A newly released cybersecurity bulletin has brought together several significant security developments from across the technology landscape, highlighting how cyber threats continue to evolve through the misuse of trusted software, browser technologies, outdated credentials, and artificial intelligence. Among the notable announcements, Cloudflare introduced a new privacy focused initiative developed in collaboration with Google Chrome, Microsoft Edge, and Mozilla Firefox. The new Private Access Control Tokens protocol is designed to help websites distinguish legitimate human visitors from automated traffic while protecting user privacy. Instead of relying on traditional CAPTCHA systems or invasive tracking methods, websites can issue anonymous tokens that verify a browsing session belongs to a human without exposing personal browsing history. At the same time, researchers from AISLE disclosed six vulnerabilities affecting curl, one of the world’s most widely used networking libraries. The flaws range from memory management issues to connection validation problems. One of the most notable vulnerabilities, identified as CVE 2026 8932, has existed since curl version 7.7 released in March 2001, making it the oldest reported vulnerability affecting the software. The issue has now been addressed in curl version 8.21.0. Another major disclosure involved the open source API platform Hoppscotch, where researchers identified a maximum severity vulnerability tracked as CVE 2026 50160. The flaw allows unauthenticated attackers to overwrite authentication keys and potentially gain complete and persistent control over self hosted installations through a single malicious request. Developers have fixed the issue in hoppscotch backend version 2026.5.0.
The bulletin also highlighted growing concerns surrounding internet connected consumer devices and browser based attack techniques. Spur Intelligence reported that more than one third of over 6,000 LG webOS and Samsung Tizen applications examined contained residential proxy software capable of routing third party internet traffic through users’ home networks after obtaining consent. Researchers warned that many users may not fully understand the implications of allowing their television to participate in proxy networks, particularly because smart televisions often remain connected to home networks for years without regular security reviews. Bright Data, Massive, and Oxylabs were identified as the leading providers of these proxy software development kits. Meanwhile, Zscaler ThreatLabz documented a new attack associated with a Payouts King ransomware linked initial access broker that impersonates information technology personnel through Microsoft Teams conversations. The campaign delivers a malicious Microsoft Edge browser extension known as Edgecution, which abuses Chrome’s native messaging protocol to communicate with a Python based backdoor capable of collecting system information, accessing files, executing commands, and maintaining remote control of compromised systems. Researchers noted that the extension operates invisibly within a headless Microsoft Edge browser, making detection significantly more difficult. Google also expanded password reset notifications within Google Workspace so administrators now receive alerts whenever any privileged administrator account resets its password instead of only monitoring Super Admin accounts.
Researchers further reported that legacy credentials continue to create opportunities for cybercriminals. Competitive intelligence company Klue confirmed that credentials issued during a limited pilot project in 2022 were later exploited by the Icarus extortion group to access Salesforce related customer information involving several cybersecurity companies. NCC Group also observed increasing overlap between financially motivated cybercrime groups and state sponsored threat actors, explaining that both sides are increasingly sharing infrastructure, tools, and operational methods, making attribution more challenging. Additional phishing activity was identified by Fortra, which found attackers abusing Microsoft 365 collaboration features such as Outlook Groups and shared calendars to disguise malicious activity as routine workplace communication. Palo Alto Networks Unit 42 separately documented a new ClickFix campaign targeting macOS users by convincing victims to paste malicious commands into Terminal before downloading an information stealing malware variant capable of harvesting browser data, cryptocurrency wallet information, messaging application content, Keychain credentials, and system passwords. Another Unit 42 investigation detailed a Browser in the Browser phishing campaign that impersonates well known software brands through fake software update messages designed to deliver malware. Sophos also reported increased discussion of artificial intelligence across cybercriminal communities, where attackers are advertising AI powered malware, stolen API keys, jailbreak techniques, prompt engineering services, and tools designed to process stolen information more efficiently, although some criminals have expressed concerns about AI changing the economics of cybercrime.
The bulletin also covered several law enforcement and research developments. Two members of the Scattered Spider cybercrime group were convicted in the United Kingdom for their involvement in the 2024 cyber attack against Transport for London, which resulted in financial losses estimated at 38.2 million dollars. In another international case, Algerian national Abdellah Belmili was extradited from Spain to the United States over allegations related to operating cybercrime marketplaces and developing phishing kits targeting financial institutions. Censys researchers identified more than 8,500 internet facing REDCap servers worldwide, following previous findings that Chinese linked threat actors had targeted vulnerable research institutions through exposed REDCap systems. Human Rights Watch also reported that Bulgaria based surveillance technology company Circles received export licenses for surveillance technology intended for several countries, raising concerns regarding oversight of European Union export controls. Together, these developments demonstrate how cyber risks continue to emerge from multiple directions, including software vulnerabilities, browser abuse, phishing operations, connected consumer devices, artificial intelligence, and weaknesses within trusted digital infrastructure.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
