Threat Briefing: June 12, 2026

This week’s threats reflect a clear shift toward scalable, deceptive attacks on individuals and enterprises alike. Threat actors are weaponizing social media and AI-generated content for fraud and malware distribution, while eroding trust in digital content amplifies exposure to social engineering.

The Miasma worm source code leak and supply chain threats continue to pressure developer ecosystems, and incidents like the ServiceNow exploit and Pink’s Microsoft 365 vishing campaigns show how adversaries are combining social engineering, cloud access, and native admin tools to evade defenses and accelerate extortion.

• Social Media Tutorials Weaponized for Infostealer Distribution – Scammers are embedding malicious instructions in TikTok and Instagram tutorial videos that promise free premium software, tricking users into running PowerShell commands that deploy the Vidar infostealer. Unlike traditional phishing, this vector exploits platform algorithms and user trust in “helpful” content to steal credentials, financial data, and browser information. Hackread
• AI-Generated Content Is Breaking Down Online Trust – Research shows 88% of users struggle to distinguish real from AI-generated content, fueling a rise in deepfakes, identity manipulation, and AI-driven scams. The resulting erosion of digital trust increases fraud risk for both individuals and organizations, a behavioral shift as much as a technical one. Malwarebytes
• Miasma Worm Source Code Leaked on GitHub – The source code for the Miasma credential-stealing worm was briefly published via compromised GitHub accounts, exposing a framework designed to autonomously spread through developer environments and open-source repositories. The leak lowers the barrier for supply chain attacks, with prior similar leaks leading to rapid attacker adoption. BleepingComputer
• npm v12 to Require Explicit Approval for Dependency Installation – GitHub’s upcoming npm v12 replaces implicit trust with explicit developer approval during package installation, directly targeting a primary vector for supply chain attacks. The change reduces risk across developer systems, CI/CD pipelines, and downstream applications. BleepingComputer
• ServiceNow Vulnerability Exploited for Unauthorized Customer Access – Threat actors exploited a ServiceNow flaw, patched June 5, 2026, that allowed unauthenticated access to a subset of customer instances under certain conditions. The incident underscores the scale of exposure possible through widely used enterprise platforms and reinforces the urgency of rapid patching. The Hacker News