June 25, 2026 by sig9

Hacker Wars - June 25, 2026

bulletin-feature-image

Your daily dose of infosec chaos

Today’s batch features malware that actively fights the AI trying to analyze it, a 10-million-strong browser extension with a nasty secret, and Microsoft quietly handing Windows 10 another year of life. The machines are getting chatty, and not in a good way.

Gaslight macOS Malware Tries to Con AI Analysis Tools

A new macOS malware strain dubbed “Gaslight” hides prompt-injection strings and bogus debug output inside its executable, specifically to trip up AI-assisted reverse engineering tools. Translation: it’s the first real wave of malware written to defeat the very automation defenders now lean on.

What to do: Don’t treat AI tooling as ground truth. Cross-check automated verdicts with traditional static and dynamic analysis, and keep humans in the loop for anything fishy.

Chrome Ad Blocker With 10M Installs Hides Script Injection Backdoor

A “Featured” Chrome extension for blocking YouTube ads, riding on over 10 million installs, was found carrying a dormant capability to execute arbitrary JavaScript on any page you visit. A security tool millions trust, quietly sitting on a remote-controlled payload.

What to do: Audit your browser extensions and strip out anything non-essential. Treat extensions as privileged code, review their permissions, and watch for suspicious updates.

Russian APT Gamaredon Sharpens Its Toolkit and Server Evasion

The FSB-linked Gamaredon group has noticeably leveled up its malware loaders and command-and-control hiding tricks. The crew mainly stalks Ukraine, but its tooling has a habit of leaking into broader cybercrime circulation over time.

What to do: Refresh threat-intel feeds and IOCs for Gamaredon, and tune detection rules for novel loader behavior. If you operate in or near Eastern European sectors, dial up your baseline alertness.

Bluekit Phishing Kit Adds Browser-In-The-Middle to Beat MFA

The Bluekit phishing-as-a-service operation spun up nearly 70 fresh hostnames in a week and bolted on browser-in-the-middle capabilities, letting attackers proxy live sessions and glide past MFA like it isn’t there. Phishing kits are now full-blown SaaS products.

What to do: Go beyond SMS and push MFA - favor FIDO2 hardware keys or number-matching prompts. Remind users that no legitimate service ever asks you to type an MFA code into a webpage.

Microsoft Quietly Extends Free Windows 10 Updates to October 2027

Microsoft silently tacked another year onto its free Windows 10 Extended Security Updates for consumers, now running through October 2027. The migration deadline everyone panicked about just got softer - but don’t mistake breathing room for an actual plan.

What to do: Don’t stall your Windows 11 roadmap. Use the extension as a safety net for stragglers, not an excuse to stop planning the move.

That’s the chaos for today. Stay sharp out there.

Brought to you by sig9 - sig9.ch | Protecting the unseen, securing the unknown

This bulletin is provided for informational purposes. Contact us for tailored security analysis.