Attackers are still winning with low-effort tactics like stale credentials, fake updates, trusted app abuse, and phishing hidden inside routine workflows. This roundup also covers new flaws in curl and Hoppscotch, proxyware found in LG and Samsung smart TV apps, and campaigns using Microsoft Teams, ClickFix, BitB, and Browser-in-the-Browser to deliver malware and steal data. #curl #Hoppscotch #LGwebOS #SamsungTizen #Edgecution #ScatteredSpider #REDCap #UNC6508 #AMOS #Odyssey #PayoutsKing
Keypoints
- Cloudflare, Google Chrome, Microsoft Edge, and Mozilla Firefox are backing PACT for privacy-preserving bot detection.
- Six curl vulnerabilities were disclosed and fixed in curl 8.21.0.
- A critical Hoppscotch flaw can let unauthenticated attackers take over self-hosted servers and persist after password resets.
- LG and Samsung smart TV apps were found to contain proxyware that can relay third-party traffic through residential connections.
- Attackers used Microsoft Teams, ClickFix, and BitB lures to deliver malware, steal credentials, and gain host access.
Read More: https://thehackernews.com/2026/06/threatsday-bulletin-smart-tv-proxyware.html