2025-09-16 AI创业新闻

Mustang Panda Deploys SnakeDisk USB Worm to Deliver Yokai Backdoor on Thailand IPs

The China-aligned threat actor known as Mustang Panda has been observed using an updated version of a backdoor called TONESHELL and a previously undocumented USB worm called SnakeDisk. “The worm only executes on devices with Thailand-based IP addresses and drops the Yokai backdoor,” IBM X-Force researchers Golo Mühr and Joshua Chung said in an analysis published last week. The tech giant’s cybersecurity division is tracking the cluster under the name Hive0154, which is also broadly referred to as BASIN, Bronze President, Camaro Dragon, Earth Preta, HoneyMyte, Polaris, RedDelta, Stately Taurus, and Twill Typhoon. The state-sponsored threat actor is believed to have been active since at least 2012.

TONESHELL was first publicly documented by Trend Micro way back in November 2022 as part of cyber attacks targeting Myanmar, Australia, the Philippines, Japan, and Taiwan between May and October. Typically executed via DLL side-loading, its primary responsibility is to download next-stage payloads on the infected host. Typical attack chains involve the use of spear-phishing emails to drop malware families like PUBLOAD or TONESHELL. PUBLOAD, which also functions similarly to TONESHELL, is also capable of downloading shellcode payloads via HTTP POST requests from a command-and-control (C2) server.

The newly identified TONESHELL variants, named TONESHELL8 and TONESHELL9 by IBM X-Force, support C2 communication through locally configured proxy servers to blend in with enterprise network traffic and facilitate two active reverse shells in parallel. It also incorporates junk code copied from OpenAI’s ChatGPT website within the malware’s functions to evade static detection and resist analysis. Also launched using DLL side-loading is a new USB worm called SnakeDisk that shares overlaps with TONEDISK (aka WispRider ), another USB worm framework under the TONESHELL family. It’s mainly used to detect new and existing USB devices connected to the host, using it as a means of propagation.

Specifically, it moves the existing files on the USB into a new sub-directory, effectively tricking the victim to click on the malicious payload on a new machine by setting its name to the volume name of the USB device, or “USB.exe.” Once the malware is launched, the files are copied back to their original location. A notable aspect of the malware is that it’s geofenced to execute only on public IP addresses geolocated to Thailand. SnakeDisk also serves as a conduit to drop Yokai, a backdoor that sets up a reverse shell to execute arbitrary commands. It was previously detailed by Netskope in December 2024 in intrusions targeting Thai officials.

“Yokai shows overlaps with other backdoor families attributed to Hive0154, such as PUBLOAD/PUBSHELL and TONESHELL,” IBM said. “Although those families are clearly separate pieces of malware, they roughly follow the same structure and use similar techniques to establish a reverse shell with their C2 server.” The use of SnakeDisk and Yokai likely points to a sub-group within Mustang Panda that’s hyper-focused on Thailand, while also underscoring the continued evolution and refinement of the threat actor’s arsenal. “Hive0154 remains a highly capable threat actor with multiple active subclusters and frequent development cycles,” the company concluded. “This group appears to maintain a considerably large malware ecosystem with frequent overlaps in both malicious code, techniques used during attacks, as well as targeting.” Found this article interesting?

Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

6 Browser-Based Attacks Security Teams Need to Prepare For Right Now

Attacks that target users in their web browsers have seen an unprecedented rise in recent years. In this article, we’ll explore what a “browser-based attack” is, and why they’re proving to be so effective. What is a browser-based attack? First, it’s important to establish what a browser-based attack is.

In most scenarios, attackers don’t think of themselves as attacking your web browser. Their end-goal is to compromise your business apps and data. That means going after the third-party services that are now the backbone of business IT. The most common attack path today sees attackers log into third-party services, dump the data, and monetize it through extortion.

You need only look at last year’s Snowflake customer breaches or the still-ongoing Salesforce attacks to see the impact. The most logical way to do this is by targeting users of those apps. And because of the changes to working practices, your users are more accessible than ever to external attackers — and exposed to a broader range of possible attack techniques. Browser-based attacks like AITM phishing, ClickFix, and consent phishing have seen an unprecedented rise in recent years.

Once upon a time, email was the primary communication channel with the wider world, and work happened locally — on your device, and inside your locked-down network environment. This made email and the endpoint the highest priority from a security perspective. But now, with modern work happening across a network of decentralized internet apps, and more varied communication channels outside of email, it’s harder to stop users from interacting with malicious content (at least, without significantly impeding their ability to do their jobs). Given that the browser is the place where business apps are accessed and used, it makes sense that attacks are increasingly playing out there too.

The 6 key browser-based attacks that security teams need to know about

1. Phishing for credentials and sessions The most direct way for an attacker to compromise a business application is to phish a user of that app. You might not necessarily think of phishing as a browser-based attack, but that’s exactly what it is today. Phishing tooling and infrastructure have evolved a lot in the past decade, while the changes to business IT mean there are both many more vectors for phishing attack delivery, and apps and identities to target.

Attackers can deliver links over instant messenger apps, social media, SMS, malicious ads, and use in-app messenger functionality, as well as send emails directly from SaaS services to bypass email-based checks. Likewise, there are now hundreds of apps per enterprise to target, with varying levels of account security configuration. Phishing is now multi- and cross-channel, targeting a vast range of cloud and SaaS apps using flexible AitM toolkits — but all roads inevitably lead to the browser. Today, phishing operates on an industrial scale, using an array of obfuscation and detection evasion techniques.

The latest generation of fully customized MFA-bypassing phishing kits are dynamically obfuscating the code that loads the web page, implementing custom bot protection (e.g. CAPTCHA or Cloudflare Turnstile), using runtime anti-analysis features, and using legitimate SaaS and cloud services to host and deliver phishing links to cover their tracks. You can read more about the ways that modern phishing attacks are bypassing detection controls here . These changes make phishing more effective than ever, and increasingly difficult to detect and block using email and network-based anti-phishing tools.

1. Malicious copy & paste (aka. ClickFix, FileFix, etc.) One of the biggest security trends in the past year has been the emergence of the attack technique known as ClickFix . Originally known as “Fake CAPTCHA”, these attacks attempt to trick users into running malicious commands on their device — typically by solving some form of verification challenge in the browser.

In reality, by solving the challenge, the victim is actually copying malicious code from the page clipboard and running it on their device. It typically gives the victim instructions that involve clicking prompts and copying, pasting, and running commands directly in the Windows Run dialog box, Terminal, or PowerShell. Variants such as FileFix have also emerged, which instead uses the File Explorer Address Bar to execute OS commands, while recent examples have seen this attack branch out to Mac via the macOS terminal. Most commonly, these attacks are used to deliver infostealer malware, using stolen session cookies and credentials to access business apps and services.

Like modern credential and session phishing, links to malicious pages are distributed over various delivery channels and using a variety of lures, including impersonating CAPTCHA, Cloudflare Turnstile, simulating an error loading a webpage, and many more. Many of the same protections being used to obfuscate and prevent analysis of phishing pages also apply to ClickFix pages, making it equally challenging to detect and block them. Examples of ClickFix lures used by attackers in the wild. 3.

Malicious OAuth integrations Malicious OAuth integrations are another way for attackers to compromise an app by tricking a user into authorizing an integration with a malicious, attacker-controlled app. This is also known as consent phishing . Consent phishing examples, where an attacker tricks the victim into authorizing an attacker-controlled app with risky permissions. This is an effective way for attackers to bypass hardened authentication and access controls by sidestepping the typical login process to take over an account.

This includes phishing-resistant MFA methods like passkeys, since the standard login process does not apply. A variant of this attack has dominated the headlines recently with the ongoing Salesforce breaches. In this scenario, the attacker tricked the victim into authorizing an attacker-controlled OAuth app via the device code authorization flow in Salesforce, which requires the user to enter an 8-digit code in place of a password or MFA factor. The ongoing Salesforce attacks involve malicious OAuth apps being granted access to the victim’s Salesforce tenant.

Preventing malicious OAuth grants from being authorized requires tight in-app management of user permissions and tenant security settings. This is no mean feat when considering the 100s of apps in use across the modern enterprise, many of which are not centrally managed by IT and security teams (or in some cases, are completely unknown to them). Even then, you’re limited by the controls made available by the app vendor. In this case, Salesforce has announced planned changes to OAuth app authorization in order to improve security prompted by these attacks — but many more apps with insecure configs exist for attackers to take advantage of in the future.

1. Malicious browser extensions Malicious browser extensions are another way for attackers to compromise your business apps by observing and capturing logins as they happen, and/or extracting session cookies and credentials saved in the browser cache and password manager. Attackers do this by creating their own malicious extension and tricking your users into installing it, or taking over an existing extension to gain access to browsers where it is already installed. It’s surprisingly easy for attackers to buy and add malicious updates to existing extensions , easily passing extension web store security checks.

The news around extension-based compromises has been on the rise since the Cyberhaven extension was hacked in December 2024, along with at least 35 other extensions. Since then, 100s of malicious extensions have been identified, with millions of installs. Generally, your employees should not be randomly installing browser extensions unless pre-approved by your security team. The reality, however, is that many organizations have very little visibility of the extensions their employees are using, and the potential risk they’re exposed to as a result.

1. Malicious file delivery Malicious files have been a core part of malware delivery and credential theft for many years. Just as non-email channels like malvertising and drive-by attacks are used to deliver phishing and ClickFix lures, malicious files are also distributed through similar means — leaving malicious file detection to basic known-bad checks, sandbox analysis using a proxy (not that useful in the context of sandbox-aware malware) or runtime analysis on the endpoint. This doesn’t just have to be malicious executables directly dropping malware onto the device.

File downloads can also contain additional links that take the user to malicious content. In fact, one of the most common types of downloadable content is HTML Applications (HTAs), commonly used to spawn local phishing pages to stealthily capture credentials. More recently, attackers have been weaponizing SVG files for a similar purpose, running as self-contained phishing pages that render fake login portals entirely client-side. Even if malicious content cannot always be flagged from surface-level inspection of a file, recording file downloads in the browser is a useful addition to endpoint-based malware protection, and provides another layer of defense against file downloads that perform client-side attacks, or redirect the user to malicious web-based content.

1. Stolen credentials and MFA gaps This last one isn’t so much a browser-based attack, but it is a product of them. When credentials are stolen through phishing or infostealer malware they can be used to take over accounts missing MFA. This isn’t the most sophisticated attack, but it’s very effective.

You need only look at last year’s Snowflake account compromises or the Jira attacks earlier this year to see how attackers harness stolen credentials at scale. With the modern enterprise using hundreds of apps, the likelihood that an app hasn’t been configured for mandatory MFA (if possible) is high. And even when an app has been configured for SSO and connected to your primary corporate identity, local “ghost logins” can continue to exist , accepting passwords with no MFA required. Logins can also be observed in the browser — in fact, it’s as close to a universal source of truth as you’re going to get about how your employees are actually logging in, which apps they’re using, and whether MFA is present, enabling security teams to find and fix vulnerable logins before they can be exploited by attackers.

Conclusion Attacks are increasingly happening in the browser. That makes it the perfect place to detect and respond to these attacks. But right now, the browser is a blind-spot for most security teams. Push Security’s browser-based security platform provides comprehensive detection and response capabilities against the leading cause of breaches.

Push blocks browser-based attacks like AiTM phishing, credential stuffing, password spraying and session hijacking using stolen session tokens. You can also use Push to find and fix vulnerabilities across the apps that your employees use, like ghost logins, SSO coverage gaps, MFA gaps, vulnerable passwords, risky OAuth integrations, and more to harden your identity attack surface. If you want to learn more about how Push helps you to detect and stop attacks in the browser, check out our latest product overview or book some time with one of our team for a live demo . Found this article interesting?

This article is a contributed piece from one of our valued partners. Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

⚡ Weekly Recap: Bootkit Malware, AI-Powered Attacks, Supply Chain Breaches, Zero-Days & More

In a world where threats are persistent, the modern CISO’s real job isn’t just to secure technology—it’s to preserve institutional trust and ensure business continuity. This week, we saw a clear pattern: adversaries are targeting the complex relationships that hold businesses together, from supply chains to strategic partnerships. With new regulations and the rise of AI-driven attacks, the decisions you make now will shape your organization’s resilience for years to come. This isn’t just a threat roundup; it’s the strategic context you need to lead effectively.

Here’s your full weekly recap, packed with the intelligence to keep you ahead. ⚡ Threat of the Week New HybridPetya Ransomware Bypasses UEFI Secure Boot — A copycat version of the infamous Petya/NotPetya malware dubbed HybridPetya has been spotted. But no telemetry exists to suggest HybridPetya has been deployed in the wild yet. It also differs in one key respect: It can compromise the secure boot feature of Unified Extensible Firmware Interface (UEFI) by installing a malicious application.

Attackers prize bootkits since malware installed at that level can evade detection by antivirus applications and survive operating system reinstalls. With access to the UEFI, hackers can deploy their own kernel-mode payloads. ESET said it found HybridPetya samples uploaded to Google’s VirusTotal platform in February 2025. Getting Started Guide: Transforming Detection & Response for the Cloud Era Cloud attacks need cloud-native response.

The Cloud gives teams incredible speed and flexibility. Security should match that pace, helping you detect and respond to issues in real time without slowing innovation. That’s where Cloud Detection & Response (CDR) comes in. Built for the cloud, CDR gives you comprehensive visibility, enabling you to both understand the threats facing your environment and provide better remediation recommendations.

Discover how CDR enables security teams to act faster, smarter, and bring clarity to SecOps Get the Guide ➝ 🔔 Top News Samsung Patches Actively Exploited Flaw — Samsung has released a fix for a security vulnerability that it said has been exploited in zero-day attacks. The vulnerability, CVE-2025-21043 (CVSS score: 8.8), concerns an out-of-bounds write that could result in arbitrary code execution. The critical-rated issue, per the South Korean electronics giant, affects Android versions 13, 14, 15, and 16. The vulnerability was privately disclosed to the company on August 13, 2025.

Samsung did not share any specifics on how the vulnerability is being exploited in attacks and who may be behind these efforts. However, it acknowledged that “an exploit for this issue has existed in the wild.” Google Pixel 10 Adds Support for C2PA Standard — Google announced that its new Google Pixel 10 phones support the Coalition for Content Provenance and Authenticity (C2PA) standard out of the box to verify the origin and history of digital content. Support for C2PA’s Content Credentials has been added to Pixel Camera and Google Photos apps for Android. The move, Google said, is designed to further digital media transparency.

“Pixel 10 phones support on-device trusted time-stamps, which ensures images captured with your native camera app can be trusted after the certificate expires, even if they were captured when your device was offline,” Google said . Chinese APT Deploys EggStreme Malware in Attack Targeting Philippines — A novel malware framework called EggStreme has been put to use in a cyber attack on a Philippine military company attributed to a government-backed hacking group from China. EggStreme framework is a tightly integrated set of malicious components that, unlike traditional malware, operates “with a clear, multi-stage flow designed to establish a resilient foothold on compromised systems.” The backdoor offers a wide range of capabilities, allowing hackers to inject other payloads, move around a victim’s network and more. The activity was observed between April 9, 2024, and June 13, 2025, indicating a year-long effort.

The attackers leveraged legitimate Windows services to blend into the system’s normal operations and maintain access. New RatOn Malware Targets Android — A new Android malware called RatOn has evolved from a basic tool capable of conducting Near Field Communication (NFC) relay attacks to a sophisticated remote access trojan with Automated Transfer System (ATS) capabilities to conduct device fraud. The trojan fuses NFC relay techniques, ransomware overlays, and ATS capabilities, making it a potent tool with dual-pronged objectives: initiate unauthorized fund transfers and compromise cryptocurrency wallet accounts associated with MetaMask, Trust, Blockchain.com, and Phantom. Apple Debuts Memory Integrity Enforcement in iPhone Air and 17 — Apple unveiled a comprehensive security system called Memory Integrity Enforcement (MIE) that represents a culmination of a five-year engineering effort to combat sophisticated cyber attacks targeting individual users through memory corruption vulnerabilities.

The technology is built into Apple’s new iPhone 17 and iPhone Air devices, which feature the A19 and A19 Pro chips. It combines custom-designed hardware with changes to the operating system to deliver what Apple describes as “industry-first, always-on” memory safety protection. MIE works by allocating each piece of a newer iPhone’s memory with a secret tag. This means only apps with that secret tag can access that memory in the future.

If the secret doesn’t match, the security protections are triggered to block the request, terminate the process, and log the event. With memory corruption vulnerabilities accounting for some of the most pervasive threats to operating system security, the initiative is primarily designed to defend against sophisticated attacks, particularly from so-called mercenary spyware vendors who leverage them to deliver spyware to targeted devices via zero-click attacks that require no user interaction. Unlike Google Pixel devices, where it’s an optional developer feature, MIE will be on by default system-wide. But third-party apps, including social media and messaging applications, will have to implement MIE on their own to improve protections for their users.

While no technology is hack-proof, MIE is expected to raise the cost of developing surveillance technologies, forcing companies that have working exploits to go back to the drawing board, as they will stop working on the new iPhones. Open-Source Community Rallies Against npm Supply Chain Attack — A software supply chain attack that compromised several npm packages with over 2 billion weekly downloads was mitigated swiftly, leaving attackers with little profits off the cryptocurrency heist scheme. The incident occurred after some of the developers fell for an npm password reset phishing attack, allowing the threat actors to gain access to their accounts and publish trojanized packages with malicious code to steal cryptocurrency by redirecting transactions to wallets under their control. Specifically, the malware replaces legitimate wallet addresses with attacker-controlled ones, using the Levenshtein distance algorithm to pick the most visually similar address, making the swap nearly undetectable to the naked eye.

“The attackers poorly used a widely known obfuscator, which led to immediate detection shortly after the malicious versions were published,” JFrog said. According to data from Arkham , the attackers managed to steal about $1,087. During the two-hour window they were available for download, the compromised packages were pulled by roughly 10% of cloud environments, per cloud security firm Wiz , which characterized the impact of the campaign as a “denial-of-service” attack on the industry that wasted “countless hours of work” in order to ensure the risk has been mitigated. “In the case of npm, I think the big answer is trusted publishing, which includes the use of attestation and provenance,” Aikido Security’s lead malware researcher Charlie Eriksen told The Hacker News.

“Once a package becomes popular enough, it should not be possible to publish new versions of it without the use of this, in my opinion. Using trusted publishing, maintainers can configure it so that the only source that can publish new versions is through GitHub or GitLab. This requires all the normal workflows and controls that source repositories provide - like requiring multiple people to review a Pull Request before it can be merged into the main branch and cause a new release to be published.” 🔥 Trending CVEs Hackers don’t wait. They exploit newly disclosed vulnerabilities within hours, transforming a missed patch or a hidden bug into a critical point of failure.

One unpatched CVE is all it takes to open the door to a full-scale compromise. Below are this week’s most critical vulnerabilities, making waves across the industry. Review the list, prioritize patching, and close the window of opportunity before attackers do. This week’s list includes — CVE-2025-21043 (Samsung), CVE-2025-5086 (Dassault Systèmes DELMIA Apriso), CVE-2025-54236 (Adobe Commerce), CVE-2025-42944, CVE-2025-42922, CVE-2025-42958 (SAP NetWeaver), CVE-2025-9636 (pgAdmin), CVE-2025-7388 (Progress OpenEdge), CVE-2025-57783, CVE-2025-57784, CVE-2025-57785 (Hiawatha), CVE-2025-9994 (Amp’ed RF BT-AP 111), CVE-2024-45325 (Fortinet FortiDDoS-F CLI), CVE-2025-9712 , CVE-2025-9872 (Ivanti Endpoint Manager), CVE-2025-10200 , CVE-2025-10201 (Google Chrome), CVE-2025-49459 (Zoom Workplace for Windows on Arm), CVE-2025-10198, CVE-2025-10199 (Sunshine for Windows), CVE-2025-4235 (Palo Alto Networks User-ID Credential Agent for Windows), CVE-2025-58063 (CoreDNS etcd plugin), CVE-2025-20340 (Cisco IOS XR), CVE-2025-9556 (Langchaingo), and CVE-2025-24293 (Ruby on Rails).

📰 Around the Cyber World VS Code, Cursor, and Windsurf Users Targeted by WhiteCobra — A threat actor known as WhiteCobra is targeting Visual Studio Code, Cursor, and Windsurf Users with 24 malicious extensions in the Visual Studio marketplace and the Open VSX registry. The same threat actor is believed to be behind other VS Code extensions that masqueraded as the Solidity programming language to deliver stealer malware, leading to the theft of around $500,000 in crypto assets from a Russian developer. The end goal of the campaign is to promote the extensions on social media platforms like X, trick developers into installing them, and exfiltrate cryptocurrency wallet phrases for profit using Lumma Stealer. According to a leaked internal playbook, the threat actors, cybercriminals, set revenue projections between $10,000 and $500,000, provide command-and-control (C2) infrastructure setup guides, and describe social engineering and marketing promotion strategies.

The activity also involves running automated scripts to generate 50,000 fake downloads for social proof. “By faking massive numbers of downloads, they continue to trick developers, and sometimes even marketplace review systems, into thinking their extensions are safe, popular, and vetted,” Koi Security said. “To a casual observer, 100K installs signals legitimacy. That’s exactly what they’re counting on.” Mamont Banking Trojan Prominent in Q2 2025 — Kaspersky said it detected a total of 42,220 installation packages associated with mobile banking trojans in Q2 2025, down from 49,273 in Q1 2025.

“The bulk of mobile banking Trojan installation packages still consists of various modifications of Mamont, which account for 57.7%,” the Russian cybersecurity vendor said. Also prevalent were Coper, which targeted users in Türkiye, Rewardsteal, which was active in India, and Pylcasa, a new type of dropper distributed in Brazil. “They infiltrate Google Play by masquerading as simple apps, such as calculators, but once launched, they open a URL provided by malicious actors – similar to Trojans of the Fakemoney family,” it added. “These URLs may lead to illegal casino websites or phishing pages.” WhatsApp Former Security Chief Files Lawsuit — Attaullah Baig, WhatsApp’s former head of security, filed a lawsuit accusing the company of ignoring systemic privacy and security issues that allegedly endangered users’ information, per The New York Times.

The WhatsApp suit alleges that approximately 1,500 WhatsApp engineers had unrestricted access to user data, including sensitive personal information, and that the employees “could move or steal such data without detection or audit trail.” Baig also allegedly notified senior management of data scraping concerns on the platform that allows pictures and names of some 400 million user profiles to be scraped, often for use in account impersonation scams. Meta has disputed the allegations , stating this is a case of a former employee who “goes public with distorted claims that misrepresent the ongoing hard work of our team” after being dismissed for poor performance. Spyware Found on Phones Belonging to Kenyan Filmmakers — Kenyan authorities have been accused of installing spyware on the phones of two filmmakers, Bryan Adagala and Nicholas Wambugu, who helped produce a documentary about the country’s youth uprising. The filmmakers were arrested back in May 2025 and released a day later, but their phones were confiscated and not returned until July 10.

It’s believed that Kenyan authorities installed a commercial spyware app called FlexiSPY, which can record calls, track locations, listen through microphones, download photos, and capture emails and text messages. Massive DDoS Attacks Averted — A DDoS mitigation service provider in Europe was targeted in a massive distributed denial-of-service attack that reached 1.5 billion packets per second. According to FastNetMon, the attack originated from thousands of IoTs and MikroTik routers. “The attack reached 1.5 billion packets per second (1.5 Gpps) — one of the largest packet-rate floods publicly disclosed,” it said .

“The malicious traffic was primarily a UDP flood launched from compromised customer-premises equipment (CPE), including IoT devices and routers, across more than 11,000 unique networks worldwide.” In a related development, Qrator said it detected and blocked on September 1, 2025, a large-scale attack carried out by what it described as the “largest L7 DDoS botnet observed to date.” The attack targeted an unnamed entity in the government sector. The botnet, compromising 5.76 million IP addresses, has been around since March 26, 2025, when it had about 1.33 million IP addresses. “The largest share of malicious traffic still came from Brazil (1.41M), Vietnam (661K), the United States (647K), India (408K), and Argentina (162K),” it said . SafePay Ransomware Detailed — SafePay has been described as a highly discreet ransomware operation that does not work as a ransomware-as-a-service ( RaaS ) operation.

“Excluding a data leak site (DLS) that names victims, there is no evidence of an external forum or community that enables the group to broaden its interactions beyond victim contact,” Bitdefender said . “There appears to be no correspondence with the public or other threat actors and potential recruits.” Since the start of the year, the group has claimed 253 victims, with most of them located in the U.S., Germany, Great Britain, and Canada. DoJ Charges Tymoshchuk for Ransomware Attacks — The U.S. Department of Justice (DoJ) charged Ukrainian national Volodymyr Viktorovich Tymoshchuk (aka deadforz, Boba, msfv, and farnetwork ) for his role as the administrator of the LockerGoga, MegaCortex, and Nefilim ransomware operations between December 2018 and October 2021.

“Volodymyr Tymoshchuk is charged for his role in ransomware schemes that extorted more than 250 companies across the United States and hundreds more around the world,” the DoJ said . “Tymoshchuk and the other Nefilim administrators provided other Nefilim ransomware affiliates, including co‑defendant Artem Stryzhak, who was extradited from Spain and faces charges in the Eastern District of New York, with access to the Nefilim ransomware in exchange for 20 percent of the ransom proceeds extorted from Nefilim victims.” Tymoshchuk is charged with two counts of conspiracy to commit fraud and related activity in connection with computers, three counts of intentional damage to a protected computer, one count of unauthorized access to a protected computer, and one count of transmitting a threat to disclose confidential information. In 2023, Group-IB also linked Tymoshchuk to JSWORM, Karma, Nokoyawa, and Nemty ransomware gangs. Tymoshchuk, described as a “serial ransomware criminal,” remains a fugitive, with the U.S.

State Department offering an $11 million reward for information leading to his arrest or other key co-conspirators. Tymoshchuk has also been placed on Europe’s Most Wanted fugitives list by France, which alleged that his group’s activities led to $18 billion worth of damages, branding him “dangerous.” Kosovo National Pleads Guilty to Running BlackDB.cc — Liridon Masurica, a Kosovo national who was arrested in December 2024 and extradited to the U.S. back in May, has pleaded guilty to running BlackDB.cc, a cybercrime marketplace that has been active since 2018. “The marketplace illegally offered for sale compromised account and server credentials, credit card information, and other personally identifiable information of individuals primarily located in the United States, including those located within the Middle District of Florida,” the DoJ said .

“Once purchased, cybercriminals used the items purchased on BlackDB.cc to facilitate a wide range of illegal activity, including tax fraud, credit card fraud, and identity theft.” He faces up to 10 years in prison. A sentencing date has not yet been set. DoJ Seeks Forfeiture of $5M Stolen in SIM Swapping Scams — The DoJ filed a civil forfeiture complaint against over $5 million in bitcoin (BTC), which are alleged to be ill-gotten gains from multiple SIM swap attacks targeting five victims across the U.S. between October 29, 2022, and March 21, 2023.

“The perpetrators of these thefts utilized a SIM swapping technique that allowed the perpetrators to authenticate their unauthorized access to the victims’ cryptocurrency accounts and transfer the victim’s funds to perpetrator-controlled accounts,” the DoJ noted . “After each of the five thefts occurred, the perpetrators moved the stolen funds through multiple cryptocurrency wallets and ultimately consolidated them into one wallet that funded an account at Stake.com, an online casino. Many of these transactions were circular in that they eventually returned funds to their original source, and consistent with money laundering utilized to ‘clean’ proceeds of criminal activity.” New Phishing Campaign Targets Google Workspace — Researchers have uncovered a new phishing campaign targeting Google Workspace organizations through fraudulent AppSheet-branded emails. The attack illustrates how traditional security controls become useless when attackers abuse legitimate infrastructure to deliver malicious content that sails past every deployed security filter.

“The reliance on commonly used or well-known brands in social engineering attacks is nothing new, however, these attacks still remain quite effective,” Erich Kron, security awareness advocate at KnowBe4, said. “Leveraging brands that are known to potential victims exploits the trust that these brands have worked so hard to establish. These types of attacks are meant to blend in with normal day-to-day activities, further increasing the trust level of the potential victim. By using a platform that sends from a known and trusted source, many technical filters and controls are bypassed, and a key red flag is taken away from the potential victim.” ToolShell SharePoint Exploit Chain Detailed — Cybersecurity researchers shared technical insights into the SharePoint flaws known as ToolShell that came under active exploitation in July 2025.

Some of these attacks have led to the deployment of Warlock, a customized derivative of LockBit 3.0. The group made its public debut on the Russian-language RAMP forum in early June 2025. “In a short period of time, the threat actor behind Warlock evolved from a bold forum announcement into a rapidly growing global ransomware threat, setting the stage for even more sophisticated campaigns – including those leveraging the SharePoint ToolShell vulnerability that would bring the group into the spotlight,” Trend Micro said . The vulnerabilities impact self-hosted SharePoint Server 2016, 2019, and Subscription Edition, enabling unauthenticated remote code execution and security bypasses.

“The ToolShell vulnerability chain represents one of the most critical SharePoint security threats observed in recent years,” Trellix said . “The combination of unauthenticated remote code execution and cryptographic key theft creates a perfect storm for persistent compromise and lateral movement.” New PoisonSeed Domains Flagged — New domains have been identified as linked to PoisonSeed , a financially motivated threat actor known for its phishing operations. “These domains primarily spoof the email platform SendGrid and are likely attempting to compromise enterprise credentials of SendGrid customers,” DomainTools said . “They display fake Cloudflare CAPTCHA interstitials to add legitimacy to malicious domains before redirecting targeted users to phishing pages.” Salat Stealer Spotted — A new information stealer called Salat Stealer (aka WEB_RAT or WebRAT) has been detected in the wild.

Written in Go, the stealer is offered under a malware-as-a-service (MaaS) model by Russian-speaking actors. “The malware exfiltrates browser credentials, cryptocurrency wallet data, and session information while employing advanced evasion techniques, including UPX packing, process masquerading, registry run keys, and scheduled tasks,” CYFIRMA said . The malware is assessed to be the work of a threat actor known as NyashTeam , which is also known for selling DCRat, per Russian cybersecurity company F6. Plex Urges Password Change After Breach — Plex urged users to change their password , enable two-factor authentication, and sign out of any connected devices that might already be logged in the wake of a security incident where a database was accessed by “an unauthorized third-party” exposing emails, usernames, and hashed passwords for a “limited subset” of customers.

The company said no financial data was exposed. TOR Project Releases Official Android VPN App — The maintainers of the TOR Project have released an official VPN app that allows Android users to route all their traffic through the Tor network. Flaws in Viidure App — Police-issued body cameras have become prevalent tools for recording law enforcement encounters. But a recent study has unearthed troubling design choices in a budget-friendly system that compromise both privacy and data integrity.

The Viidure mobile application, designed to transfer video evidence from the camera’s onboard Wi-Fi hotspot to cloud servers, was found to communicate over a nonstandard TLS port, directing sensitive information to cloud servers based in China. “This traffic interception would be concerning for any mobile application, but it’s especially worrying given the sensitive nature of the video data being handled in this case,” Brown Fine Security said . Microsoft Announces Plans to Phase Out VBScript — Microsoft has officially announced a multi-phase plan to deprecate Visual Basic Script (aka VBScript) in Windows, a move that signals a significant shift for developers, particularly those working with Visual Basic for Applications (VBA). The change, first detailed in May 2024, will gradually phase out the legacy scripting language, requiring developers to adapt their projects to ensure future compatibility.

SpamGPT Sold on Cybercrime Forums — A new AI-based email attack automation toolkit dubbed SpamGPT is being advertised on underground forums as a game-changer for cybercriminals. “This platform is designed to compromise email servers, bypass spam filters, and orchestrate mass phishing campaigns with unprecedented ease,” Varonis said . “SpamGPT combines the power of generative AI with a full suite of email campaign tools, lowering the barrier for launching spam and phishing attacks at scale.” The discovery of SpamGPT is the latest evidence of threat actors embracing large language models (LLMs) and other AI tools to craft more effective attacks. ArgoCD Attack to Exfiltrate Git Credentials — A newly disclosed attack technique allows authenticated users within the popular GitOps tool Argo CD to exfiltrate Git credentials.

The method, according to Future Sight, exploits Kubernetes’ internal DNS resolution to intercept credentials in transit, posing a significant risk to organizations relying on the continuous delivery tool. The issue is being tracked as CVE-2025-55190. It has been addressed in versions v3.1.2, v3.0.14, v2.14.16, and v2.13.9. “API tokens with basic project permissions can retrieve all repository credentials associated with a project through the detailed project API endpoint,” ArgoCD said in an advisory.

NASA Cuts Off Access to Chinese Nationals — U.S. space agency NASA has cut off Chinese nationals from accessing its premises and assets, including those who hold visas that permit them to reside in the USA. The agency said it “has taken internal action pertaining to Chinese nationals, including restricting physical and cybersecurity access to our facilities, materials, and network to ensure the security of our work.” Mr Hamza Releases Abyssal DDoS Tool — The anti-Israel and pro-Palestinian hacktivist group known as Mr Hamza has developed a Python-based DDoS attack tool called Abyssal DDoS. The tool offers 32 attack methods, targeting various layers of the network and application stack, per Radware.

“Beyond the various attack methods, Abyssal DDoS also includes features aimed at increasing the tool’s effectiveness and usability,” it said . “The tool generates randomized HTTP request headers, such as User-Agent, Accept and Referrer, which adds a layer of obfuscation and may help avoid simple header-based classification.” Vidar Stealer Bounces Back — Threat hunters have observed a fresh malware campaign distributing Vidar Stealer in recent weeks using new obfuscation techniques. The malware adopts a multi-pronged strategy using phishing emails, compromised or fake sites, and malvertising campaigns, allowing it to reach a broader audience while bypassing defenses. Besides attempting to sidestep AMSI and setting up persistence using scheduled tasks, it uses Telegram profiles to retrieve its command-and-control (C2) server details using a dead drop resolver mechanism.

“The malware blends stealth with persistence by disguising its traffic as ‘PowerShell’ to appear legitimate while using exponential backoff with jitter to make repeated connections less noticeable,” Aryaka said . Errors during communication are quietly suppressed, reducing logs and avoiding attention from defenders. To guarantee reliability, it persistently retries downloads several times even in unstable environments. At the same time, it randomizes directories and filenames, ensuring each instance looks different and making signature-based detection more difficult.” Kaspersky Warns of Dual-Purpose Groups Targeting Russia — Kaspersky has warned of dual-purpose groups in the Russian threat landscape that exhibit traits associated with hacktivists and financially motivated entities.

“They use the same tools, techniques, and tactics, and even share common infrastructure and resources,” Kaspersky said . “Depending on the victim, they may pursue a variety of goals: demanding a ransom to decrypt data, causing irreparable damage, or leaking stolen data to the media. This suggests that these attackers belong to a single complex cluster.” Microsoft Teams Gains Support for Phishing Link Alerts — Microsoft Teams will automatically alert users when they send or receive a private message containing links that are tagged as malicious. “Teams automatically scans the URL against threat intelligence databases to identify potentially malicious links,” Microsoft said .

“If a harmful link is detected, Teams displays clear warnings to both the sender and all recipients in the conversation.” Microsoft Fixes Copilot Audit Log Bug — Microsoft patched a vulnerability that could have been exploited to prevent Copilot interactions from being logged in audit logs. When Copilot was prompted to summarize a file, the action would be logged. But if the AI assistant was explicitly asked not to link to the document and not to include it as a reference, the action would not get logged, Pistachio reported . Flaws in Carmaker Dealership Portal — Severe vulnerabilities have been uncovered in the online dealership portal of a major carmaker.

Security researcher Eaton Zveare said the bugs could have allowed attackers to create their own admin accounts, leak the private information and vehicle data of its customers, and remotely break into their vehicles. The vulnerabilities resided in the portal’s login system and were patched in February. Zveare has previously found flaws in Honda and Toyota systems . Remote Access Software Abuse a Common Pre-Ransomware Indicator — Abuses of remote access software (AnyDesk, Atera, Microsoft Quick Assist, and Splashtop) and services (RDP, PsExec, and PowerShell) are the most common ‘pre-ransomware’ indicators, according to new research from Cisco Talos.

Finnish Hacker Released from Jail — Finnish hacker Aleksanteri Kivimäki has been released from prison following an appeal. Kivimäki broke into the psychotherapy centre Vastaamo in 2020 and released highly sensitive patient files. He was arrested in 2023 and subsequently sentenced last year to six years in prison. The court released him, given that he was a first-time offender and had already served almost half of his sentence.

Electron Framework Flaw Can be Used to Bypass Integrity Checks — A newly discovered vulnerability (CVE-2025-55305) in the Electron framework could allow attackers to bypass code integrity checks by tampering with V8 heap snapshot files, enabling local backdoors in applications like Signal, 1Password, and Slack. “A majority of Electron applications leave integrity checking disabled by default, and most that do enable it are vulnerable to snapshot tampering,” Trail of Bits said . “However, snapshot-based backdoors pose a risk not just to the Electron ecosystem, but to Chromium-based applications as a whole.” Nulled Plugins Target WordPress Sites — A new campaign is using “nulled” WordPress plugins to backdoor websites with rogue admin accounts. “This campaign is particularly concerning because it doesn’t just infect websites: it enables attackers to bypass existing security defenses while achieving persistent access, effectively turning developers or site owners into unwitting collaborators in weakening their own site’s defences,” Wordfence said .

China Mulls Severe Penalties for Security Failures — The Chinese government is proposing a draft amendment to its cybersecurity law that would increase fines for data breaches and introduce certification requirements for technology products. Critical infrastructure operators could face fines of up to $1.4 million (¥10 million). Individuals responsible for a breach could also face personal fines of up to $14,000 (¥100,000). The amendment also threatens harsher penalties for companies storing “important” data overseas.

U.K. Elections Watchdog Says it Took 3 Years to Recover from 2021 Breach — The U.K. Electoral Commission said it’s taken three years and at least a quarter of a million pounds to fully recover from an August 2021 hack that saw the private details of 40 million voters accessed by Chinese threat actors. The attack was attributed to a hacking group named APT31.

Last July, the Electoral Commission was reprimanded by the Information Commissioner’s Office over the security lapse. “Since the attack, we have made changes to our approach, systems, and processes to strengthen the security and resilience of our systems and will continue to invest in this area,” the commission said . New TONESHELL Variant Detected — A new version of the TONESHELL backdoor has been observed being deployed in cyber attacks targeting Myanmar. While this variant does not introduce any new “revolutionary” features, it employs several stalling and anti-sandboxing tricks designed to waste time, pollute control flow, confuse automated analysis, and evade lightweight sandboxes.

The malware has been historically used by a Chinese espionage nexus known as Mustang Panda. “The continuous refinement of these evasion methods, coupled with the geopolitical significance of the targeted region, reinforces the need for ongoing research and threat hunting to counter cyber operations,” Intezer said . New Exploit Allows Firewall Bypass — A new exploit devised by Ethiack has been found to bypass the web application firewalls (WAFs) of nine vendors by abusing HTTP parameter pollution techniques to facilitate JavaScript injection attacks. “With bypass success rates escalating from 17.6% for simple payloads to 70.6% for complex parameter pollution payloads, the data clearly demonstrates that WAFs relying on pattern matching struggle to defend against attacks that exploit fundamental differences in parsing between WAFs and web applications,” the company said .

U.S. Treasury Sanctions 19 People and Entities in Connection with Scam Operations — The U.S. Treasury Department on Monday sanctioned multiple people and businesses associated with cyber scam centers across Myanmar and Cambodia. The sanctions take aim at the Burmese, Cambodian and Chinese nationals running entities controlling and supporting scam centers that have led to more than $10 billion in losses from Americans.

The sanctions target nine people and companies involved in running Shwe Kokko — a hub for scam centers in Myanmar — as well as four individuals and six entities for their roles operating forced labor compounds in Cambodia under the protection of the already-sanctioned Karen National Army (KNA). Scam centers in Southeast Asia are run by cybercrime organizations that recruit workers under false pretenses and use violence and threats of forced prostitution to coerce them to scam strangers online via messaging apps or text messages. “These sanctions protect Americans from the pervasive threat of online scam operations by disrupting the ability of criminal networks to perpetuate industrial-scale fraud, forced labor, physical and sexual abuse, and theft of Americans’ hard-earned savings,” U.S. Secretary of State Marco Rubio said .

In a related development, a 39-year-old California man, Shengsheng He, was sentenced to 51 months in prison for laundering more than $36.9 million in crypto assets linked to scam compounds operating out of Cambodia. The court also ordered him to pay $26,867,242.44 in restitution to victims. “The defendant was part of a group of co-conspirators that preyed on American investors by promising them high returns on supposed digital asset investments when, in fact, they stole nearly $37 million from U.S. victims using Cambodian scam centers,” the DoJ said .

“Foreign scam centers, purporting to offer investments in digital assets have, unfortunately, proliferated.” Eight co-conspirators have pleaded guilty so far, including Daren Li and Lu Zhang. 🎥 Cybersecurity Webinars Stop AppSec Blind Spots: Map Every Risk From Code to Cloud → Join our live webinar to see how code-to-cloud visibility closes hidden security gaps before attackers strike. You’ll discover how connecting code and cloud risks creates one clear view for developers, DevOps, and security teams—so you can cut noise, fix issues faster, and keep your critical apps safe. Proven Steps to Build AI Agents with Strong Security Controls → Discover how to protect your AI agents while unlocking their full business potential.

This webinar explains what AI agents are, the new cyber risks they introduce, and the practical security steps that keep your data and customers safe. Gain simple, proven strategies from Auth0 experts to build AI solutions that stay secure and trusted as they scale. Who’s Behind the Shadow AI Agents? Expose the Identities Before They Strike → Shadow AI agents are spreading fast across clouds and workflows—often unseen.

Join our webinar to learn how to spot these rogue agents, uncover the hidden identities behind them, and take simple steps to keep your AI operations secure and under control. 🔧 Cybersecurity Tools Inboxfuscation → It is a new free tool that shows how hackers could hide harmful email rules in Microsoft Exchange. It uses special Unicode tricks—like invisible spaces and look-alike letters—to slip past normal security checks. It helps security teams and email admins spot these hidden rules and improve their defenses.

Azure AppHunter → A free PowerShell tool that helps spot risky permissions in Azure. It finds service principals or managed identities with powerful roles—like Global Admin or subscription Owner—that could let attackers escalate access. It’s useful for security teams, red teamers, and defenders to quickly check Azure apps and tighten permissions before they’re abused. Disclaimer: The tools featured here are provided strictly for educational and research purposes.

They have not undergone full security audits, and their behavior may introduce risks if misused. Before experimenting, carefully review the source code, test only in controlled environments, and apply appropriate safeguards. Always ensure your usage aligns with ethical guidelines, legal requirements, and organizational policies. 🔒 Tip of the Week Build a Truly Anonymous Burner Mail System — Standard burner emails are a risk.

Reusing a single inbox for research creates a digital fingerprint, and temporary services often leak your real identity. For true anonymity, you need to build your own system that’s private, untraceable, and fully under your control. Here’s how to architect it like a pro: Own Your Infrastructure: Get a new, neutral domain and use it exclusively for your burner mail. Host your mail server (like Postfix) on separate, anonymous infrastructure.

Use DNSSEC to secure your domain and set up strict SPF, DKIM, and DMARC policies to prove your emails are legitimate and can’t be spoofed. Automate Everything: Create a unique email address for every single website or sign-up. This prevents sites from linking to your activity. Set up your system to automatically create these addresses, and build in rules to instantly delete any alias that starts receiving spam.

Lock Down Your Data: Forward all mail to your real inbox using end-to-end encryption (like OpenPGP). This ensures no one can read your mail, even if your server is compromised. Also, configure your system to strip out all identifying information from email headers, such as your timezone or mail client, so your digital trail goes cold. Leave No Trace: The last step is to get rid of your logs.

A key rule of good security is not to collect data you don’t need. Log only the bare minimum for monitoring, and then automatically purge everything on a regular schedule. This makes it impossible for an attacker to piece together your past activity. Following this approach turns a simple burner email into a forensically resilient identity service, keeping you in control and your online actions truly private.

Conclusion As we close the book on this week, consider this: the most dangerous threats aren’t the ones you patch, but the ones you don’t yet see. The patterns we’ve discussed—from supply chain exploits to the weaponization of AI—aren’t isolated events; they are glimpses into a future where defense demands more than just technical fixes. It requires a fundamental shift in strategy, focusing on resilience, trust, and the human element. The real work begins now.

Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

AI-Powered Villager Pen Testing Tool Hits 11,000 PyPI Downloads Amid Abuse Concerns

A new artificial intelligence (AI)-powered penetration testing tool linked to a China-based company has attracted nearly 11,000 downloads on the Python Package Index (PyPI) repository, raising concerns that it could be repurposed by cybercriminals for malicious purposes. Dubbed Villager, the framework is assessed to be the work of Cyberspike, which has positioned the tools as a red teaming solution to automate testing workflows. The package was first uploaded to PyPI in late July 2025 by a user named stupidfish001, a former capture the flag (CTF) player for the Chinese HSCSEC team. “The rapid, public availability and automation capabilities create a realistic risk that Villager will follow the Cobalt Strike trajectory: commercially or legitimately developed tooling becoming widely adopted by threat actors for malicious campaigns,” Straiker researchers Dan Regalado and Amanda Rousseau said in a report shared with The Hacker News.

The emergence of Villager comes shortly after Check Point revealed that threat actors are attempting to leverage another nascent AI-assisted offensive security tool called HexStrike AI to exploit recently disclosed security flaws. With the advent of generative AI (aka GenAI) models, threat actors have capitalized on the technology for social engineering, technical, and information operations in ways that have likely contributed to increased speed, access to expertise, and scalability. One key advantage to relying on such tools is that they lower the barrier to exploitation, and cut short the amount of time and effort required to pull off such attacks. What once required highly skilled operators and weeks of manual development can be automated using AI, offering bad actors assistance with crafting exploits, payload delivery, and even infrastructure setup.

“Exploitation can be parallelized at scale, with agents scanning thousands of IPs simultaneously,” Check Point noted recently. “Decision-making becomes adaptive; failed exploit attempts can be automatically retried with variations until successful, increasing the overall exploitation yield.” The fact that Villager is available as an off-the-shelf Python package means it offers attackers an easy way to integrate the tool into their workflows, Straiker noted, describing it as a “concerning evolution in AI-driven attack tooling.” Cyberspike first appeared in November 2023, when the domain “cyberspike[.]top” was registered under Changchun Anshanyuan Technology Co., Ltd., an AI company supposedly based in China. That said, the only source of information about what the company does comes from a Chinese talent services platform called Liepin, raising questions about who is behind it. Snapshots of the domain captured on the Internet Archive reveal that the tool is marketed as a network attack simulation and post-penetration test tool to help organizations evaluate and strengthen their cybersecurity posture.

Once installed, Cyberspike has been found to incorporate plugins that are components of a remote access tool (RAT), enabling invasive victim surveillance and control using remote desktop access, Discord account compromise, keystroke logging, webcam hijacking, and other monitoring functions. Further analysis has uncovered similarities with a known RAT called AsyncRAT . “Cyberspike integrated AsyncRAT into its red teaming product, with additional plugins to well-known hacktools like Mimikatz as well,” Straiker said. “These integrations demonstrate how Cyberspike repackaged established hacktools and offensive tools into a turnkey framework designed for penetration testing and probably malicious operations.” Villager appears to be the latest offering from Cyberspike.

Operating as a Model Context Protocol ( MCP ) client, it integrates with Kali Linux toolsets, LangChain, and DeepSeek’s AI models to automate testing workflows, handle browser-based interactions, and issue commands in natural language that can then be converted into their technical equivalents. Besides leveraging a database of 4,201 AI system prompts to generate exploits and make real-time decisions in penetration testing, the AI-native penetration testing framework automatically creates isolated Kali Linux containers for network scanning, vulnerability assessment, and penetration testing, and destroys them after a period of 24 hours, effectively covering up traces of the activity. “The ephemeral nature of these containers, combined with randomized SSH ports, makes AI-powered attack containers difficult to detect, complicating forensic analysis and threat attribution,” the researchers noted. Command-and-control (C2) is accomplished by means of a FastAPI interface that processes incoming tasks, while the Python-based Pydantic AI agent platform is used to standardize outputs.

“Villager reduces skill and time required to run sophisticated offensive toolchains, enabling less-skilled actors to perform more advanced intrusions,” the researchers said. “Its task-based architecture, where AI dynamically orchestrates tools based on objectives rather than following rigid attack patterns, marks a fundamental shift in how cyber attacks are conducted.” “Increased frequency and speed of automated reconnaissance, exploitation attempts, and follow-on activity could raise detection and response burdens across the enterprise.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

HiddenGh0st, Winos and kkRAT Exploit SEO, GitHub Pages in Chinese Malware Attacks

Chinese-speaking users are the target of a search engine optimization (SEO) poisoning campaign that uses fake software sites to distribute malware. “The attackers manipulated search rankings with SEO plugins and registered lookalike domains that closely mimicked legitimate software sites,” Fortinet FortiGuard Labs researcher Pei Han Liao said . “By using convincing language and small character substitutions, they tricked victims into visiting spoofed pages and downloading malware.” The activity, which was discovered by the cybersecurity company in August 2025, leads to the deployment of malware families like HiddenGh0st and Winos (aka ValleyRAT), both of which are variants of a remote access trojan called Gh0st RAT. It’s worth noting that the use of Winos has been attributed to a cybercrime group known as Silver Fox , which is also tracked as SwimSnake, The Great Thief of Valley (or Valley Thief), UTG-Q-1000, and Void Arachne.

It’s believed to be active at least since 2022. In the latest attack chain documented by Fortinet, users searching for tools like DeepL Translate, Google Chrome, Signal, Telegram, WhatsApp, and WPS Office on Google are redirected to bogus sites to trigger the delivery of the malware using trojanized installers. “A script named nice.js controls the malware delivery process on these sites,” Fortinet explained. “The script follows a multi-step chain: it first calls a download link that returns JSON data, which includes a secondary link.

That secondary link then points to another JSON response containing a link that redirects to the final URL of the malicious installer.” Present within the installer is a malicious DLL (“EnumW.dll”) that carries out several anti-analysis checks to sidestep detection, including extracting another DLL (“vstdlib.dll”) to overwhelm analysis tools by inflating memory usage and slowing their performance. The second DLL is also engineered to unpack and launch the main payload, but not before ascertaining the presence of 360 Total Security antivirus software on the compromised host. If present, the malware uses a technique called TypeLib COM hijacking to set up persistence and ultimately launch a Windows executable (“insalivation.exe”) In the event the antivirus software is not installed on the host, persistence is achieved by creating a Windows shortcut that points to the same executable. The end goal of the infection is to sideload a DLL (“AIDE.dll”) that initiates three core functions - Command-and-Control (C2), to establish communication with a remote server and exchange data in an encrypted format Heartbeat, to collect system and victim data and enumerate running processes against a hard-coded list of security products Monitor, to evaluate the victim’s environment to confirm persistence, track user activity, and beacon to the C2 server The C2 module also supports commands to download additional plugins, log keystrokes and clipboard data, and even hijack cryptocurrency wallets associated with Ethereum and Tether.

Some of the identified plugins are capable of keeping tabs on the victim’s screen and have been previously identified as part of the Winos framework. “The installers contained both the legitimate application and the malicious payload, making it difficult for users to notice the infection,” Fortinet said. “Even highly ranked search results were weaponized in this way, underscoring the importance of carefully inspecting domain names before downloading software.” Chinese Speakers Targeted by Malware Trifecta, Including New kkRAT The development comes as Zscaler ThreatLabz flagged a separate campaign, also targeting Chinese-speaking users, with a previously undocumented malware called kkRAT since early May 2025, along with Winos and FatalRAT . kkRAT “shares code similarities with both Gh0st RAT and Big Bad Wolf (大灰狼), a RAT typically leveraged by China-based cybercriminals,” Zscaler researcher Muhammed Irfan V A said .

“kkRAT employs a network communication protocol similar to Ghost RAT, with an added encryption layer after data compression. The RAT’s features include clipboard manipulation to replace cryptocurrency addresses and the deployment of remote monitoring tools (i.e. Sunlogin, GotoHTTP).” Like the aforementioned activity, the attack campaign uses fake installer pages mimicking popular software like DingTalk to deliver the three trojans. The phishing sites are hosted on GitHub pages, allowing the bad actors to abuse the trust associated with a legitimate platform for malware distribution.

The GitHub account used to deploy the pages is no longer available. Once launched by the victim, the installer hosted on the sites runs a series of checks to identify sandbox environments and virtual machines (VMs), as well as bypass security software. It also requests for administrator privileges, which, if granted, enables it to enumerate and temporarily disable all active network adapters, effectively interfering with the regular functioning of antivirus programs. Another notable aspect of the malware is its use of the Bring Your Own Vulnerable Driver (BYOVD) technique to disarm antivirus software installed on the host by reusing code from the RealBlindingEDR open-source project.

The malware specifically searches for the following five programs - 360 Internet Security suite 360 Total Security HeroBravo System Diagnostics suite Kingsoft Internet Security QQ电脑管家 Once the relevant antivirus-related processes have been terminated, the malware takes steps to create a scheduled task that’s run with SYSTEM privileges to execute a batch script to ensure that they are automatically killed every time after a user logs in to the machine. Furthermore, it modifies Windows Registry entries for 360 Total Security with the likely goal of disabling network checks. After all these actions are carried out, the malware proceeds to re-enable network adapters to restore the system’s network connectivity. The primary responsibility of the installer is to launch shellcode, which, in turn, launches another obfuscated shellcode file named “2025.bin” from a hard-coded URL.

This newly retrieved shellcode serves as a downloader for an artifact (“output.log”) that subsequently reaches out to two different URLs to fetch two ZIP archives - trx38.zip, containing a legitimate executable file and a malicious DLL that’s launched using DLL side-loading p.zip, containing a file named longlq.cl, which holds the encrypted final payload “The malware then will create a shortcut for the legitimate executable extracted from trx38.zip, add this shortcut to the startup folder for persistence, and execute the legitimate executable to sideload the malicious DLL,” Zscaler said. “The malicious DLL decrypts and executes the final payload from the file longlq.cl. The final payload of the campaign varies based on the second ZIP archive that is downloaded.” Attack chain for a malware campaign delivering several RATs One of the three payloads is kkRAT. After establishing a socket connection with the C2 server, the malware profiles the victim machine and obtains various plugins to perform a wide range of data gathering tasks - Screen capturing and simulating user inputs such as keyboard and mouse actions Retrieving and modifying clipboard data Enabling remote desktop features, such as launching web browsers and terminating active processes Facilitating remote command execution via a shell interface Enabling Windows management on the screen Proving process management features, such as listing active processes and terminating them as and when required Generating a list of active network connections Providing application management features, such as listing installed software and uninstalling specific ones Enumerating and retrieving the list of values stored in the autorun Registry key Acting as a proxy to route data between a client and server using the SOCKS5 protocol In addition to these plugins, kkRAT offers support for a long list of commands to invoke the plugins; function as a clipper by replacing cryptocurrency wallet addresses copied to the clipboard; set up persistence; deploy GotoHTTP and Sunlogin; and clear data associated with 360 Speed Browser, Google Chrome, Internet Explorer, Mozilla Firefox, QQ Browser, Sogou Explorer, Skye, Telegram.

“kkRAT’s commands and plugins enable features such as clipboard hijacking to replace cryptocurrency wallet addresses, installing RMM tools like Sunlogin and GotoHTTP, and relaying network traffic that can be used to bypass firewalls and VPNs,” Zscaler said. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Weaponized GenAI + Extortion-First Strategies Fueling a New Age of Ransomware

FBI Warns of UNC6040 and UNC6395 Targeting Salesforce Platforms in Data Theft Attacks

The U.S. Federal Bureau of Investigation (FBI) has issued a flash alert to release indicators of compromise (IoCs) associated with two cybercriminal groups tracked as UNC6040 and UNC6395 for orchestrating a string of data theft and extortion attacks. “Both groups have recently been observed targeting organizations’ Salesforce platforms via different initial access mechanisms,” the FBI said . UNC6395 is a threat group that has been attributed a widespread data theft campaign targeting Salesforce instances in August 2025 by exploiting compromised OAuth tokens for the Salesloft Drift application.

In an update issued this week, Salesloft said the attack was made possible due to the breach of its GitHub account from March through June 2025. As a result of the breach, Salesloft has isolated the Drift infrastructure and taken the artificial intelligence (AI) chatbot application offline. The company also said it’s in the process of implementing new multi-factor authentication processes and GitHub hardening measures. “We are focused on the ongoing hardening of the Drift Application environment,” the company said .

“This process includes rotating credentials, temporarily disabling certain parts of the Drift application and strengthening security configurations. At this time, we are advising all Drift customers to treat any and all Drift integrations and related data as potentially compromised.” The second group the FBI has called attention to is UNC6040 . Assessed to be active since October 2024, UNC6040 is the name assigned by Google to a financially motivated threat cluster that has engaged in vishing campaigns to obtain initial access and hijack Salesforce instances for large-scale data theft and extortion. These attacks have involved the use of a modified version of Salesforce’s Data Loader application and custom Python scripts to breach victims’ Salesforce portals and exfiltrate valuable data.

At least some of the incidents have involved extortion activities following UNC6040 intrusions, with them taking place months after the initial data theft. “UNC6040 threat actors have utilized phishing panels, directing victims to visit from their mobile phones or work computers during the social engineering calls,” the FBI said. “After obtaining access, UNC6040 threat actors have then used API queries to exfiltrate large volumes of data in bulk.” The extortion phase has been attributed by Google to another uncategorized cluster tracked as UNC6240, which has consistently claimed to be the ShinyHunters group in emails and calls to employees of victim organizations. “In addition, we believe threat actors using the ‘ShinyHunters’ brand may be preparing to escalate their extortion tactics by launching a data leak site (DLS),” Google noted last month.

“These new tactics are likely intended to increase pressure on victims, including those associated with the recent UNC6040 Salesforce-related data breaches.” Since then, there have been a flurry of developments, the most notable being the teaming up of ShinyHunters, Scattered Spider, and LAPSUS$ to consolidate and unify their criminal efforts . Then on September 12, 2025, the group claimed on their Telegram channel “scattered LAPSUS$ hunters 4.0” that they are shutting down. “We LAPSUS$, Trihash, Yurosh, Yaxsh, WyTroZz, N3z0x, Nitroz, TOXIQUEROOT, Prosox, Pertinax, Kurosh, Clown, IntelBroker, Scattered Spider, Yukari and among many others, have decided to go dark,” the group said . “Our objectives having been fulfilled, it is now time to say goodbye.” It’s currently not clear what prompted the group to hang up their boots, but it’s possible that the move is an attempt to lay low and avoid further law enforcement attention .

“The newly formed scattered LAPSUS$ hunters 4.0 group said it’s hanging up the boots and ‘go dark’ after it alleged that French law enforcement arrested another wrong person in connection with the cybercrime group,” Sam Rubin, senior vice president of Unit 42 Consulting and Threat Intelligence, told The Hacker News. “These declarations rarely signal a true retirement.” “Recent arrests may have prompted the group to lay low, but history tells us this is often temporary. Groups like this splinter, rebrand, and resurface – much like ShinyHunters. Even if public operations pause, the risks remain: stolen data can resurface, undetected backdoors may persist, and actors may re-emerge under new names.

Silence from a threat group does not equal safety. Organizations must stay vigilant and operate under the assumption that the threat has not disappeared, only adapted.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Samsung Fixes Critical Zero-Day CVE-2025-21043 Exploited in Android Attacks

Samsung has released its monthly security updates for Android, including a fix for a security vulnerability that it said has been exploited in zero-day attacks. The vulnerability, CVE-2025-21043 (CVSS score: 8.8), concerns an out-of-bounds write that could result in arbitrary code execution. “Out-of-bounds Write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote attackers to execute arbitrary code,” Samsung said in an advisory. “The patch fixed the incorrect implementation.” According to a 2020 report from Google Project Zero, libimagecodec.quram.so is a closed-source image parsing library developed by Quramsoft that implements support for various image formats.

The critical-rated issue, per the South Korean electronics giant, affects Android versions 13, 14, 15, and 16. The vulnerability was privately disclosed to the company on August 13, 2025. Samsung did not share any specifics on how the vulnerability is being exploited in attacks and who may be behind these efforts. However, it acknowledged that “an exploit for this issue has existed in the wild.” The development comes shortly after Google said it resolved two security flaws in Android (CVE-2025-38352 and CVE-2025-48543) that it said have been exploited in targeted attacks.

Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Apple Warns French Users of Fourth Spyware Campaign in 2025, CERT-FR Confirms

Apple has notified users in France of a spyware campaign targeting their devices, according to the Computer Emergency Response Team of France (CERT-FR). The agency said the alerts were sent out on September 3, 2025, making it the fourth time this year that Apple has notified citizens in the county that at least one of the devices linked to their iCloud accounts may have been compromised as part of highly-targeted attacks. The agency did not share further details on what triggered these alerts. Previous threat notifications were sent on March 5, April 29 , and June 25.

Apple has been sending these notices since November 2021. “These complex attacks target individuals for their status or function: journalists, lawyers, activists, politicians, senior officials, members of steering committees of strategic sectors, etc,” CERT-FR said. The development comes less than a month after it emerged that a security flaw in WhatsApp ( CVE-2025-55177 , CVSS score: 5.4) was chained with an Apple iOS bug ( CVE-2025-43300 , CVSS score: 8.8) as part of zero-click attacks. WhatsApp subsequently told The Hacker News that it had sent in-app threat notifications to less than 200 users who may have been targeted as part of the campaign.

It’s not known who, and which commercial spyware vendor, is behind the activity. The disclosure also comes as Apple has introduced a security feature in the latest iPhone models called Memory Integrity Enforcement (MIE) to combat memory corruption vulnerabilities and make it harder for surveillance vendors, who typically rely on such zero-days for planting spyware on a target’s phone. In a report published this week, the Atlantic Council said the number of United States investors in spyware and surveillance technologies jumped from 11 in 2023 to 31 last year, surpassing other major investing countries such as Israel, Italy, and the United Kingdom. Altogether, the study has flagged two holding companies, 55 individuals, 34 investors, eighteen partners, seven subsidiaries, 10 suppliers, and four vendors that established themselves in the last year in the spyware marketplace.

This includes new spyware entities in Japan, Malaysia, and Panama, as well as vendors like Israel’s Bindecy and Italy’s SIO. “The quantity of U.S.-based entities investing in the spyware market is three times greater than in the next three highest countries with the most investors,” the report said , adding “56% of investors are incorporated in Israel, the United States, Italy, and the United Kingdom.” “Resellers and brokers now are key actors in the spyware market – comprising more sample market share than previously demonstrated – and oftentimes are under-observed and not readily addressed in current policy deliberations.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

New HybridPetya Ransomware Bypasses UEFI Secure Boot With CVE-2024-7344 Exploit

Cybersecurity researchers have discovered a new ransomware strain dubbed HybridPetya that resembles the notorious Petya / NotPetya malware, while also incorporating the ability to bypass the Secure Boot mechanism in Unified Extensible Firmware Interface (UEFI) systems using a now-patched vulnerability disclosed earlier this year. Slovakian cybersecurity company ESET said the samples were uploaded to the VirusTotal platform in February 2025. “HybridPetya encrypts the Master File Table , which contains important metadata about all the files on NTFS-formatted partitions,” security researcher Martin Smolár said . “Unlike the original Petya/NotPetya, HybridPetya can compromise modern UEFI-based systems by installing a malicious EFI application onto the EFI System Partition.” In other words, the deployed UEFI application is the central component that takes care of encrypting the Master File Table (MFT) file, which contains metadata related to all the files on the NTFS-formatted partition.

HybridPetya comes with two main components: a bootkit and an installer, with the former appearing in two distinct versions. The bootkit, which is deployed by the installer, is chiefly responsible for loading its configuration and checking its encryption status. It can have three different values - 0 - ready for encryption 1 - already encrypted, and 2 - ransom paid, disk decrypted Should the value be set to 0, it proceeds to set the flag to 1 and encrypts the \EFI\Microsoft\Boot\verify file with the Salsa20 encryption algorithm using the key and nonce specified in the configuration. It also creates a file called “\EFI\Microsoft\Boot\counter” on the EFI System Partition prior to launching the disk encryption process of all NTFS-formatted partitions.

The file is used to keep track of the already encrypted disk clusters. Furthermore, the bootkit updates the fake CHKDSK message displayed on the victim’s screen with information about the current encryption status, while the victim is deceived into thinking that the system is repairing disk errors. If the bootkit detects that the disk is already encrypted (i.e., the flag is set to 1), it serves a ransom note to the victim, demanding them to send $1,000 in Bitcoin to the specified wallet address ( 34UNkKSGZZvf5AYbjkUa2yYYzw89ZLWxu2 ). The wallet is currently empty, although it has received $183.32 between February and May 2025.

The ransom note screen also provides an option for the victim to enter the decryption key purchased from the operator after making the payment, following which the bootkit verifies the key and attempts to decrypt the “EFI\Microsoft\Boot\verify” file. In the event the correct key is entered, the flag value is set to 2 and kicks off the decryption step by reading the contents of the “\EFI\Microsoft\Boot\counter” file. “The decryption stops when the number of decrypted clusters is equal to the value from the counter file,” Smolár said. “During the process of MFT decryption, the bootkit shows the current decryption process status.” The decryption phase also involves the bootkit recovering the legitimate bootloaders – “\EFI\Boot\bootx64.efi” and “\EFI\Microsoft\Boot\bootmgfw.efi” – from the backups previously created during the installation process.

Once this step is complete, the victim is prompted to reboot their Windows machine. It’s worth noting that bootloader changes initiated by the installer during the deployment of the UEFI bootkit component triggers a system crash (aka Blue Screen of Death or BSoD) and ensures that the bootkit binary is executed once the device is turned on. Select variants of HybridPetya, ESET added, have been found to exploit CVE‑2024‑7344 (CVSS score: 6.7), a remote code execution vulnerability in the Howyar Reloader UEFI application (“reloader.efi”, renamed in the artifact as “\EFI\Microsoft\Boot\bootmgfw.efi”) that could result in a Secure Boot bypass. The variant also packs in a specially crafted file named “cloak.dat,” which is loadable through reloader.efi and contains the XORed bootkit binary.

Microsoft has since revoked the old, vulnerable binary as part of its Patch Tuesday update for January 2025 update. “When the reloader.efi binary (deployed as bootmgfw.efi) is executed during boot, it searches for the presence of the cloak.dat file on the EFI System Partition, and loads the embedded UEFI application from the file in a very unsafe way, completely ignoring any integrity checks, thus bypassing UEFI Secure Boot,” ESET said. Another aspect where HybridPetya and NotPetya differ is that, unlike the latter’s destructive capabilities, the newly identified artifact allows the threat actors to reconstruct the decryption key from the victim’s personal installation keys. Telemetry data from ESET indicates no evidence of HybridPetya being used in the wild.

The cybersecurity company also pointed out the recent discovery of a UEFI Petya Proof-of-Concept (PoC) by security researcher Aleksandra “Hasherezade” Doniec, adding it’s possible there could be “some relationship between the two cases.” However, it doesn’t rule out the possibility that HybridPetya may also be a PoC. “HybridPetya is now at least the fourth publicly known example of a real or proof-of-concept UEFI bootkit with UEFI Secure Boot bypass functionality, joining BlackLotus (exploiting CVE‑2022‑21894), BootKitty (exploiting LogoFail), and the Hyper-V Backdoor PoC (exploiting CVE‑2020‑26200),” ESET said. “This shows that Secure Boot bypasses are not just possible – they’re becoming more common and attractive to both researchers and attackers.” UEFI, successor to the Basic Input/Output System (BIOS), is a lucrative target for attackers. Because UEFI runs before a machine’s operating system on startup, malware capable of infecting the boot process allows it to bypass traditional security software , execute malicious code with high-level privileges, and make it extremely stealthy and resilient to removal.

The discovery of HybridPetya comes as security researcher FFRI Security Kazuki Matsuo detailed a technique called Shade BIOS that allows malware to operate completely independent from operating system-level security and perform nefarious actions without hardware dependence at runtime. It has been described as a “pure-BIOS” malware that retains BIOS in memory even after OS boot, allowing UEFI functionality and the use of drivers during runtime – giving it the power to subvert every single type of cybersecurity protection. Shade BIOS “disassociate[s] UEFI malware from OS-level security,” Matsuo said in a Black Hat 2025 presentation last month, and that it doesn’t need to know what device the target is using or implement all driver stack or access I/O directly. Found this article interesting?

Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Critical CVE-2025-5086 in DELMIA Apriso Actively Exploited, CISA Issues Warning

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting Dassault Systèmes DELMIA Apriso Manufacturing Operations Management (MOM) software to its Known Exploited Vulnerabilities ( KEV ) catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2025-5086 , carries a CVSS score of 9.0 out of 10.0. According to Dassault, the issue impacts versions from Release 2020 through Release 2025.

“Dassault Systèmes DELMIA Apriso contains a deserialization of untrusted data vulnerability that could lead to a remote code execution,” the agency said in an advisory. The addition of CVE-2025-5086 to the KEV catalog comes after the SANS Internet Storm Center reported seeing exploitation attempts targeting the flaw that originate from the IP address 156.244.33[.]162 , which geolocates to Mexico. The attacks involve sending an HTTP request to the “/apriso/WebServices/FlexNetOperationsService.svc/Invoke” endpoint with a Base64-encoded payload that decodes to a GZIP-compressed Windows executable (“ fwitxz01.dll “), Johannes B. Ullrich, the dean of research at the SANS Technology Institute, said.

Kaspersky has flagged the DLL as “Trojan.MSIL.Zapchast.gen,” which the company describes as a malicious program designed to electronically spy on a user’s activities, including capturing keyboard input, taking screenshots, and gathering a list of active applications, among others. “The collected information is sent to the cybercriminal by various means, including email, FTP, and HTTP (by sending data in a request),” the Russian cybersecurity vendor added. Zapchast variants, according to Bitdefender and Trend Micro , have been distributed via phishing emails bearing malicious attachments for over a decade. It’s currently not clear if “Trojan.MSIL.Zapchast.gen” is an improved version of the same malware.

In light of active exploitation, Federal Civilian Executive Branch (FCEB) agencies are advised to apply the necessary updates by October 2, 2025, to secure their networks. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Cloud-Native Security in 2025: Why Runtime Visibility Must Take Center Stage

The security landscape for cloud-native applications is undergoing a profound transformation. Containers, Kubernetes, and serverless technologies are now the default for modern enterprises, accelerating delivery but also expanding the attack surface in ways traditional security models can’t keep up with. As adoption grows, so does complexity. Security teams are asked to monitor sprawling hybrid environments, sift through thousands of alerts, and protect dynamic applications that evolve multiple times per day.

The question isn’t just how to detect risks earlier — it’s how to prioritize and respond to what really matters in real time. That’s where cloud-native application protection platforms (CNAPPs) come into play. These platforms consolidate visibility, compliance, detection, and response into a unified system. But in 2025, one capability is proving indispensable: runtime visibility.

The New Center of Gravity: Runtime For years, cloud security has leaned heavily on preventative controls like code scanning, configuration checks, and compliance enforcement. While essential, these measures provide only part of the picture. They identify theoretical risks, but not whether those risks are active and exploitable in production. Runtime visibility fills that gap.

By observing what workloads are actually running — and how they behave — security teams gain the highest fidelity signal for prioritizing threats. Runtime context answers critical questions: Is this vulnerability reachable in a live workload? Is this misconfiguration creating a real attack path? Is this workload being exploited right now?

Without runtime, organizations risk chasing false positives while attackers exploit real weaknesses. With runtime, teams can focus on fixing the issues that matter most, reducing both noise and exposure. From Prevention to Prioritization Modern enterprises face an avalanche of alerts across vulnerability scanners, cloud posture tools, and application security platforms. The volume isn’t just overwhelming — it’s unsustainable.

Analysts often spend more time triaging alerts than actually fixing problems. To be effective, organizations must map vulnerabilities and misconfigurations to: The workloads that are actively running. The business applications they support. The teams responsible for fixing them.

This alignment is critical for bridging the gap between security and development. Developers often see security findings as disruptive, low-context interruptions. Security teams, meanwhile, lack the visibility into ownership and accountability that’s needed to drive remediation. By grounding prioritization in runtime insights, enterprises can ensure that the right teams fix the right problems at the right time.

The Role of AI in Cloud Security Even with better prioritization, the sheer scale and complexity of cloud environments challenge human teams. This is where artificial intelligence is beginning to reshape the CNAPP landscape. AI can help by: Correlating signals across domains. Seemingly unrelated events in logs, network traffic, and workload behavior can reveal emerging attack campaigns.

Reducing false positives. Pattern recognition and large language models can identify which alerts are truly actionable. Accelerating response. Automated reasoning can suggest remediation steps or even take action in low-risk scenarios.

At Sysdig, we’ve seen how AI can serve as a force multiplier for security teams. Our own AI security analyst, Sysdig Sage™, uses multi-step reasoning to analyze complex attack patterns and surface insights that traditional tools miss. For overburdened security operations centers (SOCs), this means faster detection and shorter mean time to resolution (MTTR). The takeaway: AI isn’t replacing security teams, but it is reshaping how they operate — by filtering noise, enriching context, and enabling smarter, faster decisions.

Accountability and Collaboration Another challenge enterprises face is accountability. Security findings are only valuable if they reach the right owner with the right context. Yet in many organizations, vulnerabilities are reported without clarity about which team should fix them. This is why mapping findings back to code artifacts, ownership, and deployment context is critical.

It ensures that vulnerabilities discovered in production can be traced back to the team that introduced them. Security becomes a shared responsibility, not a siloed burden. Partnerships and integrations play a key role here. For example, Sysdig’s collaboration with Semgrep enables organizations to connect runtime vulnerabilities to their originating source code, reducing the back-and-forth between teams and streamlining remediation.

Why Consolidation Is Inevitable Enterprises have long relied on best-of-breed security tools. But in the cloud, fragmentation becomes a liability. Multiple point products generate duplicate findings, lack shared context, and increase operational overhead. CNAPP represents the next stage of consolidation.

By unifying vulnerability management, posture assessment, threat detection, and incident response into a single platform, organizations can: Eliminate silos. Reduce tool sprawl. Gain a single source of truth for cloud risk. And most importantly, they can tie everything back to runtime, ensuring that real-world threats are never lost in the noise.

Preparing for What’s Next The rise of containers and cloud-native applications shows no sign of slowing. In fact, by the end of the decade, containers are expected to power half of all enterprise applications. With this growth comes pressure for security teams to adopt strategies that scale, simplify, and automate. The future of cloud security will be defined by three priorities: Runtime-powered visibility to cut through noise and focus on real risk.

AI-driven assistance to help teams triage, prioritize, and respond at machine speed. Unified platforms that consolidate fragmented tools into a single, contextual view of cloud risk. Enterprises that embrace this model will be positioned to move faster, reduce exposure, and stay ahead of attackers. Those who cling to disconnected tools and reactive processes will find themselves increasingly outpaced.

Secure What Matters, When It Matters The cloud has redefined how businesses build and run applications. It’s now redefining how they must secure them. Runtime visibility, AI-driven prioritization, and unified platforms are no longer optional — they’re essential. At Sysdig , we believe the future of cloud security is rooted in real-time context and collaboration.

By focusing on what’s actively happening in production, organizations can align security and development, reduce false positives, and respond to threats with confidence. The message is clear: stop chasing every alert and start focusing on what matters most. To explore these trends in greater depth, download the full 2025 Gartner® Market Guide for Cloud-Native Application Protection Platforms. Found this article interesting?

This article is a contributed piece from one of our valued partners. Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

A security weakness has been disclosed in the artificial intelligence (AI)-powered code editor Cursor that could trigger code execution when a maliciously crafted repository is opened using the program. The issue stems from the fact that an out-of-the-box security setting is disabled by default, opening the door for attackers to run arbitrary code on users’ computers with their privileges. “Cursor ships with Workspace Trust disabled by default, so VS Code-style tasks configured with runOptions.runOn: ‘folderOpen’ auto-execute the moment a developer browses a project,” Oasis Security said in an analysis. “A malicious .vscode/tasks.json turns a casual ‘open folder’ into silent code execution in the user’s context.” Cursor is an AI-powered fork of Visual Studio Code, which supports a feature called Workspace Trust to allow developers to safely browse and edit code regardless of where it came from or who wrote it.

With this option disabled, an attacker can make available a project in GitHub (or any platform) and include a hidden “autorun” instruction that instructs the IDE to execute a task as soon as a folder is opened, causing malicious code to be executed when the victim attempts to browse the booby-trapped repository in Cursor. “This has the potential to leak sensitive credentials, modify files, or serve as a vector for broader system compromise, placing Cursor users at significant risk from supply chain attacks,” Oasis Security researcher Erez Schwartz said. To counter this threat, users are advised to enable Workplace Trust in Cursor, open untrusted repositories in a different code editor, and audit them before opening them in the tool. The development comes as prompt injections and jailbreaks have emerged as a stealthy and systemic threat plaguing AI-powered coding and reasoning agents like Claude Code, Cline , K2 Think , and Windsurf , allowing threat actors to embed malicious instructions in sneaky ways to trick the systems into performing malicious actions or leaking data from software development environments.

Software supply chain security outfit Checkmarx, in a report last week, revealed how Anthropic’s newly introduced automated security reviews in Claude Code could inadvertently expose projects to security risks, including instructing it to ignore vulnerable code through prompt injections, causing developers to push malicious or insecure code past security reviews. “In this case, a carefully written comment can convince Claude that even plainly dangerous code is completely safe,” the company said . “The end result: a developer – whether malicious or just trying to shut Claude up – can easily trick Claude into thinking a vulnerability is safe.” Another problem is that the AI inspection process also generates and executes test cases, which could lead to a scenario where malicious code is run against production databases if Claude Code isn’t properly sandboxed. The AI company, which also recently launched a new file creation and editing feature in Claude, has warned that the feature carries prompt injection risks due to it running in a “sandboxed computing environment with limited internet access.” Specifically, it’s possible for a bad actor to “inconspicuously” add instructions via external files or websites – aka indirect prompt injection – that trick the chatbot into downloading and running untrusted code or reading sensitive data from a knowledge source connected via the Model Context Protocol ( MCP ).

“This means Claude can be tricked into sending information from its context (e.g., prompts, projects, data via MCP, Google integrations) to malicious third parties,” Anthropic said . “To mitigate these risks, we recommend you monitor Claude while using the feature and stop it if you see it using or accessing data unexpectedly.” That’s not all. Late last month, the company also revealed browser-using AI models like Claude for Chrome can face prompt injection attacks, and that it has implemented several defenses to address the threat and reduce the attack success rate of 23.6% to 11.2%. “New forms of prompt injection attacks are also constantly being developed by malicious actors,” it added .

“By uncovering real-world examples of unsafe behavior and new attack patterns that aren’t present in controlled tests, we’ll teach our models to recognize the attacks and account for the related behaviors, and ensure that safety classifiers will pick up anything that the model itself misses.” At the same time, these tools have also been found susceptible to traditional security vulnerabilities, broadening the attack surface with potential real-world impact - A WebSocket authentication bypass in Claude Code IDE extensions ( CVE-2025-52882 , CVSS score: 8.8) that could have allowed an attacker to connect to a victim’s unauthenticated local WebSocket server simply by luring them to visit a website under their control, enabling remote command execution An SQL injection vulnerability in the Postgres MCP server that could have allowed an attacker to bypass the read-only restriction and execute arbitrary SQL statements A path traversal vulnerability in Microsoft NLWeb that could have allowed a remote attacker to read sensitive files, including system configurations (“/etc/passwd”) and cloud credentials (.env files), using a specially crafted URL An incorrect authorization vulnerability in Lovable (CVE-2025-48757, CVSS score: 9.3) that could have allowed remote unauthenticated attackers to read or write to arbitrary database tables of generated sites Open redirect, stored cross-site scripting (XSS), and sensitive data leakage vulnerabilities in Base44 that could have allowed attackers to access the victim’s apps and development workspace, harvest API keys, inject malicious logic into user-generated applications, and exfiltrate data A vulnerability in Ollama Desktop arising as a result of incomplete cross-origin controls that could have allowed an attacker to stage a drive-by attack, where visiting a malicious website can reconfigure the application’s settings to intercept chats and even alter responses using poisoned models “As AI-driven development accelerates, the most pressing threats are often not exotic AI attacks but failures in classical security controls,” Imperva said. “To protect the growing ecosystem of ‘vibe coding’ platforms, security must be treated as a foundation, not an afterthought.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.