Bright Data integrates an SDK into free apps that repurposes smart TVs and smartphones as exit nodes for a global proxy network with 400 million IP addresses without sufficient transparency—even when VPN connections are active.
Over 400 Arch Linux AUR packages were compromised with infostealer malware, posing a data exfiltration risk to all systems that installed these packages on or after June 11, 2026.
Publicly available supply-chain attack kits, commercialized RAT infrastructures, and empirically demonstrated phishing vulnerability of AI agents mark a professionalization of the threat landscape.
A self-replicating worm compromises 73 Microsoft repositories through stolen administrative credentials, exploiting the trust model of GitHub and npm without leveraging software vulnerabilities.
Attackers operate highly ranked fake pages for tools like Ghidra and dnSpy on Google, redirect users through TDS-controlled JavaScript to malware servers, and evade security analysis by filtering VPNs, data centers, and repeated access.
