Threats
Velvet Ant's Operation Highland: A China-Nexus APT Backdoored the Linux Auth Stack for a Decade
Sygnia's Operation Highland report details how the China-nexus group Velvet Ant hid in an isolated network for nearly a decade by backdooring pam_unix.so and OpenSSH binaries — no exploit, no dropped malware, no anomalous logs.
CISA and the FBI Warn: Internet-Exposed Fuel Tank Gauges Are Under Active Attack
A June 2 joint advisory from CISA, the FBI, the NSA and five other agencies says attackers are compromising internet-exposed automatic tank gauge systems and modifying them through command execution. Shadowserver counts over 1,000 exposed, 909 in the US — on the same TCP port these consoles have answered on for a decade.
Device Code Phishing Attacks Surge 37x as EvilTokens PhaaS Fuels OAuth Abuse Against Microsoft 365
Device code phishing attacks exploiting the OAuth 2.0 Device Authorization Grant have surged 37x in 2026, driven by turnkey PhaaS kits like EvilTokens that bypass MFA and compromise enterprise M365 tenants.