2026-04-27 AI创业新闻

Researchers Uncover Pre-Stuxnet ‘fast16’ Malware Targeting Engineering Software

Cybersecurity researchers have discovered a new Lua-based malware created years before the notorious Stuxnet worm that aimed to sabotage Iran’s nuclear program by destroying uranium enrichment centrifuges. According to a new report published by SentinelOne, the previously undocumented cyber sabotage framework dates back to 2005, primarily targeting high-precision calculation software to tamper with results. It has been codenamed fast16 . “By combining this payload with self-propagation mechanisms, the attackers aim to produce equivalent inaccurate calculations across an entire facility,” researchers Vitaly Kamluk and Juan Andrés Guerrero-Saade said in an exhaustive report published this week.

Fast16 is estimated to predate Stuxnet – the world’s first known digital weapon designed for disruptive actions – by at least five years. While Stuxnet is widely attributed to the U.S. and Israel and later served as the architectural foundation for the Duqu information-stealing rootkit, fast16 appears to have emerged much earlier. It also precedes the earliest known samples of Flame (aka Flamer and Skywiper), another sophisticated malware that was discovered in May 2012 incorporating a Lua virtual machine to realize its goals.

The discovery makes fast16 the first strain of Windows malware to embed a Lua engine. SentinelOne said it made the discovery after it identified an artifact named “ svcmgmt.exe “ that, at first blush, appeared to be a generic console‑mode service wrapper. The sample has a file creation timestamp of August 30, 2005, per VirusTotal, to which it was uploaded more than a decade later on October 8, 2016. However, a deeper investigation has revealed an embedded Lua 5.0 virtual machine and an encrypted bytecode container, along with various other modules that bind directly into Windows NT file system, registry, service control, and network APIs.

The implant’s core logic resides in the Lua bytecode, with the binary also referencing a kernel driver (“ fast16.sys “) via a PDB path – a file with a creation date of July 19, 2005 – that’s responsible for intercepting and modifying executable code as it’s read from disk. That said, it’s worth noting that the driver will not run on systems with Windows 7 or later. In what’s a finding that could give an indication of the tool’s origins, SentinelOne said it uncovered a reference to the string “fast16” in a text file called “drv_list.txt” that included a list of drivers designed for use in advanced persistent threat (APT) attacks. The nearly 250KB file was leaked by a mysterious hacking group nine years ago.

In 2016 and 2017, the collective – calling itself The Shadow Brokers – published vast troves of data allegedly stolen from the Equation Group , an advanced persistent threat group with suspected ties to the U.S. National Security Agency (NSA). This included a bevy of hacking tools and exploits under the nickname “Lost in Translation.” The text file was one of them. “The string inside svcmgmt.exe provided the key forensic link in this investigation,” SentinelOne said.

“The PDB path connects the 2017 leak of deconfliction signatures used by NSA operators with a multi-modal Lua‑powered ‘carrier’ module compiled in 2005, and ultimately its stealthy payload: a kernel driver designed for precision sabotage.” “Svcmgmt.exe” has been described as a “highly adaptable carrier module” that can alter its behavior based on the command-line arguments passed to it, enabling it to run as a Windows service or execute Lua code. It comes with three distinct payloads: Lua bytecode to handle configuration and propagation and coordination logic, an auxiliary ConnotifyDLL (“ svcmgmt.dll “), and the “fast16.sys” kernel driver. Specifically, it’s designed to parse the configuration, escalate itself as a service, optionally deploy the kernel implant, and launch a Service Control Manager ( SCM ) wormlet that scans for network servers and propagates the malware to other Windows 2000/XP environments with weak or default credentials. An important aspect worth mentioning here is that the propagation only occurs when it’s manually forced, or common security products aren’t found on the system by scanning the Windows Registry database for associated registry keys.

Some of the security tools it explicitly checks belong to Agnitum, F-Secure, Kaspersky, McAfee, Microsoft, Symantec, Sygate Technologies, and Trend Micro. The presence of Sygate Technologies is another indicator that the sample was developed in the mid-2000s, as the company was acquired by Symantec (now part of Broadcom) in August 2005, and sales and support for its products were formally discontinued by November. “For tooling of this age, that level of environmental awareness is notable,” SentinelOne said. “While the list of products may not seem comprehensive, it likely reflects the products the operators expected to be present in their target networks whose detection technology would threaten the stealthiness of a covert operation.” The ConnotifyDLL, on the other hand, is invoked each time the system establishes a new network connection using the Remote Access Service ( RAS ), and writes the remote and local connection names to a named pipe (“\.\pipe\p577”).

However, it’s the driver that’s responsible for the precision sabotage, targeting executables compiled with the Intel C/C++ compiler to perform rule-based patching and hijack execution flow through malicious code injections. One such block is capable of corrupting mathematical calculations, specifically going after tools used in civil engineering, physics, and physical process simulations. “By introducing small but systematic errors into physical‑world calculations, the framework could undermine or slow scientific research programs, degrade engineered systems over time, or even contribute to catastrophic damage,” SentinelOne explained. “By separating a relatively stable execution wrapper from encrypted, task-specific payloads, the developers created a reusable, compartmentalized framework that they could adapt to different target environments and operational objectives while leaving the outer carrier binary largely unchanged across campaigns.” Based on an analysis of the 101 rules defined in the patching engine and matching them against software used in the mid-2000s, it’s assessed that three high-precision engineering and simulation suites may have been the targets: LS-DYNA 970, PKPM, and the MOHID hydrodynamic modeling platform.

LS-DYNA , now part of the Ansys Suite, is a general-purpose multi physics simulation software package that’s used for simulating crashes, impacts, and explosions. In September 2024, the Institute for Science and International Security (ISIS) released a report detailing Iran’s likely use of computer modeling software like LS-DYNA related to nuclear weapons development based on an examination of 157 academic publications found in open-source scientific and engineering literature. This chain of evidence assumes significance considering Iran’s nuclear program is said to have suffered substantial damage after its uranium enrichment facility in Natanz was targeted by the Stuxnet worm in June 2010. What’s more, Symantec revealed in February 2013 an earlier version of Student that was used to attack Iran’s nuclear program in November 2007, with evidence indicating it was under development as early as November 2005.

“Stuxnet 0.5 is the oldest known Stuxnet version to be analyzed,” Symantec noted at the time. “Stuxnet 0.5 contains an alternative attack strategy, closing valves within the uranium enrichment facility at Natanz, Iran, which would have caused serious damage to the centrifuges and uranium enrichment system as a whole.” Taken together, the latest finding “forces a re‑evaluation” of the historical timeline of development for clandestine cyber sabotage operations, SentinelOne said, adding it shows state-backed cyber sabotage tooling against physical targets had been fully developed and deployed by the mid‑2000s. “In the broader picture of APT evolution, fast16 bridges the gap between early, largely invisible development programs and later, more widely documented Lua‑ and LuaJIT‑based toolkits ,” the researchers concluded. “It is a reference point for understanding how advanced actors think about long‑term implants, sabotage, and a state’s ability to reshape the physical world through software.

fast16 was the silent harbinger of a new form of statecraft, successful in its covertness until today.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added four vulnerabilities impacting SimpleHelp, Samsung MagicINFO 9 Server, and D-Link DIR-823X series routers to its Known Exploited Vulnerabilities ( KEV ) catalog, citing evidence of active exploitation. The list of vulnerabilities is below - CVE-2024-57726 (CVSS score: 9.9) - A missing authorization vulnerability in SimpleHelp that could allow low-privileged technicians to create API keys with excessive permissions, which can then be used to escalate privileges to the server admin role. CVE-2024-57728 (CVSS score: 7.2) - A path traversal vulnerability in SimpleHelp that allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e., zip slip), which can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user.

CVE-2024-7399 (CVSS score: 8.8) - A path traversal vulnerability in Samsung MagicINFO 9 Server that could allow an attacker to write arbitrary files as system authority. CVE-2025-29635 (CVSS score: 7.5) - A command injection vulnerability in end-of-life D-Link DIR-823X series routers that allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibiting via the corresponding function. While both the SimpleHelp flaws have been marked as “Unknown” against the “Known To Be Used in Ransomware Campaigns?” indicator in the KEV catalog, reports from Field Effect and Sophos revealed early last year that the issues were exploited as a precursor to ransomware attacks. One such campaign was attributed to the DragonForce ransomware operation.

The exploitation of CVE-2024-7399 has been linked to malicious activity deploying the Mirai botnet in the past. As for CVE-2025-29635, Akamai disclosed earlier this week that it recorded attempts against D-Link devices to deliver a Mirai botnet variant named “tuxnokill.” To mitigate the active threats, Federal Civilian Executive Branch (FCEB) agencies are recommended to apply the fixes or, in the case of CVE-2025-29635, discontinue the use of the appliance by May 8, 2026. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has revealed that an unnamed federal civilian agency’s Cisco Firepower device running Adaptive Security Appliance (ASA) software was compromised in September 2025 with a new malware called FIRESTARTER . FIRESTARTER, per CISA and the U.K.’s National Cyber Security Centre (NCSC), is assessed to be a backdoor designed for remote access and control. It’s believed to be deployed as part of a “widespread” campaign orchestrated by an advanced persistent threat (APT) actor to obtain access to Cisco Adaptive Security Appliance (ASA) firmware by exploiting now-patched security flaws such as - CVE-2025-20333 (CVSS score: 9.9) - An improper validation of user-supplied input vulnerability that could allow an authenticated, remote attacker with valid VPN user credentials to execute arbitrary code as root on an affected device by sending crafted HTTP requests.

CVE-2025-20362 (CVSS score: 6.5) - An improper validation of user-supplied input vulnerability that could allow an unauthenticated, remote attacker to access restricted URL endpoints without authentication by sending crafted HTTP requests. “FIRESTARTER can persist as an active threat on Cisco devices running ASA or Firepower Threat Defense (FTD) software, maintaining post-patching persistence and enabling threat actors to re-access compromised devices without re-exploiting vulnerabilities,” the agencies said. In the investigated incident, the threat actors have been found to deploy a post-exploitation toolkit called LINE VIPER that can execute CLI commands, perform packet captures, bypass VPN Authentication, Authorization, and Accounting (AAA) for actor devices, suppress syslog messages, harvest user CLI commands, and force a delayed reboot. The elevated access afforded by LINE VIPER served as a conduit for FIRESTARTER, which was deployed on the Firepower device before September 25, 2025, allowing the threat actors to maintain continued access and return to the compromised appliance as recently as last month.

A Linux ELF binary, FIRESTARTER can set up persistence on the device, and survive firmware updates and device reboots unless a hard power cycle occurs. The malware lodges itself into the device’s boot sequence by manipulating a startup mount list, ensuring it automatically reactivates every time the device reboots normally. The resilience aside, it also shares some level of overlap with a previously documented bootkit referred to as RayInitiator. “FIRESTARTER attempts to install a hook – a way to intercept and modify normal operations – within LINA, the device’s core engine for network processing and security functions,” according to the advisory.

“This hook enables the execution of arbitrary shell code provided by the APT actors, including the deployment of LINE VIPER.” “Although Cisco’s patches addressed CVE-2025-20333 and CVE-2025-20362, devices compromised prior to patching may remain vulnerable because FIRESTARTER is not removed by firmware updates.” Cisco, which is tracking the exploitation activity associated with the two vulnerabilities under the moniker UAT4356 (aka Storm-1849), described FIRESTARTER as a backdoor that facilitates the execution of arbitrary shellcode received by the LINA process by parsing specially crafted WebVPN authentication requests containing a “magic packet.” The exact origins of the threat activity are not known, although an analysis from attack surface management platform Censys in May 2024 suggested links to China. UAT4356 was first attributed to a campaign called ArcaneDoor that exploited two zero-day flaws in Cisco networking gear to deliver bespoke malware capable of capturing network traffic and reconnaissance. “To fully remove the persistence mechanism, Cisco strongly recommends reimaging and upgrading the device using the fixed releases,” Cisco said . “In cases of confirmed compromise on any Cisco Secure ASA or FTD platforms, all configuration elements of the device should be considered untrusted.” As mitigations until reimaging can be performed, the company is recommending that customers perform a cold restart to remove the FIRESTARTER implant.

“The shutdown, reboot, and reload CLI commands will not clear the malicious persistent implant, the power cord must be pulled out and plugged back in the device,” it added. Chinese Hackers Shift From Individually Procured Infrastructure to Covert Networks The disclosure comes as the U.S., the U.K., and various international partners released a joint advisory about large-scale networks of compromised SOHO routers and IoT devices commandeered by China-nexus threat actors to disguise their espionage attacks and complicate attribution efforts. State-sponsored groups like Volt Typhoon and Flax Typhoon have been using these botnets, consisting of home routers, security cameras, video recorders, and other IoT devices, to target critical infrastructure sectors and conduct cyber espionage in a “low-cost, low-risk, deniable way,” per the alert. Complicating matters further is the fact that the networks are constantly updated, not to mention multiple China-affiliated threat groups might use the same botnet at the same time, making it challenging for defenders to identify and block them using static IP blocklists.

“Covert networks mostly consist of compromised SOHO routers, but they also pull in any vulnerable device they can exploit at scale,” the agencies said. “Their traffic will be forwarded through multiple compromised devices, used as traversal nodes, before exiting the network from an exit node, usually in the same geographic region as the target.” The findings underscore a common pattern seen in state-sponsored attacks: the targeting of network perimeter devices belonging to residential, enterprise, and government networks with an aim to either turn them into a proxy node or intercept sensitive data and communications. Sergey Shykevich, group manager of threat intelligence at Check Point Software, said in a statement that China-nexus activity in 2025 leveraged edge and perimeter infrastructure as a primary means for obtaining footholdowing to the fact that they are stationed outside endpoint and identity security controls, are infrequently patched, and offer a persistent, low-visibility foothold into compromised environments. “Our own investigations into China-nexus activity in 2026 – including Silver Dragon , which targets government organizations in Europe and Southeast Asia, and Operation TrueChaos , which abused a trusted software update channel to deliver malware across government networks – both reflect the same underlying logic: use legitimate infrastructure and trusted channels to make malicious activity invisible,” Shykevich added.

“The advisory’s finding that multiple actor groups are running these networks in parallel, and in some cases sharing them, reflects a level of operational scale and maturity that should concern any organization operating critical infrastructure or government systems. The answer cannot be detection alone. By the time malicious traffic is identified inside a compromised network device, the attacker has often been present for weeks or months. Prevention has to extend to every point in the connectivity fabric, including the infrastructure that is easiest to overlook.” (The story was updated after publication to include insights from Check Point Software.) Found this article interesting?

Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software

The Office of Inspector General (OIG) of the U.S. National Aeronautics and Space Administration (NASA) has revealed how a Chinese national posed as a U.S. researcher as part of a spear-phishing campaign to obtain sensitive information from the space agency, as well as from government entities, universities, and private companies, in violation of export control laws. “For years, NASA employees and research collaborators thought they were simply sharing software with colleagues,” the OIG said in a Thursday release.

“Instead, they were emailing sensitive defense technology to a Chinese national who was impersonating U.S. engineers.” The individual linked to the campaign was outed as Chinese national Song Wu in September 2024, when the U.S. Department of Justice (DoJ) announced charges against him for orchestrating a multi-year phishing scheme that stretched from January 2017 to December 2021 and involved targeting dozens of U.S. professors, researchers, and engineers.

Some of the victims of the campaign were employed at NASA, the Air Force, the Navy, the Army, and the Federal Aviation Administration, while the others worked at major universities and private sector firms. According to the 2024 indictment, Song was an engineer at the Aviation Industry Corporation of China (AVIC), a Chinese state-owned aerospace and defense conglomerate founded in 2008. In an attempt to obtain modeling software used for aerospace design and weapons development, Song and his co-conspirators are alleged to have conducted extensive research on their targets by masquerading as friends and colleagues to gain access to proprietary software and source code. The OIG said the scheme was successful in a handful of cases where victims shared the sensitive information with the imposter accounts managed by Song et al without realizing they were violating U.S.

export control laws. Song has been indicted on counts of wire fraud and 14 counts of aggravated identity theft, and faces a maximum sentence of 20 years in prison for each count of wire fraud. He also faces a two-year consecutive sentence if convicted of aggravated identity theft. The 40-year-old remains at large.

Adding Song to the U.S. Most Wanted List, the U.S. Federal Bureau of Investigation (FBI) said the specialized software could be used for industrial and military applications, including the development of advanced tactical missiles and aerodynamic design and assessment of weapons. “As phishing campaigns continue to become more sophisticated, there are common clues that can betray scammers and expose their export fraud schemes,” the OIG said.

“In Song’s case, he made multiple requests for the same software and did not justify why he needed it.” “Export control scammers also often suggest unusual payment methods (such as suspicious wire transfers); abruptly change the terms or source of payment; and use unconventional transfer methods to mask their identity and evade shipping restrictions.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Bridging the AI Agent Authority Gap: Continuous Observability as the Decision Engine

The AI Agent Authority Gap - From Ungoverned to Delegation As discussed in our previous article, AI agents are exposing a structural gap in enterprise security, but the problem is often framed too narrowly. The issue is not simply that agents are new actors. It is that agents are delegated actors. They do not emerge with independent authority.

They are triggered, invoked, provisioned, or empowered by existing enterprise identities: human users, machine identities, bots, service accounts, and other non-human actors. That makes Agent-AI fundamentally different from both people and software, while still being inseparable from both. This is why the AI Agent Authority Gap is really a delegation gap. Enterprises are trying to govern an emerging actor without first governing the identities that delegate authority to it.

Traditional IAM was built to answer a narrower question: who has access. But once AI agents are introduced, the real question becomes: what authority is being delegated, by whom, under what conditions, for what purpose, and across what scope? First Things First: Governing the Delegation Chain Before Agent AI The crucial point is sequencing. An enterprise cannot safely govern Agent-AI unless it first governs, as much as possible, the traditional actors that serve as its delegation source.

Human identities and traditional machine identities are already fragmented across applications, APIs, embedded credentials, unmanaged service accounts, and application-specific identity logic. This is the identity dark matter Orchid describes: authority that exists, operates, and often accumulates risk outside the view of managed IAM. If that dark matter remains unobserved, then the agent inherits an already broken authority model. The result is predictable: the agent becomes an efficient amplifier of hidden access, hidden permissions, and hidden execution paths.

So the bridge to safe Agent-AI adoption is not to start with the agent in isolation. It is first to reduce identity dark matter across the traditional actor estate, so it won’t be delegated or abused for the sake of efficiency. That means illuminating all human and traditional machine identities across the application environment, understanding how they authenticate, where credentials are embedded, how workflows actually execute, and where unmanaged authority sits. Orchid’s continuous observability model is the essential foundation for safe Agent AI implementation because it establishes a verified baseline of real identity behavior across managed and unmanaged environments, rather than relying on incomplete static policy assumptions.

From Observability to Authority: Dynamic Governance for Agent AI Once that traditional actor layer is observed, analyzed, and optimized, that output becomes the input for a real-time Agent-AI Delegation Authority layer.This is where Orchid’s model becomes more powerful than conventional IAM. Its telemetry is not just visibility or insight. It becomes a continuous feed into an authority engine that evaluates the authority profile of the delegator, the context of the target application, the intent behind the requested action, and the effective scope of execution. In other words, the agent should not be governed only by its own nominal permissions.

It should be governed continuously by the posture and intent of the actor delegating authority to it, plus the context of what the agent is trying to do. That creates a much stronger model for control. Think about it. A human delegator with weak posture, risky behavior, or excessive hidden access should not yield the same Agent-AI authority as a tightly governed delegator operating in a constrained workflow.

Likewise, a machine or service account with broad but poorly understood access should not be allowed to trigger an agent with unconstrained downstream actionability. Orchid’s role in this model is to continuously assess the delegator, the delegated actor, and the application path between them, then enforce authority accordingly. That is what turns observability into governance. This is also why the destination state is not just better individual auditing of human, machine, and agent AI actors.

It is dynamic sequential delegation control. Orchid can map each agent identity to the applications it touches, the workflows it can invoke, the intent patterns it exhibits, and the scope of its intended actions. It can then use the live observability feed to determine, in real time, whether that agent should be allowed to act, allowed only to recommend, constrained to a limited tool set, or stopped entirely. That is the ultimate meaning of closing the authority gap: not just knowing what an agent can access, but continuously determining what it is allowed to decide and execute at machine speed.

Closing Reminders AI agents are not just a new identity type. They are a delegated identity type. Their authority originates from traditional enterprise actors: humans, bots, service accounts, and machine identities. That means the problem of Agent-AI governance does not begin with the agent.

It begins with the delegation source. If enterprises cannot observe and govern the human and traditional machine identities that trigger agent actions, then they cannot safely govern the agent either. Orchid’s model makes that sequencing explicit: first reduce identity dark matter across the traditional actor estate, then use continuous observability, analysis, and audit of those delegators as the live input into a real-time Agent-AI Delegation Authority layer. In that model, the agent is governed not only by its nominal permissions but by the posture, intent, context, and scope of the actor delegating authority to it.

That is the missing bridge between traditional IAM and safe Agent-AI adoption. Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

26 FakeWallet Apps Found on Apple App Store Targeting Crypto Seed Phrases

Cybersecurity researchers have discovered a set of malicious apps on the Apple App Store that impersonate popular cryptocurrency wallets in an attempt to steal recovery phrases and private keys since at least fall 2025. “Once launched, these apps redirect users to browser pages designed to look similar to the App Store and distribute trojanized versions of legitimate wallets,” Kaspersky researcher Sergey Puzan said . “The infected apps are specifically engineered to hijack recovery phrases and private keys.” The 26 apps, collectively dubbed FakeWallet , mimic various popular wallets like Bitpie, Coinbase, imToken, Ledger, MetaMask, TokenPocket, and Trust Wallet. Many of these apps have since been taken down by Apple following disclosure.

There is no evidence that these apps were distributed via the Google Play Store. While malicious cryptocurrency wallets distributed in the past via bogus websites have abused iOS provisioning profiles to get users to install them, the latest crypto-theft scheme is an improvement in several ways. For starters, the apps are directly available for download from Apple’s App Store if a user has their Apple account set to China. These apps have icons that mirror the original but have intentional typos in their names (e.g., LeddgerNew) so as to trick unsuspecting users into downloading them.

In some cases, the app names and icons have no connection to cryptocurrency. Instead, they are used as placeholders to direct users to download the official wallet app through them, claiming they are “unavailable in the App Store” due to regulatory reasons. Kaspersky said it also identified several similar apps likely linked to the same threat actor that do not have the malicious features enabled, but have been found to mimic a benign service, such as a game, a calculator, or a task planner. Once launched, these apps open a link on the web browser and leverage enterprise provisioning profiles to install the wallet app on the victim’s device.

“The attackers have churned out a wide variety of malicious modules, each tailored to a specific wallet,” Puzan said. “In most cases, the malware is delivered via a malicious library injection, though we’ve also come across builds where the app’s original source code was modified.” The end goal of these infections is to look for mnemonic phrases from both hot and cold wallets, and exfiltrate them to an external server, allowing the operators to seize control of victims’ wallets and drain cryptocurrency assets or initiate fraudulent transactions. The seed phrases are captured either by hooking the code that’s responsible for the screen where the user enters their recovery phrase or serving a phishing page that instructs the victim to enter their mnemonics as part of a supposed verification step. It’s suspected the campaign could be the work of threat actors linked to the SparkKitty trojan campaign last year, given that some of the infected apps also come with a module to steal wallet recovery phrases using optical character recognition (OCR), and that both the campaigns appear to be the work of native Chinese speakers and specifically target cryptocurrency assets.

“The FakeWallet campaign is gaining momentum by employing new tactics, ranging from delivering payloads via phishing apps published in the App Store to embedding themselves into cold wallet apps and using sophisticated phishing notifications to trick users into revealing their mnemonics,” Kaspersky said. MiningDropper Android Malware Framework Emerges The discovery comes as Cyble sheds light on a sophisticated Android malware delivery framework known as MiningDropper (aka BeatBanker) that combines cryptocurrency mining with information theft, remote access, and banking malware in attacks targeting users in India, as well as in Latin America, Europe, and Asia as part of a BTMOB RAT campaign. MiningDropper has been distributed via a trojanized version of the open-source Android application project Lumolight , with the campaigns using fake websites impersonating banking institutions and regional transport offices to propagate the malware. Once launched, it activates a multi-stage sequence to extract the miner and the trojan payloads from an encrypted assets archive present within the package.

“MiningDropper employs a multi-stage payload delivery architecture that combines XOR-based native obfuscation, AES-encrypted payload staging, dynamic DEX loading, and anti-emulation techniques,” Cyble said . “MiningDropper employs a multi-stage payload delivery architecture that combines XOR-based native obfuscation, AES-encrypted payload staging, dynamic DEX loading, and anti-emulation techniques.” “MiningDropper demonstrates a layered, modular Android malware architecture designed to make static analysis difficult while giving threat actors flexibility in final payload delivery. This design allows the threat actor to reuse the same distribution and installation framework across hundreds of samples while adapting the final monetization objective to operational needs.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Tropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy AdaptixC2

Chinese-speaking individuals are the target of a new campaign that uses a trojanized version of SumatraPDF reader to deploy the AdaptixC2 Beacon post-exploitation agent and ultimately facilitate the abuse of Microsoft Visual Studio Code (VS Code) tunnels for remote access. Zscaler ThreatLabz, which discovered the campaign last month, has attributed it with high confidence to Tropic Trooper (aka APT23, Earth Centaur, KeyBoy, and Pirate Panda), a hacking group known for its targeting of various entities in Taiwan, Hong Kong, and the Philippines. It’s assessed to be active since at least 2011. “The threat actors created a custom AdaptixC2 Beacon listener, leveraging GitHub as their command-and-control (C2) platform,” security researcher Yin Hong Chang said in an analysis.

It’s believed that Chinese-speaking individuals in Taiwan, and individuals in South Korea and Japan, are the targets of the campaign. The starting point of the attack is a ZIP archive containing military-themed document lures to launch the rogue version of SumatraPDF, which is then used to display a decoy PDF document, while simultaneously retrieving encrypted shellcode from a staging server to launch AdaptixC2 Beacon. To accomplish this, the backdoored SumatraPDF executable launches a slightly modified version of a loader codenamed TOSHIS , which is a variant of Xiangoop, a malware linked to Tropic Trooper, and has been used in the past to fetch next-stage payloads like Cobalt Strike Beacon or Merlin agent for the Mythic framework. The loader is responsible for activating the multi-stage attack, dropping both the lure document as a distraction mechanism and the AdaptixC2 Beacon agent in the background.The agent employs GitHub for C2, beaconing out to the attacker-controlled infrastructure to fetch tasks to be executed on the compromised host.

The attack moves to the next stage only when the victim is deemed valuable, at which point the threat actor deploys VS Code and sets up VS Code tunnels for remote access. On select machines, the threat actor has been found to install alternative, trojanized applications, likely in an attemptto better camouflage their actions. What’s more, the staging server involved in the intrusion (“158.247.193[.]100”) has been observed hosting a Cobalt Strike Beacon and a custom backdoor called EntryShell , both of which have been put to use by Tropic Trooper in the past. “Similar to the TAOTH campaign , publicly available backdoors are used as payloads,” Zscaler said.

“While Cobalt Strike Beacon and Mythic Merlin were previously used, the threat actor has now shifted to AdaptixC2.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure

A high-severity security flaw in LMDeploy , an open-source toolkit for compressing, deploying, and serving large language models (LLMs), has come under active exploitation in the wild less than 13 hours after its public disclosure. The vulnerability, tracked as CVE-2026-33626 (CVSS score: 7.5), relates to a Server-Side Request Forgery (SSRF) vulnerability that could be exploited to access sensitive data. “A server-side request forgery (SSRF) vulnerability exists in LMDeploy’s vision-language module,” according to an advisory published by the project maintainers last week. “The load_image() function in lmdeploy/vl/utils.py fetches arbitrary URLs without validating internal/private IP addresses, allowing attackers to access cloud metadata services, internal networks, and sensitive resources.” The shortcoming affects all versions of the toolkit (0.12.0 and prior) with vision language support.

Orca Security researcher Igor Stepansky has been credited with discovering and reporting the bug. Successful exploitation of the vulnerability could permit an attacker to steal cloud credentials, reach internal services that aren’t exposed to the internet, port scan internal networks, and create lateral movement opportunities. Cloud security firm Sysdig, in an analysis published this week, said it detected the first LMDeploy exploitation attempt against its honeypot systems within 12 hours and 31 minutes of the vulnerability being published on GitHub. The exploitation attempt originated from the IP address 103.116.72[.]119.

“The attacker did not simply validate the bug and move on. Instead, over a single eight-minute session, they used the vision-language image loader as a generic HTTP SSRF primitive to port-scan the internal network behind the model server: AWS Instance Metadata Service (IMDS), Redis, MySQL, a secondary HTTP administrative interface, and an out-of-band (OOB) DNS exfiltration endpoint,” it said . The actions undertaken by the adversary, detected on Apr 22, 2026, at 03:35 a.m. UTC, unfolded over 10 distinct requests across three phases, with the requests switching between vision language models (VLMs) such as internlm-xcomposer2 and OpenGVLab/InternVL2-8B to likely avoid raising any suspicion - Target AWS IMDS and Redis instances on the server.

Test egress with an out-of-band (OOB) DNS callback to requestrepo[.]com to confirm the SSRF vulnerability can reach arbitrary external hosts, followed by enumerating the API surface. Port scan the loopback interface (“127.0.0[.]1”) The findings are yet another reminder of how threat actors are closely watching new vulnerability disclosures and exploiting them before downstream users can apply the fixes, even in cases where no proof-of-concept (PoC) exploits exist at the time of the attack. “CVE-2026-33626 fits a pattern that we have observed repeatedly in the AI-infrastructure space over the past six months: critical vulnerabilities in inference servers, model gateways, and agent orchestration tools are being weaponized within hours of advisory publication, regardless of the size or extent of their install base,” Sysdig said. “Generative AI (GenAI) is accelerating this collapse.

An advisory as specific as GHSA-6w67-hwm5-92mq, which includes the affected file, parameter name, root-cause explanation, and sample vulnerable code, is effectively an input prompt for any commercial LLM to generate a potential exploit.” WordPress Plugins and Internet-Exposed Modbus Devices Targeted The disclosure comes as threat actors have also been spotted exploiting vulnerabilities in two WordPress plugins – Ninja Forms – File Upload ( CVE-2026-0740 , CVSS score: 9.8) and Breeze Cache ( CVE-2026-3844 , CVSS score: 9.8) – to upload arbitrary files to susceptible sites, which result in arbitrary code execution and complete takeover. Unknown attackers have also been linked to a global campaign targeting internet-exposed, Modbus-enabled programmable logic controllers (PLCs) from September to November 2025 that spanned 70 countries and 14,426 distinct targeted IPs, most of which are located in the U.S., France, Japan, Canada, and India. A subset of these requests has been found to emanate from sources geolocated to China. “The activity blended large-scale automated probing with more selective patterns that suggest deeper device fingerprinting, disruption attempts, and potential manipulation paths when PLCs are reachable from the public internet,” Cato Networks researchers said .

“Many source IPs had low or zero public reputation scores, consistent with fresh or rotating scanning hosts.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

UNC6692 Impersonates IT Help Desk via Microsoft Teams to Deploy SNOW Malware

A previously undocumented threat activity cluster known as UNC6692 has been observed leveraging social engineering tactics via Microsoft Teams to deploy a custom malware suite on compromised hosts. “As with many other intrusions in recent years, UNC6692 relied heavily on impersonating IT help desk employees, convincing their victim to accept a Microsoft Teams chat invitation from an account outside their organization,” Google-owned Mandiant said in a report published today. UNC6692 has been attributed to a large email campaign that’s designed to overwhelm a target’s inbox with a flood of spam emails, creating a false sense of urgency. The threat actor then approaches the target over Microsoft Teams by sending a message claiming to be from the IT support team to offer assistance with the email bombing problem.

It’s worth noting that this combination of bombarding a victim’s email inbox followed by Microsoft Teams-based help desk impersonation has been a tactic long embraced by former Black Basta affiliates . Despite the group shutting down its ransomware operations early last year, the playbook has witnessed no signs of slowing down. In a report published last week, ReliaQuest revealed that the approach is being used to target executives and senior-level employees for initial access into corporate networks for potential data theft, lateral movement, ransomware deployment, and extortion. In some cases, chats were initiated just 29 seconds apart.

The goal of the conversation is to trick victims into installing legitimate remote monitoring and management (RMM) tools like Quick Assist or Supremo Remote Desktop to enable hands-on access, and then weaponize it to drop additional payloads. “From March 1 to April 1, 2026, 77% of observed incidents targeted senior-level employees, up from 59% in the first two months of 2026,” ReliaQuest researchers John Dilgen and Alexa Feminella said . “This activity demonstrates that a threat group’s most effective tactics can long outlive the group itself.” The attack chain detailed by Mandiant, on the other hand, deviates from this approach as the victim is instructed to click on a phishing link shared via Teams chat to install a local patch to remediate the spam issue. Once it’s clicked, it leads to the download of an AutoHotkey script from a threat actor-controlled AWS S3 bucket.

The phishing page is named “Mailbox Repair and Sync Utility v2.1.5.” The script is designed to perform initial reconnaissance, and then install SNOWBELT, a malicious Chromium-based browser extension, on the Edge browser by launching it in headless mode along with the “–load-extension” command line switch . “The attacker used a gatekeeper script designed to ensure the payload is delivered only to intended targets while evading automated security sandboxes,” Mandiant researchers JP Glab, Tufail Ahmed, Josh Kelley, and Muhammad Umair said. “The script also checks the victim’s browser. If the user is not using Microsoft Edge, the page displays a persistent overlay warning.

Using the SNOWBELT extension, UNC6692 downloaded additional files including SNOWGLAZE, SNOWBASIN, AutoHotkey scripts, and a ZIP archive containing a portable Python executable and required libraries.” The phishing page is also designed to serve a Configuration Management Panel with a prominent “Health Check” button that, when clicked, prompts users to enter their mailbox credentials for ostensibly authentication purposes, but, in reality, is used to harvest and exfiltrate the data to another Amazon S3 bucket. The SNOW malware ecosystem is a modular toolkit that works together to facilitate the attacker’s goals. While SNOWBELT is a JavaScript-based backdoor that receives commands and relays them to SNOWBASIN for execution, SNOWGLAZE is a Python-based tunneler to create a secure, authenticated WebSocket tunnel between the victim’s internal network and the attacker’s command-and-control (C2) server. The third component is SNOWBASIN, which operates as a persistent backdoor to enable remote command execution via “cmd.exe” or “powershell.exe,” screenshot capture, file upload/download, and self-termination.

It runs as a local HTTP server on ports 8000, 8001, or 8002. Some of the other post-exploitation actions carried out by UNC6692 after gaining initial access are as follows - Use a Python script to scan the local network for ports 135, 445, and 3389 for lateral movement, establish a PsExec session to the victim’s system via the SNOWGLAZE tunneling utility, and initiate an RDP session via the SNOWGLAZE tunnel from the victim system to a backup server. Utilize a local administrator account to extract the system’s LSASS process memory with Windows Task Manager for privilege escalation. Use the Pass-The-Hash technique to move laterally to the network’s domain controllers using the password hashes of elevated users, download and run FTK Imager to capture sensitive data (e.g., Active Directory database file) and write it to the \Downloads folder, and exfiltrate it using the LimeWire file upload tool.

“The UNC6692 campaign demonstrates an interesting evolution in tactics, particularly the use of social engineering, custom malware, and a malicious browser extension, playing on the victim’s inherent trust in several different enterprise software providers,” the tech giant said. “A critical element of this strategy is the systematic abuse of legitimate cloud services for payload delivery and exfiltration, and for command-and-control (C2) infrastructure. By hosting malicious components on trusted cloud platforms, attackers can often bypass traditional network reputation filters and blend into the high volume of legitimate cloud traffic.” The disclosure comes as Cato Networks detailed a voice phishing-based campaign that leverages similar help desk impersonation on Microsoft Teams to guide victims into executing a WebSocket-based trojan dubbed PhantomBackdoor via an obfuscated PowerShell script retrieved from an external server. “This incident shows how help desk impersonation delivered through a Microsoft Teams meeting can replace traditional phishing and still lead to the same outcome: staged PowerShell execution followed by a WebSocket backdoor,” the cybersecurity company said .

“Defenders should treat collaboration tools as first-class attack surfaces by enforcing help desk verification workflows, tightening external Teams and screen-sharing controls, and hardening PowerShell.” The abuse of Microsoft Teams while impersonating IT or help desk personnel to social engineer victims into granting attackers remote access has not gone unnoticed by Microsoft, which warned that threat actors are initiating cross-tenant communications via the collaboration platform to establish interactive control via Quick Assist or other remote support tools to enable malicious code execution. Once initial access is obtained, the attackers perform reconnaissance, drop payloads to facilitate outbound encrypted connections to command-and-control (C2) infrastructure, deploy a fallback remote access channel using Level RMM to ensure persistence even if the original artifacts are detected and removed, and finally exfiltrate data using the file‑synchronization tool Rclone. “This access pathway might be used to perform credential-backed lateral movement using native administrative protocols such as Windows Remote Management (WinRM), allowing threat actors to pivot toward high-value assets including domain controllers,” the tech giant said. “In observed intrusions, follow-on commercial remote management software and data transfer utilities such as Rclone were used to expand access across the enterprise environment and stage business-relevant information for transfer to external cloud storage.

This intrusion chain relies heavily on legitimate applications and administrative protocols, allowing threat actors to blend into expected enterprise activity during multiple intrusion phases.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign

Bitwarden CLI , the command-line interface for the password manager Bitwarden, has reportedly been compromised as part of a newly discovered and ongoing Checkmarx supply chain campaign , according to findings from JFrog and Socket. “The affected package version appears to be @bitwarden/cli@2026.4.0 , and the malicious code was published in ‘bw1.js,’ a file included in the package contents,” the application security company said . “The attack appears to have leveraged a compromised GitHub Action in Bitwarden’s CI/CD pipeline, consistent with the pattern seen across other affected repositories in this campaign.” In a post on X, JFrog said the rogue version of the package “steals GitHub/npm tokens, .ssh, .env, shell history, GitHub Actions and cloud secrets, then exfiltrates the data to private domains and as GitHub commits.” Specifically, the malicious code is executed by means of a preinstall hook, resulting in the theft of local, CI, GitHub, and cloud secrets. The data is exfiltrated to the domain “audit.checkmarx[.]cx” and to a GitHub repository as a fallback if the primary method fails.

The entire series of actions is listed below - It launches a credential stealer that targets developer secrets, GitHub Actions environments, and artificial intelligence (AI) coding tool configurations, including Claude, Kiro, Cursor, Codex CLI, and Aider. The stolen data is encrypted with AES-256-GCM and exfiltrated to audit.checkmarx[.]cx, a domain impersonating Checkmarx. If GitHub tokens are found, the malware weaponizes them to inject malicious Actions workflows into repositories and extract CI/CD secrets. “A single developer with @bitwarden/cli@2026.4.0 installed can become the entry point for a broader supply chain compromise, with the attacker gaining persistent workflow injection access to every CI/CD pipeline the developer’s token can reach,” StepSecurity said .

While the malicious version is no longer available for download from npm, Socket said the compromise follows the same GitHub Actions supply chain vector identified in the Checkmarx campaign. As part of the effort, threat actors have been found abusing stolen GitHub tokens to inject a new GitHub Actions workflow that captures secrets available to the workflow run, and uses harvested npm credentials to push malicious versions of the package to read the malware to downstream users. According to security researcher Adnan Khan, the threat actor is said to have used a malicious workflow to publish the malicious bitwarden CLI. “I believe this is the first time a package using NPM trusted publishing has been compromised,” Khan added .

Bitwarden CLI Attack Chain | Source: OX Security It’s suspected that the threat actor known as TeamPCP is behind the latest attack aimed at Checkmarx. As of writing, TeamPCP’s X account has been suspended for violating the platform’s rules. OX Security, in a breakdown of the attack, said it identified the string “Shai-Hulud: The Third Coming” in the package, suggesting this could likely be the next phase of the supply chain attack campaign that came to light last year. Reference to the “Shai-Hulud: The Third Coming” “The latest Shai Hulud incident is just the latest in a long chain of threats targeting developers around the world.

User data is being publicly exfiltrated to GitHub, often going undetected because security tools typically don’t flag data being sent there,” Moshe Siman Tov Bustan, Security Research Team Lead at OX Security, said. “This makes the risk significantly more dangerous: anyone searching GitHub can potentially find and access those credentials. At that point, sensitive data is no longer in the hands of a single threat actor – it’s exposed to anyone.” Like in the case of the Checkmarx incident, the stolen data is exfiltrated to public repositories created under victim accounts using a Dune-themed naming scheme in the same format “--<3 digits>. "But in an interesting shift, the malware is also designed to quit execution on systems if their locale corresponds to Russia.

“The shared tooling strongly suggests a connection to the same malware ecosystem, but the operational signatures differ in ways that complicate attribution,” Socket said. “This suggests either a different operator using shared infrastructure, a splinter group with stronger ideological motivations, or an evolution in the campaign’s public posture.” When reached for comment, Bitwarden confirmed the incident and said it stemmed from the compromise of its npm distribution mechanism following the Checkmarx supply chain attack, but emphasized that no end-user data was accessed as part of the attack. The entire statement shared with The Hacker News is reproduced verbatim below - The Bitwarden security team identified and contained a malicious package that was briefly distributed through the npm delivery path for @bitwarden/cli@2026.4.0 between 5:57 PM and 7:30 PM (ET) on April 22, 2026, in connection with a broader Checkmarx supply chain incident. The investigation found no evidence that end user vault data was accessed or at risk, or that production data or production systems were compromised.

Once the issue was detected, compromised access was revoked, the malicious npm release was deprecated, and remediation steps were initiated immediately. The issue affected the npm distribution mechanism for the CLI during that limited window, not the integrity of the legitimate Bitwarden CLI codebase or stored vault data. Users who did not download the package from npm during that window were not affected. Bitwarden has completed a review of internal environments, release paths, and related systems, and no additional impacted products or environments have been identified at this time.

A CVE for Bitwarden CLI version 2026.4.0 is being issued in connection with this incident. Per a breakdown of the attack published by Endor Labs, Bitwarden’s GitHub repository uses “checkmarx/ast-github-action,” which was one of the artifacts that was compromised in the Checkmarx supply chain incident. The application security vendor described the malicious Bitwarden CLI as one of the “more capable npm supply chain payloads” published to date. “It combines a multi-cloud credential harvester targeting six distinct secret surfaces, a self-propagating npm worm that re-infects all packages a victim token can publish, a GitHub commit dead-drop C2 channel with RSA-signed command delivery, authenticated-encryption exfiltration that survives repository seizure, shell RC persistence, and a novel module that specifically targets authenticated AI coding assistants,” Endor Labs researcher Kiran Raj said.

Additional analyses of the attack are listed below - Aikido Security GitGuardian Mend.io SafeDep “Every payload, from the CanisterSprawl worm to the trojanized KICS scanner to the xinference stealer , was engineered to do one thing: extract credentials from the environments where developers and pipelines operate,” GitGuardian said . “The question every affected team should be asking right now isn’t just ‘did this package run in my environment?’ It’s: what secrets were accessible if it did, and have they been rotated?” Update For users who installed the trojanized package during the affected window, Bitwarden has released @bitwarden/cli version 2026.4.1 , which is a re-release of 2026.3.0. It’s estimated that a total of 334 downloads of version 2026.4.0 took place. In addition, the company is urging affected users to perform the following steps prior to installing the safe version - Uninstall Bitwarden CLI 2026.4.0 via npm.

Clear the npm cache. Temporarily disable npm install scripts during cleanup as a precaution. Review for indicators of compromise. Rotate any secrets that may have been exposed on the affected system or stored in environment variables.

Review GitHub activity, CI workflows, and related credentials for unauthorized access or changes. Install Bitwarden CLI 2026.4.1 via npm. The company said it’s “in the process of completing a full review and will implement mitigation to prevent such attacks in the future.” (The story was updated after publication to include additional insights.) Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories

You scroll past one incident and see another that feels familiar, like it should have been fixed years ago, but it still works with small changes. Same bugs. Same mistakes. The supply chain is messy.

Packages you did not check are stealing data, adding backdoors, and spreading. Attacking the systems behind apps is easier than breaking the apps themselves. The exploits are simple but still work, giving attackers easy access. AI tools are also part of the problem now.

They trust bad input and take real actions, which makes the damage bigger. Then there are quieter issues. Apps take data they should not. Devices behave in strange ways.

Attackers keep testing what they can get away with. No noise. Just ongoing damage. Here is the list for this week’s ThreatsDay Bulletin.

State-backed crypto heist North Korea Likely Behind KelpDAP $290M Crypto Heist Inter-blockchain communication protocol LayerZero has revealed that North Korean threat actors tracked TraderTraitor may have been behind the recent hack of decentralized finance (DeFi) project KelpDAO, resulting in the theft of $290 million. “The attack was specifically engineered to manipulate or poison downstream RPC infrastructure by compromising a quorum of the RPCs the LayerZero Labs DVN relied upon to verify transactions,” LayerZero said. KelpDAO, in a post on X, said, “Two RPC nodes hosted by LayerZero were compromised. A simultaneous DDoS attack was launched against the third RPC node.

This was an attack on LayerZero’s infrastructure. Kelp’s own systems were not involved in building or operating that infrastructure.” Meanwhile, the Arbitrum Security Council has

temporarily frozen

the 30,766 ETH being held in the address on Arbitrum One that is connected to the KelpDAO exploit. In an analysis published today, Chainalysis

said

“Crucially, this was not a smart contract hack, but a sophisticated attack on off-chain infrastructure. The attackers compromised internal RPC nodes and DDoS’d external nodes to feed false data to a single-point-of-failure verification network (a 1-of-1 DVN setup).

This tricked the Ethereum contract into releasing funds based on a phantom token ‘burn’ on the source chain.” It’s worth noting that TraderTraiter was attributed to the mega Bybit hack in early 2025 that led to the theft of $1.5 billion in digital assets. Recently, Lazarus Group was also linked to the $285 million theft from the Drift Protocol. Active RCE exploits MajorDoMo Flaws Come Under Exploitation Separately, VulnCheck has warned of attacks attempting to exploit two flaws in MajorDoMo, a smart home automation platform. While CVE-2026-27175 is a critical command injection vulnerability that started seeing exploitation on April 13, CVE-2026-27174 allows unauthenticated remote code execution via the PHP console in the admin panel and was first detected on April 18.

“CVE-2026-27175 was exploited to drop a PHP webshell that delivers persistent backdoor access,” VulnCheck said . “CVE-2026-27174 saw exploitation that ended in a Metasploit php/meterpreter/reverse_tcp staged payload.” Other vulnerabilities that have witnessed exploitation efforts include CVE-2025-22952 , an SSRF in Elestio Memos, and CVE-2024-57046 , an authentication bypass in NETGEAR DGN2200 routers. Supply chain malware surge New Malicious Packages Discovered A number of malicious packages have been discovered in the npm registry: ixpresso-core , forge-jsx , @genoma-ui/components, @needl-ai/common, rrweb-v1 , cjs-biginteger, sjs-biginteger, bjs-biginteger , @fairwords/websocket, @fairwords/loopback-connector-es, @fairwords/encryption , js-logger-pack , and @kindo/selfbot . These packages come with features to steal sensitive data from compromised hosts, perform system reconnaissance, andimplant an SSH backdoor by injecting the attacker’s public key into ~/.ssh/authorized_keys, deliver an information stealer, and spread the XWorm remote access trojan (RAT).

The packages published under the “@fairwords” scope have also been found to self-propagate to all npm packages using the victim’s token and attempt cross-ecosystem propagation to PyPI via .pth file injection. New versions of js-logger-pack have since been found to leverage the Hugging Face repository to poll for updates and use it as a data-theft destination. Also detected was the compromise of @velora-dex/sdk (version 9.4.1) to decode and execute a Base64 payload that fetches a shell script from a remote server that, in turn, downloads and persists a Go-based remote access trojan called minirat on macOS systems. Another legitimate package to be compromised was mgc (versions 1.2.1 through 1.2.4), which was injected with a dropper that detects the operating system and fetches a platform-specific RAT from a GitHub Gist to exfiltrate valuable data.

AI prompt injection surge 10 Indirect Prompt Injection Payloads Flagged Forcepoint has detected 10 new indirect prompt injection (IPI) payloads targeting artificial intelligence (AI) agents with malicious instructions designed to achieve financial fraud, data destruction, API key theft, and AI denial-of-service attacks. “Regardless of the specific payload technique or attacker intent, every case follows the same fundamental sequence: the attacker poisons web content, hides the payload from human view, waits for an AI agent to ingest the page, exploits the LLM’s inability to distinguish trusted instructions from attacker-controlled content, and triggers a real-world action with a covert exfiltration return channel back to the attacker,” the company said . Covert browser data access Claude Desktop Grants Additional Permissions to Itself The Claude desktop app has been found granting itself permission to access web browser data, even if some browsers haven’t even been installed on a user’s computer, web privacy expert Alexander Hanff said. The app has been spotted placing configuration files in preset locations for Chromium-based browsers like Brave, Google Chrome, Microsoft Edge, and Vivaldi.

The Native Messaging manifest files pre-authorize Claude to interact with the browser even before the user installs it. The issue has been described as a case of dark pattern that violates privacy laws in the E.U. Hardware display protection U.K. NCSC Unveils SilentGlass The U.K.

National Cyber Security Centre (NCSC) has unveiled a new technology called SilentGlass that’s designed to protect video connections from cyber attacks. “SilentGlass, a plug-and-play device, actively blocks anything unexpected or malicious between HDMI and Display Port connections and screens,” NCSC said . “Already successfully deployed on Government estates, SilentGlass is now available for anyone to buy and use. It has been approved for use in the most high-threat environments.” Passkeys replace passwords NCSC Endorses Passkeys In a related development, the NCSC also endorsed passkeys as the default authentication standard and the “first choice of login” for access to all digital services.

“Passkeys are a newer method for logging into online accounts, which do much of the heavy lifting for users, only requiring user approval rather than needing to input a password,” NCSC said . “This makes passkeys quicker and easier to use and harder for cyber attackers to compromise.” It also said the majority of cyber harms to individuals begin with criminals stealing or compromising login details, which makes passkey adoption a “huge leap” in boosting resilience to phishing attacks. More than 50% of active Google services users in the U.K. are said to be already using passkeys.

Backdoor sabotage claims Iran Claims U.S. Used Backdoors to Disable Networking Equipment During War Reports from Iranian media have claimed that hardware made by Cisco, Juniper, Fortinet, and MikroTik either rebooted or disconnected during recent attacks on Iran, despite the country being cut off from the global internet. “The most striking and suspicious aspect of this incident is its precise timing and the lack of access to the international internet at that moment,” Iranian news website Entekhab said . “This disruption occurred at a time when international gateways were effectively blocked or inaccessible; therefore, attributing this chain collapse to ‘a simple cyber attack from beyond the borders’ is not only unconvincing but also reveals the traces of deep-seated sabotage embedded within the equipment.” The report hypothesizes the presence of hidden firmware backdoors or rogue implants within compromised devices, creating a dormant botnet that’s activated when a certain event occurs without the need for internet access.

The other possibility is a supply chain compromise. “If the chips or installation files of Cisco and Juniper products are compromised before entering the country, even replacing the operating system will not solve the problem, because the root of the problem is embedded in the hardware and read-only memory (ROM),” the report said. These arguments have found purchase in China, whose state media agency Xinhua called U.S.-made equipment the “real trojan horse.” The disclosure comes as DomainTools revealed that the various hacktivist personas adopted by Iran, such as Homeland Justice, Karma, and Handala , “constitute a coordinated, MOIS-aligned cyber influence ecosystem operating under multiple branded identities that serve distinct but complementary operational roles.” Ransomware infighting escalates Krybit Ransomware Hacks 0APT Site The Krybit ransomware group has hacked the website of rival ransom group 0APT after the latter threatened to dox Krybit’s members. According to security firm Barricade , 0APT leaked the complete database of the Krybit ransomware operation, including victim records, plaintext credentials, Bitcoin wallets, encryption tokens, and a 56MB exfiltration file inventory.

In return, Krybit has hit back by compromising 0APT’s server within 48 hours, defacing their data leak site, and publishing source code, bash history, Nginx logs, and system files. To rub salt into the wound, the group listed 0APT as victim #1 on their own leak site. Stealth malware-as-a-service New FUD Crypt Cryptor Service There is a new cryptor-as-a-service platform called FUD Crypt (fudcrypt[.]net). “For $800 to $2,000 per month, subscribers upload an arbitrary Windows executable and receive a multi-stage deployment package that attempts automatic DLL sideloading, in-memory AMSI and ETW interference, silent UAC elevation via CMSTPLUA, and Windows Defender tamper via Group Policy on Enterprise builds,” Ctrl-Alt-Intel said .

Formbook phishing surge Phishing Campaigns Deliver Formbook Malware Two different phishing campaigns targeting Greek, Spanish, Slovenian, Bosnian, Latin, and Central American companies are using different techniques to deliver Formbook malware. “FormBook is a data-stealing malware that targets Windows systems, primarily distributed through phishing emails with malicious attachments,” WatchGuard said . “It collects sensitive information like login credentials, browser data, and screenshots, using advanced evasion techniques to avoid detection.” Stealth .NET execution abuse Operation PhantomCLR Targets Middle East and EMEA A highly sophisticated, multi-stage post-exploitation framework has been observed targeting organizations in the Middle East and EMEA financial sectors. “The threat actor leverages a legitimate, digitally signed Intel utility (IAStorHelp.exe) by abusing the .NET AppDomainManager mechanism, effectively turning a trusted binary into a stealthy execution container,” CYFIRMA said .

“This approach allows malicious code to be executed within a trusted environment. It bypasses conventional security controls without modifying the original signed binary.” Because AppDomainManager hijacking enables stealth execution within a trusted signed binary, it allows malicious code to run without modifying the original executable, effectively bypassing code-signing trust controls. The attack begins with a phishing email containing a ZIP archive, which contains an LNK file masquerading as a PDF document to execute “IAStorHelp.exe.” It’s currently not known who is behind the campaign, but the level of sophistication, modular design, and operational discipline suggest capabilities consistent with advanced threat actors. RAT plus adware bundle New Campaign Distributes RAT and Adware A new malware campaign is spreading both a remote access trojan and adware together, allowing attackers to establish persistent access and make financial profits.

The attack has been found to leverage a loader to deliver Gh0st RAT trojan and CloverPlus adware, an unwanted software designed to install advertising components and change browser behavior, such as startup pages and pop-up ads, per Splunk . macOS stealth execution abuse Living-off-the-Land in macOS In a new analysis, Cisco Talos revealed that bad actors can bypass security controls in Apple macOS by repurposing native features like Remote Application Scripting (RAS) for remote execution and abusing Spotlight metadata (Finder comments) to stage payloads in a way that evades static file analysis. “Because Finder is scriptable over RAE, the comment of a file on a remote machine can be set via the “eppc://” protocol. By Base64 encoding a payload locally, a multi-line script can be stored within this single string field.

The make new file command handles the creation of the target file, ensuring that no pre-existing file is required,” Talos said . “The payload resides entirely within the Spotlight metadata, a location that remains largely unexamined by standard endpoint detection and response (EDR) solutions. This creates a stealthy staging area where malicious code can persist on the disk without triggering alerts associated with suspicious file contents.” In addition, attackers can move toolkits and establish persistence using built-in protocols such as SMB, Netcat, Git, TFTP, and SNMP operating entirely outside the visibility of standard SSH-based telemetry. In some cases, adversaries can also bypass built-in restrictions by using Terminal as a proxy for execution, encoding payloads in Base64 and deploying them in stages.

LLM agent testing framework Terrarium Framework for Evaluating Multi-Agent Systems A group of academics has released a hackable, modular, and configurable open-source framework called Terrarium for studying and evaluating decentralized LLM-based multi-agent systems (MAS). “As the capabilities of agents progress (e.g., tool calling) and their state space expands (e.g., the internet), multi-agent systems will naturally arise in unique and unexpected scenarios,” the researchers said , adding it acts as “an isolated playground for studying agent behavior, vulnerabilities, and safety. It enables full customization of the communication protocol, communication proxy, environment, tool usage, and agents.” AI data privacy purge Clarifai Deletes OkCupid Data According to Reuters , AI company Clarifai said it has deleted 3 million profile photos taken from dating site OkCupid in 2014. It follows a settlement reached last month between the U.S.

Federal Trade Commission (FTC) and Match Group, OkCupid’s owner. Clarifai is said to have certified the data deletion to the FTC on April 7, 2026, and deleted any models that trained on the data. The company also emphasized that it hadn’t shared the data with third parties. The FTC opened the investigation in 2019, after The New York Times reported that Clarifai had built a training database using OkCupid dating profile photos.

The behavior was a direct violation of OkCupid’s privacy policy, although Clarifai was not accused of wrongdoing. Zero-credential RCE chain Active Exploitation of CVE-2026-34197 VulnCheck said it’s seeing active exploitation of the Apache ActiveMQ Jolokia remote code execution chain that strings together CVE-2026-34197 and CVE-2024-32114 . “CVE-2024-32114 removes authentication from the Jolokia endpoint entirely on ActiveMQ versions 6.0.0 through 6.1.1,” VulnCheck’s Jacob Baines said . “Combined with CVE-2026-34197, that is zero-credential RCE.” Stealth phishing lure Spike in Phishing Using Empty Email Subject Lines There has been a surge in phishing emails utilizing empty subject lines as a way to lure users to actually click and open the email without the usual warning cues.

Known as silent subject or null subject phishing, the technique is designed to exploit blind spots in email defenses, as it allows such emails to bypass security filters that rely on analyzing the subject lines for specific keywords that may indicate potential phishing or scam. “Emails with empty subject lines evade user suspicion by exploiting human curiosity,” CyberProof said . “The primary objective of a silent subject campaign is to gain initial access through social engineering, leading to credential compromise, unauthorized access, and potential lateral movement within targeted environments, especially focusing on high-value or VIP users.” Industrial-scale SIM farms ProxySmart as a SIM Farm-as-a-Service A Belarus-based turnkey solution is assisting SIM farm operators in supporting cybercrime on an industrial scale. Infrawatch said that it identified 87 instances of ProxySmart control panels in 17 countries that are linked to at least 24 commercial proxy providers and 35 cellular providers.

The footprint spans 94 phone farm locations, distributed across 19 U.S. states, as well as countries in Europe and South America. ProxySmart provides an end-to-end platform for operating and monetizing mobile proxy infrastructure, including farm management, device control, customer provisioning, retail proxy sales, and payment handling. It’s accessible via a web-based control panel that’s self-hosted by the farm operator.

Devices in the farms are either physical Android phones or USB 4G/5G modems. The phones are enrolled via an unsigned Android APK package downloaded from the ProxySmart website, with SMS send and receive capability included. Modems are managed through ModemManager, an open-source USB dongle management tool. The ProxySmart service is written in Python and obfuscated using PyArmour.

“ProxySmart is publicly associated with a Belarus-based vendor footprint and offers an end-to-end stack for operating and monetizing a physical farm, including device management, automated IP rotation, customer provisioning, plan enforcement, and anti-bot countermeasures,” the company said . “Technical analysis indicates operator capabilities consistent with large-scale evasion enablement, including automated IP rotation, remote device control, and network fingerprint spoofing.” SIM farms enable a range of cybercrime activity such as smishing, premium-rate number fraud, bot sign-ups, and one-time password interception. In response to the findings, ProxySmart disputed its characterization as a SIM farm, stating it’s a “data-path proxy management platform” and that its mobile proxy infrastructure “underpins a wide range of legitimate commercial and research activity” including advertising verification, brand protection, price monitoring, and anti-fraud model training, among others. Telegram under CSAM probe Ofcom Probes Telegram for CSAM Ofcom, the U.K.’s independent communications regulator, has launched an investigation into Telegram under the country’s Online Safety Act to examine whether the platform is being used to share child sexual abuse material (CSAM) and is doing enough to combat the threat.

“We received evidence from the Canadian Centre for Child Protection regarding the alleged presence and sharing of child sexual abuse material on Telegram, and carried out our own assessment of the platform,” Ofcom said . “In light of this, we have decided to open an investigation to examine whether Telegram has failed, or is failing, to comply with its duties in relation to illegal content.” In a statement shared with The Record, Telegram said it “categorically denies Ofcom’s accusations,” adding it has “virtually eliminated the public spread of CSAM on its platform through world-class detection algorithms and cooperation with NGOs.” Earlier this year, Ofcom also commenced a probe into X to determine whether the service is taking necessary steps to take down illegal content, including non-consensual intimate images and CSAM. EU cracks disinfo ops E.U. Sanctions Pro-Russian Organizations for Disinformation The European Union imposed sanctions on two pro-Russian organizations accused of spreading disinformation and supporting the Kremlin’s hybrid influence operations against Europe and Ukraine.

The measures target Euromore and the Foundation for the Support and Protection of the Rights of Compatriots Living Abroad (Pravfond). The move is part of the E.U.’s broader effort to counter Russian information and influence operations targeting Europe since the start of Moscow’s full-scale invasion of Ukraine in 2022. The E.U. has imposed sanctions on 69 individuals and 19 entities linked to Russian hybrid warfare.

Bot farm dismantled Ukraine Dismantles Bot Farm Ukrainian authorities have dismantled a bot farm that’s alleged to have supplied thousands of fake social media accounts to Russian intelligence services for use in disinformation campaigns against Ukraine. The suspected organizer of the network has been detained in the northern city of Zhytomyr, and nearly 20,000 fraudulent online profiles that were used in information operations have been blocked. The suspect is believed to have sold more than 3,000 fake Telegram accounts each month to Russian clients. The accounts were created using Ukrainian mobile phone numbers and then advertised on online platforms used by pro-Russian actors.

If convicted, the suspect faces up to six years in prison. Malicious extensions surge StealTok Campaign Steals User Data More than 130,000 users have downloaded and installed malicious Chrome and Edge extensions that, while offering the promised functionality, also implement covert tracking, remote configuration capabilities, and data collection mechanisms.The 12 extensions posed as tools to download TikTok videos and were available through the official Chrome and Edge stores. The activity has been codenamed StealTok. The extensions have been found to use remote configuration to bypass store review.

“Beyond privacy concerns, the use of remote configuration endpoints introduces a significant security risk, enabling post-installation behavior changes that bypass marketplace review mechanisms,” LayerX said . Joomla SEO spam backdoor PHP Backdoor Targets Joomla Sites to Inject SEO Spam In a new campaign spotted by Sucuri, threat actors are planting a new PHP-based backdoor on Joomla sites to inject SEO spam. The injected script acts as a remote loader to send information about the infected website and awaits further instructions from an attacker-controlled server. “Attackers inject malicious code that silently serves spam content to visitors and search engines, all without the site owner knowing,” Sucuri said .

“The goal is simple: abuse the site’s reputation to push traffic towards products the attacker wants to promote.” Post-exfiltration data trade Criminal Platform Leak Bazaar Peddles Stolen Data with a Twist A new service called Leak Bazaar has been promoted on the Russian-speaking TierOne forum that claims to process data stolen from extortion and ransomware attacks and turn it into “something more legible, more selective and precise, and making it marketable for the general population to ingest.” It’s advertised by a user named Snow, who joined the forum on March 3, 2026. “What Leak Bazaar is really offering is not a DLS or Data or Dedicated Leak Site in the conventional sense, but a post-exfiltration service layer,” Flare said . “It is trying to reassure both suppliers and buyers that the platform can solve the most frustrating part of data theft, which is that a large percentage of exfiltrated material is too noisy, too unstructured, or too cumbersome to use without additional labor.” RDP scanning concentration Just 21 IP Addresses Behind About 50% of All RDP Scanning GreyNoise has disclosed that a small cluster of 21 IP addresses is now responsible for generating nearly half of all the RDP scanning traffic on the public internet. The addresses are registered to ColocaTel (AS213438), a company based in the Seychelles.

According to the threat intelligence firm, mass internet scanning activity is now preceding vendor vulnerability disclosures more frequently than before, with 49% of surges arriving within 10 days of disclosure and 78% within 21 days.In a related development, security researcher Morgan Robertson revealed that almost three-quarters of Perforce P4 source code management servers connected to the internet are misconfigured and leaking source code and sensitive files. “The default Perforce settings allow unauthenticated users to create accounts, list existing users, access passwordless accounts, and, until version 2025.1, allowed syncing repositories remotely; potentially exposing intellectual property across more than a dozen sectors, including gaming, healthcare, automotive, finance, and government,” Robertson said . “Action is recommended for all Perforce administrators to ensure security hardening, including setting stronger authentication requirements, disabling automatic account creation, and raising security levels.” Emerging threat groups surge New Threat Actors in the Wild Various new hacktivist, data extortion, and ransomware crews have been spottedin the wild. These include Harakat Ashab al-Yamin al-Islamia , World Leaks , Lamashtu , Payouts King , BravoX , Black Shrantac , NBLOCK , Ndm448 , Chip , Ransoomed , and Zollo .

None of this is new. That is the problem. Old paths still open, basic checks still skipped, and trust still given where it should not be. Attackers are not doing anything magical, they are just faster and less careful because they do not need to be.

The fixes are known but ignored. Patch early, check what you install, limit access, and stop trusting inputs by default. Most of the damage comes from things that were easy to prevent. Same story next week.

Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

[Webinar] Mythos Reality Check: Beating Automated Exploitation at AI Speed

Imagine a world where hackers don’t sleep, don’t take breaks, and find weak spots in your systems instantly. Well, that world is already here. Thanks to AI, attackers are now launching automated, large-scale exploits faster than ever before. The time you have to fix a vulnerability before it gets attacked is shrinking to zero.

We call this the Collapsing Exploit Window , and it means your standard patching routine is officially too slow. If you are fighting AI-speed attacks with manual-speed defenses, your systems are at a breaking point. It’s time to rethink everything. Join our highly anticipated webinar featuring expert guest Ofer Gayer, Vice President of Product at Miggo Security, and learn how to beat the bots at their own game: Mythos and the Collapsing Exploit Window: Rethink Vulnerability Prioritization at AI Speed .

Here is exactly what you will walk away with: The Truth About Mythos: We are cutting through the hype. Learn what Mythos actually represents and why it matters to your daily security. The AI Attack Wave: See exactly how AI is helping attackers discover and exploit vulnerabilities at lightning speed. The Deadly Patch Gap: Understand why the gap between a new threat and your patch is widening, and why the old way of fixing things is broken forever.

Your New AppSec Blueprint: Stop guessing. Get real, practical steps to prioritize real-world risks, including expert secrets on virtual patching. 👤 Who needs to be there? CISOs, AppSec Leaders, and Security Architects.

If you are in charge of keeping the gates locked and you know legacy vulnerability management isn’t cutting it anymore—this is for you. Stop letting automated exploits outpace your team. Learn how to secure your organization in the age of AI. 📅 Claim your spot right now before it’s too late.

Register now. Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.