Security news.
Today's cybersecurity news highlights significant disruptions to malicious infrastructure and the emergence of new sophisticated malware. A major residential proxy network, NetNut, has been dismantled, cutting off access for millions of compromised devices, while a new modular malware framework, Avalon, has been discovered packing ransomware capabilities.
New Avalon Malware Framework Packs CrownX Ransomware
Researchers have uncovered Avalon, a modular malware framework distributed via multi-stage phishing, combining credential collection, lateral movement, remote access, recovery disruption, and ransomware execution.
NetNut Proxy Network Disrupted, 2 Million Infected Devices Cut Off
A joint operation, including Google and the FBI, has disrupted NetNut, a residential proxy network that provided access to millions of compromised Android devices, including smart TVs and streaming boxes.
North Korea-Linked npm Packages Steal Developer Secrets
Threat actors tied to North Korea are using new malicious npm packages, "rollup-packages-polyfill-core" and "rollup-runtime-polyfill-core," to mimic legitimate Rollup polyfill tooling for remote access and data theft.
Medtronic Data Breach Impacts 3.8 Million People
In April, the ShinyHunters group accessed Medtronic's corporate IT systems, stealing personal and medical information belonging to 3.8 million individuals.
Agentic AI Used to Conduct Ransomware Attack via Langflow
A recent attack demonstrated how LLM agents can combine known exploitation techniques with real-time reasoning to automate complex, multi-stage ransomware intrusions.
Critical Cursor AI Code Editor Flaws Lead to RCE
The "DuneSlide" vulnerabilities in Cursor AI Code Editor allow zero-click prompt injection attacks to escape the sandbox and execute arbitrary code on the underlying operating system.
CISA: Microsoft SharePoint RCE Flaw Actively Exploited
CISA has warned that attackers are actively exploiting a high-severity Microsoft SharePoint remote code execution vulnerability (CVE-2026-45659) that was patched in May.
Cisco Confirms Exploitation of Unified CM Flaw
Cisco has confirmed that attackers are actively exploiting a Unified Communications Manager (Unified CM) vulnerability that was patched in early June.