June 29, 2026 Emerging Threats Weekly

kroll logo
Kroll
Jun 29, 2026
Kroll

This week’s briefing covers:

00:00 – Intro

01:26 [SUPPLY CHAIN] Mastra NPM Compromise Highlights DPRK Interest in AI Development Ecosystems
A large-scale npm supply-chain compromise affecting more than 140 packages in the Mastra ecosystem, an AI framework used to build agents and applications.

05:04 [SUPPLY CHAIN] Cordyceps Exposes Structural CI/CD Workflow Weaknesses in Major Repositories
Researchers this week disclosed a class of CI/CD weaknesses named Cordyceps, describing it as a systemic issue in GitHub Actions workflow design rather than a flaw in any individual product.

07:55 [MALWARE] macOS.Gaslight Combines Credential Theft with Analyst-Targeted Prompt Injection
SentinelLABS detail a new Rust-based macOS implant, tracked as macOS.Gaslight, a conventional infostealer with an anti-analysis feature to intentionally interfere with LLM-assisted malware triage.

10:46 [PHISHING] Codestorm Uses Compromised Microsoft 365 Accounts and Real-Time Credential Replay
The CodeStorm phishing kit has evolved into a tenant-aware Microsoft 365 account-takeover platform, not just a basic credential harvester. The campaign starts with voicemail-themed phishing emails that hide a fabricated historical email thread beneath whitespace, a technique designed to make the message look like a benign continuation to email-security scanners.

12:50 [SOCIAL ENGINEERING] New macOS Clickfix Campaign Silently Mounts Dmgs to Deliver Amos
A new observed macOS ClickFix campaign is using Terminal-based social engineering to deliver the Atomic macOS Stealer. Victims are shown a fake CAPTCHA page and instructed to open Terminal and paste a malicious command under the guise of verification.

Dive deeper:

Kroll’s Monthly Threat Intelligence Spotlight Report: https://www.kroll.com/en/reports/cyber/threat-intelligence-reports/cti-spotlight-trends-report

Kroll’s Cyber Threat Intelligence: https://www.kroll.com/en/services/cyber/threat-intelligence-services

Kroll’s Q4 2024 Cyber Threat Landscape: https://www.kroll.com/en/reports/cyber/threat-intelligence-reports/q4-2024-threat-landscape-report-phishing

Kroll’s 2025 Cyber Threat Landscape Report: Cybercrime in the Crypto Era: https://www.kroll.com/Reports/Cyber/Threat-Intelligence-Reports/Threat-Landscape-Report-Lens-on-Crypto

Playlist of Kroll's Weekly Cyber Threat Intelligence Briefings: https://www.youtube.com/playlist

Kroll Cyber Blog: https://www.kroll.com/en/insights/cyber

Kroll Cyber Threat Intelligence: https://www.kroll.com/en/services/cyber/threat-intelligence-services

Kroll Threat Intelligence Reports: https://www.kroll.com/en/reports/cyber/threat-intelligence-reports

Kroll Cyber and Data Resilience: https://www.kroll.com/en/services/cyber

#krollcyber #threatintelligence #cyberthreats

Copyright © 2026 OpsMatters™. All rights reserved.