Skip to content

Weekly threat-intel roadmap β€” 2026-07-05#79

Draft
alekslinde wants to merge 2 commits into
mainfrom
threat-intel/2026-07-05
Draft

Weekly threat-intel roadmap β€” 2026-07-05#79
alekslinde wants to merge 2 commits into
mainfrom
threat-intel/2026-07-05

Conversation

@alekslinde

Copy link
Copy Markdown
Owner

Summary

Weekly threat-intelligence roadmap for Just Checking, Mate. Adds docs/threat-intel/2026-07-05-threat-roadmap.md β€” research and proposals only; no detection code (lib/) is modified.

All items from the 2026-07-01 roadmap (issues #63–#68) are fully implemented and closed. This run identifies 8 new threats with 6 HIGH-priority detection improvements proposed.

Top recommendations this week

Priority Recommendation Issues
1 Tax-time cost-of-living lures β€” "cost of living payment", "energy rebate", "tax recalculation" added to URGENCY_WORDS; peak scam season starts now #73
2 ClickFix "run a command" social engineering β€” "press Win+R", "paste this command", PowerShell lure phrases; ACSC advisory 7 May 2026; zero existing coverage #74
3 Device code / OAuth phishing language in checkEmail β€” "enter device code", microsoft.com/devicelogin; escalated from watchlist to HIGH after FBI PSA260521 #75
4 WhatsApp investment group pig-butchering β€” new composite for "join our trading group", "VIP trading signals"; ASIC 26-063MR joint alert, $35.8M AU losses #76
5 New suspicious TLDs: .zip, .mov, .lat β€” trivial addition to SUSPICIOUS_TLDS #77
6 SMS "Unverified" label override language β€” scammers explaining away ACMA's new Sender ID Registry "Unverified" display; AU-specific, near-zero FP #78

Watchlist items (no code change needed yet)

  • myID rebrand β€” myGov digital identity layer rebranding to myID; watch for myid-verify[.]com.au typosquats
  • Numeric sender ID bypass β€” ACMA regime covers alphanumeric IDs only; scammers may shift to numeric spoofing
  • International SMS routing β€” non-AU carriers not bound by ACMA; expect increased foreign-gateway smishing
  • AI-generated pig-butchering (grammar signal deprecation) β€” agentic AI produces flawless prose, eroding value of typo detection
  • Fake banking app reinstallation lure β€” "delete and reinstall your bank app from this link" (MEDIUM; Rokarolla malware, June 2026)

Linked issues

#73 #74 #75 #76 #77 #78


Generated by Claude Code

claude added 2 commits July 5, 2026 22:42
New threats: ClickFix fake-CAPTCHA (ACSC May 2026 advisory), tax-time
cost-of-living lures (ATO/myGov peak season), OAuth device code phishing
escalated to HIGH (FBI PSA260521), WhatsApp pig-butchering investment
group variant (ASIC 26-063MR), .zip/.mov/.lat TLD additions, and ACMA
SMS Unverified-label bypass language. Six HIGH-priority GitHub issues
queued in "Issues to Open Manually" section.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_016uP2D8WASmcBWucCU16qv7
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants