Back to Feed
Threat IntelligenceJul 2, 2026

ThreatsDay: AI Compute Hijacking, Apple Email Flaw, BlueHammer Ransomware + 14 Stories

Weekly roundup: phishing ransomware campaign, Claude sandbox escape, Apple Hide My Email flaw, BeepRAT trojan discovery.

Summary

ThreatsDay highlights multiple security gaps across systems this week, including a phishing campaign delivering custom ransomware to small businesses via fake INTERPOL emails, a sandbox escape vulnerability in Claude Cowork on Windows, an unpatched email masking flaw in Apple's Hide My Email service, and discovery of BeepRAT—a customized DCRat variant distributed via Chinese phone management utilities. The recurring theme is that attackers exploit small permission gaps, weak validation checks, and legitimate tool abuse rather than major zero-days.

Full text

ThreatsDay: AI Compute Hijacking, Apple Email Flaw, BlueHammer Ransomware + 14 Stories Ravie LakshmananJul 02, 2026Hacking News / Cybersecurity News This week’s security news is mostly about weak spots. Browsers, bots, sandboxes, AI systems, and email flows all show the same problem in different ways. Everything looks normal until someone tests a small gap and finds a way through. This is not one big break. It is small permissions, weak checks, open systems, and normal tools doing things they were allowed to do. That same pattern runs through the stories below. Ransomware phishing lure Fake INTERPOL Investigation Emails Lures Lead to Ransomware A phishing campaign is targeting small businesses across Europe, Asia, the Middle East, and the U.S. with fake investigation emails impersonating law enforcement officials. "The emails claim to contain evidence of suspicious company activity and pressure recipients into opening a password-protected archive," Bitdefender said. "Recipients are directed to a Proton Drive-hosted file that ultimately delivers ransomware. The ransomware appears to be a custom-built payload rather than a known ransomware family." Sandbox root escape Exploiting Root Execution in Claude Cowork Sandbox New research from Armadin has discovered an attack chain affecting Claude Cowork on Windows. The attack allows an attacker with local code execution to plant a malicious file in Claude Desktop's application directory, hijacking a trusted process to communicate with Cowork's underlying VM service. "An attacker with local code execution could run arbitrary commands as root in Claude Cowork's sandbox without network egress restrictions," the company said. The exploit takes advantage of two unvalidated parameters in the service's interface that allow the attacker to run commands as root and bypass network filtering entirely, thereby allowing sensitive data to be exfiltrated to attacker-controlled infrastructure. Following responsible disclosure on May 29, 2026, Anthropic said it does not consider it to be a security issue because exploitation requires pre-existing local code execution on the host. Email privacy flaw Flaw in Apple's Hide My Email A vulnerability has been disclosed in Apple's Hide My Email service that allows users' real email addresses to be unmasked. Tyler Murphy, the researcher who found the bug, said that he reported the issue to Apple over a year ago and that it continues to remain unpatched. "We don't know the full scope of the issue, but in our limited tests with volunteers, 100% of Hide My Email addresses were exploitable," Murphy told 404 Media. Exact details surrounding the vulnerability have been withheld to avoid potential exploitation concerns. China-linked RAT activity New BeepRAT Remote Access Trojan Discovered A customized version of the open-source DCRat framework dubbed BeepRAT has been identified as distributed via a Chinese phone number management utility packaged within a ZIP archive, per Rubrik Zero Labs. "The archive contained a .NET application named HFY.exe alongside several third-party libraries commonly associated with database-driven applications," Rubrik said. "Although the application appeared to function as a telephone number management tool, further analysis revealed a sophisticated multi-stage infection chain that ultimately deployed the customized BeepRAT payload." The malware establishes persistence on the host via scheduled tasks, and resolves the command-and-control infrastructure using DNS-over-HTTPS (DoH) requests. It then beacons a packet containing information about the compromised host, after which a persistent communication channel is opened to receive incoming commands that allow the malware to transfer files between the host and the server, launch interactive command prompt sessions, issue commands to it, launch PowerShell sessions, enumerate running processes and available storage drives, terminate a specified process, perform file system operations, record through webcam, log keystrokes, take screenshots, list active network connections, download and run .NET assemblies in memory, and launch a proxy. It's assessed that BeepRAT operates within the China-nexus espionage ecosystem. AI cyber benchmark Evaluation of OpenAI GPT-5.6 Sol An evaluation of OpenAI's GPT-5.6 Sol on real-world offensive security benchmarks by AI security lab Irregular has found the model to perform slightly better than GPT-5.5, while continuing to struggle with well-defended targets and complete end-to-end attacks. "GPT-5.6 Sol demonstrated capabilities relevant to offensive cyber misuse, including finding and exploiting high-impact zero-day vulnerabilities across multiple real systems," it said. "These capabilities were demonstrated on sensitive, widely used classes of systems, including mobile operating systems and database systems. Despite these capabilities, GPT-5.6 Sol continued to show clear limitations against hardened targets and in orchestration, operationalization, and operational security. Performance also degrades when tasks require sustained logical coherence over long horizons or quick, time-sensitive decision-making." Platform-aware phishing Phishing Campaigns Tailored to Targets' Devices Cofense said it's observing a "clear shift in phishing operations" where threat actors are moving beyond broad, one-size-fits-all campaigns to adopt platform-aware delivery that adapts to the victim's device, browser, and environment. Phishing campaigns have been found to deliver Itarian RAT or the ConnectWise tool via Ninite Loader on Windows, while serving credential harvesting phishing pages when URLs are visited from macOS or Android. The operating system-specific payloads are delivered by fingerprinting victims through User-Agent data. "What began as simple Windows-focused malware distribution campaigns has evolved into more sophisticated campaigns that can selectively deliver credential phishing, remote access tools, or malware across Windows, MacOS, and Android," it said. "This trend reflects a broader strategic change in the threat landscape, one that is designed to increase the likelihood of compromise, expand target coverage, and improve threat actor return on investment." Russian hacker reward U.S. Offers $10M for Info on UNC5792 The U.S. State Department is offering a reward of up to $10 million for information leading to the identification or location of threat actors associated with UNC5792, a malicious cyber group associated with the Russian Federal Security Service (FSB) Border Guards and UNC4221, a malicious group of cyber actors working on behalf of the Russian military services. UNC5792 has been linked to widespread phishing campaigns targeting Signal and WhatsApp accounts of U.S. government officials, military leadership, and allied personnel with an aim to gain unauthorized access. "Although these malicious cyber activities did not exploit any security vulnerability in the platforms' encryption protections, they have compromised thousands of individual commercial messaging application accounts," the State Department said. LLM role confusion Prompt Injection as Role Confusion New research from a group of academics has revealed that machine learning models cannot reliably distinguish between authorized and unauthorized input, leaving them susceptible to a persistent problem called prompt injection. "LLMs see the world as a single stream of text, partitioned into roles like <user> or <tool>," the researchers said. "We trace prompt injection to role confusion: models perceive the source of text from how it sounds, not its labeled role. A command hidden in a web page hijacks an agent simply because it sounds like <user> text, despite its <tool> label." The attack, dubbed CoT Forgery, involves injecting fabricated reasoning into user prompts and tool outputs, causing the models to mistake the forgery for their own thoughts and act on them, yielding 60% attack success against frontier models. T

Indicators of Compromise

  • malware — BeepRAT
  • malware — HFY.exe
  • malware — BlueHammer

Entities

Claude Cowork (product)Claude Desktop (product)Apple Hide My Email (product)Anthropic (vendor)Apple (vendor)China-linked actors (BeepRAT distribution) (threat_actor)