meaning the underlying code is already broadly distributed even if the feature is off.
  • WIRED says three models are already deployed onto user phones: face detection, face cropping, and face-to-biometric encoding (faceprints).
  • WIRED’s analysis indicates matching is designed to occur against faceprints stored on-device, with a local store configured to receive updates from Meta; recognized faces would trigger notifications, while non-matches would be cropped/indexed and placed in a “pending” bucket.
  • Outside researchers reproduced key aspects of the analysis; one test reportedly showed a notification (“Person recognized”) after adding a single faceprint to the app’s gallery and triggering the pipeline with that image.

Read more at WIRED

ICE document outlines plan to give 1,200+ local police agencies a face-scanning app tied to 250M+ DHS/State images

An internal DHS document obtained via FOIA says ICE plans to deploy the “Task Force Module” mobile app so participating local police can scan faces during encounters to verify identity and determine immigration status by querying a DHS/State Department image database. The plan would extend capabilities already used by ICE/CBP into the hands of non-federal officers operating under 287(g) agreements, including guidance on whether to detain and how to escalate to ICE.

Key Details

  • The document says the app will compare a captured face image against more than 250 million DHS and State Department records and return an instruction such as “not detain/arrest under ICE jurisdiction” or provide a reference code to request more details from ICE.
  • ICE explicitly acknowledges the tool may capture images of people other than the intended target, noting it is conceivable scans could include U.S. citizens because officers won’t know citizenship at the initial encounter.
  • The app is framed for use by local agencies in the 287(g) program; ICE’s website lists 1,220 participating agencies across 32 states and 2 U.S. territories, which the article describes as the potential distribution base.
  • The document lists a September 24, 2025 launch date, but the article notes DHS did not respond to a request for comment and it’s unclear whether or when rollout will occur.
  • 404 Media reports ICE/CBP already use Mobile Fortify on the street and cites conference comments that it has been used more than 200,000 times; the article also links prior reporting that related apps have produced misidentifications and been used on U.S. citizens.

Read more at 404 Media

Subscribe

Subscribe to receive this weekly cybersecurity news summary to your inbox every Monday.