Chinese law enforcement has dismantled cybercrime operations linked to a new variant of the Silver Fox Trojan virus, which targets employees in enterprises and public institutions, particularly in financial roles. The malware allows cybercriminals remote access to steal account credentials, intercept SMS verification codes, and harvest personal information. A criminal syndicate in Jilin province, led by an individual named Chen, developed this Trojan and conducted mass phishing campaigns, resulting in losses exceeding 7 million yuan. Police have taken action against Chen and 26 accomplices, with ongoing investigations. Recommendations for enhancing personal cybersecurity include downloading software from official websites, scrutinizing website domains, verifying links before clicking, and disconnecting compromised computers from the internet. Under China's Criminal Law, unauthorized access to computer systems and data theft can lead to imprisonment and financial penalties.
On June 13, 2026, the National Students Union of India (NSUI) held a protest in Hyderabad against alleged exam paper leaks related to the National Eligibility-cum-Entrance Test (NEET). The Indian government temporarily blocked access to the messaging platform Telegram to combat exam fraud, with the National Testing Agency (NTA) announcing the ban will last until June 22 and disabling the message editing feature until June 30. The NEET-UG exam was canceled on May 12, affecting approximately 2.2 million students, following allegations of a paper leak. Telegram channels were found soliciting payments for leaked exam papers, while the NTA denied any papers were available outside secured channels. Political ramifications included calls from opposition leader Rahul Gandhi for the resignation of Education Minister Dharmendra Pradhan. The Cockroach Janta Party organized protests nationwide demanding accountability for the examination discrepancies.
Researchers have identified a new malware called JS.MonoGlyphRAT, which disguises itself as business documents to infiltrate corporate networks. It is primarily spread through phishing emails targeting various sectors in the U.S. and has been reported in countries like Germany, Sweden, and Australia. The malware is classified as "Unknown malware" on threat intelligence platforms, making traditional antivirus solutions ineffective. It establishes a persistent presence in the network by executing a JavaScript file and communicating with command-and-control (C2) servers over HTTP. Key indicators of compromise include unusual HTTP traffic, registry changes, and the execution of specific JavaScript files. The malware can download additional payloads and execute commands without leaving traces on disk. Indicators of compromise include specific IP addresses, URLs, file hashes, and registry keys associated with the malware's operation.
Meta is enhancing protections for younger users by expanding its Teen Accounts framework across Facebook, Messenger, and Instagram. This includes implementing stricter content settings that limit exposure to inappropriate material, such as violence and self-harm. A new "Limited Content" setting will be introduced for Facebook and Messenger to provide additional content restrictions. Additionally, Instagram is testing a feature to diversify content recommendations for teens, reducing repetitive exposure to similar topics. These initiatives come amid increased regulatory scrutiny regarding youth safety on social media platforms.
Google is enhancing the security of its Play Store by removing high-risk and low-quality applications and will soon notify users when an app has been deleted from the Play Store. This notification will inform users that the app will no longer receive updates, which is crucial for security as unpatched apps can be exploited. Currently, users only receive alerts about significant security threats, but the new feature aims to improve user awareness regarding app removals. The change comes amid rising cyber threats, with a recent report indicating that vulnerability exploitation is a major risk. Previously, users were not notified about app removals, leaving them unaware unless they found out through other means.
Google has implemented a new feature in its Play Store that notifies users when an app has been removed from the marketplace. This update informs users that the app will no longer receive updates, including security fixes, which could leave them vulnerable. The notification will detail each deleted app and its removal from Google Play. There is uncertainty about whether the update will allow users to delete these apps directly. This initiative responds to a shift in the threat landscape, where exploiting vulnerabilities has become the primary method of breaching devices, surpassing stolen credentials. Recent reports highlighted the necessity for user notifications, citing a new ad fraud campaign involving 453 apps that were installed 24 million times before removal. Previously, users had no formal notification system for app removals.
Microsoft's Digital Crimes Unit has filed a lawsuit against Fox Tempest, a criminal enterprise selling fraudulently signed malware to ransomware groups, affecting hospitals, schools, and critical infrastructure in ten countries. The lawsuit was filed on May 19 in the U.S. District Court for the Southern District of New York. Fox Tempest created a portal at signspace[.]cloud, offering a user-friendly interface for uploading malicious files and generating over 580 fraudulent Microsoft accounts to bypass identity verification. The group provided pre-configured virtual machines for customers to upload malicious payloads in exchange for signed binaries.
Fox Tempest's operations were linked to a ransomware attack chain involving a counterfeit Microsoft Teams installer that deployed the Rhysida ransomware. This ransomware strain has caused significant breaches, including an October 2023 attack on the British Library, which resulted in a data exfiltration of about 600GB and recovery costs of £6 to £7 million, and a September 2024 attack on Seattle-Tacoma International Airport with a ransom demand of .8 million.
Microsoft's civil litigation approach allowed for a quicker legal process, leading to the seizure of the signspace[.]cloud domain and the suspension of around 1,000 Fox Tempest accounts. Despite these actions, Fox Tempest has begun shifting to alternative code-signing services, highlighting the evolving nature of cybercrime and the need for users to verify software through independent channels. The confirmed targets of Fox Tempest included organizations in the United States, France, India, China, Brazil, Germany, Japan, the United Kingdom, Italy, and Spain.
Steam users are warned about the risks of downloading free games, particularly a compromised title called Beyond The Dark, which was a clone of the horror game Phasmophobia. This game contained malware named UnityPlayer.dll that activated upon launch, targeting saved passwords and cryptocurrency extensions in browsers. Users experienced instability and crashes while the malware operated in the background. It is recommended that those who downloaded the game delete associated files and perform a system scan, changing any potentially compromised passwords. Valve has removed Beyond The Dark from its storefront to prevent further downloads. Users are advised to scrutinize game descriptions, review feedback, and maintain reliable antivirus software to protect their personal information.
Microsoft has acknowledged an issue with the installation of Windows 11’s May 2026 Update (KB5089549), which has been encountering errors such as 0x800f0922, 0x80240069, and 0x80240031. An emergency server-side update is being implemented to resolve these installation hurdles. The KB5089549 update is mandatory and intended to install automatically on compatible PCs, but some users have reported difficulties, including installation stalling around 35-36%, leading to a rollback with a message stating, “something didn’t go as planned. Undoing changes.”
Investigations reveal that installation failures are particularly affecting devices with limited EFI partition space, with error code 0x800f0922 indicating insufficient free space and potential conflicts with third-party files. The EFI System Partition (ESP) typically occupies no more than 100MB and can become congested due to leftover files, causing installation failures when available space is low. Users with less than 10MB of free EFI storage may face additional complications. A PowerShell command can be used to check EFI storage status.
Microsoft has advised users to consider increasing the size of the ESP by modifying the Windows Registry, although the recent server-side update may have already addressed the issue. The Known Issue Rollback (KIR) has been implemented, automatically propagating the resolution to devices. Users are encouraged to restart their devices to expedite the application of the fix, and there are no additional bugs reported.
![Epic Games Store 2026: $400M Record, 317M Users [AU]](https://newapp.site/wp-content/uploads/2026/06/epic-games-store-2026-400m-record-317m-users-au-768x439.webp)
