In Other News: Anthropic Maps AI Threats, Unpatched Comodo Flaw, Palantir Chief Eyed for CISA

Microsoft has uncovered a cryptojacking campaign where threat actors poison AI chatbot and SEO search results to trick users into downloading fake utilities like CrystalDiskInfo and PDFgear. Once installed, the malware abuses ConnectWise ScreenConnect for remote access and repurposes Microsoft .NET processes to mine cryptocurrency using high-performance GPUs. WatchGuard researchers identified a resurgence of the decade-old Grandoreiro banking trojan, now targeting financial institutions in Portugal and Latin America. The campaign employs DLL side-loading techniques, leveraging four legitimate software applications to evade detection. Microsoft Threat Intelligence also tracked Storm-2697, a financially motivated group deploying 'The Gentlemen' ransomware-as-a-service. The malware uses a Go-based encryptor with Garble obfuscation, self-propagates via scheduled tasks with SYSTEM privileges, and has been analyzed by security firms Halcyon and Huntress. Meanwhile, Let’s Encrypt announced plans to adopt Merkle Tree Certificates to optimize post-quantum cryptographic algorithms, reducing TLS handshake sizes and improving certificate transparency. The initiative will launch in a staging environment in late 2026 before full production in 2027. U.S. agencies, including CISA, FBI, and NSA, issued an alert warning critical infrastructure operators about attacks on exposed Automatic Tank Gauge (ATG) systems. Threat actors bypass authentication to manipulate configurations, prompting immediate disconnection from the public internet. Recent incidents at U.S. gas stations have been linked to Iran-backed actors. The developments highlight escalating threats in cryptojacking, ransomware, and critical infrastructure vulnerabilities, alongside proactive measures to secure future digital systems.