ThreatsDay Bulletin: Claude Security Plugin, Azure Priv-Esc, Kali365 MFA Bypass, FIFA Scams +15 More

Hunt.io said it identified more than 1,350 command-and-control (C2) servers across 98 Middle East infrastructure providers over the past three months, between February 1 and May 1, 2026. "C2 infrastructure dominates malicious activity (~96.8%), far exceeding phishing infrastructure (~0.5%) and publicly reported IOCs (~0.5%), while malicious open directories account for the remaining ~2.2% of observed artifacts," it said. "Saudi Arabia's STC (Saudi Telecom Company) hosts 981 C2 servers, representing 72.4% of all detected C2 infrastructure in the region. IoT-focused botnets (Hajime, Mozi, and Mirai) combined with offensive frameworks (Tactical RMM, Cobalt Strike, Sliver) represent the dominant malware families operating across Middle Eastern infrastructure."

Microsoft is said to have silently fixed a privilege escalation flaw in Azure Backup for AKS that allowed a user with only the "Backup Contributor" Azure role (zero Kubernetes permissions) to gain cluster-admin on any AKS cluster, per security researcher Justin O'Leary. The vulnerability, which does not have a CVE, carries a CVSS score of 9.9. While Microsoft rejected the vulnerability report as "AI-generated content," it appears to have been patched since, and additional validation checks were enforced that did not exist in March 2026.

A 46-year-old Romanian national found guilty of breaking into an Oregon state government office in 2021 and other cyber attacks across the U.S. has been sentenced to 56 months in prison. Catalin Dragomir pleaded guilty to one count of aggravated identity theft and one count of obtaining information from a protected computer in February. Dragomir was arrested in Romania in November 2024 and extradited to the U.S. in January 2025 to face charges. Dragomir "sold access to a computer on the network of an Oregon state government office after obtaining unauthorized access to it in June of 2021," the Justice Department said. "During the sale, Dragomir provided the prospective buyer with samples of personal identifying information from the computer. He also sold access to the computer networks of numerous other victims in the United States, causing losses of at least $250,000."

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the supply chain attack targeting DAEMON Tools software to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply necessary fixes by May 30, 2026. The incident is now being tracked under the identifier CVE-2026-8398 (CVSS v4 score: 9.3). "Attackers gained unauthorized access to the vendor's (AVB Disc Soft) build or distribution infrastructure and trojanized three binaries: DTHelper.exe, DiscSoftBusServiceLite.exe, and DTShellHlp.exe," according to the description of the CVE. "These files were digitally signed with the legitimate AVB Disc Soft code-signing certificate, allowing the malicious installers to appear trustworthy and bypass signature-based detection."

Apple has published its post-quantum cryptography (PQC) implementations in corecrypto, including quantum-secure ML-KEM and ML-DSA algorithms, along with mathematical verification tools that it built to assure compliance with FIPS 203 and FIPS 204 specifications for independent evaluation by experts. "Corecrypto is used continuously in our products, providing encryption and decryption, hashing, random number generation, and digital signatures on over 2.5 billion active devices," Apple said. "A critical bug in corecrypto has the potential to compromise the security and reliability of every app and feature that depends on it, so we are conservative when adding new code to the library and make exceptional efforts to be comprehensive in our testing."

The U.S. Federal Bureau of Investigation (FBI) has warned that the threat actor known as the Silent Ransom Group (SRG), also known as Luna Moth, Chatty Spider, and UNC3753, has been targeting law firms using social engineering techniques as part of fresh attacks since spring 2026. Law firms are a rich target due to the highly sensitive nature of the data they possess. "Through phone calls and phishing emails, SRG actors pose as IT support to establish access to victim computers and exfiltrate data, usually through legitimate remote access tools or by sending an individual in-person to the victim company's location to gain physical access to computers," the FBI said. "While SRG has victimized companies in many sectors, including those in the insurance, finance, and healthcare industries, the group has consistently targeted U.S.-based law firms since Spring 2023." As part of the scheme involving in-person visits, the threat actor tells the victim they need to image the device or create a backup file to address potential impacts from the phishing email. Upon gaining a foothold, the attackers move swiftly to escalate privileges and pivot to data exfiltration without encryption. "By sending someone in-person to the victim's location to facilitate the intrusion, SRG actors exfiltrate data to an external hard drive or USB drive inserted by the threat actor into the victim's computer," the FBI added.

Attackers are hosting counterfeit installers and plugins masquerading as popular software, including ChatGPT, Claude, ZENOLOGY, Ableton Live, AutoTune, and Kontakt, on GitHub and SourceForge to distribute a Deno backdoor known as DinDoor (aka Tsundere). "Attackers are using compromised YouTube channels to distribute links to these platforms," Malwarebytes said. "DinDoor ultimately drops different types of malware, including a stealthy remote access Trojan (RAT), which also uses the Deno JavaScript runtime."

A phishing campaign is using deceptive emails disguised as purchase orders to trick recipients into opening malicious JavaScript files contained within RAR archives that lead to the deployment of a PureLogs variant to steal sensitive data from the victim's device. "Upon analyzing the PureLogs module, the malware's primary capability is to collect sensitive data from the victim's system, including basic hardware and system information, saved credentials, cryptocurrency-related data, and more," Fortinet said. "The malware then compresses and encrypts the collected data before transmitting it to the C2 server."

The U.K. has announced sanctions against cryptocurrency exchanges and the A7 network used by Russia to evade existing restrictions. Among those hit by sanctions is HTX (aka Huobi Global), which is one of the largest cryptoasset exchanges in the world, with $3.3 trillion in trading volume in 2025. "It is suspected of providing services to A7, the sanctioned Russian payments network, and Garantex, the sanctioned cryptocurrency exchange," Elliptic said. It's worth noting that the A7 corporate-and-token infrastructure emerged in the wake of the March 2025 Garantex takedown. Per data from TRM Labs, Huobi has sent more than $4.9 billion in direct on-chain transactions to U.K.-sanctioned and A7-network entities since 2021. Other entities hit by sanctions include Bitpapa and Rapira Group, the latter of which has transacted $375.6 million with Garantex's named successor Grinex.io.

Anthropic has announced two new security features for its Claude AI: a self-hosted sandbox for Claude Managed Agents and a new security-guidance plugin. "The security guidance plugin makes Claude review its own code changes for common vulnerabilities while it works and fixes what it finds in the same session," Anthropic said. "The plugin catches issues such as injection, unsafe deserialization, and unsafe DOM APIs before the code reaches a pull request, reducing how much security review falls to human reviewers downstream. Once installed, the plugin runs automatically. There is nothing to invoke and no separate command to remember." As described by Red Hat, a self-hosted sandbox "outsources the 'thinking' while keeping the 'doing' on your own infrastructure."

Data from Check Point has revealed that hacktivism and ransomware targeting organizations across Germany, Austria, and Switzerland increased 124% in 2025. More than 60% of the hacktivist incidents have involved defacing websites to amplify political messaging. These efforts originated from NoName057(16), Mr Hamza, chinafans, Dark Storm Team, and Hezi Rash. Ransomware attacks, on the other hand, were mainly led by Akira, Qilin, and Safepay. "Germany accounted for more than 80% of regional incidents, with Switzerland at 12% and Austria at 8%," Check Point said. "Across Europe, the DACH region represented 18% of all recorded attacks, placing Germany above France, Spain, and Italy by individual country share."

Threat actors are increasingly capitalizing on the public excitement around the FIFA World Cup 2026 for scam campaigns. Bitdefender said it has identified more than 55 football-related malvertising campaigns targeting users through fake online stores, social media ads, IPTV piracy operations, fraudulent football apps, and FIFA-themed giveaway and lottery scams distributed through email. "The most-targeted users were in the United Kingdom, Portugal, Spain, Algeria, the United States, Canada, Mexico, Belgium, Germany, Brazil, and Australia," the Romanian company said. Check Point said bad actors are "flooding the internet" with fake merchandise stores, fraudulent betting platforms, and phishing domains designed to steal personal data and money. Host nations of the sporting event, Canada, Mexico, and the U.S., have also recorded an increase in the weekly average number of cyber-attacks per organization in April 2026, with Mexico registering a weekly average of 3,548 cyber attacks per organization. Group-IB said it uncovered six distinct fraud schemes and over 4,300 fraudulent domains impersonating FIFA's official web presence. This includes a sophisticated phishing campaign conducted by a Chinese-speaking, financially motivated operator called GHOST STADIUM that involves using more than 300 domains using a shared phishing kit that exploits FIFA's PingIdentity SSO login flow to harvest credentials and conduct fake ticket sales and payment fraud at scale. "GHOST STADIUM has built a pixel-perfect clone of the official FIFA website, complete with a replicated single sign-on (SSO) authentication flow, and multi-language support in 11 languages," Group-IB said. "Facebook Ads serves as the primary paid traffic acquisition channel for the GHOST STADIUM campaign."

Cybersecurity researchers have uncovered a 126-extension Chrome Web Store extension network dubbed WaSteal that masquerades as independent WhatsApp CRM tools while exfiltrating user personal data, advertising cookies, and voice messages to operator-controlled servers, affecting nearly 148,000 users. According to researcher Jean-Marie R., the network is operated by wascript.com.br, which operates a white-label platform. "The largest variant (WaSeller, 100k installs) embeds a live GTM container giving its operator silent, permanent remote code execution with no extension update or Chrome review required," the researcher said. "The operator's own privacy policy directly contradicts every behavior documented."

A new technique named GhostTree abuses NTFS junctions to generate infinite file paths, causing endpoint security products to hang and leave files unscanned. "We discovered that by pointing a junction back at its own parent directory, an attacker can create recursive loops that generate effectively infinite file paths," Varonis said. "With just two lines of code, a user can generate endless valid paths, making it impossible to finish scanning parent directories with the dir command recursively. The same applies to EDR products that scan folders for malicious files. An attacker places malware in the parent directory, sets up the GhostTree structure, and the containing folder becomes effectively unscannable. The scan hangs. The malicious files go unexamined."

An emerging Phishing-as-a-Service (PhaaS) platform called Kali365, first observed in April 2026, has been targeting Microsoft 365 environments. "Kali365 has primarily been distributed via Telegram, enabling cyber threat actors to obtain Microsoft 365 access tokens and bypass multi-factor authentication (MFA) protocols without intercepting the user's credentials," the FBI said. "Through the Kali365 platform subscription, cyber threat actors can capture 'OAuth' tokens and gain persistent access to targeted individuals/entities' Microsoft 365 environments." Like other PhaaS platforms, Kali365 risks lowering the barrier of entry to cybercrime, offering less-technical attackers access to artificial intelligence (AI)-generated phishing lures, automated campaign templates, real-time targeted individual/entity tracking dashboards, and OAuth token capture capabilities. Kali365 is available to affiliates on a subscription basis, ranging from $250 for 30 days to $2,000 for a year. In a report published last month, Arctic Wolf said it observed a device code phishing campaign using Kali365 to obtain initial access and conduct follow-on activity. "The campaign relied on high-fidelity lures directing victims to Microsoft's legitimate device login flow, where users unknowingly authorized threat actor-initiated sessions," the company said. "Captured OAuth access and refresh tokens enabled immediate mailbox access and post-compromise activity. In select cases, threat actors established malicious inbox rules to suppress security notifications, extending dwell time and reducing user awareness." Barracuda Networks and Proofpoint have also warned of a spike in device code phishing campaigns in recent months. Barracuda said it detected more than 7 million device code attacks between March and April 2026. "The surge of device code phishing is the natural progression of credential phishing, as more people become aware of multi-factor authentication bypass techniques, criminals must get creative," Proofpoint noted.

PhishU has detailed a new technique called Vaultjacking, which demonstrates how a victim's 6-digit Google Password Manager (GPM) PIN captured via an adversary-in-the-middle (AitM) phishing page can be used to decrypt the entire synced GPM vault. "That single PIN releases Google's Security Domain Secret, which decrypts every synced password and passkey on the account -- not just the credential being registered, the entire vault," Curtis Brazzell, PhishU Flounder and CEO, said in a statement. Once the AitM page harvests the user's session cookies and GPM PIN, a threat actor can add a passkey to the victim's Google account for persistence and then unlock the victim's entire synced credential vault from their own infrastructure.

A trojanized MSI installer for RVTools is being used to deploy a modular Python-based remote access trojan (RAT) using a VBScript loader. The malware includes a reconnaissance module that fingerprints the host and maps out Active Directory and a persistent command-and-control (C2) agent that encrypts stolen data and waits for operator commands. "What made this campaign particularly effective was the use of a legitimately issued Sectigo code-signing certificate, registered under what appears to be a shell entity - Xiamen Lunwei Huage Network Co.(Sectigo), Ltd," K7 Labs said. "At the time of delivery, the certificate was fully valid, meaning Windows SmartScreen and most endpoint controls raised no flags. It has since been revoked, though it offers limited protection to environments not enforcing real-time OCSP or CRL checks at execution time."