This roundup shows how attackers are abusing trusted platforms, browser extensions, AI chat features, OAuth flows, and developer tools to deliver malware, steal credentials, and stage phishing campaigns. It also highlights major security developments such as Windows Server 2025 DoH, a Cisco SD-WAN zero-day exploited by UAT-8616, and supply chain threats involving npm packages and the Shai-Hulud worm. #WindowsServer2025 #UAT8616 #Cline #Claude #Conti #ShaiHulud #PhantomStealer #OnionDrop #MacSync #MeowDEBUG #AsynRAT #OnyxC2 #CVE202620127 #CVE202649975
Keypoints
- DoH is now generally available on Windows Server 2025 for encrypted DNS traffic.
- Deceptive Chrome extensions hijacked searches and routed users through monetization brokers.
- A fileless macOS ClickFix chain delivered the Meow (DEBUG) infostealer in memory.
- Claude shared chat abuse and Google Ads were used to spread MacSync malware.
- Threat actors abused npm, Steam Workshop, and AI coding tools to deploy loaders, stealers, and backdoors.
Read More: https://thehackernews.com/2026/06/threatsday-bulletin-claude-chat-abuse.html