Meta blocked NSO WhatsApp phishing after a $168M Pegasus ruling, exposing injunction violations and user risk.
Category: cybercrime/malcode
NFCShare Android malware spreads via fake banking app updates on GitHub
New variants of the NFCShare Android malware are being distributed as fake updates for legitimate banking apps hosted on GitHub.
The malware has evolved and is now targeting customers of multiple banks and financial institutions across Europe in a phishing campaign aimed at stealing payment card data.
After tricking victims with a fake verification screen to place the cards near the mobile device’s near-field communication (NFC) chip, NFCShare reads the information using Android’s IsoDep interface and EMV commands.
Over 20,000 Instagram accounts stolen in Meta AI support hack
Meta has revealed that 20,225 Instagram users had their accounts hijacked in a recent incident where attackers used Meta’s AI-powered support system to reset passwords.
As BleepingComputer reported one week ago, the threat actors exploited a flaw in the company’s High Touch Support (HTS) tool, an AI-assisted support system that helps users regain access after being locked out of their Instagram accounts.
By exploiting the fact that HTS didn’t verify whether email addresses were associated with the targeted Instagram accounts, they obtained password reset links that allowed them to log in and hijack accounts without two-factor authentication (2FA) enabled.
Claude is Self-Evolving?
In this episode, I break down Anthropic’s research on recursive self-improvement—AI systems that can design and train the next generation with less human help—and why the key battleground is “taste” (choosing goals and next steps). I compare this to evolutionary algorithms and newer examples like DeepMind’s AlphaEvolve, Sakana’s Darwin Gödel Machine, and Karpathy’s AutoResearch, then cover METR Task Horizon and how task length has been doubling. I go through Anthropic’s internal results (Claude writing most merged code, speedup experiments, bug fixes, and a study where models sometimes pick better research next steps), plus the main skepticism: bad productivity metrics, internal-only models, and Goodhart’s Law/reward hacking. I end with an open safety problem where Claude agents closed the gap far faster than humans, and what this means for specifying and checking work.
LINKS:
https://www.anthropic.com/institute/r… voice to text App: whryte.com Website: https://engineerprompt.ai/ RAG Beyond Basics Course: https://prompt-s-site.thinkific.com/c… Signup for Newsletter, localgpt: https://tally.so/r/3y9bb0 Let’s Connect: 🦾 Discord: / discord ☕ Buy me a Coffee: https://ko-fi.com/promptengineering |🔴 Patreon:
/ promptengineering 💼Consulting: https://calendly.com/engineerprompt/c… 📧 Business Contact: [email protected] Become Member: http://tinyurl.com/y5h28s6h 💻 Pre-configured localGPT VM: https://bit.ly/localGPT (use Code: PromptEngineering for 50% off). Signup for Newsletter, localgpt: https://tally.so/r/3y9bb0 TIMESTAMP: 00:00 Self Improvement Basics 01:30 Evolutionary Loops Today 03:50 Task Horizon Doubling 05:18 Claude Productivity Claims 08:11 Goodhart’s Law 10:30 Agents as Researchers 12:22 What It Means for You.
My voice to text App: whryte.com.
Website: https://engineerprompt.ai/
RAG Beyond Basics Course:
https://prompt-s-site.thinkific.com/c…
Signup for Newsletter, localgpt:
Let’s Connect:
☕ Buy me a Coffee: https://ko-fi.com/promptengineering.
|🔴 Patreon: / promptengineering.
💼Consulting: https://calendly.com/engineerprompt/c…
📧 Business Contact: [email protected].
Become Member: http://tinyurl.com/y5h28s6h.
💻 Pre-configured localGPT VM: https://bit.ly/localGPT (use Code: PromptEngineering for 50% off).
Signup for Newsletter, localgpt:
FIFA World Cup 2026 Scams Are Already Live: Fake Sites, Banking Malware, and Stolen Logins
Security researchers and the FBI are warning that a wave of FIFA-themed fraud is already hitting World Cup 2026 fans, days before the June 11 kickoff.
Recent reports describe thousands of lookalike FIFA domains, banking malware hidden inside pirate streaming apps, and at least one operation that copies FIFA’s login page well enough to take over real accounts.
It is an obvious target. More than six million fans are expected across 16 cities in the United States, Canada, and Mexico, and FIFA said it received more than 150 million ticket requests in the first 15 days, leaving the tournament around 30 times oversubscribed. Tickets are scarce, fans are anxious, and money is moving fast, which is exactly what fraud needs.
New IronWorm malware hits 36 packages in npm supply-chain attack
A new supply-chain attack has infected 36 packages on the Node Package Manager (npm) index with infostealer malware called IronWorm.
The malware targets 86 environment variables (key-value pairs) and 20 credential files that may contain OpenAI, AWS, Anthropic, and npm credentials, vault configuration files, SSH keys, and Exodus cryptocurrency wallet files.
According to researchers at supply-chain and devops company JFrog, IronWorm is written in Rust, hides behind an eBPF kernel rootkit, and communicates with the operator over the Tor network.
FlutterShell Backdoor Spreads to macOS via Malicious Google and YouTube Ads
Cybersecurity researchers have shed light on a macOS malvertising campaign codenamed Operation FlutterBridge that spreads a new backdoor called FlutterShell.
According to Palo Alto Networks Unit 42, the campaign is said to be the next stage of a previously reported activity cluster dubbed JSCoreRunner (aka FileRipple) in late August 2025. The cybercrime group behind the two attack chains is being tracked under the moniker CL-CRI-1089. The attackers are assessed to be active since at least 2023.
“Built using the Flutter framework, FlutterShell infects targets with adware via malicious desktop applications,” Unit 42 said. “In addition to its adware functionality, the payload possesses backdoor capabilities, including shell command execution and file system manipulation.”
50 Best Cybersecurity Keynote Speakers in the USA
IntroductionIf you are searching for the best cybersecurity keynote speakers in the USA, you already know the challenge. Most lists recycle the same handful of well-known names, without telling you which speaker actually fits your audience, your industry, or your budget. This directory changes that. Every person included has been selected based on substantive cybersecurity credentials, demonstrated speaking impact, and active contribution to the field in 2025 and 2026.The stakes have never been
Oracle WebLogic CVE-2024–21182 Added to KEV Catalog After Active Exploitation
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security flaw impacting Oracle WebLogic Server to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
The vulnerability, CVE-2024–21182 (CVSS score: 7.5), allows an unauthenticated attacker with network access to take control of susceptible servers. It was patched by Oracle in July 2024.
“Oracle WebLogic contains an unspecified vulnerability that could allow an unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server,” CISA said.
Over 116,000 Minecraft systems infected in WeedHack malware campaign
A large-scale malware campaign dubbed WeedHack is targeting Minecraft players and has infected more than 116,000 systems since January.
The malware is distributed through Minecraft-related malicious mods, clients, cheats, and utilities that are promoted over YouTube and SEO (search engine optimization) poisoning.
WeedHack works as a malware-as-a-service (MaaS) infostealer operation that offers a dashboard for customers to see stolen credentials and information on compromised systems.