ThreatsDay Bulletin: Claude Chat Abuse, NastyC2 npm Packages, Device-Code Phishing + 25 More Stories

nsamag June 18, 2026

Claude chat abused to spread malware, NastyC2 npm packages, device-code phishing, DoH on Windows Server 2025, and 25 more security stories.

orphaned-ai-agents-how-to-find-hidden-access-risks-inside-your-network

What’s new: Microsoft has made DNS-over-HTTPS (DoH) generally available on Windows Server 2025, enhancing privacy and security for DNS traffic. A cluster of deceptive Chrome extensions has been identified that hijack search queries for monetization, posing privacy risks and potential for malicious content injection. A fileless macOS attack chain has been reported, utilizing AppleScript to deliver credential-stealing malware without leaving traces on disk. Threat actors have exploited Anthropic Claude’s chat feature to distribute malware, affecting over 2,000 victims, primarily in the Asia-Pacific region. A phishing campaign impersonating hotels via WhatsApp has emerged globally, using real booking information to deceive users. AWS has introduced an AI-powered security agent, AWS Continuum, to manage code vulnerabilities. Cisco has updated its advisory on a critical privilege escalation flaw in its SD-WAN products, exploited since 2023. A malicious repository in a popular AI coding agent has been found to bypass security measures, allowing code execution under developer accounts. A new HTTP/2 vulnerability has been discovered, enabling denial-of-service attacks. An exposed email server has been used as a phishing hub, targeting users with a fake survey.

Who’s affected

Users of Windows Server 2025, Chrome browser users, macOS users, victims of phishing scams via WhatsApp, and developers using the Cline AI coding agent are among those affected. Organizations using Cisco SD-WAN products and those exposed to HTTP/2 vulnerabilities are also at risk.

What to do

  • Implement DNS-over-HTTPS on Windows Server 2025 to enhance DNS traffic security.
  • Monitor and remove any suspicious Chrome extensions that may hijack search queries.
  • Educate macOS users about the risks of fileless malware and encourage caution with downloads.
  • Advise users to verify the authenticity of hotel bookings received via WhatsApp.
  • Deploy AWS Continuum to manage and remediate code vulnerabilities effectively.
  • Apply Cisco’s security updates for SD-WAN products to mitigate the privilege escalation flaw.
  • Review and secure any AI coding agents in use to prevent unauthorized code execution.
  • Patch systems vulnerable to the HTTP/2 Bomb exploit and monitor for unusual traffic patterns.

Sources

Related Posts:

More Stories

threatsday-bulletin-claude-chat-abuse-nastyc2-npm-packages-device-code-phishing-

ThreatsDay Bulletin: Claude Chat Abuse, NastyC2 npm Packages, Device-Code Phishing + 25 More Stories

nsamag June 18, 2026
orphaned-ai-agents-how-to-find-hidden-access-risks-inside-your-network

Orphaned AI Agents: How to Find Hidden Access Risks Inside Your Network

nsamag June 18, 2026
orphaned-ai-agents-how-to-find-hidden-access-risks-inside-your-network

The Top 10 Attack Surface Exposures in 2026

nsamag June 17, 2026

You may have missed

orphaned-ai-agents-how-to-find-hidden-access-risks-inside-your-network

ThreatsDay Bulletin: Claude Chat Abuse, NastyC2 npm Packages, Device-Code Phishing + 25 More Stories

nsamag June 18, 2026
threatsday-bulletin-claude-chat-abuse-nastyc2-npm-packages-device-code-phishing-

ThreatsDay Bulletin: Claude Chat Abuse, NastyC2 npm Packages, Device-Code Phishing + 25 More Stories

nsamag June 18, 2026
orphaned-ai-agents-how-to-find-hidden-access-risks-inside-your-network

Orphaned AI Agents: How to Find Hidden Access Risks Inside Your Network

nsamag June 18, 2026
orphaned-ai-agents-how-to-find-hidden-access-risks-inside-your-network

The Top 10 Attack Surface Exposures in 2026

nsamag June 17, 2026
orphaned-ai-agents-how-to-find-hidden-access-risks-inside-your-network

Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats

nsamag June 17, 2026