Check Point, Katana, and Hades Cluster: VPN bypass, USB attack, PyPI malware

Researcher discovers that Creative Katana V2X speakers can be turned into covert BadUSB devices via their USB‑connected speaker, allowing attackers within ~15 m to inject commands and exfiltrate data without pairing. The flaw stems from a static authentication key and firmware update protocol, turning the speaker into a rubber‑ducky‑style attack vector.

Researcher vladko312 releases a detailed write‑up and working payloads for the Twig sandbox bypass CVE‑2026‑46640, including error‑based, time‑based blind, and boolean‑based techniques. The gist also outlines the associated SSTImap module and notes on the related CVE‑2026‑46633.

Check Point released a security advisory and hotfix for CVE‑2026‑50751, a critical authentication‑bypass flaw in its Remote Access and Mobile Access VPNs using deprecated IKEv1. The vulnerability has been actively exploited in the wild, with a Qilin ransomware affiliate observed using it to gain initial access.

Researchers at Socket reported the Hades Cluster campaign, where attackers hijacked 19 scientific and deep‑learning PyPI packages and injected malicious *.pth startup‑hook files. The payload installs the Bun runtime to steal developer credentials, cloud tokens, and GitHub/NPM secrets whenever Python starts. Treat any install of the listed packages as compromised.

Volexity reports that the China‑linked threat actor VerdantBamboo (aka WARP PANDA) compromised a Managed Services Provider's pfSense firewall, installing a BSD‑compatible Brickstorm backdoor along with PLENET/GRIMBOLT and AGENTPSD tools to target Linux appliances. The intrusion had persisted for at least 18 months, enabling proxy access to the victim’s network and Microsoft 365 services.

Google Mandiant identified UNC3753, a financially motivated group, using voice‑phishing (vishing) and on‑site impersonation to infiltrate U.S. legal and financial firms from Jan‑May 2026. After gaining remote RMM access, attackers sometimes entered offices as fake IT staff to copy data onto USB drives, then extorted victims.

A joint effort called ‘Disruption Week’, involving the U.S. Department of Justice, Thai police and companies like Apple, Google and Coinbase, disabled over 1.4 million social‑media, Microsoft and Starlink accounts tied to fraud compounds in Cambodia, Laos and Burma. The operation also froze $3.8 million in crypto assets and led to dozens of arrests.

Health‑tech wearable maker Ultrahuman revealed that hackers accessed an internal analytics system, leaking contact details, account info, transaction history, and some fitness data for about 700 users (≈0.1% of its base). Passwords and payment information remained secure.

Oxford University’s CareerConnect platform was hacked on May 28, exposing users’ names, email addresses and, for non‑SSO accounts, encrypted passwords. The third‑party provider GTI fixed the vulnerability and forced password resets, while the university assures no course, financial or file data were compromised.

The paper proposes using variational autoencoders to generate realistic malware variants, augmenting scarce training data for machine‑learning detectors such as Random Forest, XGBoost, and sequential models. Evaluations show notable improvements in accuracy, precision, recall, and F1 scores, illustrating generative AI’s promise for proactive malware defense.

EDRChoker exploits Windows' policy‑based Quality of Service to impose hard outbound bandwidth caps on Endpoint Detection and Response agents, causing their telemetry streams to time out and effectively disabling the agents. The technique avoids firewall or WFP rules, offering a stealthier evasion path for red teams.

Microsoft’s VS Code 1.123 release introduces a built‑in two‑hour delay before extensions are auto‑updated when automatic updates are enabled. The pause gives developers time to detect malicious or broken releases, reducing the risk of software supply‑chain attacks.