This is a weekly threat bulletin covering a broad range of active security issues, including AI agent exploitation, command-and-control tooling, ClickFix social engineering campaigns, JavaScript backdoors, and over 20 additional threat stories. It matters because it reflects the accelerating normalisation of sophisticated attack techniques being accessible to lower-skilled threat actors, and highlights emerging risks from AI systems being leveraged in real attacks.

Architect’s Take: Use this bulletin as a prompt to review your threat model against ClickFix-style social engineering vectors and any AI agent integrations in your environment — particularly where agents have access to cloud APIs or can execute code. Ensure your JavaScript supply chain controls and browser security policies are current.

Original advisory: ThreatsDay Bulletin: AI Agents Gone Wrong, Sketchy C2 Tools, ClickFix Tricks, JS Backdoors & 20+ New Stories

This is a broad threat intelligence bulletin covering a range of current attack trends including malicious AI agents, command-and-control tooling, ClickFix social engineering, JavaScript backdoors, and more. It reflects the increasingly commoditised nature of offensive tooling, where even low-skilled threat actors now have access to sophisticated capabilities. The significance lies in the breadth of attack vectors being actively exploited across web, endpoint, and AI-adjacent surfaces.

Architect’s Take: Use this bulletin as a prompt to review your AI agent integrations, third-party plugin dependencies, and JavaScript supply chain controls — particularly CSP policies, SRI hashing, and egress monitoring for unexpected C2 traffic patterns.

Original advisory: ThreatsDay Bulletin: AI Agents Gone Wrong, Sketchy C2 Tools, ClickFix Tricks, JS Backdoors & 20+ New Stories

The Five Eyes intelligence alliance has issued a warning about China’s ongoing campaign to recruit Western nationals via LinkedIn and other professional networks, offering cash in exchange for state secrets and sensitive government or corporate information. The campaign targets individuals with access to classified or commercially valuable data, using social engineering tactics that have been observed for several years but appear to be intensifying. This matters because cloud engineers and architects working on government or defence-adjacent projects are plausible targets given their access to sensitive infrastructure.

Architect’s Take: Review your organisation’s social media and acceptable use policies to ensure staff understand the risks of unsolicited professional outreach, particularly from overseas contacts offering paid consulting or research opportunities. Consider adding LinkedIn-based social engineering scenarios to your security awareness training, especially for teams handling government, defence, or critical national infrastructure workloads.

Original advisory: Five Eyes: Watch out for odd LinkedIn connection requests, China’s back on the hunt for state secrets

The Five Eyes intelligence alliance has issued a warning about China’s ongoing campaign to recruit Western government employees and contractors via LinkedIn, offering cash in exchange for state secrets. The tradecraft involves seemingly innocuous connection requests that escalate into paid intelligence relationships. This is a long-running threat that intelligence officials say continues to grow in scale and sophistication.

Architect’s Take: Cloud security architects with clearances or access to sensitive government cloud environments should review their organisation’s social media policies and ensure staff handling sensitive infrastructure are briefed on LinkedIn-based social engineering. Consider implementing insider threat monitoring and reinforcing acceptable use policies around unsolicited professional contact from unknown foreign nationals.

Original advisory: Five Eyes: Watch out for odd LinkedIn connection requests, China’s back on the hunt for state secrets

Attackers are exploiting Meta’s AI support chatbot to hijack Instagram accounts by tricking the bot into adding a hacker-controlled email address and issuing a password reset. The attack requires no prior account access and bypasses Instagram’s automated protections using a VPN to spoof the victim’s location. This demonstrates a critical flaw in how AI-powered support systems validate identity before performing sensitive account actions.

Architect’s Take: Organisations deploying AI chatbots for customer support or account management must enforce out-of-band identity verification for any privileged actions — such as adding credentials or triggering resets — and ensure the AI cannot be the sole authorisation path for account takeover-enabling operations. Review your own AI assistant integrations for similar trust boundary weaknesses where bot-initiated actions bypass human or MFA controls.

Original advisory: Hacking Meta’s AI Chatbot

Attackers are exploiting Meta’s AI support chatbot to hijack Instagram accounts by social-engineering the bot into adding a hacker-controlled email address and triggering a password reset. The attack requires no technical vulnerability in the traditional sense — the AI simply complies with the request after a verification code exchange. This highlights a significant trust and authorisation flaw in how Meta’s AI assistant handles account management actions on behalf of unauthenticated parties.

Architect’s Take: Treat AI-powered support agents as a privileged access vector and apply the same controls you would to any account recovery flow — ensure they cannot perform account modifications without verified, out-of-band identity confirmation tied to the existing account owner, not the requester.

Original advisory: Hacking Meta’s AI Chatbot

Attackers have built convincing fake websites impersonating popular open-source and freeware tools, engineering them to rank highly in Google search results. Visitors are silently routed through a Traffic Distribution System (TDS) that profiles them before delivering tailored malware, including credential stealers and session hijacking frameworks. The campaign is notable for its scale and the quality of the spoofed sites, making it easy for developers and engineers to be deceived.

Architect’s Take: Enforce approved software procurement channels and block unapproved download sources at the network or endpoint level. Mandate that developers and engineers source open-source tooling exclusively from verified repositories such as official GitHub pages or package managers, and consider deploying DNS filtering to flag newly registered or lookalike domains.

Original advisory: Fake Sites Mimicking Open-Source Tools Rank High on Google to Deliver Malware via TDS

Attackers have created convincing fake websites impersonating popular open-source tools, optimising them to rank highly on Google search results. Visitors are silently routed through a Traffic Distribution System (TDS) that delivers malware including credential stealers and session hijacking frameworks. This is a supply chain-adjacent threat targeting developers and technical users who search for and download software directly from the web.

Architect’s Take: Enforce organisational policies requiring software to be sourced only from verified package managers (npm, PyPI, etc.) or official repositories, and block direct binary downloads from unvetted sites via web proxy or CASB controls. Consider adding developer workstations to your threat model and ensure EDR coverage extends to engineering endpoints.

Original advisory: Fake Sites Mimicking Open-Source Tools Rank High on Google to Deliver Malware via TDS

The US Department of Justice ran a coordinated ‘Disruption Week’ operation from May 2026 targeting Southeast Asian criminal networks running cryptocurrency and cyber-enabled fraud schemes against American victims. The action involved both government agencies and private sector partners, resulting in the takedown of millions of fraudulent social media, email, and internet accounts, and the freezing of $3.8 million in assets. These operations are typically linked to pig butchering and romance scam networks, which increasingly exploit cloud-hosted infrastructure and social engineering at scale.

Architect’s Take: Review your organisation’s cloud egress controls and user awareness posture around unsolicited crypto investment opportunities, as these networks actively target employees and high-value individuals. Consider integrating threat intelligence feeds covering known fraud infrastructure into your SIEM to detect communications with associated domains and IPs.

Original advisory: DoJ Disrupts Southeast Asia Crypto Fraud Networks, Freezes $3.8 Million in Assets

A malware-as-a-service campaign dubbed Weedhack has been targeting Minecraft players since January 2026, distributing malware through YouTube by impersonating legitimate Minecraft clients and mods. The campaign has compromised thousands of systems and is linked to a loader dubbed CountLoader, which has recorded over 86,000 infections. The threat is notable for its exploitation of gaming communities and pirated software channels as a delivery mechanism for system-control malware.

Architect’s Take: While this campaign primarily targets consumers, architects should review endpoint security policies for corporate devices that may have gaming software installed, and ensure DNS filtering and web proxies block known malicious YouTube redirect chains and payload-hosting domains associated with Weedhack. Consider adding gaming and piracy-related domains to URL category block lists on managed endpoints.

Original advisory: Weedhack Attacks Minecraft Users, CountLoader Hits 86K, Miners Spread via Pirated Content