Risky Bulletin: Microsoft disrupts StegoAd operation

Written by

Catalin Cimpanu

News Editor

This newsletter is brought to you by Corelight. You can subscribe to an audio version of this newsletter as a podcast by searching for "Risky Business" in your podcatcher or subscribing via this RSS feed. You can also add the Risky Business newsletter as a Preferred Source to your Google search results by going here.

Microsoft's security team has removed 119 malicious Edge extensions from the official Microsoft Edge Add-ons store that were part of a coordinated operation that sought to steal user credentials, backdoor browsers, and engage in advertising and search affiliate fraud.

The extensions were published through 90+ different developer accounts but shared infrastructure, parts of their codebase, and heavily relied on steganography to hide malicious commands and code.

The StegoAd operation, as Microsoft called it, also had Chrome and Firefox extensions under its umbrella.

All the extensions that were part of this op delivered genuine functionality but deployed malicious payloads three to five days after they were initially installed.

Microsoft says the threat actor behind StegoAd has been active since at least 2021. The group successfully ported the extensions from the old Manifest V2 standard to the new Manifest V3, despite the latter being specifically designed to boost extension security features.

The company's security team described the StegoAd operators as sophisticated and technically advanced, often adding and upgrading evasion and C2 techniques to stay undetected from the security teams of major browser makers.

More than 2.6 million users are believed to have downloaded the group's extensions, but Microsoft didn't say if this covered all users or if the number was only for Edge. Given that the operation's age and its sprawl across different browser ecosystems, the real number is likely much higher.

The list of malicious StegoAd extensions includes the likes of ad blockers, color pickers, AI tools, video downloaders, internet bandwidth optimization tools, weather apps, PDF editing tools, and many more. The full list of 119 malicious extensions is included in this report [PDF], in case you want to confirm you installed something naughty and make yourself cry while you change all your passwords.

Risky Business Podcasts

The main Risky Business podcast is now on YouTube with video versions of our recent episodes. Below is our latest weekly show with Pat, James, and special guest co-host Rob Joyce at the helm! Rob served as an advisor to Donald Trump during his first term as president and also served at NSA for 34 years. While at the agency, Joyce led Tailored Access Operations (TAO), and later became NSA’s Director of Cybersecurity.

Breaches, hacks, and security incidents

Hacktivists protest age-verification laws: Hacktivists have defaced a Malaysian government portal to protest its planned internet access age-verification laws. [Wayback Machine]

Klue victim list grows: The number of companies impacted by the Klue security breach has considerably expanded over the past week and is now close to 20. New names include 8×8, Blackbaud, BeyondTrust, Camunda, Cresta, Deel, Lucanet, Link11, Pendo, and Tines. These add on top of existing victims such as Huntress, Recorded Future, Snyk, Jamf, Tanium, Sprout Social, Gong, and Insurity. Klue disclosed a security breach on June 22. Hackers breached its network and stole OAuth tokens from customers accounts and then accessed their Salesforce integrations to steal sensitive data. [SecurityWeek]

SecondFi crypto-heist: Hackers have exploited a bug in the SecondFi cryptocurrency platform to steal more than $2.4 million of customer assets. SecondFi has traced the root cause of the exploit to its web wallet generation software. The company has placed its trading platform in maintenance mode while it replaces the software and promised to refund all affected users. [SecondFi // EMURGO]

General tech and privacy

Telega shuts down: The Telega service that allowed Russians to bypass the state's Telegram ban is shutting down on July 1. The app says it's become impossible to continue operating after Apple removed its app from the App Store and after Cloudflare and GlobalSign took down parts of its infrastructure. Telega gained popularity last year after the Russian government started throttling and then blocking Telegram traffic. The app has been accused of hiding secret ties to Russian tech firm VK and using a design that allows it to intercept a Telegram user's communications. [UA.News // Meduza // Meduza]

Italy investigates Microsoft for price hike: The Italian antitrust regulator has launched an investigation into Microsoft for unfair practices. The AGCM has accused the company of forcibly integrating its Copilot AI agent in Microsoft 365 and using the addition as a reason to increase prices. The agency says Microsoft failed to notify customers and automatically moved to more expensive plans without their consent. [AGCM]

MCP changes: The Model Context Protocol (MCP) will transition to a new version on July 28. Akamai has a breakdown of what's changing. [Akamai]

AMD reinstates TSME: Chipmaker AMD is reinstating a security feature for its low-end CPUs following intense public outcry from consumers. The Transparent Secure Memory Encryption will be re-added to Ryzen chips in a firmware update next month. The feature was designed to protect a CPU's memory in the case of cold boot attacks. AMD disabled the feature in Ryzen chips this year and only made it available for the Pro versions of CPUs going forward. [ArsTechnica]

npm to lock high-profile users on account changes: GitHub has added a new security feature to protect high-value npm accounts. The company will lock user profiles for three days every time the account changes its email or uses a 2FA recovery code. GitHub will also send a security alert to that account's previous email address. The new feature is designed to alert maintainers of high-impact projects when their accounts get hijacked. During the lockout phase, the accounts won't be able to publish new versions, change tokens, or modify a team's membership. [GitHub]

Government, politics, and policy

Russia considers throttling games and social media: Some Russian lawmakers are pushing for authorities to throttle traffic to video games and social media as a way to protect kids from online harms. [GovoritMoskva]

Israel blocks AI use in hospitals: The Israeli Health Ministry has blocked access to AI services from hospital networks. The measure is designed to prevent staff from uploading sensitive healthcare information to foreign AI services. Access has been blocked to tools like ChatGPT, Gemini, and Claude. [N12 News] [h/t Amitai Ziv]

White House app shoved down everyone's throat: The US government's IT staff has forcibly installed the White House's new official app on the phones of all federal workers. Government employees reported the app auto-installing itself moments after it was deleted. The app's main functionality is to broadcast news from the White House social feeds, most of which are political attacks and Trump propaganda. [WIRED]

US tells OpenAI to limit access to next AI model release: The US government has asked OpenAI to restrict access to its upcoming GPT 5.6 model. OpenAI will have to provide preview access to a number of government-approved partners to test the model before general availability. White House officials cited concerns over the model's advanced cybersecurity capabilities. [The Information // The Verge]

US partially lifts Mythos ban: The US government has partially lifted a ban on Anthropic's Mythos 5 AI model. The Department of Commerce will allow Anthropic to release the model to around 100 American organizations involved in defending critical infrastructure. The ban on the Fable 5 model remains in place. Mythos 5 remains restricted to foreign customers. The US restricted foreign access to both of Anthropic's models on June 12. [Semafor]

US Secret Service had major OpSec fails: US Secret Service agents have repeatedly made operational security mistakes that have put protected US officials at risk. Agents have often used their personal smartphones for work-related tasks because government-issued devices have severe limitations. A DHS Inspector General report has found that agents took personal phones on work trips, used them as WiFi hotspots, and as ways to send emails, photos, and other official communications. Even when they used government-issued phones, the devices often lacked security controls, were unmanaged, or installed apps with known vulnerabilities. [DHS OIG, PDF]

US introduces age-verification bill: A renowned anti-porn Indiana senator has introduced the Safety and Age Filtering Enforcement for Kids Act of 2026, a bill to introduce age verification checks on all adult websites. [XBIZ]

States don't expect DHS to share election threats: The National Association of Secretaries of State doesn't expect federal government agencies to share any information on election threats ahead of this year's Midterms, which is in line with the White House's ideology of pushing election misinformation and conspiracy theories.Yeah, I said it. Deal with it! [USA Today]

France beefs up VIGINUM funding: The French government has allocated more resources to its VIGINUM anti-disinformation agency ahead of the country's presidential election next year. Officials decided to allocate more funding after reports that an Israeli private company named BlackCore meddled in municipal elections this year. VIGINUM was founded in 2021 and is tasked with defending France against digital interference and disinformation. The new funding is set to be used to hire more staff and develop new software to track online campaigns. [L'Informe]

New Europol top cop coming: EU officials are in the process of selecting a new top cop for the bloc's law enforcement agency, Europol. Three favorite candidates have emerged in Jürgen Ebner, deputy director general and current acting director at Europol, Alicia Malo, the head of international cooperation at Spain's national police force, and Linas Pernavas, director of Lithuania’s main anti-corruption law enforcement agency. [Politico Europe]

Intellexa and the UK had private meetings: Spyware maker Intellexa and UK government officials had meetings back in 2021-2022 but it's unclear if the two ever reached a deal. [Metro]

An Intellexa sales engineer “refused to reveal which UK department or agency he met with and the government declined to comment. He also testified he did not know if the product was eventually sold.”

— Vas Panagiotopoulos (@vaspanagiotopoulos.com) June 25, 2026 at 10:52 PM

Sponsor section

In this Risky Business sponsor interview, James Wilson chats with Corelight’s VP of Product Vijit Nair defence strategies for the AI era. When agents can find and exploit vulnerabilities at machine speed, you need to balance between proactive and reactive measures. On the proactive side, you need modelling of assets and threats. On the reactive side you'll need telemetry so you can act quickly if a threat becomes a reality.

Corelight makes NDR hardware that runs a heavily optimised version of the Zeek network monitoring tool. Combined with its Agentic Triage product, customers can detect threats in their networks, and monitor the effectiveness of their mitigation strategies.

Arrests, cybercrime, and threat intel

Bolton pleads guilty to retaining classified data in hacked account: Former US official John Bolton has pleaded guilty to mishandling classified information. Bolton admitted to retaining and sending classified information to a personal email account that was later breached by Iranian hackers. The incident took place while he served as National Security Advisor during President Trump's first term. Bolton's plea deal allows him to withdraw his guilty plea depending on the judge's sentencing. He'll be sentenced in October. He also agreed to pay a $2.25 million fine. [DOJ // CBC]

Ukraine takes control of hacker funds: Ukrainian authorities have transferred hacker funds into the government's ownership. The funds were seized last year from members of the LockerGoga ransomware group. More than $8.3 million worth of crypto-assets were transferred last week to Ukraine's Asset Recovery and Management Agency. According to Ukraine's Office of the Prosecutor General, this is the first time the procedure was used against hacker and crypto-assets funds. [PGO Telegram post]

SIM swappers arrested in Poland: Polish authorities have arrested four individuals for hacking telecom providers to carry out SIM swapping attacks. The group targeted cryptocurrency owners and allegedly stole millions of US dollars. The four were arrested with the help of US authorities. They face prison sentences of up to 25 years. [CBZC]

PirloTV takedown: The Alliance for Creativity and Entertainment (ACE) and UEFA have seized PirloTV, another illegal streaming service broadcasting the precious football. [ACE]

WC streaming crackdown: The US Justice Department, with help from FIFA and various sports broadcasters, has seized hundreds of domains that were used to illegally stream World Cup games. [DOJ]

Large-scale campaign targets hotels: Since April, a major malspam and phishing campaign has been continuously hammering organizations in the hospitality and hotel industries. Nothing groundbreaking, but a very focused operation. [Microsoft]

Chrome extension turns bad: Adblock for YouTube, a Chrome extension with 11 million downloads, added the ability to execute code on people's systems through a simple configuration update and no need for a Web Store review, extension update, or a user permission prompt. Fun times in Chromeland! Enjoy your browser! [Island]

Shared infrastructure: The MirrorFace APT group, the Smishing Triad e-crime group, and the CoGUI phishing platform are all using the same VPS servers to launch phishing operations against Japanese targets. You know what you have to do, Japanese police! [Ransom-ISAC]

NetMedved group: Positive Technologies looks again at NetMedved, a threat actor targeting Russian companies with various infostealers. The company first spotted this group last October. [Positive Technologies]

Supply chain attacks: Socket Security, Step Security.

Malware technical reports

AsyncRAT family tree: Censys has published a report looking at all the variants that spawned from AsyncRAT, an open-source Windows RAT. There's quite a lot of them. [Censys]

Sponsor section

James Pope, Corelight's Director of Technical Marketing Engineering, demonstrates the company's Open NDR Platform and how it combines network detections with a whole host of other data sources. 

APTs, cyber-espionage, and info-ops

Iranian APT member arrested in Montenegro: Montenegro police have detained an Iranian national believed to be part of an Iranian state-sponsored APT group. Amir Barati was arrested last week in the Adriatic resort town of Kotor. He is believed to be a member of Silent Librarian, an Iranian APT specialized in hacking and stealing private research from universities around the globe. He was arrested at the request of the FBI, which is now seeking his extradition. [Iran International]

Ghostwriter/UNC1151: There's more reports out on that Gmail spear-phishing campaign from Ghostwriter that is targeting high-level pro-democracy political figures across Belarus and Poland. [Resident.NGO // CERT-PL // Censys]

KimJongRAT evolves: A new version of the super-ancient KimJongRAT has been spotted in the wild using Living Off Trusted Sites (LOTS) techniques. The RAT has been historically used by the Kimsuky APT. [IIJ]

CL-STA-1062 (UAT-7237): A suspected Chinese APT group is targeting government entities and critical infrastructure in Southeast Asia. The group has been active since March 2022 and its most recent attacks involved a new backdoor named TinyRCT. [Palo Alto Networks]

Operation DragonReturn: Indian security firm Seqrite has published a report on a Chinese APT group attacking India's public and private sectors. No formal attribution, but the final payload has been DCRAT. [Seqrite]

US puts reward for Russian hackers targeting Signal accounts: The US State Department is offering a $10 million reward for information on Russian hackers behind a recent wave of Signal and WhatsApp phishing campaigns. The US has linked the attacks to two hacking groups tracked as UNC4221 and UNC5792. Officials claim the former is linked to Russian military services while the latter is associated with the FSB's Border Guards division. [Rewards for Justice]

Vulnerabilities, security research, and bug bounty

Security updates: 7-Zip, Chrome, Drupal, FOSSBilling, HPE, Synology, Zyxel.

PTC exploitation: Hackers are exploiting a vulnerability in PTC Windchill and FlexPLM, two software packages for managing factories and production lines. The first attacks were recorded on June 18 and expanded throughout last week. Attackers are exploiting an input validation bug in the software's web interface to deploy web shells on unpatched systems. The bug, tracked as CVE-2026-12569, was added to CISA's KEV database last week. [CISA // PTC]

NVIDIA GEN3C RCE: NVIDIA has patched a vulnerability in GEN3C that could have allowed for unauth RCE attacks on GPU rigs running the software. [VulnCheck]

New macOS exploitation technique: A new macOS privilege escalation technique can allow threat actors to silently disable EDR solutions. [XM Cyber]

DirtyClone exploit: There's a new Linux LPE bug going around. Named DirtyClone, this is part of the same class of AI-discovered Linux LPEs, such as DirtyFrag, Fragnesia, and CopyFail. [JFrog]

More stupid AI hijacking tricks: A newly discovered indirect prompt injection attack can trick AI coding agents into infecting their owners with malware. The technique was discovered by Mozilla's AI red team 0din. It relies on hiding malicious prompts inside DNS TXT records and then calling those records from a GitHub repo's setup instructions. The attack gets executed whenever the AI coding agent clones the seemingly clean repository. The technique can be abused to bypass AI security tools that scan for payloads inside the repo itself. [Mozilla 0din]

"An attacker can gain code execution using a completely normal looking repository by chaining trusted setup instructions, routine error handling, and automated agent behavior. The malicious payload does not exist in the repository at all and is instead fetched at runtime from a DNS TXT record, making it invisible to code review, static scanners, and even the agent itself. The result is a reverse shell running as the developer’s own user, exposing credentials, API keys, and allowing persistence, all triggered by the agent attempting to fix a harmless looking setup error."

Half of CVEs are enriched under NIST's new rules: About half of all new vulnerabilities are getting analyzed under NIST's new enrichment prioritization rules. More than 6,700 vulnerabilities have been enriched on the NVD portal since mid-April. NIST abandoned enriching all vulnerabilities on the NVD portal after falling behind due to the large number of new vulnerabilities. The agency is now prioritizing adding details to bugs exploited in the wild or in software used by the US government. [Volerion]

Infosec industry

Threat/trend reports: Akeyless, GlobalData, Kaspersky, Neon Cyber, ReliaQuest, RSAC, SecureFrame, and ThreatMon have recently published reports and summaries covering various threats and infosec industry trends.

New tool—KHAØS: Ilyes Aziz, co-founder of security firm Khaotic, has released KHAØS, a modern C2 framework that routes agent traffic through cloud services already trusted by enterprise networks.

New tool—Security Audit Skill: Cloudflare has released a coding agent skill to turn an AI agent into a security auditor.

Risky Business podcasts

In this episode of Risky Business Features, Patrick Gray and James Wilson chat with Decibel Partners founder and Managing Partner Jon Sakoda to talk about pitching cybersecurity startups to VC firms in the AI age.