ThreatsDay Bulletin: Claude Chat Abuse, NastyC2 npm Packages, Device-Code Phishing + 25 More Stories

nsamag June 18, 2026

ThreatsDay Bulletin: Claude Chat Abuse, NastyC2 npm Packages, Device-Code Phishing + 25 More Stories — The internet did not break this week. It got used exact

threatsday-bulletin-claude-chat-abuse-nastyc2-npm-packages-device-code-phishing-

What’s new: Microsoft has made DNS-over-HTTPS (DoH) generally available on Windows Server 2025, enhancing privacy and security for DNS traffic. A cluster of deceptive Chrome extensions has been found hijacking user searches for monetization, posing privacy risks. A fileless macOS attack using ClickFix lures has been identified, delivering an AppleScript-based infostealer. Threat actors are abusing Anthropic Claude’s shared chat feature to distribute credential-stealing malware. A phishing campaign impersonating hotels via WhatsApp has emerged globally. AWS has introduced an AI-powered security agent, AWS Continuum, for managing code vulnerabilities. Cisco has updated its advisory on a critical privilege escalation flaw in Catalyst SD-WAN products, exploited since 2023. A malicious repository in a popular AI coding agent has been flagged for local code execution vulnerabilities. A new HTTP/2 vulnerability, CVE-2026-49975, is being exploited for reconnaissance. An exposed email server has been used as a phishing hub.

Who’s affected

Organizations using Windows Server 2025, Chrome users, macOS users, victims of phishing campaigns impersonating hotels, and users of AWS services are affected. Additionally, users of the Catalyst SD-WAN products and developers using the Cline AI coding agent are at risk.

What to do

  • Enable DNS-over-HTTPS on Windows Server 2025 to enhance DNS security.
  • Monitor and remove any suspicious Chrome extensions that may hijack search queries.
  • Educate macOS users about ClickFix lures and implement security measures against fileless attacks.
  • Be cautious of unsolicited messages on WhatsApp regarding hotel bookings and verify through official channels.
  • Utilize AWS Continuum for proactive vulnerability management in your code.
  • Apply patches for the Cisco Catalyst SD-WAN privilege escalation flaw immediately.
  • Review and secure any repositories used with AI coding agents to prevent unauthorized code execution.
  • Investigate and secure any exposed email servers to prevent phishing exploitation.

Sources

Related Posts:

More Stories

orphaned-ai-agents-how-to-find-hidden-access-risks-inside-your-network

Orphaned AI Agents: How to Find Hidden Access Risks Inside Your Network

nsamag June 18, 2026

The Top 10 Attack Surface Exposures in 2026

nsamag June 17, 2026

Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats

nsamag June 17, 2026

You may have missed

threatsday-bulletin-claude-chat-abuse-nastyc2-npm-packages-device-code-phishing-

ThreatsDay Bulletin: Claude Chat Abuse, NastyC2 npm Packages, Device-Code Phishing + 25 More Stories

nsamag June 18, 2026
orphaned-ai-agents-how-to-find-hidden-access-risks-inside-your-network

Orphaned AI Agents: How to Find Hidden Access Risks Inside Your Network

nsamag June 18, 2026

The Top 10 Attack Surface Exposures in 2026

nsamag June 17, 2026

Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats

nsamag June 17, 2026
malicious-jetbrains-plugins-steal-ai-api-keys-as-chrome-extensions-capture-chatb

Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats

nsamag June 17, 2026