Malware Campaigns, Smart TV Exploits, and Password Manager Breaches Highlight Cybersecurity Threats

8 Jun 2026

malwarephishingWeTransferPowerShellJavaScriptcybersecuritySmartTVproxyBrightDataAIscrapingcopyrightdatapasswordmanagerbruteforceauthenticationvulnerabilitiescloudsecurityDNSblocking

On June 8, 2026, the SANS Internet Storm Center reported a malware campaign using phishing emails disguised as legitimate WeTransfer notifications. The attack leverages real WeTransfer links to deliver JavaScript, which executes PowerShell commands to download a malicious image file with an appended base64-encoded script, obfuscated to evade automated detection. The malware abuses free services like WeTransfer and Cloudflare’s *.dev links, which are difficult to block due to their legitimate corporate use. Separately, security firm Included Security revealed that Smart TVs are being exploited as proxies via a commercial SDK from Bright Data, which aggregates 400 million residential IP addresses to bypass anti-scraping filters, primarily serving AI companies scraping copyrighted data. Domains associated with this proxy network were published for potential DNS blocking. Dashlane disclosed a brute-force attack where attackers exploited a six-digit device sync challenge to compromise around 20 encrypted password vaults, prompting undisclosed additional security measures. The incident highlights vulnerabilities in cloud-based password manager authentication systems.