Netcrook
11 June 2026
SniperDz Turns Brand Trust Into a Phishing Assembly Line
A phishing-for-hire platform is being used to copy trusted identities and push fake promotional lures at users across the Middle East and North Africa.
When Back-Office AI Starts Deciding What Gets Paid
Siav and Atacod are putting document AI into the passive cycle, where extraction, matching and ERP integration can remove manual work - or quietly become a control point for business data integrity.
Go-Fluent, Memory-Only, and Built for Theft: Why This Loader Matters
A Go-written loader that runs payloads in memory is a reminder that cybercrime often wins through reuse, not originality.
When a Trading Plugin Becomes the Entry Point
A reported FireAnt MetaKit supply-chain incident shows how a trusted market-data tool can become a risk surface for selective espionage.
Three Days on the Clock: CISA Tightens the Federal Patch Race
A new federal directive compresses remediation time for prioritized exploited flaws, turning vulnerability management into a speed test for visibility, inventory, and response discipline.
The Quiet Failure That Turns Software Into an Attack Surface
When testing stops at “does it work,” hidden flaws, risky dependencies, and weak controls can survive into production and raise the odds of breach, downtime, and expensive emergency fixes.
Overlay Tricks, In-Memory Execution, and the Loader Behind Multiple Stealers
GoFlateLoader stands out not for flashy evasion, but for a simple packaging pattern that helps multiple infostealers reach the execution stage.
Europe Tightens the Screws on Strategic Tech Capital
The EU is expanding investment screening and outbound-investment review around AI, semiconductors and quantum, with Italy’s golden power emerging as a useful national comparator.
Record Privacy Fine Hits Coupang After Massive Customer Data Breach
South Korea’s regulator imposed a 624.6 billion won penalty, turning a large breach into a test of breach handling, notification, and privacy controls at platform scale.
Italy’s AI Rulebook Is Turning Paperwork into a Security Weapon
The compliance shift around AI is less about slogans and more about proof, with audit trails, monitoring, and documentation moving to the center of regulatory risk.
npm’s New Trust Gate: Install Scripts Move From Default to Deliberate
GitHub’s upcoming npm v12 change shifts package installation toward explicit approval, narrowing a common path for supply-chain abuse and unexpected code execution.
OnyxC2 Turns Windows Tricks Into a Low-Cost Stealer Economy
Researchers describe a $250-a-month malware package built around broad application targeting and familiar Windows evasion tactics, a reminder that commodity theft is becoming more technically disciplined.
CISA Pushes Federal Patch Triage Toward Risk, Not Just Raw Scores
BOD 26-04 directs federal agencies to review vulnerability-management policies and give priority to risk, with special attention to KEV catalog entries.
The Student Housing Scam That Hides in Plain Sight
A parents-focused warning about roommate fraud points to a broader lesson: simple classified ads can become convincing traps when trust moves faster than verification.
AI Lures, PowerShell Moves: Fake Claude Code Guides Become a Windows Trap for AsyncRAT
AI-branded decoys, Windows scripting, and Defender exclusions form a familiar abuse chain that ends with AsyncRAT.
When Leaked Code Meets AI Agents, the Attack Surface Starts Thinking Back
A security roundup this week points to a sharper problem than ordinary malware noise: offensive code leaks, agent-targeted phishing, and workflow automation that can be pushed toward the wrong action.
When Cyber Trophies Become Trust Signals, Buyers Need a Better Filter
The 2026 Cybersecurity Stars Awards spread recognition across 95 subcategories, but the real security question is how to separate visibility from verification.
When Market Data Becomes Malware: The FireAnt MetaKit Trust-Chain Risk
A reported OceanLotus operation inside a Vietnamese investor tool shows how one compromised updater can turn routine market access into a wider software-trust problem.
The UPS Card That Became a Control-Plane Risk
Two critical flaws in Vertiv management cards show how a small embedded interface can turn into a serious availability concern for data center operators.
When a Company “Hires” AI, the Real Interview Is About Risk
The enterprise AI decision is no longer about which tool sounds smartest, but which one can be used without turning data, budget, and governance into liabilities.