Laser Wallet Hack, $5M Seed Theft, SYSTEM via Defender
Ledger’s Donjon team showed a laser pulse can force a Tangem wallet card into recovery mode, letting an attacker set any password and seize the funds. The exploit requires physical access and a costly lab setup, and because Tangem cards can’t receive firmware updates, the flaw is permanent for every card sold.
Wiz researchers uncovered GhostApproval, a symlink‑based vulnerability affecting Amazon Q, Anthropic Claude, Augment, Cursor, Google Antigravity and Windsurf. A malicious repo can trick the assistant into editing arbitrary system files while the user sees a harmless path, enabling remote code execution on the developer’s machine. Vendors have fixed three tools, others remain vulnerable.
CVE-2026-50656, dubbed "RoguePlanet," lets a low‑privileged user spawn a SYSTEM‑level command shell via a race condition in Microsoft Defender's scanning engine. The flaw works even with real‑time protection on, and no official patch was released as of late June 2026.
Coinspect disclosed the ‘Ill Bloom’ flaw, weak randomness in recovery‑phrase generation, that leaves thousands of software wallets across Bitcoin, Ethereum, Polygon, Tron and others exposed. Since May 27, attackers have siphoned at least $5 million, compromising 431 of the 2,114 vulnerable addresses. Users must generate a fresh wallet with a trusted seed source; hardware wallets remain safe.
An open server left by a Chinese‑linked cybercrime group leaked 800 MB of tools, logs and a target list of over 1.4 million WordPress sites. Analysis shows more than 5,700 live webshell backdoors and weaponization of 27 CVEs, confirming WP‑Shellstorm as a large‑scale access‑brokerage operation. Researchers warn the compromised sites are now at risk of resale and further attacks.
Microsoft uncovered GigaWiper, a Golang backdoor that lets attackers pick between a physical disk wiper, a fake ransomware encryptor, and a FlockWiper-derived scrubber. By bundling three legacy tools into one implant, the group gains on‑demand destructive power while keeping a minimal footprint. Defenders must watch for its multi‑stage C2 commands and the distinctive Go binary traits.
Researchers uncovered that the actor Lurking Lizard distributes trojanized 7‑Zip installers from over 230 look‑alike domains, silently enrolling victims’ computers as residential proxy servers. The illicit proxy network fuels paid services, hijacking home bandwidth and exposing users to legal and privacy risks.
China-linked Silver Fox has deployed MODBEACON, a Rust‑based RAT that tunnels encrypted C2 over gRPC streaming, reusing Xray/V2Ray transport code. The design makes network traffic blend with legitimate CDN traffic, complicating detection and giving the group a more resilient ransomware‑as‑a‑service capability.
The Supreme Court’s Chatrie decision, which now requires a warrant for cell‑phone location searches, may soon apply to automated license‑plate readers (ALPR). Legal experts warn that extending the ruling would force police to obtain warrants before probing billions of captured plates, curbing a key surveillance tool.
Subscribe free