2025-09-18 AI创业新闻

TA558 Uses AI-Generated Scripts to Deploy Venom RAT in Brazil Hotel Attacks

The threat actor known as TA558 has been attributed to a fresh set of attacks delivering various remote access trojans (RATs) like Venom RAT to breach hotels in Brazil and Spanish-speaking markets. Russian cybersecurity vendor Kaspersky is tracking the activity, observed in summer 2025, to a cluster it tracks as RevengeHotels. “The threat actors continue to employ phishing emails with invoice themes to deliver Venom RAT implants via JavaScript loaders and PowerShell downloaders,” the company said . “A significant portion of the initial infector and downloader code in this campaign appears to be generated by large language model (LLM) agents.” The findings demonstrate a new trend among cybercriminal groups to leverage artificial intelligence (AI) to bolster their tradecraft.

Known to be active since at least 2015, RevengeHotels has a history of hospitality, hotel, and travel organizations in Latin America with the goal of installing malware on compromised systems. Early iterations of the threat actor’s campaigns were found to distribute emails with crafted Word, Excel, or PDF documents attached, some of which exploit a known remote code execution flaw in Microsoft Office ( CVE-2017-0199 ) to trigger the deployment of Revenge RAT, NjRAT, NanoCoreRAT, and 888 RAT, as well as a piece of custom malware called ProCC. Subsequent campaigns documented by Proofpoint and Positive Technologies have demonstrated the threat actor’s ability to refine their attack chains to deliver a wide range of RATs such as Agent Tesla, AsyncRAT, FormBook, GuLoader, Loda RAT, LokiBot, Remcos RAT, Snake Keylogger, and Vjw0rm. The main goal of the attacks is to capture credit card data from guests and travelers stored in hotel systems, as well as credit card data received from popular online travel agencies (OTAs) such as Booking.com.

According to Kaspersky, the latest campaigns involve sending phishing emails written in Portuguese and Spanish bearing hotel reservation and job application lures to trick recipients into clicking on fraudulent links, resulting in the download of a WScript JavaScript payload. “The script appears to be generated by a large language model (LLM), as evidenced by its heavily commented code and a format similar to those produced by this type of technology,” the company said. “The primary function of the script is to load subsequent scripts that facilitate the infection.” This includes a PowerShell script, which, in turn, retrieves a downloader named “cargajecerrr.txt” from an external server and runs it via PowerShell. The downloader, as the name implies, fetches two additional payloads: a loader that’s responsible for launching the Venom RAT malware.

Based on the open-source Quasar RAT, Venom RAT is a commercial tool that’s offered for $650 for a lifetime license. A one-month subscription bundling the malware with HVNC and Stealer components, costs $350. The malware is equipped to siphon data, act as a reverse proxy, and features an anti-kill protection mechanism to ensure that it runs uninterrupted. To accomplish this, it modifies the Discretionary Access Control List (DACL) associated with the running process to remove any permissions that could interfere with its functioning, and terminates any running process that matches any of the hard-coded processes.

“The second component of this anti-kill measure involves a thread that runs a continuous loop, checking the list of running processes every 50 milliseconds,” Kaspersky said. “The loop specifically targets those processes commonly used by security analysts and system administrators to monitor host activity or analyze .NET binaries, among other tasks. If the RAT detects any of these processes, it will terminate them without prompting the user.” The anti-kill feature also comes fitted with the ability to set up persistence on the host using Windows Registry modifications and re-run the malware anytime the associated process is not found in the list of running processes. Should the malware be executed with elevated privileges, it proceeds to set the SeDebugPrivilege token and marks itself as a critical system process, thereby allowing it to persist even when there is an attempt to terminate the process.

It also forces the computer’s display to remain on and prevents it from entering sleep mode. Lastly, the Venom RAT artifacts incorporate capabilities to spread via removable USB drives and terminate the process associated with Microsoft Defender Antivirus, as well as tamper with the task scheduler and Registry to disable the security program. “RevengeHotels has significantly enhanced its capabilities, developing new tactics to target the hospitality and tourism sectors,” Kaspersky said. “With the assistance of LLM agents, the group has been able to generate and modify their phishing lures, expanding their attacks to new regions.” Found this article interesting?

Chinese TA415 Uses VS Code Remote Tunnels to Spy on U.S. Economic Policy Experts

A China-aligned threat actor known as TA415 has been attributed to spear-phishing campaigns targeting the U.S. government, think tanks, and academic organizations utilizing U.S.-China economic-themed lures. “In this activity, the group masqueraded as the current Chair of the Select Committee on Strategic Competition between the United States and the Chinese Communist Party (CCP), as well as the U.S.-China Business Council, to target a range of individuals and organizations predominantly focused on U.S.-China relations, trade, and economic policy,” Proofpoint said in an analysis. The enterprise security company said the activity, observed throughout July and August 2025, is likely an effort on part of Chinese state-sponsored threat actors to facilitate intelligence gathering amid ongoing U.S.-China trade talks, adding the hacking group shares overlaps with a threat cluster tracked broadly under the names APT41 and Brass Typhoon (formerly Barium).

The findings come days after the U.S. House Select Committee on China issued an advisory warning of an “ongoing” series of highly targeted cyber espionage campaigns linked to Chinese threat actors, including a campaign that impersonated the Republican Party Congressman John Robert Moolenaar in phishing emails designed to deliver data-stealing malware. The campaign, per Proofpoint, mainly focused on individuals who specialized in international trade, economic policy, and U.S.-China relations, sending them emails spoofing the U.S.-China Business Council that invited them to a supposed closed-door briefing on U.S.-Taiwan and U.S.-China affairs. The messages were sent using the email address “uschina@zohomail[.]com,” while also relying on the Cloudflare WARP VPN service to obfuscate the source of the activity.

They contain links to password-protected archives hosted on public cloud sharing services such as Zoho WorkDrive, Dropbox, and OpenDrive, within which there exists a Windows shortcut (LNK) along with other files in a hidden folder. The primary function of the LNK file is to execute a batch script within the hidden folder, and display a PDF document as a decoy to the user. In the background, the batch script executes an obfuscated Python loader named WhirlCoil that’s also present in the archive. “Earlier variations of this infection chain instead downloaded the WhirlCoil Python loader from a Paste site, such as Pastebin, and the Python package directly from the official Python website,” Proofpoint noted.

The script is also designed to set up a scheduled task, typically named GoogleUpdate or MicrosoftHealthcareMonitorNode, to run the loader every two hours as a form of persistence. It also runs the task with SYSTEM privileges if the user has administrative access to the compromised host. The Python loader subsequently establishes a Visual Studio Code remote tunnel to establish persistent backdoor access and harvests system information and the contents of various user directories. The data and the remote tunnel verification code are sent to a free request logging service (e.g., requestrepo[.]com) in the form of a base64-encoded blob within the body of an HTTP POST request.

It’s worth noting that the infection chain adopted in this campaign has remained largely unchanged from a prior attack sequence targeting organizations in the aerospace, chemicals, insurance, and manufacturing sectors in September 2024 that delivered Visual Studio Code Remote Tunnels via the Python loader. “With this code, the threat actor is then able to authenticate the VS Code Remote Tunnel and remotely access the file system and execute arbitrary commands via the built-in Visual Studio terminal on the targeted host,” Proofpoint said. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

From Quantum Hacks to AI Defenses – Expert Guide to Building Unbreakable Cyber Resilience

Quantum computing and AI working together will bring incredible opportunities. Together, the technologies will help us extend innovation further and faster than ever before. But, imagine the flip side, waking up to news that hackers have used a quantum computer to crack your company’s encryption overnight, exposing your most sensitive data, rendering much of it untrustworthy. And with your sensitive data exposed, where does that leave trust from your customers?

And the cost to mitigate - if that is even possible with your outdated pre-quantum systems? According to IBM, cyber breaches are already hitting businesses with an average of $4.44 million per incident, and as high as $10.22 million in the US, but with quantum and AI working simultaneously, experts warn it could go much higher. In 2025, nearly two-thirds of organizations see quantum computing as the biggest cybersecurity threat looming in the next 3-5 years, while 93% of security leaders are prepping for daily AI-driven attacks. If you’re in tech, finance, healthcare, or any field handling big data, this isn’t sci-fi—it’s the storm brewing right now.

But what if you could get ahead of it? Build reliable systems with multiple layers of protection that keep your operations rock-solid? That’s what our upcoming webinar, “ Building Trust and Resilience for the AI and Quantum 2.0 Era ,” is all about. It’s a panel of top experts diving into the world where quantum meets AI, and how to make your infrastructure unbreakable.

Happening soon—don’t miss out. Sign up for the Webinar now and secure your spot today! The Risk Hiding in Quantum and AI Advances Let’s keep it real: Quantum 2.0 is exploding with cool stuff like super-fast computing, entanglement for instant communication, and sensors that see the unseen. Throw AI into the mix, and it’s optimizing and analyzing everything from quantum systems to drug discovery to evolving everyday tech.

Sounds awesome, right? But here’s the flip side—these technology breakthroughs are also widening the door for cyber bad guys. Quantum computers could render much of today’s encryption useless, while AI makes attacks smarter and faster. Experts warn that AI-powered attacks are already growing in sophistication, and many security leaders believe quantum computing will dramatically increase future risks.

I’ve heard from pros in the field sharing nightmare stories: AI-driven phishing fools 60% of folks, just like old-school tricks, but now it’s GenAI making fakes that look too real. And quantum? It’s not decades away—threats like “harvest now, decrypt later” mean attackers are grabbing encrypted data today, waiting for quantum tech to unlock it. Without the right defenses, sectors like finance and healthcare could face chaos, losing data integrity and facing massive fines.

The good news? Solutions are available now that can protect you for Q-day and today. What You’ll Walk Away With: Simple Steps to Build Resilience In this lively 60-minute panel, you’ll hear from rockstar experts who’ve been shaping this space. They’ll break down the hype and hand you practical ways to protect your world.

No jargon overload—just straight talk on breakthroughs and how to turn them into your advantage. Here’s a taste of what they’ll cover:
The Buzz on Quantum 2.0: Get the lowdown on how quantum computing, sensing, and comms are changing the game—and how AI supercharges it all for smarter systems. Why AI and Quantum Need to Play Nice with Security; Learn why crypto-resilient setups are a must, with tips on aligning innovations without leaving weak spots. Tackling Risks in This New World; Dive into managing threats in AI-quantum mashups, including how to spot and stop emerging dangers before they hit.
Tailored Fixes for Your Industry: Whether you’re in finance, healthcare, or critical infra, grab strategies customized for high-stakes data protection. Your Roadmap from Start to Finish; Walk through planning, consulting, rollout, and ongoing services to make resilience a reality. What Leaders Need to Do Right Now; Key moves for bosses to lock in long-term security and keep things running smoothly. Watch this Webinar Now Meet the Experts Dr.

Michael Eggleston , Data & Devices Group Leader, Nokia Bell Labs: Leading advances in quantum tech and sensing. Dr. Michele Mosca , Co-founder, evolutionQ & Programme Chair of the ETSI-IQC Quantum-Safe Cryptography Conference: Pioneer in quantum-safe crypto. Donna Dodson , Former Chief Cybersecurity Advisor, NIST: Innovator in government cybersecurity.

Bill Genovese , CIO Advisory Partner, Global Quantum Services & Consulting Leader, Kyndryl: Strategist in emerging tech like quantum and AI. Martin Charbonneau , Head of Quantum-Safe Networks, Nokia: Expert in securing networks against quantum threats. Ready to arm yourself with these insights? Sign up for the Webinar now and join the conversation.

With quantum threats ramping up, adversaries using AI for slicker attacks—and reports like the Global Cybersecurity Outlook warning that 47% of orgs fear GenAI-boosted bad guys, waiting it out isn’t an option. Cyber resilience and agility isn’t just nice-to-have; it’s urgent, as quantum tech could reshape cryptography and pose risks sooner than we think. This webinar isn’t fluff—it’s your shield for the AI-quantum era, blending innovation with rock-hard resilience. Seats fill up fast, it’s a quick win for huge peace of mind.

Save your seat now – See you there! Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Rethinking AI Data Security: A Buyer’s Guide

Generative AI has gone from a curiosity to a cornerstone of enterprise productivity in just a few short years. From copilots embedded in office suites to dedicated large language model (LLM) platforms, employees now rely on these tools to code, analyze, draft, and decide. But for CISOs and security architects, the very speed of adoption has created a paradox: the more powerful the tools, the more porous the enterprise boundary becomes. And here’s the counterintuitive part: the biggest risk isn’t that employees are careless with prompts.

It’s that organizations are applying the wrong mental model when evaluating solutions, trying to retrofit legacy controls for a risk surface they were never designed to cover. A new guide ( download here ) tries to bridge that gap. The Hidden Challenge in Today’s Vendor Landscape The AI data security market is already crowded. Every vendor, from traditional DLP to next-gen SSE platforms, is rebranding around “AI security.” On paper, this seems to offer clarity.

In practice, it muddies the waters. The truth is that most legacy architectures, designed for file transfers, email, or network gateways, cannot meaningfully inspect or control what happens when a user pastes sensitive code into a chatbot, or uploads a dataset to a personal AI tool. Evaluating solutions through the lens of yesterday’s risks is what leads many organizations to buy shelfware. This is why the buyer’s journey for AI data security needs to be reframed.

Instead of asking “Which vendor has the most features?” the real question is: Which vendor understands how AI is actually used at the last mile: inside the browser, across sanctioned and unsanctioned tools? The Buyer’s Journey: A Counterintuitive Path Most procurement processes start with visibility. But in AI data security, visibility is not the finish line; it’s the starting point. Discovery will show you the proliferation of AI tools across departments, but the real differentiator is how a solution interprets and enforces policies in real time, without throttling productivity.

The buyer’s journey often follows four stages: Discovery – Identify which AI tools are in use, sanctioned or shadow. Conventional wisdom says this is enough to scope the problem. In reality, discovery without context leads to overestimation of risk and blunt responses (like outright bans). Real-Time Monitoring – Understand how these tools are being used, and what data flows through them.

The surprising insight? Not all AI usage is risky. Without monitoring, you can’t separate harmless drafting from the inadvertent leak of source code. Enforcement – This is where many buyers default to binary thinking: allow or block.

The counterintuitive truth is that the most effective enforcement lives in the gray area—redaction, just-in-time warnings, and conditional approvals. These not only protect data but also educate users in the moment. Architecture Fit – Perhaps the least glamorous but most critical stage. Buyers often overlook deployment complexity, assuming security teams can bolt new agents or proxies onto existing stacks.

In practice, solutions that demand infrastructure change are the ones most likely to stall or get bypassed. What Experienced Buyers Should Really Ask Security leaders know the standard checklist: compliance coverage, identity integration, reporting dashboards. But in AI data security, some of the most important questions are the least obvious: Does the solution work without relying on endpoint agents or network rerouting? Can it enforce policies in unmanaged or BYOD environments, where much shadow AI lives?

Does it offer more than “block” as a control. I.e., can it redact sensitive strings, or warn users contextually? How adaptable is it to new AI tools that haven’t yet been released? These questions cut against the grain of traditional vendor evaluation but reflect the operational reality of AI adoption.

Balancing Security and Productivity: The False Binary One of the most persistent myths is that CISOs must choose between enabling AI innovation and protecting sensitive data. Blocking tools like ChatGPT may satisfy a compliance checklist, but it drives employees to personal devices, where no controls exist. In effect, bans create the very shadow AI problem they were meant to solve. The more sustainable approach is nuanced enforcement: permitting AI usage in sanctioned contexts while intercepting risky behaviors in real time.

In this way, security becomes an enabler of productivity, not its adversary. Technical vs. Non-Technical Considerations While technical fit is paramount, non-technical factors often decide whether an AI data security solution succeeds or fails: Operational Overhead – Can it be deployed in hours, or does it require weeks of endpoint configuration? User Experience – Are controls transparent and minimally disruptive, or do they generate workarounds?

Futureproofing – Does the vendor have a roadmap for adapting to emerging AI tools and compliance regimes, or are you buying a static product in a dynamic field? These considerations are less about “checklists” and more about sustainability—ensuring the solution can scale with both organizational adoption and the broader AI landscape. The Bottom Line Security teams evaluating AI data security solutions face a paradox: the space looks crowded, but true fit-for-purpose options are rare. The buyer’s journey requires more than a feature comparison; it demands rethinking assumptions about visibility, enforcement, and architecture.

The counterintuitive lesson? The best AI security investments aren’t the ones that promise to block everything. They’re the ones that enable your enterprise to harness AI safely, striking a balance between innovation and control. This Buyer’s Guide to AI Data Security distills this complex landscape into a clear, step-by-step framework.

The guide is designed for both technical and economic buyers, walking them through the full journey: from recognizing the unique risks of generative AI to evaluating solutions across discovery, monitoring, enforcement, and deployment. By breaking down the trade-offs, exposing counterintuitive considerations, and providing a practical evaluation checklist, the guide helps security leaders cut through vendor noise and make informed decisions that balance innovation with control. Found this article interesting? This article is a contributed piece from one of our valued partners.

Scattered Spider Resurfaces With Financial Sector Attacks Despite Retirement Claims

Cybersecurity researchers have tied a fresh round of cyber attacks targeting financial services to the notorious cybercrime group known as Scattered Spider , casting doubt on their claims of going “dark.” Threat intelligence firm ReliaQuest said it has observed indications that the threat actor has shifted their focus to the financial sector. This is supported by an increase in lookalike domains potentially linked to the group that are geared towards the industry vertical, as well as a recently identified targeted intrusion against an unnamed U.S. banking organization. “Scattered Spider gained initial access by socially engineering an executive’s account and resetting their password via Azure Active Directory Self-Service Password Management,” the company said .

“From there, they accessed sensitive IT and security documents, moved laterally through the Citrix environment and VPN, and compromised VMware ESXi infrastructure to dump credentials and further infiltrate the network.” To achieve privilege escalation, the attackers reset a Veeam service account password, assigned Azure Global Administrator permissions, and relocated virtual machines to evade detection. There are also signs that Scattered Spider attempted to exfiltrate data from Snowflake, Amazon Web Services (AWS), and other repositories. Exit or Smokescreen? The recent activity undercuts the group’s claims that they were ceasing operations alongside 14 other criminal groups, such as LAPSUS$.

Scattered Spider is the moniker assigned to a loose-knit hacking collective that’s part of a broader online entity called The Com. The group also shares a high degree of overlap with other cybercrime crews like ShinyHunters and LAPSUS$, so much so that the three clusters formed an overarching entity named “scattered LAPSUS$ hunters.” One of these clusters, notably ShinyHunters, has also engaged in extortion efforts after exfiltrating sensitive data from victims’ Salesforce instances. In these cases, the activity took place months after the targets were compromised by another financially motivated hacking group tracked by Google-owned Mandiant as UNC6040 . The incident is a reminder not to be lulled into a false sense of security, ReliaQuest added, urging organizations to stay vigilant against the threat.

As in the case of ransomware groups, there is no such thing as retirement, as it’s very much possible for them to regroup or rebrand under a different alias in the future. “The recent claim that Scattered Spider is retiring should be taken with a significant degree of skepticism,” Karl Sigler, security research manager of SpiderLabs Threat Intelligence at Trustwave, a LevelBlue Company, said. “Rather than a true disbanding, this announcement likely signals a strategic move to distance the group from increasing law enforcement pressure.” Sigler also pointed out that the farewell letter should be viewed as a strategic retreat, allowing the group to reassess its practices, refine its tradecraft, and evade ongoing efforts to put a lid on its activities, not to mention complicate attribution efforts by making it harder to tie future incidents to the same core actors. “It’s plausible that something within the group’s operational infrastructure has been compromised.

Whether through a breached system, an exposed communication channel, or the arrest of lower-tier affiliates, something has likely triggered the group to go dark, at least temporarily. Historically, when cybercriminal groups face heightened scrutiny or suffer internal disruption, they often ‘retire’ in name only, opting instead to pause, regroup, and eventually re-emerge under a new identity.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Weaponized GenAI + Extortion-First Strategies Fueling a New Age of Ransomware

DOJ Resentences BreachForums Founder to 3 Years for Cybercrime and Possession of CSAM

The U.S. Department of Justice (DoJ) on Tuesday resentenced the former administrator of BreachForums to three years in prison in connection with his role in running the cybercrime forum and possessing child sexual abuse material (CSAM). Conor Brian Fitzpatrick (aka Pompompurin), 22, of Peekskill, New York, pleaded guilty to one count of access device conspiracy, one count of access device solicitation, and one count of possession of child sexual abuse material. Fitzpatrick was initially arrested in March 2023 and pleaded guilty later that July.

As part of the plea agreement, Fitzpatrick is also said to have agreed to forfeit over 100 domain names used in the operation of BreachForums, over a dozen electronic devices used to execute the scheme, and cryptocurrency that represented the illicit proceeds of the operation. “Conor Fitzpatrick personally profited from the sale of vast quantities of stolen information, ranging from private personal information to commercial data,” said U.S. Attorney Erik S. Siebert for the Eastern District of Virginia.

“These crimes were so extensive that the damage is difficult to quantify, and the human cost of his collection of child sexual abuse material is incalculable. We will not allow criminals to hide in the darkest corners of the internet and will use all legal means to bring them to justice.” The resentencing comes after the U.S. Court of Appeals for the Fourth Circuit issued an opinion on January 21, 2025, vacating Fitzpatrick’s prior sentence of 17-day time served and remanding the case for resentencing. Fitzpatrick was previously sentenced to time served and 20 years of supervised release for his role as the creator and administrator of BreachForums in January 2024.

BreachForums , launched in March 2022 following the dismantlement of RaidForums by law enforcement, is a criminal marketplace that allows bad actors to buy, sell, and trade stolen data associated with high-profile companies across the world. The forum is estimated to have had 330,000 members at its peak and held more than 14 billion individual records. The hacker market has since been relaunched a number of times despite numerous efforts to shut it down, cropping up under a revolving door of new domains. In July 2024, the whole database of the original BreachForums was leaked online, exposing members’ information.

Then last month, ShinyHunters, which took over the reins after Baphomet’s arrest in 2023, claimed that the notorious cybercrime marketplace had been compromised and was under the control of international law enforcement agencies. As of writing, the copycat forum has gone offline on its latest domain , stating they have “decided to go dark” along with 14 other e-crime groups, including LAPSUS$ and Scattered Spider. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

RaccoonO365 Phishing Network Dismantled as Microsoft, Cloudflare Take Down 338 Domains

Microsoft’s Digital Crimes Unit said it teamed up with Cloudflare to coordinate the seizure of 338 domains used by RaccoonO365 , a financially motivated threat group that was behind a phishing-as-a-service (Phaas) toolkit used to steal more than 5,000 Microsoft 365 credentials from 94 countries since July 2024. “Using a court order granted by the Southern District of New York, the DCU seized 338 websites associated with the popular service, disrupting the operation’s technical infrastructure and cutting off criminals’ access to victims,” Steven Masada, assistant general counsel at DCU, said . “This case shows that cybercriminals don’t need to be sophisticated to cause widespread harm – simple tools like RaccoonO365 make cybercrime accessible to virtually anyone, putting millions of users at risk.” The initial phase of the Cloudflare takedown commenced on September 2, 2025, with additional actions occurring on September 3 and September 4. This included banning all identified domains, placing interstitial “phish warning” pages in front of them, terminating the associated Workers scripts, and suspending the user accounts.

The efforts were completed on September 8. Tracked by the Windows maker under the name Storm-2246, RaccoonO365 is marketed to other cybercriminals under a subscription model, allowing them to mount phishing and credential harvesting attacks at scale with little to no technical expertise. A 30-day plan costs $355, and a 90-day plan is priced at $999. The operators also claim that the tool is hosted on bulletproof virtual private servers with no hidden backdoors (unlike, say, BulletProofLink ), and that it’s “built for serious players only – no low-budget freeloaders.” According to Morado , campaigns using RaccoonO365 have been active since September 2024.

These attacks typically mimic trusted brands like Microsoft, DocuSign, SharePoint, Adobe, and Maersk in fraudulent emails, tricking them into clicking on lookalike pages that are designed to capture victims’ Microsoft 365 usernames and passwords. The phishing emails are often a precursor to malware and ransomware. The most troubling aspect, from a defender’s standpoint, is the use of legitimate tools like Cloudflare Turnstile as a CAPTCHA, as well as implementing bot and automation detection using a Cloudflare Workers script to protect their phishing pages, thereby making sure that only intended targets of the attack can access and interact with them. Earlier this April, the Redmond-based company warned of several phishing campaigns leveraging tax-related themes to deploy malware such as Latrodectus, AHKBot, GuLoader, and BruteRatel C4 (BRc4).

The phishing pages, it added, were delivered via RaccoonO365, with one such campaign attributed to an initial access broker called Storm-0249. The phishing campaigns have targeted over 2,300 organizations in the United States, including at least 20 U.S. healthcare entities. “Using RaccoonO365’s services, customers can input up to 9,000 target email addresses per day and employ sophisticated techniques to circumvent multi-factor authentication protections to steal user credentials and gain persistent access to victims’ systems,” Microsoft said.

“Most recently, the group started advertising a new AI-powered service, RaccoonO365 AI-MailCheck, designed to scale operations and increase the sophistication – and effectiveness – of attacks.” The mastermind behind RaccoonO365 is assessed to be Joshua Ogundipe , an individual based in Nigeria, who, along with his associates, has advertised the tool on an 850-member strong Telegram channel, receiving no less than $100,000 in cryptocurrency payments. The e-crime group is believed to have sold about 100-200 subscriptions, although Microsoft cautioned it’s likely an underestimate. The tech giant said it was able to make the attribution courtesy of an operational security lapse that inadvertently exposed a secret cryptocurrency wallet. Ogundipe and four other co-conspirators currently remain at large, but Microsoft noted that a criminal referral for Ogundipe has been sent to international law enforcement.

Cloudflare, in its own analysis of the PhaaS service, said the takedown of hundreds of domains and Worker accounts is aimed at increasing operational costs and sending a warning to other malicious actors who may abuse its infrastructure for malicious purposes. Since the disruption, the threat actors have announced that they are “scrapping all legacy RaccoonO365 links,” urging their customers who paid for a 1-month subscription to switch to a new plan. The group also said it will compensate those affected by offering “one extra week of subscription” following the upgrade. The “response represents a strategic shift from reactive, single-domain takedowns to a proactive, large-scale disruption aimed at dismantling the actor’s operational infrastructure on our platform,” Cloudflare said.

Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Chaos Mesh Critical GraphQL Flaws Enable RCE and Full Kubernetes Cluster Takeover

Cybersecurity researchers have disclosed multiple critical security vulnerabilities in Chaos Mesh that, if successfully exploited, could lead to cluster takeover in Kubernetes environments. “Attackers need only minimal in-cluster network access to exploit these vulnerabilities, execute the platform’s fault injections (such as shutting down pods or disrupting network communications), and perform further malicious actions, including stealing privileged service account tokens,” JFrog said in a report shared with The Hacker News. Chaos Mesh is an open-source cloud-native Chaos Engineering platform that offers various types of fault simulation and simulates various abnormalities that might occur during the software development lifecycle. The issues, collectively called Chaotic Deputy, are listed below - CVE-2025-59358 (CVSS score: 7.5) - The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster, which provides an API to kill arbitrary processes in any Kubernetes pod, leading to cluster-wide denial-of-service CVE-2025-59359 (CVSS score: 9.8) - The cleanTcs mutation in Chaos Controller Manager is vulnerable to operating system command injection CVE-2025-59360 (CVSS score: 9.8) - The killProcesses mutation in Chaos Controller Manager is vulnerable to operating system command injection CVE-2025-59361 (CVSS score: 9.8) - The cleanIptables mutation in Chaos Controller Manager is vulnerable to operating system command injection An in-cluster attacker, i.e., a threat actor with initial access to the cluster’s network, could chain CVE-2025-59359, CVE-2025-59360, CVE-2025-59361, or with CVE-2025-59358 to perform remote code execution across the cluster, even in the default configuration of Chaos Mesh.

JFrog said the vulnerabilities stem from insufficient authentication mechanisms within the Chaos Controller Manager’s GraphQL server, allowing unauthenticated attackers to run arbitrary commands on the Chaos Daemon, resulting in cluster takeover. Threat actors could then leverage the access to potentially exfiltrate sensitive data, disrupt critical services, or even move laterally across the cluster to escalate privileges. Following responsible disclosure on May 6, 2025, all the identified shortcomings were addressed by Chaos Mesh with the release of version 2.7.3 on August 21. Users are advised to update their installations to the latest version as soon as possible.

If immediate patching is not an option, it’s recommended to restrict network traffic to the Chaos Mesh daemon and API server, and avoid running Chaos Mesh in open or loosely secured environments. “Platforms such as Chaos Mesh give, by design, complete control of the Kubernetes cluster to the platform,” Shachar Menashe, vice president of security research at JFrog, said in a statement shared with The Hacker News. “This flexibility can become a critical risk when vulnerabilities such as Chaotic Deputy are discovered.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

SlopAds Fraud Ring Exploits 224 Android Apps to Drive 2.3 Billion Daily Ad Bids

A massive ad fraud and click fraud operation dubbed SlopAds ran a cluster of 224 apps , collectively attracting 38 million downloads across 228 countries and territories. “These apps deliver their fraud payload using steganography and create hidden WebViews to navigate to threat actor-owned cashout sites, generating fraudulent ad impressions and clicks,” HUMAN’s Satori Threat Intelligence and Research Team said in a report shared with The Hacker News. The name “SlopAds” is a nod to the likely mass-produced nature of the apps and the use of artificial intelligence (AI)-themed services like StableDiffusion, AIGuide, and ChatGLM hosted by the threat actor on the command-and-control (C2) server. The company said the campaign accounted for 2.3 billion bid requests a day at its peak, with traffic from SlopAds apps mainly originating from the U.S.

(30%), India (10%), and Brazil (7%). Google has since removed all the offending apps from the Play Store, effectively disrupting the threat. What makes the activity stand out is that when a SlopAds-associated app is downloaded, it queries a mobile marketing attribution SDK to check if it was downloaded directly from the Play Store (i.e., organically) or if it was the result of a user clicking on an ad that redirected them to the Play Store listing (i.e., non-organically). The fraudulent behavior is initiated only in scenarios where the app was downloaded following an ad click, causing it to download the ad fraud module, FatModule, from the C2 server.

On the other hand, if it was originally installed, the app behaves as advertised on the app store page. “From developing and publishing apps that only commit fraud under certain circumstances to adding layer upon layer of obfuscation, SlopAds reinforces the notion that threats to the digital advertising ecosystem are only growing in sophistication,” HUMAN researchers said. “This tactic creates a more complete feedback loop for the threat actors, triggering fraud only if they have reason to believe the device isn’t being examined by security researchers. It blends malicious traffic into legitimate campaign data, complicating detection.” The FatModule is delivered by means of four PNG image files that conceal the APK, which is then decrypted and reassembled to gather device and browser information, as well as conduct ad fraud using hidden WebViews.

“One cashout mechanism for SlopAds is through HTML5 (H5) game and news websites owned by the threat actors,” HUMAN researchers said. “These game sites show ads frequently, and since the WebView in which the sites are loaded is hidden, the sites can monetize numerous ad impressions and clicks before the WebView closes.” Domains promoting SlopAds apps have been found to link back to another domain, ad2[.]cc, which serves as the Tier-2 C2 server. In all, an estimated 300 domains advertising such apps have been identified. The development comes a little over two months after HUMAN flagged another set of 352 Android apps as part of an ad fraud scheme codenamed IconAds .

“SlopAds highlights the evolving sophistication of mobile ad fraud, including stealthy, conditional fraud execution and rapid scaling capabilities,” Gavin Reid, CISO at HUMAN, said. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

New FileFix Variant Delivers StealC Malware Through Multilingual Phishing Site

Cybersecurity researchers have warned of a new campaign that’s leveraging a variant of the FileFix social engineering tactic to deliver the StealC information stealer malware. “The observed campaign uses a highly convincing, multilingual phishing site (e.g., fake Facebook Security page), with anti-analysis techniques and advanced obfuscation to evade detection,” Acronis security researcher Eliad Kimhy said in a report shared with The Hacker News. At a high level, the attack chain involves the use of FileFix to entice users into launching an initial payload that then proceeds to download seemingly innocuous images containing the malicious components from a Bitbucket repository. This allows the attackers to abuse the trust associated with a legitimate source code hosting platform to bypass detection.

FileFix, first documented by security researcher mrd0x as a proof-of-concept (PoC) in June 2025, is a little different from ClickFix in that it eschews the need for users to launch the Windows Run dialog and paste an already copied obfuscated command to complete bogus CAPTCHA verification checks on phishing pages set up for this purpose. Instead, it leverages a web browser’s file upload feature to deceive users into copying and pasting a command on the File Explorer’s address bar, causing it to be executed locally on the victim’s machine. The attack commences with a phishing site to which the victim is likely redirected from an email message that warns recipients of potential suspension of their Facebook accounts after a week, claiming the shared posts or messages violate its policies. Users are then asked to appeal the decision by clicking on a button.

The phishing page is not only heavily obfuscated, but also resorts to techniques like junk code and fragmentation to hinder analysis efforts. The FileFix attack comes into play once the button is clicked, at which point the victim is displayed a message stating they can access a PDF version of the supposed policy violation by copying and pasting a path to the document in the File Explorer’s address bar. While the path provided in the instruction appears completely harmless, clicking the “Copy” button actually copies a malicious command that’s suffixed with extra spaces, so that only the file path is displayed when pasted into File Explorer upon opening it using the “Open File Explorer” button. This command is a multi-stage PowerShell script that downloads the aforementioned image, decodes it into the next-stage payload, and ultimately runs a Go-based loader that unpacks shellcode responsible for launching StealC .

FileFix also offers a crucial advantage over ClickFix, as it abuses a widely used browser feature as opposed to opening the Run dialog (or the Terminal app in case of Apple macOS), which could be blocked by a system administrator as a security measure. “On the other hand, one of the things that makes ClickFix so challenging to detect in the first place is that it is spawned from Explorer.exe via the run dialog, or directly from a terminal, whereas with FileFix, the payload is executed by the web browser used by the victim, which is far more likely to stand out in an investigation or to a security product,” Acronis said. “The adversary behind this attack demonstrated significant investment in tradecraft, carefully engineering the phishing infrastructure, payload delivery and supporting elements to maximize both evasion and impact.” The disclosure comes as Doppel detailed another campaign that has been observed using a combination of fake support portals, Cloudflare CAPTCHA error pages, and clipboard hijacking – i.e., ClickFix – to socially engineer victims into running malicious PowerShell code that downloads and runs an AutoHotkey (AHK) script. The script is designed to profile the compromised host and deliver additional payloads, including AnyDesk, TeamViewer, information stealers, and clipper malware.

The cybersecurity company said it also observed other variants of the activity where victims are guided to run an MSHTA command pointing to a lookalike Google domain (“wl.google-587262[.]com”), which then retrieves and executes a remote malicious script. “AHK is a Windows-based scripting language originally designed for automating repetitive tasks like keystrokes and mouse clicks,” Doppel security researcher Aarsh Jawa noted . “While it’s long been popular among power users and system admins for its simplicity and flexibility, threat actors began weaponizing AHK around 2019 to create lightweight malware droppers and info-stealers. These malicious scripts often masquerade as benign automation tools or support utilities.” Found this article interesting?

Apple Backports Fix for CVE-2025-43300 Exploited in Sophisticated Spyware Attack

Apple on Monday backported fixes for a recently patched security flaw that has been actively exploited in the wild. The vulnerability in question is CVE-2025-43300 (CVSS score: 8.8), an out-of-bounds write issue in the ImageIO component that could result in memory corruption when processing a malicious image file. “Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals,” the company said. Since then, WhatsApp has acknowledged that a vulnerability in its messaging apps for Apple iOS and macOS (CVE-2025-55177, CVSS score: 5.4) had been chained with CVE-2025-43300 as part of highly-targeted spyware attacks aimed at less than 200 individuals.

While the shortcoming was first addressed by the iPhone maker late last month with the release of iOS 18.6.2 and iPadOS 18.6.2, iPadOS 17.7.10, macOS Ventura 13.7.8, macOS Sonoma 14.7.8, and macOS Sequoia 15.6.1, it has also been released for the following older versions - iOS 16.7.12 and iPadOS 16.7.12

iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation iOS 15.8.5 and iPadOS 15.8.5
iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation) The updates have been rolled out alongside iOS 26, iPadOS 26 , iOS 18.7, iPadOS 18.7 , macOS Tahoe 26 , macOS Sequoia 15.7 , macOS Sonoma 14.8 , tvOS 26 , visionOS 26 , watchOS 26 , Safari 26 , and Xcode 26 , which also address a number of other security flaws - CVE-2025-31255
An authorization vulnerability in IOKit that could allow an app to access sensitive data CVE-2025-43362
A vulnerability in LaunchServices that could allow an app to monitor keystrokes without user permission CVE-2025-43329
A permissions vulnerability in Sandbox that could allow an app to break out of its sandbox CVE-2025-31254
A vulnerability in Safari that could result in unexpected URL redirection when processing maliciously crafted web content CVE-2025-43272
A vulnerability in WebKit that could result in unexpected Safari crash when processing maliciously crafted web content CVE-2025-43285
A permissions vulnerability in AppSandbox that could allow an app to access protected user data CVE-2025-43349
An out-of-bounds write issue in CoreAudio that could result in unexpected app termination when processing a maliciously crafted video file CVE-2025-43316
A permissions vulnerability in DiskArbitration that could allow an app to gain root privileges CVE-2025-43297
A type confusion vulnerability in Power Management that could result in a denial-of-service CVE-2025-43204
A vulnerability in RemoteViewServices that could allow an app to break out of its sandbox CVE-2025-43358
A permissions vulnerability in Shortcuts that could allow a shortcut to bypass sandbox restrictions CVE-2025-43333
A permissions vulnerability in Spotlight that could allow an app to gain root privileges CVE-2025-43304
A race condition vulnerability in StorageKit that could allow an app to gain root privileges CVE-2025-48384
A Git vulnerability in Xcode that could result in remote code execution when cloning a maliciously crafted repository While there is no evidence that any of the aforementioned flaws have been weaponized in real-world attacks, it’s always a good practice to keep systems up-to-date for optimal protection. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Securing the Agentic Era: Introducing Astrix’s AI Agent Control Plane

AI agents are rapidly becoming a core part of the enterprise, being embedded across enterprise workflows, operating with autonomy, and making decisions about which systems to access and how to use them. But as agents grow in power and autonomy, so do the risks and threats. Recent studies show 80% of companies have already experienced unintended AI agent actions, from unauthorized system access to data leaks. These incidents aren’t edge cases.

They are the inevitable outcome of deploying AI agents at scale without purpose-built security mechanisms. Traditional IAM wasn’t designed for this. Agents move too fast, operate 24/7, while relying on non-human identities (NHIs) to define precisely what they can and can’t do. How can organizations possibly secure what they cannot see or control?

To address this challenge, a new approach is needed—one that enables secure-by-design AI agent deployment across the enterprise. Enter: Astrix’s Agent Control Plane (ACP) Astrix’s AI Agent Control Plane (ACP) , is the industry’s first solution designed to deploy secure-by-design AI agents across the enterprise. With ACP, every AI agent receives short-lived, precisely scoped credentials and just-in-time access based on least privilege principles, eliminating access chaos and reducing compliance risk. ACP delivers three core benefits: Audits are fast and predictable – Clear ownership and tracked activity trails ensure every agent action is governed and easy to validate.

Secure access for AI agents – Least-privilege, just-in-time credentials from day one keep access tight and risk low. Developer productivity – Policy-driven, pre-approved access lets developers spin up agents quickly, with streamlined approvals to cut delays and keep work moving. How it works Pre-define policies: Security admins create granular, least-privilege permission profiles tailored to specific AI agent use cases. Deploy agents: Developers launch AI agents from their preferred tools, applying the appropriate pre-approved permission profile.

Centralize control: Once deployed, every agent is visible in Astrix’s inventory with its policies attached, enabling real-time monitoring, management, and adjustments. What changes when you adopt an ACP For security teams: Central visibility of every agent, every permission, and every action. Instant revoke. Evidence on demand.

For developers: A straightforward API or CLI to request policy-compliant access. Guardrails that keep velocity high and risk low. For leadership: Faster time from idea to safely deployed agent, shorter audit cycles, and measurable reduction in incident blast radius. Discover, Secure, and Deploy AI Agents Responsibly With the introduction of ACP , Astrix now delivers the industry’s first end-to-end enterprise solution for AI agent security .

Our Discover–Secure–Deploy framework enables you to gain visibility, establish security guardrails, and confidently deploy agents at scale. Discover : Gain visibility into every AI agent along with its associated NHIs and machine credentials — including API keys, service accounts, secrets, and more. Secure : Identify and remediate excessive privileges, vulnerable configurations, abnormal activity, and policy violations. Deploy : Safely roll out secure-by-design AI agents with Zero Trust access policies, just-in-time credentials, and audit trails enforced through ACP.

This Discover–Secure–Deploy framework helps ensure organizations can unlock the full value of agentic AI — without introducing uncontrolled risk. Conclusion AI agents and NHIs are the fastest-growing blind spot, outnumbering employees 100:1 and falling outside traditional IAM. Astrix enables enterprises to discover every AI agent and NHI, secure excessive privileges and real-time threats, and deploy agentic AI safely with secure-by-design guardrails like just-in-time access — allowing organizations to unlock the full value of agentic AI. Ready to see how you can adopt AI securely and at scale?

Schedule a demo to see Astrix in action. Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.