Home / Episodes / Jun 24, 2026
Episode show notesJun 24's Top Cyber News NOW! - Ep 1160
At a glance
Law enforcement made headway against cybercriminals with arrests tied to Scattered Spider and marketplace operators, while supply chain risks in AI agent skills, npm packages, and CI/CD workflows exposed gaping holes in how we vet trusted tools. Meanwhile, scammers are getting smarter about hijacking legitimate websites to trap World Cup fans and other event-driven shoppers.
Stories covered
How are UK authorities taking down members of the Scattered Spider hacking group?
What happened: Two young members of Scattered Spider—an 18-year-old and 20-year-old—pleaded guilty in UK courts to charges related to the 2024 Transport for London breach. Both were part of a broader criminal operation linked to SIM swapping, phishing, ransomware attacks, and intrusions at over 100 organizations, with US authorities alleging the group collected at least $115 million in ransom payments.
Why it matters: Early guilty pleas suggest cooperation with law enforcement and likely signal rollover testimony against larger Scattered Spider operations. The group has been prolific; understanding their tactics and reach helps defenders anticipate compromise vectors in their own environments.
What to do: Cross-reference known Scattered Spider TTPs (SIM swapping, phishing for initial access, lateral movement via cloud) against your incident logs and threat intelligence feeds. Coordinate with law enforcement if you've been a victim.
---
What is the US government seizing from Cambodian conglomerate Huan Group?
What happened: The US Department of Justice seized cloud infrastructure allegedly used by subsidiaries of Huan Group—a Cambodian conglomerate previously cut from the US financial system for laundering at least $4 billion in illicit funds between 2021 and 2025. The infrastructure hosted backend systems for online investment scams, money laundering, human trafficking, and stolen-data marketplaces tied to North Korean cybercrime.
Why it matters: This action dismantles operational infrastructure used to coordinate transnational crime. For practitioners, it underscores how threat actors rely on accessible cloud services and how law enforcement can disrupt supply chains of criminal ecosystems.
What to do: Monitor for now. Flag suspicious cloud account behavior (bulk data exfiltration, unusual API activity) and report to relevant authorities.
---
Why should OT defenders pay attention to Dragos' new Ember AI agent?
What happened: Dragos launched Ember AI, a specialized AI assistant trained on a decade of industrial control system intelligence—vulnerability research, adversary tracking, protocol analysis, and IR experience. The tool answers plain-English queries, correlates threat and vulnerability data, and identifies likely attackers. Accenture recently acquired a majority stake in Dragos for $4.1 billion as part of a broader OT security push.
Why it matters: Purpose-built AI models trained on domain-specific data (not generic LLMs) significantly outperform generalized tools in specialized domains like OT. Human-in-the-loop design keeps analysts in control of decisions affecting critical infrastructure. This signals OT security is moving from niche to mainstream investment.
What to do: If you manage OT environments, evaluate whether specialized threat intelligence tools with AI correlation could improve your team's mean time to response. Consider upskilling on OT-specific threat patterns.
---
How are malicious npm packages bypassing security scanners with typo squatting?
What happened: Jrog researchers discovered a malicious npm package named `postcss-minify-selector-parser` that mimicked the legitimate `postcss-selector-parser` library. The package executed code on import, downloading and installing a multi-stage Windows RAT capable of stealing Chrome passwords, providing remote shell access, transferring files, and maintaining persistence. It passed all tested security scanners.
Why it matters: Lookalike packages with convincing names and legitimate-looking dependencies are harder to catch than obvious typos. The RAT's ability to exfiltrate browser credentials puts developers' access tokens and API keys at risk, escalating to broader supply chain compromise.
What to do: Audit your npm dependency trees for name lookalikes (tools like npm audit help, but manual review of critical dependencies is essential). Pin versions, enforce dependency reviews in CI/CD, and consider restricting which packages can be pulled into your build environment.
---
What structural weakness allows attackers to turn benign AI agent skills malicious?
What happened: Security firm Airt demonstrated a time-of-check-time-of-use (TOCTOU) flaw in AI agent skill vetting. They created a fake skill that passed all security scanners by pointing to a seemingly harmless external page, then swapped that page post-approval with instructions to download and execute arbitrary code. The skill reached approximately 26,000 agents and bypassed every scanner tested.
Why it matters: Skills are fetched and executed dynamically at agent runtime; scanners only inspect the code at submission time. Attackers can change external payloads after approval, turning a safe-looking skill into a supply chain foothold with the privilege level of the agent itself. This is an insidious blind spot as AI adoption scales.
What to do: Treat skills as software, not text. Review not just what ships in the skill package but what external resources it fetches. Pin skill versions, enforce least privilege for agents, and re-scan skills when dependencies or external instructions change. Assume any external URL an agent follows is running with the agent's access level.
---
Why did Algerian cybercriminal Spock get extradited to the US?
What happened: Abdullah Belilli, known online as Spock, was extradited to the US and charged with running two cybercrime marketplaces (`markettoday.com` and `spoxy.us`) that sold phishing kits, stolen financial credentials, and compromised email access. He created roughly 600 phishing kits targeting major banks, collected data from approximately 5,600 victims, funneled around $900,000 through cryptocurrency accounts (2020–2023), and embedded backdoors in kits he sold to steal data even after resale.
Why it matters: Belilli's opsec failures (hardcoding his name and Telegram handle in phishing kit source code, using personal email for reconnaissance searches) demonstrate that criminals often underestimate digital forensics. His two-tier monetization (selling kits and backdooring them) shows profit incentives override honor-among-thieves norms.
What to do: Monitor for now. If you've detected phishing kits targeting your organization or financial sector, cross-reference indicators against known Spock infrastructure and reported victims.
---
How can malicious pull requests compromise CI/CD workflows?
What happened: Novi researchers uncovered a weakness dubbed Cortiseps affecting hundreds of repositories (including projects from Microsoft, Google, Cloudflare, Apache, and the Python Software Foundation). Attackers can craft malicious pull requests that trigger overly permissive CI/CD workflows, exposing high-privilege tokens and signing keys via command injection. Novi confirmed 300 fully exploitable repositories but says there is no evidence of active in-the-wild exploitation yet.
Why it matters: This is a composition vulnerability—each individual piece (workflow engines, GitHub Actions, YAML configs) works as designed, but the untrusted data (PR content) crosses trust boundaries that often go unaudited. AI coding agents amplify the risk by scaling PR volume.
What to do: Audit your YAML workflow manifests with the same rigor you apply to code. Scope GitHub Actions secrets and runner permissions to least privilege. Treat all pull request-supplied data as untrusted. Implement code review for workflow changes, not just application code. Monitor for unexpected credential access or signing operations in CI/CD logs.
---
How are scammers hijacking legitimate websites to target World Cup shoppers?
What happened: Recorded Future identified a purchase scam tactic where threat actors compromise legitimate, high-ranking websites, inject fake product pages and metadata, and redirect organic search visitors to fraudulent storefronts. The scam domains themselves never appear in search results, making detection harder than traditional SEO poisoning. One tracked operation generated approximately 17 million visits in 2026 alone. The tactic is now surfacing in World Cup-themed fraud.
Why it matters: Event-driven demand (World Cup, holidays, product launches) creates urgency and volume spikes that scammers exploit. By hijacking trusted websites instead of ranking malicious domains, attackers evade search engine monitoring and domain takedowns, extending campaign longevity.
What to do: Be cautious clicking search results for high-demand event tickets and merchandise. Use credit card aliases (Privacy.com) or single-use card numbers for any online purchase of event-related goods. Verify SSL certificates and domain ownership. Report suspicious redirects or checkout flows to the legitimate site owner.
Key takeaways
- Law enforcement is actively disrupting cybercrime infrastructure (Huan Group, Scattered Spider, Spock marketplaces), but the financial incentives (billions in proceeds) continue to attract new actors and require sustained pressure.
- Supply chain risks are shifting left: malicious npm packages, AI agent skills with TOCTOU flaws, and CI/CD workflow weaknesses now live upstream of your build, requiring tighter vetting of dependencies and automation pipelines.
- Attackers are exploiting the gap between code-review discipline (high) and infrastructure-as-code discipline (often low)—YAML configs, external URLs in skills, and pull request handling receive less scrutiny than application logic.
- Purpose-built, domain-specific AI (Dragos' Ember for OT) outperforms generic models but requires human oversight, especially in life-safety domains; the industry is converging on this pattern.
- Criminals often fail at operational security (hardcoding names, using personal email, poor key rotation), making forensic recovery of compromise incidents straightforward—but scale and volume still enable significant damage before capture.
Topics covered
ransomware, supply chain security, npm packages, ai agents, ci/cd security, phishing kits, credential theft, operational technology security, scattered spider, cybercrime, malware, incident response, application security, cloud security, fraud, world cup scams
Want the live experience? The Daily Cyber Threat Brief airs live every weekday at 5am PT / 8am ET on YouTube. 400+ practitioners join the chat in real time.