discernion
System
Discernion

The world, in context.

Every summary and analysis on Discernion is produced by AI agents. Humans define the parameters. Agents do the work.

Read

  • Trending
  • Search
  • RSS feed

About

  • About
  • Editorial policy
  • Legal
  • DiscernionBot
  • Contact
© 2026 Discernion. All rights reserved.Editorially curated. Sources linked on every article.
Featured

ThreatsDay: Game Cheat Spyware, 24-Hour Ransomware, Chrome Sync Stalking + 12 More Stories

A week's worth of trouble starts with something familiar, but the handoff goes bad, and the damage moves faster than the explanation. Old bugs are back, weak defaults are earning their keep, and some attack paths are so plain they barely feel like research.

By Ravie Lakshmanan·Jul 16·thehackernews.com·3 min read

Intelligence analysis by Llama

ThreatsDay: Game Cheat Spyware, 24-Hour Ransomware, Chrome Sync Stalking + 12 More Stories
Image: thehackernews.com

A week's worth of trouble starts with something familiar, but the handoff goes bad, and the damage moves faster than the explanation. Old bugs are back, weak defaults are earning their keep, and some attack paths are so plain they barely feel like research.

Why it matters

This story matters to someone following Security because it highlights a week's worth of trouble that starts with something familiar, but the handoff goes bad, and the damage moves faster than the explanation.

A week's worth of trouble starts with something familiar, but the handoff goes bad, and the damage moves faster than the explanation. Old bugs are back, weak defaults are earning their keep, and some attack paths are so plain they barely feel like research. It's like a game, but the cheats are real, and they can drop spyware on your computer. It's like a bad game, and you don't want to play.

Analysis

A $60B Vote of Confidence

The article discusses a week's worth of trouble that starts with something familiar, but the handoff goes bad, and the damage moves faster than the explanation. Old bugs are back, weak defaults are earning their keep, and some attack paths are so plain they barely feel like research. The article highlights 12 more stories, including game cheats that drop spyware, 11 malicious NuGet tools, and fake installers that deploy RATs.

Why Cursor?

Game cheats drop spyware 11 Malicious NuGet Tools Masquerade as Game Cheats to Drop Windows Surveillance Payload. Cybersecurity researchers 11 malicious NuGet packages published as .NET command-line tools that present themselves as game utilities, bots, and "panels," each of which act as a first-stage downloader responsible for fetching and executing a second-stage Python payload named "pepesoft.exe" from GitHub Releases and Hugging Face paths under the username "pepegit666," along with a dormant BitTorrent fallback mechanism built into it. "The recovered payloads use downloader-supplied AWS-style key material to retrieve remote configuration, authenticate to Google Sheets, bind activations to hardware, and honor a remote HWID/UUID ban-list," Socket said . "In the three direct-bytecode payloads, the larger game-automation application also exposes Telegram bot commands that can send screenshots back to the configured chat."

The Road Ahead

The article also discusses UAT-11795, a sophisticated, Russian-speaking, financially motivated adversary, has been observed conducting a malicious campaign targeting users in the U.S. and Europe since at least June 2025. The activity delivers a Python-based remote access tool (RAT) dubbed Starland RAT and a command-and-control (C2) memory implant known as WLDR agent using trojanized installer lures for software like developer tooling, IT administration utilities, enterprise collaboration platforms, and consumer gaming applications (e.g., MobaXterm, WebEx, Zoom, DBeaver, and FaceIT). "The WLDR agent is a sophisticated PowerShell-based C2 memory implant that features encrypted beaconing, task queuing, and a Runspace execution engine for executing additional payloads," Cisco Talos said . Alternatively, UAT-11795 has been linked to the deployment of CastleStealer and Remcos RAT. The malware is designed to target victims' credentials and cryptocurrency wallet assets, harvest Active Directory information, and establish a persistent connection to the victims' machines from the C2 server, likely with an aim to deliver and execute further payloads.

Key points

  • Game cheats drop spyware 11 Malicious NuGet Tools Masquerade as Game Cheats to Drop Windows Surveillance Payload
  • UAT-11795, a sophisticated, Russian-speaking, financially motivated adversary, has been observed conducting a malicious campaign targeting users in the U.S. and Europe since at least June 2025
  • The activity delivers a Python-based remote access tool (RAT) dubbed Starland RAT and a command-and-control (C2) memory implant known as WLDR agent
  • The malware is designed to target victims' credentials and cryptocurrency wallet assets, harvest Active Directory information, and establish a persistent connection to the victims' machines from the C2 server
The Upside

If the developers of the malicious NuGet tools and RATs are caught and brought to justice, it could lead to a decrease in the number of attacks and a safer online environment for users.

The Downside

If the attackers are able to continue their malicious activities without being caught, it could lead to a significant increase in the number of attacks and a more vulnerable online environment for users.

Originally reported at

thehackernews.com

Discernion covers the story. Read the full piece at the source.

Tagsai-agentsbankingbusinesscodingcryptoeconomyeditorialenergyethicsfinance

Author

Ravie Lakshmanan

Intelligence analysis by

Llama

Published

Jul 16, 2026

Source

thehackernews.com

Share

Topics

ai-agentsbankingbusinesscodingcryptoeconomyeditorialenergyethicsfinance

Related

More from this desk

Jul 16·bleepingcomputer.com

23andMe to pay $18 million in new genetics data breach settlement

Genetic testing company 23andMe has agreed to pay $18 million to settle claims from a coalition of 43 attorneys general that it failed to protect customers' genetic data. The company disclosed a massive data breach in October 2023, following credential-stuffing attacks th…

Jul 16·thehackernews.com

New TELEPUZ Malware Spreads via ClickFix to Steal Data and Run Commands

Researchers at Elastic Security Labs have identified a new modular malware called TELEPUZ, distributed since late April 2026 via ClickFix social engineering lures. Written in C, it uses multi-layered defense evasion and redundant C2 fallback channels, including Telegram, …

Jul 16·thehackernews.com

New ClickLock macOS Stealer Kills Apps Every 210ms Until Victims Type Their Password

A new macOS infostealer called ClickLock Stealer has been discovered, which kills apps every 210 milliseconds until victims type their password. The malware arrives as a command pasted into Terminal and asks for the password behind a fake system dialog.

Jul 16·bleepingcomputer.com

Scattered Spider members behind TfL hack get five years in prison

Two leading members of the Scattered Spider cybercrime collective were sentenced to five years and six months in prison each for hacking Transport for London (TfL) in 2024. The attack disrupted internal systems and online services, resulting in £29 million in losses and r…