88 Researchers build self-replicating AI worm with BYO LLM Autonomous AI worm leveraging open models propagates widely.
Article iTnews 30m 88 88 ?
Researchers build self-replicating AI worm with BYO LLM
Self-replicating worm targets compromised hosts. Open-weight LLM runs locally, bypassing vendor controls. Exploits Copy Fail, Dirty Frag, Marimo in testing. 7-day runs across 33 hosts show multiple penetrations. Defenses: AI-assisted testing, micro-segmentation, zero-trust 85 Cobalt Strike Beacon Detected – 117[.]72[.]191[.]140:8028 IOC: 117.72.191.140:8028; http-get beacon
Article RedPacket Security 2h 85 85 ?
Cobalt Strike Beacon Detected — IP 117.72.191.140:8028 and associated beacon traffic indicators
Beacon detected on IP 117.72.191.140 HTTP GET to /__utm.gif reserves behavior; analyze outbound traffic patterns now urgently Check DLL injection techniques: CreateRemoteThread artifacts Correlate with recent red-team activity; correlate with Proxied C2 channels and DNS beacons broadly Purge unauthorized beacons; patch and harden endpoint defenses now 85 Cobalt Strike Beacon Detected – 109[.]244[.]130[.]113:443 Cobalt Strike beacon detected from IP 109.244.130.113 today.
Article RedPacket Security 2h 85 85 ?
Cobalt Strike Beacon Detected at 109.244.130.113:443—Incident Details and Immediate Mitigation Guidance
Beacon detected; initiate validation now. Cross-check with Tencent Cloud logs and network flow to confirm IOC status. Isolate affected host and constrain outbound traffic. Refer to CVE-like indicators and DLL injection chain: RtlUserThreadStart in kernel32 for detection priorities. Prepare remediation plan and alert security operations immediately. 85 Visibility can shield you against $15k/min downtime Downtime costs rise; visibility and AI require vigilance.
Article securitybrief.com.au 2h 85 85 ?
Visibility can shield you against $15k/min downtime — Splunk findings and expert take
Downtime now costs more than many firms expect. 2,000 execs across 20 countries underpin the $15k/min figure. Visibility gaps persist as AI systems expand. Autonomous agents and shadow AI demand end-to-end observability and rapid triage with data foundations. Proactive monitoring and resilience investments can cut recovery times 84 Cobalt Strike Beacon Detected – 117[.]72[.]242[.]9:9999 Cobalt Strike beacon detected at 117.72.242.9.
Article RedPacket Security 2h 84 84 ?
Cobalt Strike Beacon Detected at 117.72.242.9:9999 with Potential False Positives
Beacon detected at Beijing host. Cobalt Strike HTTP GET to /load indicates staged beacon activity within network. IP 117.72.242.9 linked to activity across hosts. Beijing Jingdong 360 Degree E-commerce linked account observed in metadata artifacts during incident response. Defenders should monitor for rundll32 payload patterns and hashes. 83 Commvault says it's time to rethink resiliency as AI crooks leave victims in a 'dark, dead' state AI threats reshape resilience priorities.
Article The Register - Security 3h 83 83 ?
Commvault says it's time to rethink resiliency as AI crooks leave victims in a 'dark, dead' state
AI threats reshape resilience priorities. Frontier models reveal thousands of vulnerabilities; testing recovery in isolated environments matters. Air-gapped backups and cleanrooms gain urgency now. Mythos and GPT-5.5-Cyber vulnerabilities spike; Palo Alto Networks data anchors their prominence in enterprises. Defenders should simulate live breaches to validate recovery plans. 83 Cobalt Strike Beacon Detected – 81[.]68[.]216[.]220:443 Cobalt Strike beacon detected; IoCs provided for triage.
Article RedPacket Security 2h 83 83 ?
Cobalt Strike Beacon Detected at 81.68.216.220:443 with nginx TLS context and indicators
Beacon detected, ready for triage. Indicators include TLS, nginx, and a suspicious comm/xyz endpoint pattern observed today. Validate artifacts against SOC playbooks. Cobalt Strike beacon traces link to known APT campaigns tracked by MITRE ATT&CK matrices. Prioritize patching, network monitoring, and credential hygiene now. 82 Cobalt Strike Beacon Detected – 156[.]234[.]24[.]48:8709 Cobalt Strike beacon detected; IP and endpoint details.
Article RedPacket Security 2h 82 82 ?
Cobalt Strike Beacon Detected – 156.234.24.48:8709 – IOC details and immediate defender guidance.
Beacon detected from IP 156.234.24.48 HTTP GET to /User/Multiply/Server/doc/apiv3/M9DRCPXXFC, POST unlisted path observed, as part of traffic Process-injection sequence detected via CreateRemoteThread and NtQueueApcThread Watermark shows rps-framework style payloads; CVE-like signatures not disclosed in the public docs yet Defenders should block DNS/IPs and monitor svchost for malicious 82 GoPhish Login Page Detected – 126[.]209[.]7[.]138:443 GoPhish login page detected; IOC-rich phishing infrastructure.
Article RedPacket Security 1h 82 82 ?
GoPhish Login Page Detected – 126.209.7.138:443 – Threat Indicator Summary
GoPhish login detected at 126.209.7.138:443. IP, TLS info, and location point to phishing infrastructure; Manila-hosted. Verify domain resolution and certificate lineage now. Active posture: monitor related hostnames, domains, and emails; patch DNS. Impact: prepare DFIR playbook for credential-phishing campaigns targeting users. 81 Cobalt Strike Beacon Detected – 150[.]187[.]25[.]242:9999 Cobalt Strike beacon detected with injection indicators today.
Article RedPacket Security 2h 81 81 ?
Cobalt Strike Beacon Detected from 150.187.25.242:9999 with HTTP beacon patterns and process injection signals
Cobalt Strike beacon detected today. Indicator points to http-get beacon traffic targeting externally facing hosts today. Active exploitation patterns observed include process-inject techniques. IP 150.187.25.242 connected to Barquisimeto-based asset under CENIT sponsorship during threat intel window. Defenders should quarantine beacon URLs and review proxies immediately. 81 Cobalt Strike Beacon Detected – 124[.]220[.]6[.]158:443 Cobalt Strike beacon detected; verify potential false positives.
Article RedPacket Security 2h 81 81 ?
Cobalt Strike Beacon Detected – 124.220.6.158:443 — security note and validation caution.
Cobalt Strike beacon detected. HTTP GET/POST patterns observed against port 443 with possible DLL usage. Validate indicators and patch detections. IP 124.220.6.158; Tencent-hosted; potential false positives. Defenders should verify indicators and review network hygiene. 80 [CMDORGANIZATION] – Ransomware Victim: SeeWriteHear Ransomware claim; SeeWriteHear verification pending data unclear today.
Article RedPacket Security 2h 80 80 ?
CMDORGANIZATION ransomware victim SeeWriteHear — initial leak summary and verification status update
Victim identified as SeeWriteHear publicly Attack claimed by CMDORGANIZATION; verification ongoing, sources vary on impact and scope No ransom amount disclosed in post publicly SeeWriteHear headquartered in the UK; leak dated 2026-06-03 entry with no corroborating evidence publicly Moderators warn verify claims before public responses or reports 79 Cobalt Strike Beacon Detected – 117[.]72[.]39[.]83:30005 Cobalt Strike beacon detected; validate indicators promptly now.
Article RedPacket Security 2h 79 79 ?
Cobalt Strike Beacon Detected – 117[.]72[.]39[.]83:30005: an indicator-heavy alert with validation guidance and potential false positives
Beacon activity flagged for review CVE-like indicators point to http-get to /api/x from the host in traffic Investigate IP ownership and past incidents quickly Beijing Tianjin Hebei branch of Beijing Jingdong 360 Degree is listed in logs today Prepare guidance for DFIR teams and patching and remediation 79 Cobalt Strike Beacon Detected – 1[.]117[.]61[.]9:12306 Cobalt Strike beacon detected; indicators reveal targeted campaign.
Article RedPacket Security 2h 79 79 ?
Cobalt Strike Beacon Detected – 1.117.61.9:12306; indicators, IOs, and targeted infrastructure exposed
Beacon indicators identified in log lines Cobalt Strike beacon references, IOCs, and target infrastructure provided IOCs include feliz ICU domain and 1.117.61.9 Targeted HTTP GET/POST endpoints and DLL-host payloads named Reader guidance: validate indicators, patch, and monitor traffic 79 Cobalt Strike Beacon Detected – 143[.]92[.]43[.]246:8011 Beacon detected; validate IOC and pursue investigation now.
Article RedPacket Security 2h 79 79 ?
Cobalt Strike Beacon Detected – 143.92.43.246:8011 – Threat Indicator with HTTP GET/POST behavior
Beacon detected; validate IOC and pursue investigation now Indicator aligns with Cobalt Strike HTTP beacon patterns, warranting immediate IOC validation Patch exposure through affected tools and networks Review firewall rules for port 8011 exposure on 143.92.43.246 and related hosts in segment Defenders should tighten network segmentation and monitoring now 79 Chinese hackers use new Atlas RAT malware in European cyberattacks TA4922 broadens Europe reach with Atlas RAT tooling
Article BleepingComputer 3h 79 79 ?
TA4922 leverages Atlas RAT in European cyberattacks, Proofpoint notes
TA4922 widens its European reach. Atlas RAT provisions keylogging, screenshots, and data theft across multiple loaders globally. Proofpoint links to Silver Fox and Arachne. RomulusLoader, AnyDesk, and SyncFuture feature in the loader chain as observed in German campaigns. Threat actors claim financial motives with potential espionage use. 79 SAP Concur warns of rising fraud in Australian finance Fraud rises in accounts payable, SAP Concur warns
Article securitybrief.com.au 1h 79 79 ?
SAP Concur warns of rising fraud in Australian finance as survey reveals widespread losses and governance gaps
Fraud is rising in practice Manual checks leave gaps; AI tools could speed detection and control effectively Expenses above trend require heightened scrutiny today ACFE estimates five percent revenue loss to fraud annually, per 2026 report globally today Finance leaders must embed policy checks into workflows now 78 GoPhish Login Page Detected – 47[.]120[.]58[.]5:443 GoPhish login page detected; verify indicators immediately today.
Article RedPacket Security 1h 78 78 ?
GoPhish Login Page Detected at 47.120.58.5:443; validate indicators and assess impact now
GoPhish login page detected now IP 47.120.58.5 hosts the page; validation advised by security teams for verification Domain tebon.cloud linked to Alibaba/Aliyun in logs SSL shows TLS 1.3, certificate valid through 2026-08-19 but trust status needs independent validation Defenders should verify redirects and host integrity today immediately 77 GoPhish Login Page Detected – 145[.]253[.]106[.]125:443 Threat intel: phishing page at GoPhish host detected
Article RedPacket Security 1h 77 77 ?
GoPhish Login Page Detected – 145.253.106.125:443 (Threat Intel Brief)
Detected phish page on GoPhish Observed host 145.253.106.125:443 serving a GoPhish login UI via HTTP redirect login TLSv1.3 in use; certificate status uncertain today GoPhish observed in Germany under City Schutz GmbH infrastructure, openresty stack behind TLS termination Defenders should validate redirects and isolate affected hosts immediately 76 DentaQuest - 2,553,599 breached accounts 2.6M records exposed in DentaQuest breach today publicly
Article Have I Been Pwned 2h 76 76 ?
DentaQuest breach exposes 2.6 million records, including Medicaid IDs and PHI, per May 2026 update
ShinyHunters claim data leak publicly 2.6 million emails, names, and addresses appear in exposed files from May Medicaid IDs and health data included there DentaQuest reports incident limited to a portion of its network, investigation ongoing at time Change passwords and enable 2FA on all accounts immediately 76 Smashing Security podcast #470: This AI security flaw might be impossible to fix UK visa site leaked data; prompt injection may be unsolvable.
Twitter Graham Cluley 2h 76 76 ?
Smashing Security episode covers UK Visa Portal leak and unsolvable prompt injection concerns
UK data leak hits thousands UK Visa Portal exposed 100,000 documents; researchers warn Prompt injection may be unsolvable (Cornell paper) Vulnerability: insecure storage + misconfigured bucket; mitigation elusive Security takeaway: verify data pipelines and avoid over-trusting prompts 73 Critical RCE Flaws Fixed in Mautic Marketing Platform Mautic fixes critical RCE flaws; CVEs disclosed publicly
Twitter Daily CyberSecurity 41m 73 73 ?
Critical RCE Flaws Fixed in Mautic Marketing Platform; CVE-2026-9558 and CVE-2026-9559 details
Mautic platform patched for RCE Two CVEs linked to Twig injection and path traversal were addressed recently No exploit details disclosed in public report Remediation requires upgrading to patched Mautic versions and verifying Twig templates across all deployments Organizations should monitor for indicators of compromise after update 72 GoPhish Login Page Detected – 168[.]196[.]106[.]7:443 GoPhish login page detected; indicators point to phishing.
Article RedPacket Security 1h 72 72 ?
GoPhish Login Page Detected – 168.196.106.7:443
GoPhish page surfaced by scan. IP 168.196.106.7 shows login path redirecting to /login next in the flow. TLS 1.3 and nginx observed in use today Hostnames include educaeu.net.br and plish.educaeu.net.br under RedPacket Security Defenders should verify redirects and server configuration immediately internally 70 [INCRANSOM] – Ransomware Victim: CUSTOMSIGN Ransomware gang cites CUSTOMSIGN victim; data uncertain online.
Article RedPacket Security 35m 70 70 ?
INCRANSOM ransomware leak identifies CUSTOMSIGN as victim; limited verified details available as of publication.
Ransomware actor INCRANSOM targets CUSTOMSIGN Public page shows victim identity; no data exfiltration details confirmed yet publicly No ransom amount stated in leak publicly June 3, 2026 post cites Evansville, IN, as victim location of CUSTOMSIGN operations publicly Tactics suggest public disclosure to pressure negotiation, verify details 68 OpenAI and Anthropic Sign Letter to Prevent AI-Developed Biological Weapons Labs push DNA screening to curb AI-driven bioweapons.
Article Wired 43m 68 68 ?
OpenAI and Anthropic Sign Letter to Prevent AI-Developed Biological Weapons
OpenAI pushes stricter gene screening. Signatories warn AI-enabled DNA design could erode safeguards and trigger pandemics worldwide. Biotech firms support improved screening standards nationwide. Legislation proposed would require providers to screen customers and orders comprehensively across the sector. AI labs emphasize responsible use and risk controls now.