In this week’s news: Jason Haddix releases the Arcanum Prompt Injection Taxonomy,  the RondoDox botnet is exploiting the critical React2Shell, Covenant Health suffered a ransomware attack by the Qilin group, phishing campaign abusing Google Cloud Application Integration, IBM addressed a critical API Connect vulnerability, ShinyHunters has claimed responsibility for breaching Resecurity,Two U.S. cybersecurity professionals pleaded guilty to charges tied to their roles in BlackCat/Alphv and new cybercrime tool called ErrTraffic allows threat actors to automate ClickFix attacks by generating 'fake glitches' on compromised websites

Subscribe to this newsletter

ShinyHunters has claimed responsibility for breaching Resecurity, a US-based cybersecurity company headquartered in Los Angeles. The screenshots shared by the hackers were analysed by Hackread.com, showing content which, according to Resecurity, originated from a honeypot environment containing only synthetic and inactionable data.
https://hackread.com/shinyhunters-breach-us-cybersecurity-resecurity-firm/

Two U.S. cybersecurity professionals pleaded guilty to charges tied to their roles in BlackCat/Alphv ransomware attacks. Court records show Ryan Goldberg, Kevin Martin, and a co-conspirator deployed ALPHV BlackCat ransomware against U.S. victims from April to December 2023, sharing 20% of ransoms with operators. Despite working in cybersecurity, they extorted about $1.2M in Bitcoin from one victim, split the proceeds, and laundered the funds.
https://securityaffairs.com/186446/cyber-crime/two-u-s-cybersecurity-professionals-plead-guilty-in-blackcat-alphv-ransomware-case.html

Check Point researchers have revealed a phishing campaign that abuses Google Cloud Application Integration to send emails impersonating legitimate Google messages. The attack uses layered redirection with trusted cloud services, user validation checks, and brand impersonation to evade detection and increase phishing success. The experts observed nearly 9,400 emails targeting approximately 3,200 customers over a two-week period. The messages were sent from the legitimate Google address noreply-application-integration@google.com, significantly increasing the likelihood of reaching end users’ inboxes:
https://securityaffairs.com/186425/cyber-crime/phishing-campaign-abuses-google-cloud-application-to-impersonate-legitimate-google-emails.html

IBM addressed a critical API Connect vulnerability, tracked as CVE-2025-13915 (CVSS score of 9.8) that allows remote access via an authentication bypass. API Connect is IBM’s API management platform. It’s used by organizations to create, secure, manage, publish, and monitor APIs across their environments. The vulnerability is a potential authentication bypass in IBM API Connect that was discovered during internal testing.
https://securityaffairs.com/186417/security/ibm-warns-of-critical-api-connect-bug-enabling-remote-access.html

The decentralized intellectual property platform Unleash Protocol has lost around $3.9 million worth of cryptocurrency after someone executed an unauthorized contract upgrade that allowed asset withdrawals. According to the team behind the blockchain project, the attacker obtained enough signing power to act as an administrator of Unleash’s multisig governance system.
https://www.bleepingcomputer.com/news/security/hackers-drain-39m-from-unleash-protocol-after-multisig-hijack/

CloudSEK researchers warn that the RondoDox botnet is exploiting the critical React2Shell flaw (CVE-2025-55182) to drop malware and cryptominers on vulnerable Next.js servers.
https://securityaffairs.com/186386/uncategorized/react2shell-under-attack-rondodox-botnet-spreads-miners-and-malware.html

Covenant Health suffered a ransomware attack by the Qilin group in May 2025, compromising data of over 478,000 individuals, the healthcare organization is notifying customers that their personal and health information may have been compromised as a result of the cyber attack that occurred on May 18, 2025:
https://securityaffairs.com/186439/data-breach/covenant-health-data-breach-after-ransomware-attack-impacted-over-478000-people.html

Over 10,000 Fortinet firewalls are still exposed online and vulnerable to ongoing attacks exploiting a five-year-old critical two-factor authentication (2FA) bypass vulnerability. Fortinet released FortiOS versions 6.4.1, 6.2.4, and 6.0.10 in July 2020 to address this flaw (tracked as CVE-2020-12812) and advised admins who couldn't immediately patch to turn off username-case-sensitivity to block 2FA bypass attempts targeting their devices.
https://www.bleepingcomputer.com/news/security/over-10-000-fortinet-firewalls-exposed-to-ongoing-2fa-bypass-attacks/

A fourth wave of the "GlassWorm" campaign is targeting macOS developers with malicious VSCode/OpenVSX extensions that deliver trojanized versions of crypto wallet applications. Extensions in the OpenVSX registry and the Microsoft Visual Studio Marketplace expand the capabilities of a VS Code-compatible editor by adding features and productivity enhancements in the form of development tools, language support, or themes.
https://www.bleepingcomputer.com/news/security/new-glassworm-malware-wave-targets-macs-with-trojanized-crypto-wallets/

A new cybercrime tool called ErrTraffic allows threat actors to automate ClickFix attacks by generating 'fake glitches' on compromised websites to lure users into downloading payloads or following malicious instructions. The platform promises conversion rates as high as 60% and can determine the target system to deliver compatible payloads.
https://www.bleepingcomputer.com/news/security/new-errtraffic-service-enables-clickfix-attacks-via-fake-browser-glitches/

Jason Haddix releases the Arcanum Prompt Injection Taxonomy - a comprehensive, open-source classification system for prompt injection attacks against Large Language Models.
https://arcanum-sec.github.io/arc_pi_taxonomy/

Raymond DePalma has created an AI-powered security training with 40+ labs, CTF challenges, and realistic DFIR datasets to Learn ML threat detection, LLM analysis, adversarial ML, cloud security, and digital forensics:
https://github.com/depalmar/ai_for_the_win