A ranked weekly brief covering the Microsoft 365 password-spraying wave, NetNut/Popa disruption, AI browser attacks, ARToken phishing, Anthropic model controls, ClickFix defenses, patch pressure, and developer tooling shifts.
Google, the FBI, and partners reportedly disrupted a residential proxy network tied to millions of compromised home devices, including smart TVs and streaming boxes.
SharePoint, Citrix NetScaler, Cisco Unified CM, and Oracle E-Business Suite stories all point to the same reality: public exposure plus public exploit knowledge now creates immediate risk.
An 81-million-attempt password spraying campaign, phishing-as-a-service tooling, and OAuth token theft show why identity defense must cover the entire login flow.
Medtronic reportedly notified customers after a ShinyHunters-linked breach affecting personal and medical information, underscoring the long tail of healthcare exposure.
The extradition of an alleged Scattered Spider member is more than a law-enforcement story; it is a reminder that social engineering groups can create enterprise-scale financial impact.
KrebsOnSecurity reported that the FBI seized domains tied to NetNut and the Popa botnet, following research linking the residential proxy ecosystem to millions of compromised devices.
KrebsOnSecurity reported that two Scattered Spider members pleaded guilty in the UK over the Transport for London attack, with U.S. allegations tying the group to major intrusions and ransom payments.
KrebsOnSecurity reported that researchers linked the Popa Android botnet to NetNut, showing how consumer TV boxes can become persistent residential proxy nodes.
KrebsOnSecurity reported on The Gentlemen, a fast-growing ransomware-as-a-service group using aggressive affiliate payouts and edge-device access to scale attacks.
KrebsOnSecurity reported that Microsoft's June 2026 Patch Tuesday fixed nearly 200 flaws, with public exploit code already available for several weaknesses.
KrebsOnSecurity reported that attackers allegedly tricked Meta's AI support assistant into resetting Instagram accounts, turning customer support automation into an account takeover path.
KrebsOnSecurity reported that Dutch authorities seized more than 800 servers and arrested two people accused of enabling Russian cyberattacks and influence operations.
KrebsOnSecurity reported that lawmakers demanded answers after a CISA contractor allegedly published AWS GovCloud keys and other agency secrets to a public GitHub account.