2025-07-31 AI创业新闻

Hackers Use Facebook Ads to Spread JSCEAL Malware via Fake Cryptocurrency Trading Apps

Cybersecurity researchers are calling attention to an ongoing campaign that distributes fake cryptocurrency trading apps to deploy a compiled V8 JavaScript (JSC) malware called JSCEAL that can capture data from credentials and wallets. The activity leverages thousands of malicious advertisements posted on Facebook in an attempt to redirect unsuspecting victims to counterfeit sites that instruct them to install the bogus apps, according to Check Point. These ads are shared either via stolen accounts or newly created ones. “The actors separate the installer’s functionality into different components and most notably move some functionality to the JavaScript files inside the infected websites,” the company said in an analysis.

“A modular, multi-layered infection flow enables the attackers to adapt new tactics and payloads at every stage of the operation.” It’s worth noting that some aspects of the activity were previously documented by Microsoft in April 2025 and WithSecure as recently as this month, with the latter tracking it as WEEVILPROXY . According to the Finnish security vendor, the campaign has been active since March 2024. The attack chains have been found to adopt novel anti-analysis mechanisms that rely on script-based fingerprinting, before delivering the final JSC payload. “The threat actors implemented a unique mechanism that requires both the malicious site and the installer to run in parallel for successful execution, which significantly complicates analysis and detection efforts,” the Israeli cybersecurity company noted.

Clicking on the link in the Facebook ads triggers a redirection chain, ultimately leading the victim to a fake landing page mimicking a legitimate service like TradingView or a decoy website, if the target’s IP address is not within a desired range or the referrer is not Facebook. The website also includes a JavaScript file that attempts to communicate with a localhost server on port 30303, in addition to hosting two other JavaScript scripts that are responsible for tracking the installation process and initiating POST requests that are handled by the components within the MSI installer. For its part, the installer file downloaded from the site unpacks a number of DLL libraries, while simultaneously initiating HTTP listeners on localhost:30303 to process incoming POST requests from the phony site. This interdependency also means that the infection chain fails to proceed further if any of these components doesn’t work.

“To ensure the victim does not suspect abnormal activity, the installer opens a webview using msedge_proxy.exe to direct the victim to the legitimate website of the application,” Check Point said. The DLL modules are designed to parse the POST requests from the website and gather system information and commence the fingerprinting process, after which the captured information is exfiltrated to the attacker in the form of a JSON file by means of a PowerShell backdoor. If the victim host is deemed valuable, the infection chain moves to the final stage, leading to the execution of the JSCEAL malware by leveraging Node.js. The malware, besides establishing connections with a remote server to receive further instructions, sets up a local proxy with the goal of intercepting the victim’s web traffic and injecting malicious scripts into banking, cryptocurrency, and other sensitive websites to steal their credentials in real-time.

Other functions of JSCEAL include gathering system information, browser cookies, auto-fill passwords, Telegram account data, screenshots, keystrokes, as well as conducting adversary-in-the-middle (AitM) attacks and manipulating cryptocurrency wallets. It can also act as a remote access trojan. “This sophisticated piece of malware is designed to gain absolute control of the victim machine, while being resilient against conventional security tools,” Check Point said. “The combination of compiled code and heavy obfuscation, while displaying a wide variety of functionality, made analysis efforts challenging and time-consuming.” “Using JSC files allows attackers to simply and effectively conceal their code, helping it evade security mechanisms, and making it difficult to analyze.” Found this article interesting?

FunkSec Ransomware Decryptor Released Free to Public After Group Goes Dormant

Cybersecurity experts have released a decryptor for a ransomware strain called FunkSec, allowing victims to recover access to their files for free. “Because the ransomware is now considered dead, we released the decryptor for public download,” Gen Digital researcher Ladislav Zezula said . FunkSec , which emerged towards the end of 2024, has claimed 172 victims , according to data from Ransomware.live. The vast majority of targeted entities are located in the U.S., India, and Brazil, with technology, government, and education being the top three sectors attacked by the group.

An analysis of FunkSec by Check Point earlier this January found signs that the encryptor was developed with assistance from artificial intelligence (AI) tools. The group has not added any new victims to its data leak site since March 18, 2025, suggesting that the group may no longer be active. It’s also believed that the group consisted of inexperienced hackers seeking visibility and recognition by uploading leaked datasets associated with previous hacktivism campaigns. FunkSec was built using Rust, a fast and efficient programming language that’s now popular among newer ransomware groups.

Other families, like BlackCat and Agenda, also use Rust to help their attacks run quickly and avoid detection. FunkSec relies on the orion-rs library (version 0.17.7) for encryption, using the Chacha20 and Poly1305 algorithms to lock files during its routine. “This hash-based method ensures integrity of encryption parameters: the encryption key, n-once, block lengths, and encrypted data itself,” Zezula noted. “Files are encrypted per-blocks of 128 bytes, adding 48 bytes of extra metadata to each block, which means that encrypted files are about 37% bigger than the originals.” Gen Digital did not disclose how it was able to develop a decryptor and if it entailed the exploitation of a cryptographic weakness that makes it possible to reverse the encryption process.

The decryptor can be accessed via the No More Ransom project. Victims looking to recover their data should first confirm that encrypted files match FunkSec’s signature, typically identified by the .funksec extension or unique metadata padding. The No More Ransom portal provides basic usage steps, but administrators are advised to back up affected files before attempting decryption in case of partial recovery or file corruption. Found this article interesting?

Product Walkthrough: A Look Inside Pillar’s AI Security Platform

In this article, we will provide a brief overview of Pillar Security’s platform to better understand how they are tackling AI security challenges. Pillar Security is building a platform to cover the entire software development and deployment lifecycle with the goal of providing trust in AI systems. Using its holistic approach, the platform introduces new ways of detecting AI threats, beginning at pre-planning stages and going all the way through runtime. Along the way, users gain visibility into the security posture of their applications while enabling safe AI execution.

Pillar is uniquely suited to the challenges inherent in AI security. Co-founder and CEO Dor Sarig comes from a cyber-offensive background, having spent a decade leading security operations for governmental and enterprise organizations. In contrast, co-founder and CTO Ziv Karlinger spent over ten years developing defensive techniques, securing against financial cybercrime and securing supply chains. Together, their red team-blue team approach forms the foundation of Pillar Security and is instrumental in mitigating threats.

The Philosophy Behind the Approach Before diving into the platform, it’s important to understand the underlying approach taken by Pillar. Rather than developing a siloed system where each piece of the platform focuses on a single area, Pillar offers a holistic approach. Each component within the platform enriches the next, creating a closed feedback loop that enables security to adapt to each unique use case. The detections found in the posture management section of the platform are enriched by data detected in the discovery section.

Likewise, adaptive guardrails that are utilized during runtime are built on insights from threat modeling and red teaming. This dynamic feedback loop ensures that live defenses are optimized as new vulnerabilities are discovered. This approach creates a powerful, holistic and contextual-based defense against threats to AI systems - from build to runtime. AI Workbench: Threat Modeling Where AI Begins The Pillar Security platform begins at what they call the AI workbench.

Before any code is written, this secure playground for threat modeling allows security teams to experiment with AI use cases and proactively map potential threats. This stage is crucial to ensure that organizations align their AI systems with corporate policies and regulatory demands. Developers and security teams are guided through a structured threat modeling process, generating potential attack scenarios specific to the application use case. Risks are aligned with the application’s business context, and the process is aligned with established frameworks such as STRIDE, ISO, MITRE ATLAS, OWASP Top Ten for LLMs, and Pillar’s own SAIL framework .

The goal is to build security and trust into the design from day one. AI Discovery: Real-Time Visibility into AI Assets AI sprawl is a complex challenge for security and governance teams. They lack visibility into how and where AI is being used within their development and production environments. Pillar takes a unique approach to AI security that goes beyond the CI/CD pipeline and the traditional SDLC.

By integrating directly with code repositories, data platforms, AI/ML frameworks, IdPs and local environments, it can automatically find and catalog every AI asset within the organization. The platform displays a full inventory of AI apps, including models, tools, datasets, MCP servers, coding agents, meta prompts, and more. This visibility guides teams, helping form the foundation of the organizational security policy and enabling a clear understanding of the business use case, including what the application does and how the organization uses it. Figure 1: Pillar Security automatically discovers all AI assets across the organization and flags unmonitored components to prevent security blind spots.

AI-SPM: Mapping and Managing AI Risk After identifying all AI assets, Pillar is able to understand the security posture by analyzing each of the assets. During this stage, the platform’s AI Security Posture Management (AI-SPM) conducts a robust static and dynamic analysis of all AI assets and their interconnections. By analyzing the AI assets, Pillar creates visual representations of the identified Agentic systems, their components and their associated attack surfaces. Furthermore, it identifies supply chain, data poisoning and model/prompt/tool level risks.

These insights, which appear within the platform, enable teams to prioritize threats, as it show exactly how a threat actor may move through the system. Figure 2: Pillar’s Policy Center provides a centralized dashboard for monitoring enterprise-wide AI compliance posture AI Red Teaming: Simulating Attacks Before They Happen Rather than waiting until the application is fully built, Pillar promotes a trust-by-design approach, enabling AI teams to test as they build. The platform runs simulated attacks that are tailored to the AI system use case, by leveraging common techniques like prompt injections and jailbreaking to sophisticated attacks targeting business logic vulnerabilities. These Red Team activities help identify whether an AI agent can be manipulated into giving unauthorized refunds, leaking sensitive data, or executing unintended tool actions.

This process not only evaluates the model, but also the broader agentic application and its integration with external tools and APIs. Pillar also offers a unique capability through red teaming for tool use. The platform integrates threat modeling with dynamic tool activation, rigorously testing how chained tool and API calls might be weaponized in realistic attack scenarios. This advanced approach reveals vulnerabilities that traditional prompt-based testing methods are unable to detect.

For enterprises using third-party and embedded AI apps, such as copilots, or custom chatbots where they don’t have access to the underlying code, Pillar offers black-box, target-based red teaming. With just a URL and credentials, Pillar’s adversarial agents can stress-test any accessible AI application whether internal or external. These agents simulate real-world attacks to probe data boundaries and uncover exposure risks, enabling organizations to confidently assess and secure third-party AI systems without needing to integrate or customize them. Figure 3: Pillar’s tailored red teaming tests real-world attack scenarios against an AI application’s specific use case and business logic Guardrails: Runtime Policy Enforcement That Learns As AI applications move into production, real-time security controls become essential.

Pillar addresses this need with a system of adaptive guardrails that monitor inputs and outputs during runtime, designed to enforce security policies without interrupting application performance. Unlike static rule sets or traditional firewalls, these guardrails are model agnostic, application-centric and continuously evolve. According to Pillar, they draw on telemetry data, insights gathered during red teaming, and threat intelligence feeds to adapt in real time to emerging attack techniques. This allows the platform to adjust its enforcement based on each application’s business logic and behavior, and be highly precise with alerts.

During the walkthrough, we saw how guardrails can be finely tuned to prevent misuse, such as data exfiltration or unintended actions, while preserving the AI’s intended behavior. Organizations can enforce their AI policy and custom code-of-conduct rules across applications with confidence that security and functionality will coexist. Figure 4: Pillar’s adaptive guardrails monitor runtime activity to detect and flag malicious use and policy violations Sandbox: Containing Agentic Risk One of the most critical concerns is excessive agency. When agents can perform actions beyond their intended scopes, it can lead to unintended consequences.

Pillar addresses this during the Operate phase through secure sandboxing. AI agents, including advanced systems like coding agents and MCP servers, run inside tightly controlled environments. These isolated runtimes apply zero-trust principles to separate agents from critical infrastructure and sensitive data, while still enabling them to operate productively. Any unexpected or malicious behavior is contained without impacting the larger system.

Every action is captured and logged in detail, giving teams a granular forensic trail that can be analyzed after the fact. With this containment strategy, organizations can safely give AI agents the room they need to operate. AI Telemetry: Observability from Prompt to Action Security doesn’t stop once the application is live. Throughout the lifecycle, Pillar continuously collects telemetry data across the entire AI stack.

Prompts, agent actions, tool calls, and contextual metadata are all logged in real time. This telemetry powers deep investigations and compliance tracking. Security teams can trace incidents from symptom to root cause, understand anomalous behavior, and ensure AI systems are operating within policy boundaries. It’s not enough to know what happened.

It’s about understanding why something took place and how to prevent it from happening again. Due to the sensitivity of the telemetry data, Pillar can be deployed on the customer cloud for full data control. Final Thoughts Pillar stands apart through a combination of technical depth, real-world insight, and enterprise-grade flexibility. Founded by leaders in both offensive and defensive cybersecurity, the team has a proven track record of pioneering research that has uncovered critical vulnerabilities and produced detailed real-world attack reports.

This expertise is embedded into the platform at every level. Pillar also takes a holistic approach to AI security that extends beyond the CI/CD pipeline. By integrating security into the planning and coding phases and connecting directly to code repositories, data platforms and local environments, Pillar gains early and deep visibility into the systems being built. This context enables more precise risk analysis and highly targeted red team testing as development progresses.

The platform is powered by the industry’s largest AI threat intelligence feed, enriched by over 10 million real-world interactions. This threat data fuels automated testing, risk modeling, and adaptive defenses that evolve with the threat landscape. Finally, Pillar is built for flexible deployment. It can run on premises, in hybrid environments, or fully in the cloud, giving customers full control over sensitive data, prompts, and proprietary models.

This is a critical advantage for regulated industries where data residency and security are paramount. Together, these capabilities make Pillar a powerful and practical foundation for secure AI adoption at scale, helping innovative organizations manage AI-specific risks and gain trust in their AI systems. Found this article interesting? This article is a contributed piece from one of our valued partners.

Master SaaS AI Risk: Your Complete Governance Playbook

Apple Patches Safari Vulnerability Also Exploited as Zero-Day in Google Chrome

Apple on Tuesday released security updates for its entire software portfolio, including a fix for a vulnerability that Google said was exploited as a zero-day in the Chrome web browser earlier this month. The vulnerability, tracked as CVE-2025-6558 (CVSS score: 8.8), is an incorrect validation of untrusted input in the browser’s ANGLE and GPU components that could result in a sandbox escape via a crafted HTML page. While there are no details on how the issue has been weaponized by threat actors, Google acknowledged that an “exploit for CVE-2025-6558 exists in the wild.” Clément Lecigne and Vlad Stolyarov of Google’s Threat Analysis Group (TAG) have been credited with discovering and reporting the shortcoming. The iPhone maker, in its latest round of software updates, also included patches for CVE-2025-6558, stating the vulnerability impacts the WebKit browser engine that powers its Safari browser.

“This is a vulnerability in open-source code and Apple Software is among the affected projects,” the company said in an advisory, adding it could be exploited to result in an unexpected crash of Safari when processing maliciously crafted web content. The bug has been addressed in the following versions - iOS 18.6 and iPadOS 18.6

iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later iPadOS 17.7.9
iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation macOS Sequoia 15.6
Macs running macOS Sequoia tvOS 18.6
Apple TV HD and Apple TV 4K (all models) watchOS 11.6
Apple Watch Series 6 and later visionOS 2.6
Apple Vision Pro While there is no evidence that the vulnerability has been used to target Apple device users, it’s always a good practice to update to the latest versions of the software for optimal protection. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Designing Identity for Trust at Scale—With Privacy, AI, and Seamless Logins in Mind

JavaScript must be enabled in order to register for webinar. Yes, I’d like to register for the webinar and agree to the handling of my information as explained in thePrivacy Policy. In a world reshaped by AI, customer trust is your competitive edge.Join us as we unpack key findings from theAuth0 2025 Customer Identity Trends Report, revealing how digital-first organizations can adapt to rising customer expectations around security, privacy, and transparency.This webinar will dive into:How users are responding to AI-powered experiences—and where they’re drawing the lineThe shifting landscape of identity-based threats and what you must do to stay aheadStrategies to deliver seamless, secure logins without sacrificing user trustReal-world insights on using AIresponsiblyin CIAM while keeping the human touchWhether you’re shaping customer journeys or safeguarding digital identities, this session equips you with forward-looking insights and practical steps to thrive in the new era of customer identity.Reserve your spot and stay ahead of the curve. In a world reshaped by AI, customer trust is your competitive edge.

Join us as we unpack key findings from theAuth0 2025 Customer Identity Trends Report, revealing how digital-first organizations can adapt to rising customer expectations around security, privacy, and transparency. Whether you’re shaping customer journeys or safeguarding digital identities, this session equips you with forward-looking insights and practical steps to thrive in the new era of customer identity. Reserve your spot and stay ahead of the curve. By clicking “Register Now,” you agree to permit The Hacker News and its partners to process your contact details, which may include The Hacker News reaching out to you and sharing your contact information with its webinar partners.

Critical Dahua Camera Flaws Enable Remote Hijack via ONVIF and File Upload Exploits

Cybersecurity researchers have disclosed now-patched critical security flaws in the firmware of Dahua smart cameras that, if left unaddressed, could allow attackers to hijack control of susceptible devices. “The flaws, affecting the device’s ONVIF protocol and file upload handlers, allow unauthenticated attackers to execute arbitrary commands remotely, effectively taking over the device,” Bitdefender said in a report shared with The Hacker News. The vulnerabilities, tracked as CVE-2025-31700 and CVE-2025-31701 (CVSS scores: 8.1), affect the following devices running versions with built timestamps before April 16, 2025 - IPC-1XXX Series IPC-2XXX Series IPC-WX Series IPC-ECXX Series SD3A Series SD2A Series SD3D Series SDT2A Series SD2C Series It’s worth noting that users can view the build time by logging in to the web interface of the device and then navigating to Settings -> System Information -> Version . Both shortcomings are classified as buffer overflow vulnerabilities that could be exploited by sending specially crafted malicious packets, resulting in denial-of-service or remote code execution (RCE).

Specifically, CVE-2025-31700 has been described as a stack-based buffer overflow in the Open Network Video Interface Forum (ONVIF) request handler, while CVE-2025-31701 concerns an overflow bug in the RPC file upload handler. “Some devices may have deployed protection mechanisms such as Address Space Layout Randomization (ASLR), which reduces the likelihood of successful RCE exploitation,” Dahua said in an alert released last week. “However, denial-of-service (DoS) attacks remain a concern.” Given that these models are used for video surveillance in retail, casinos, warehouses, and residential settings, the flaws can have significant consequences as they are unauthenticated and exploitable over the local network. “Devices exposed to the internet through port forwarding or UPnP are especially at risk,” the Romanian cybersecurity company said.

“Successful exploitation provides root-level access to the camera with no user interaction. Because the exploit path bypasses firmware integrity checks, attackers can load unsigned payloads or persist via custom daemons, making cleanup difficult.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Chinese Firms Linked to Silk Typhoon Filed 15+ Patents for Cyber Espionage Tools

Chinese companies linked to the state-sponsored hacking group known as Silk Typhoon (aka Hafnium) have been identified as behind over a dozen technology patents, shedding light on the shadowy cyber contracting ecosystem and its offensive capabilities. The patents cover forensics and intrusion tools that enable encrypted endpoint data collection, Apple device forensics, and remote access to routers and smart home devices, SentinelOne said in a new report shared with The Hacker News. “This new insight into the Hafnium-affiliated firms’ capabilities highlights an important deficiency in the threat actor attribution space: threat actor tracking typically links campaigns and clusters of activity to a named actor,” Dakota Cary, China-focused strategic advisor for SentinelLabs, said . “Our research demonstrates the strength in identifying not only the individuals behind attacks, but the companies they work for, the capabilities those companies have, and how those capabilities fortify the initiatives of the state entities who contract with these firms.” The findings build upon the U.S.

Department of Justice’s (DoJ) July 2025 indictment of Xu Zewei and Zhang Yu, who, working on behalf of China’s Ministry of State Security (MSS), are accused of orchestrating the widespread exploitation campaign in 2021 aimed at Microsoft Exchange Server using then-zero-days dubbed ProxyLogon. Court documents alleged that Zewei worked for a company named Shanghai Powerock Network Co. Ltd., while Yu was employed at Shanghai Firetech Information Science and Technology Company, Ltd. Both individuals are said to have operated under the discretion of the Shanghai State Security Bureau (SSSB).

Interestingly, Natto Thoughts reported that Powerock deregistered its business on April 7, 2021, a little over a month after Microsoft pointed fingers at China for the zero-day exploitation activity. Zewei would then go on to join Chaitin Tech, another prominent cybersecurity firm, only to change jobs again and begin working as an IT manager at Shanghai GTA Semiconductor Ltd. It’s worth mentioning here at this stage that Yin Kecheng, a hacker tied to Silk Typhoon, is said to have been employed at a third Chinese firm named Shanghai Heiying Information Technology Company, Limited, which was established by Zhou Shuai, a Chinese patriotic hacker and purported data broker. “Shanghai Firetech worked on specific tasking handed down from MSS officers,” Cary explained.

“Shanghai Firetech and co-conspirators earned an on-going, trusting relationship with the MSS’s premier regional office, the SSSB.” “This ‘directed’ nature of the relationship between the SSSB and these two companies contours the tiered system of offensive hacking outfits in China.” Further investigation into the web of connections between the individuals and their companies has uncovered patents filed by Shanghai Firetech and Shanghai Siling Commerce Consulting Center, a firm jointly founded by Yu and Yin Wenji, CEO of Shanghai Firetech to collect “evidence” from Apple devices, routers, and defensive equipment. There is also evidence to suggest that Shanghai Firetech is also engaged in developing solutions that could enable close access operations against individuals of interest. “The variety of tools under the control of Shanghai Firetech exceeds those attributed to Hafnium and Silk Typhoon publicly,” Cary said. “The capabilities may have been sold to other regional MSS offices, and thus not attributed to Hafnium, despite being owned by the same corporate structure.” Found this article interesting?

Google Launches DBSC Open Beta in Chrome and Enhances Patch Transparency via Project Zero

Google has announced that it’s making a security feature called Device Bound Session Credentials (DBSC) in open beta to ensure that users are safeguarded against session cookie theft attacks. DBSC, first introduced as a prototype in April 2024, is designed to bind authentication sessions to a device so as to prevent threat actors from using stolen cookies to sign-in to victims’ accounts and gain unauthorized access from a separate device under their control. “Available in the Chrome browser on Windows, DBSC strengthens security after you are logged in and helps bind a session cookie – small files used by websites to remember user information – to the device a user authenticated from,” Andy Wen, senior director of product management at Google Workspace, said . DBSC is not only meant to secure user accounts post-authentication.

It makes it a lot more difficult for bad actors to reuse session cookies and improves session integrity. The company also noted that passkey support is now generally available to more than 11 million Google Workspace customers, along with expanded admin controls to audit enrollment and restrict passkeys to physical security keys. Lastly, Google intends to roll out a shared signals framework ( SSF ) receiver in closed beta for select customers in order to enable the exchange of crucial security signals in near real-time using the OpenID standard. “This framework acts as a robust system for ‘transmitters’ to promptly inform ‘receivers’ about significant events, facilitating a coordinated response to security threats,” Wen said.

“Beyond threat detection and response, signal sharing also allows for the general sharing of different properties, such as device or user information, further enhancing the overall security posture and collaborative defense mechanisms.” Google Project Zero Unveils Reporting Transparency The development comes as Google Project Zero, a security team within the company that’s tasked with hunting zero-day vulnerabilities, announced a new trial policy called Reporting Transparency to address what has been described as an upstream patch gap. While patch gap typically refers to the time period between when a fix is released for a vulnerability and a user installs the appropriate update, upstream patch gap denotes the timespan where an upstream vendor has a fix available but downstream customers are yet to integrate the patch and ship it to end users. To close this upstream patch app, Google said it’s adding a new step where it intends to publicly share the discovery of a vulnerability within a week of reporting it to the relevant vendor. This information is expected to include the vendor or open-source project that received the report, the affected product, the date the report was filed, and when the 90-day disclosure deadline expires.

The current list includes two Microsoft Windows bugs, one flaw in Dolby Unified Decoder, and three issues in Google BigWave. “The primary goal of this trial is to shrink the upstream patch gap by increasing transparency,” Project Zero’s Tim Willis said . “By providing an early signal that a vulnerability has been reported upstream, we can better inform downstream dependents. For our small set of issues, they will have an additional source of information to monitor for issues that may affect their users.” Google further said it plans to apply this principle to Big Sleep , an artificial intelligence (AI) agent that was launched last year as part of a collaboration between DeepMind and Google Project Zero to augment vulnerability discovery.

The search behemoth also stressed that no technical details, proof-of-concept code, or any other information that could “materially assist” bad actors will be released until the deadline. With the latest approach, Google Project Zero said it hopes to move the needle on releasing patches to the devices, systems, and services relied on by end users in a timely fashion and bolster the overall security ecosystem. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Hackers Exploit SAP Vulnerability to Breach Linux Systems and Deploy Auto-Color Malware

Threat actors have been observed exploiting a now-patched critical SAP NetWeaver flaw to deliver the Auto-Color backdoor in an attack targeting a U.S.-based chemicals company in April 2025. “Over the course of three days, a threat actor gained access to the customer’s network, attempted to download several suspicious files and communicated with malicious infrastructure linked to Auto-Color malware,” Darktrace said in a report shared with The Hacker News. The vulnerability in question is CVE-2025-31324 , a severe unauthenticated file upload bug in SAP NetWeaver that enables remote code execution (RCE). It was patched by SAP in April.

Auto-Color, first documented by Palo Alto Networks Unit 42 earlier this February, functions akin to a remote access trojan, enabling remote access to compromised Linux hosts. It was observed in attacks targeting universities and government organizations in North America and Asia between November and December 2024. The malware has been found to hide its malicious behavior should it fail to connect to its command-and-control (C2) server, a sign that the threat actors are looking to evade detection by giving the impression that it’s benign. It supports various features, including reverse shell, file creation and execution, system proxy configuration, global payload manipulation, system profiling, and even self-removal when a kill switch is triggered.

The incident detected by Darktrace took place on April 28, when it was alerted to the download of a suspicious ELF binary on an internet-exposed machine likely running SAP NetWeaver. That said, initial signs of scanning activity are said to have occurred at least three days prior. “CVE-2025-31324 was leveraged in this instance to launch a second-stage attack, involving the compromise of the internet-facing device and the download of an ELF file representing the Auto-Color malware,” the company said. “From initial intrusion to the failed establishment of C2 communication, the Auto-Color malware showed a clear understanding of Linux internals and demonstrated calculated restraint designed to minimize exposure and reduce the risk of detection.” Found this article interesting?

Scattered Spider Hacker Arrests Halt Attacks, But Copycat Threats Sustain Security Pressure

Google Cloud’s Mandiant Consulting has revealed that it has witnessed a drop in activity from the notorious Scattered Spider group, but emphasized the need for organizations to take advantage of the lull to shore up their defenses. “Since the recent arrests tied to the alleged Scattered Spider (UNC3944) members in the U.K., Mandiant Consulting hasn’t observed any new intrusions directly attributable to this specific threat actor,” Charles Carmakal, CTO of Mandiant Consulting at Google Cloud, told The Hacker News in a statement. “This presents a critical window of opportunity that organizations must capitalize on to thoroughly study the tactics UNC3944 wielded so effectively, assess their systems, and reinforce their security posture accordingly.” Carmakal also warned businesses not to “let their guard down entirely,” as other threat actors like UNC6040 are employing similar social engineering tactics as Scattered Spider to breach target networks. “While one group may be temporarily dormant, others won’t relent,” Carmakal added.

The development comes as the tech giant detailed the financially motivated hacking group’s aggressive targeting of VMware ESXi hypervisors in attacks targeting retail, airline, and transportation sectors in North America. The U.S. government, alongside Canada and Australia, has also released an updated advisory outlining Scattered Spider’s updated tradecraft obtained as part of investigations conducted by the Federal Bureau of Investigation (FBI) as recently as this month. “Scattered Spider threat actors have been known to use various ransomware variants in data extortion attacks, most recently including DragonForce ransomware,” the agencies said .

“These actors frequently use social engineering techniques such as phishing, push bombing, and subscriber identity module swap attacks to obtain credentials, install remote access tools, and bypass multi-factor authentication. Scattered Spider threat actors consistently use proxy networks [T1090] and rotate machine names to further hamper detection and response.” The group has also been observed posing as employees to persuade IT and/or help desk staff to provide sensitive information, reset the employee’s password, and transfer the employee’s multi-factor authentication (MFA) to a device under their control. This marks a shift from the threat actors impersonating help desk personnel in phone calls or SMS messages to obtain employee credentials or instruct them to run commercial remote access tools enabling initial access. In other instances, the hackers have acquired employee or contractor credentials on illicit marketplaces such as Russia Market.

Furthermore, the governments called out Scattered Spider’s use of readily available malware tools like Ave Maria (aka Warzone RAT), Raccoon Stealer, Vidar Stealer, and Ratty RAT to facilitate remote access and gather sensitive information, as well as cloud storage service Mega for data exfiltration. “In many instances, Scattered Spider threat actors search for a targeted organization’s Snowflake access to exfiltrate large volumes of data in a short time, often running thousands of queries immediately,” per the advisory. “According to trusted third-parties, where more recent incidents are concerned, Scattered Spider threat actors may have deployed DragonForce ransomware onto targeted organizations’ networks – thereby encrypting VMware Elastic Sky X integrated (ESXi) servers.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Wiz Uncovers Critical Access Bypass Flaw in AI-Powered Vibe Coding Platform Base44

Cybersecurity researchers have disclosed a now-patched critical security flaw in a popular vibe coding platform called Base44 that could allow unauthorized access to private applications built by its users. “The vulnerability we discovered was remarkably simple to exploit – by providing only a non-secret ‘app_id’ value to undocumented registration and email verification endpoints, an attacker could have created a verified account for private applications on their platform,” cloud security firm Wiz said in a report shared with The Hacker News. A net result of this issue is that it bypasses all authentication controls, including Single Sign-On (SSO) protections, granting full access to all the private applications and data contained within them. Following responsible disclosure on July 9, 2025, an official fix was rolled out by Wix, which owns Base44, within 24 hours.

There is no evidence that the issue was ever maliciously exploited in the wild. While vibe coding is an artificial intelligence (AI)-powered approach designed to generate code for applications by simply providing as input a text prompt, the latest findings highlight an emerging attack surface, thanks to the popularity of AI tools in enterprise environments, that may not be adequately addressed by traditional security paradigms. The shortcoming unearthed by Wiz in Base44 concerns a misconfiguration that left two authentication-related endpoints exposed without any restrictions, thereby permitting anyone to register for private applications using only an “app_id” value as input - api/apps/{app_id}/auth/register, which is used to register a new user by providing an email address and password api/apps/{app_id}/auth/verify-otp, which is used to verify the user by providing a one-time password (OTP) As it turns out, the “app_id” value is not a secret and is visible in the app’s URL and in its manifest.json file path. This also meant that it’s possible to use a target application’s “app_id” to not only register a new account but also verify the email address using OTP, thereby gaining access to an application that they didn’t own in the first place.

“After confirming our email address, we could just login via the SSO within the application page, and successfully bypass the authentication,” security researcher Gal Nagli said. “This vulnerability meant that private applications hosted on Base44 could be accessed without authorization.” The development comes as security researchers have shown that state-of-the-art large language models (LLMs) and generative AI (GenAI) tools can be jailbroken or subjected to prompt injection attacks and make them behave in unintended ways, breaking free of their ethical or safety guardrails to produce malicious responses, synthetic content, or hallucinations, and, in some cases, even abandon correct answers when presented with false counterarguments, posing risks to multi-turn AI systems. Some of the attacks that have been documented in recent weeks include - A “toxic” combination of improper validation of context files, prompt injection, and misleading user experience (UX) in Gemini CLI that could lead to silent execution of malicious commands when inspecting untrusted code. Using a special crafted email hosted in Gmail to trigger code execution through Claude Desktop by tricking Claude to rewrite the message such that it can bypass restrictions imposed on it.

Jailbreaking xAI’s Grok 4 model using Echo Chamber and Crescendo to circumvent the model’s safety systems and elicit harmful responses without providing any explicit malicious input. The LLM has also been found leaking restricted data and abiding hostile instructions in over 99% of prompt injection attempts absent any hardened system prompt. Coercing OpenAI ChatGPT into disclosing valid Windows product keys via a guessing game Exploiting Google Gemini for Workspace to generate an email summary that looks legitimate but includes malicious instructions or warnings that direct users to phishing sites by embedding a hidden directive in the message body using HTML and CSS trickery. Bypassing Meta’s Llama Firewall to defeat prompt injection safeguards using prompts that used languages other than English or simple obfuscation techniques like leetspeak and invisible Unicode characters.

Deceiving browser agents into revealing sensitive information such as credentials via prompt injections attacks. “The AI development landscape is evolving at unprecedented speed,” Nagli said. “Building security into the foundation of these platforms, not as an afterthought – is essential for realizing their transformative potential while protecting enterprise data.” The disclosure comes as Invariant Labs, the research division of Snyk, detailed toxic flow analysis (TFA) as a way to harden agentic systems against Model Control Protocol ( MCP ) exploits like rug pulls and tool poisoning attacks . “Instead of focusing on just prompt-level security, toxic flow analysis pre-emptively predicts the risk of attacks in an AI system by constructing potential attack scenarios leveraging deep understanding of an AI system’s capabilities and potential for misconfiguration,” the company said .

Furthermore, the MCP ecosystem has introduced traditional security risks, with as many as 1,862 MCP servers exposed to the internet sans any authentication or access controls, putting them at risk of data theft, command execution, and abuse of the victim’s resources, racking up cloud bills. “Attackers may find and extract OAuth tokens, API keys, and database credentials stored on the server, granting them access to all the other services the AI is connected to,” Knostic said . Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

PyPI Warns of Ongoing Phishing Campaign Using Fake Verification Emails and Lookalike Domain

The maintainers of the Python Package Index (PyPI) repository have issued a warning about an ongoing phishing attack that’s targeting users in an attempt to redirect them to fake PyPI sites. The attack involves sending email messages bearing the subject line “[PyPI] Email verification” that are sent from the email address noreply@pypj[.]org (note that the domain is not “ pypi[.]org “). “This is not a security breach of PyPI itself, but rather a phishing attempt that exploits the trust users have in PyPI,” Mike Fiedler, PyPI Admin, said in a post Monday. The email messages instruct users to follow a link to verify their email address, which leads to a replica phishing site that impersonates PyPI and is designed to harvest their credentials.

But in a clever twist, once the login information is entered on the bogus site, the request is routed to the legitimate PyPI site, effectively fooling the victims into thinking that nothing is amiss when, in reality, their credentials have been passed on to the attackers. This method is harder to detect because there are no error messages or failed logins to trigger suspicion. PyPI said it’s looking at different methods to handle the attack. In the meanwhile, it’s urging users to inspect the URL in the browser before signing in and refrain from clicking on the link if they have already received such emails.

If you’re unsure whether an email is legitimate, a quick check of the domain name—letter by letter—can help. Tools like browser extensions that highlight verified URLs or password managers that auto-fill only on known domains can add a second layer of defense. These kinds of attacks don’t just trick individuals; they aim to gain access to accounts that may publish or manage widely used packages. “If you have already clicked on the link and provided your credentials, we recommend changing your password on PyPI immediately,” Fiedler said.

“Inspect your account’s Security History for anything unexpected.” It’s currently not clear who is behind the campaign, but the activity bears striking similarities to a recent npm phishing attack that employed a typosquatted domain “npnjs[.]com” (as opposed to “npmjs[.]com”) to send similar email verification emails to capture users’ credentials. The attack ended up compromising seven different npm packages to deliver a malware called Scavenger Stealer to gather sensitive data from web browsers. In one case, the attacks paved the way for a JavaScript payload that captured system information and environment variables, and exfiltrated the details over a WebSocket connection. Similar attacks have been seen across npm, GitHub, and other ecosystems where trust and automation play a central role.

Typosquatting, impersonation, and reverse proxy phishing are all tactics in this growing category of social engineering that exploits how developers interact with tools they rely on daily. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Chaos RaaS Emerges After BlackSuit Takedown, Demanding $300K from U.S. Victims

A newly emerged ransomware-as-a-service (RaaS) gang called Chaos is likely made up of former members of the BlackSuit crew , as the latter’s dark web infrastructure has been the subject of a law enforcement seizure. Chaos, which sprang forth in February 2025, is the latest entrant in the ransomware landscape to conduct big-game hunting and double extortion attacks. “Chaos RaaS actors initiated low-effort spam flooding, escalating to voice-based social engineering for access, followed by RMM tool abuse for persistent connection and legitimate file-sharing software for data exfiltration,” Cisco Talos researchers Anna Bennett, James Nutland, and Chetan Raghuprasad said . “The ransomware utilizes multi-threaded rapid selective encryption, anti-analysis techniques, and targets both local and network resources, maximizing impact while hindering detection and recovery.” It’s important to note here that the ransomware group is unrelated to the Chaos ransomware builder variants such as Yashma and Lucky_Gh0$t , indicating that the threat actors are using the same name to sow confusion.

A majority of the victims are located in the United States, based on data from Ransomware.live. Compatible with Windows, ESXi, Linux, and NAS systems, Chaos has been observed seeking ransoms of $300,000 from victims in exchange for a decryptor and a “detailed penetration overview with main kill chain and security recommendations.” The attacks involve a combination of phishing and voice phishing techniques to obtain initial access by tricking victims into installing remote desktop software, particularly Microsoft Quick Assist . The threat actors subsequently carry out post-compromise discovery and reconnaissance, followed by installing other RMM tools such as AnyDesk, ScreenConnect, OptiTune, Syncro RMM, and Splashtop to establish persistent remote access to the network. Also undertaken are steps to harvest credentials, delete PowerShell event logs, and delete security tools installed on the machine to undermine detection.

The attacks culminate with the deployment of the ransomware, but not before lateral movement and data exfiltration using GoodSync. The ransomware binary supports multithreading to facilitate rapid encryption of both local and network resources, all while blocking recovery efforts and implementing multi-layered anti-analysis techniques to evade debugging tools, virtual machine environments, automated sandboxes, and other security platforms. The links to BlackSuit stem from similarities in the tradecraft employed, including in the encryption commands, the theme and structure of the ransom note, and the RMM tools used. It’s worth noting that BlackSuit is a rebrand of the Royal ransomware group, which, in itself, was an offshoot of Conti, highlighting the shape-shifting nature of the threat.

The development comes around the same time BlackSuit’s dark web sites were seized as part of a joint law enforcement effort called Operation Checkmate. Visitors are greeted by a splash screen that states, “This site has been seized by U.S. Homeland Security Investigations as part of a coordinated international law enforcement investigation.” There has been no official statement from authorities on the takedown. Romanian cybersecurity company Bitdefender, which offered expert assistance to law enforcement, said BlackSuit has claimed over 185 victims since it surfaced in the summer of 2023, describing it as a private ransomware group without relying on affiliates to carry out the attacks.

“The disruption of BlackSuit’s infrastructure marks another important milestone in the fight against organized cybercrime,” a representative of the Draco Team, Bitdefender’s cybercrime unit who participated in the takedown, told The Hacker News. “We commend our law enforcement partners for their coordination and determination. Operations like this reinforce the critical role of public-private partnerships in tracking, exposing, and ultimately dismantling ransomware groups that operate in the shadows. When global expertise is aligned, cybercriminals have fewer places to hide.” In a related move, the U.S.

Federal Bureau of Investigation (FBI) and the Department of Justice (DoJ) publicly announced the seizure of 20.2891382 BTC (now valued at over $2.4 million) from a cryptocurrency wallet address associated with a member of the Chaos ransomware group known as Hors. Chaos is the latest entrant to the ransomware landscape, which has also witnessed the arrival of other new strains like Backups , Bert , BlackFL , BQTLOCK , Dark 101 , Gunra, Jackalock , Moscovium , RedFox , and Sinobi . Assessed to be based on the infamous Conti ransomware, Gunra has claimed 13 victims since late April 2025. “Gunra ransomware employs advanced evasion and anti-analysis techniques used to infect Windows Operating systems while minimizing the risk of detection,” CYFIRMA said .

“Its evasion capabilities include obfuscation of malicious activity, avoidance of rule-based detection systems, strong encryption methods, ransom demands, and warnings to publish data on underground forums.” Gunra has since expanded its tentacles to strike Linux systems as well, per Trend Micro, signaling the group’s cross-platform ambitions. Like Chaos, the Linux variant makes use of multithreading (capped off at 100 threads) and partial encryption to make the encryption process faster and more flexible. “Unlike the Windows version, it skips dropping a ransom note altogether and instead focuses purely on quick and configurable file encryption, including the option to keep RSA-encrypted keys in separate keystore files,” security researchers Jeffrey Francis Bonaobra, Melvin Singwa, and Emmanuel Panopio said . Other recent ransomware attacks include the use of DLL side-loading to drop NailaoLocker and ClickFix-like lures to trick users into downloading malicious HTML Application (HTA) files under the pretext of completing a CAPTCHA verification check and spreading Epsilon Red ransomware .

“Epsilon Red ransomware, first identified in 2021, leaves a ransom note on infected computers that bears a resemblance to the REvil ransomware note, albeit with minor grammatical improvements,” CloudSEK said . According to NCC Group, ransomware attacks in the second quarter of 2025 dropped 43% to 1,180, a decline from 2,074 in Q1 2025. Qilin has become the most active ransomware group during the time period, leading with 151 attacks, followed by Akira at 131, Play at 115, SafePay at 108, and Lynx at 46. In all, a total of 86 new and existing active attack groups are estimated to be active in 2025.

“The volume of victims being exposed on ransomware leak sites might be declining but this doesn’t mean threats are reduced,” Matt Hull, Global Head of Threat Intelligence at NCC Group, said . “Law enforcement crackdowns and leaked ransomware source code is possibly a contributing factor as to a drop in activity, but ransomware groups are using this opportunity to evolve through rebranding and the use of advanced social engineering tactics.” (The story was updated after publication to include additional insights from Bitdefender and Trend Micro.) Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.