{"id":275657,"date":"2026-06-18T11:27:00","date_gmt":"2026-06-18T15:27:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/06\/18\/threatsday-bulletin-claude-chat-abuse-nastyc2-npm-packages-device-code-phishing-25-more-stories\/"},"modified":"2026-06-19T04:20:17","modified_gmt":"2026-06-19T08:20:17","slug":"threatsday-bulletin-claude-chat-abuse-nastyc2-npm-packages-device-code-phishing-25-more-stories","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/06\/18\/threatsday-bulletin-claude-chat-abuse-nastyc2-npm-packages-device-code-phishing-25-more-stories\/","title":{"rendered":"ThreatsDay Bulletin: Claude Chat Abuse, NastyC2 npm Packages, Device-Code Phishing + 25 More Stories"},"content":{"rendered":"

ThreatsDay Bulletin: Claude Chat Abuse, NastyC2 npm Packages, Device-Code Phishing + 25 More Stories<\/a><\/p>\n

https:\/\/thehackernews.com\/2026\/06\/threatsday-bulletin-claude-chat-abuse.html<\/a><\/p>\n

Publish Date: 2026-06-18 11:27:00<\/a><\/p>\n

Source Domain: thehackernews.com<\/a><\/p>\n

\ue804Ravie Lakshmanan<\/span>\ue802Jun 18, 2026<\/span><\/span>Hacking News \/ Cybersecurity News<\/span><\/p>\n

The internet did not break this week. It got used exactly as designed, which is worse.<\/p>\n

Searches were siphoned through shady browser add-ons. AI chat links turned into malware delivery paths. macOS attacks ran in memory and left almost nothing behind. Cloud agents looked like helpers until attackers treated them like open shells.<\/p>\n

Add exposed edge gear, poisoned packages, cash courier scams, stealers, loaders, and phishing that barely bothers pretending anymore. Here\u2019s the full mess.<\/p>\n

    \n
  1. DoH lands in Windows Server 2025<\/span>\n

    Microsoft has announced that DNS-over-HTTPS (DoH) for Windows DNS Server is generally available on Windows Server 2025 for client-to-server DNS traffic. “With general availability, organizations can now deploy encrypted and authenticated client-to-resolver DNS traffic directly within their existing on-premises DNS infrastructure,” the company said. “The goal is to help improve privacy, reduce spoofing risk, and advance Zero Trust DNS without requiring a new resolver architecture. Enabling DoH on Windows DNS Server introduces encrypted communication for supported clients over HTTPS while preserving compatibility with most existing DNS deployments. Organizations can expect DoH traffic between DoH clients and Windows DNS Server to be encrypted via TLS, DNS queries to be transported as HTTPS requests, existing DNS functionality to continue operating as expected, and mixed environments, encrypted and traditional DNS, to be supported.” <\/p>\n<\/li>\n

  2. \n <\/p>\n

    Search hijacks hide monetization layer<\/span><\/p>\n

    \n A cluster of 23 deceptive Chrome browser extensions has been found stealthily overriding users’ default search engines and routing queries through monetization middleware before delivering results. “Each extension presents a different advertised purpose – satellite imagery, productivity tools, news readers, maps \u2013 while the actual business is search affiliate revenue,”…<\/p>\n<\/li>\n<\/ol>\n

    Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

    ThreatsDay Bulletin: Claude Chat Abuse, NastyC2 npm Packages, Device-Code Phishing + 25 More Stories https:\/\/thehackernews.com\/2026\/06\/threatsday-bulletin-claude-chat-abuse.html…<\/p>\n","protected":false},"author":1,"featured_media":275658,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh6k3CSWsyKHS6UdXmxX-w92fdsWjTSL7JR7xeaPBPh8d5G6rkZbMhmJHr9o3gxF5G2I2GojubOJnzhRqxjtKYxlXTrmlgrdRFRrmmyEEIi_zXAQXT3zpq5KNQqOFHrfGKhUFHzsMx1E2Eqs7S_jvTFfN3Jnz1YO58Ryvk0urKEDUZggoQgI07lKFWQDMfw\/s1600\/threatss.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,24,32,25],"class_list":["post-275657","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-cybersecurity","tag-malware","tag-phishing"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/275657"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=275657"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/275657\/revisions"}],"predecessor-version":[{"id":275660,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/275657\/revisions\/275660"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/275658"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=275657"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=275657"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=275657"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}