2025-10-05 AI创业新闻

CometJacking: One Click Can Turn Perplexity’s Comet AI Browser Into a Data Thief

Cybersecurity researchers have disclosed details of a new attack called CometJacking targeting Perplexity’s agentic AI browser Comet by embedding malicious prompts within a seemingly innocuous link to siphon sensitive data, including from connected services, like email and calendar. The sneaky prompt injection attack plays out in the form of a malicious link that, when clicked, triggers the unexpected behavior unbeknownst to the victims. “CometJacking shows how a single, weaponized URL can quietly flip an AI browser from a trusted co-pilot to an insider threat,” Michelle Levy, Head of Security Research at LayerX, said in a statement shared with The Hacker News. “This isn’t just about stealing data; it’s about hijacking the agent that already has the keys.

Our research proves that trivial obfuscation can bypass data exfiltration checks and pull email, calendar, and connector data off-box in one click. AI-native browsers need security-by-design for agent prompts and memory access, not just page content.” The attack, in a nutshell, hijacks the AI assistant embedded in the browser to steal data, all while bypassing Perplexity’s data protections using trivial Base64-encoding tricks. The attack does not include any credential theft component because the browser already has authorized access to Gmail, Calendar, and other connected services. It takes place over five steps, activating when a victim clicks on a specially crafted URL, either sent in a phishing email or present in a web page.

Instead of taking the user to the “intended” destination, the URL instructs the Comet browser’s AI to execute a hidden prompt that captures the user’s data from, say, Gmail, obfuscates it using Base64-encoding, and transmits the information to an endpoint under the attacker’s control. The crafted URL is a query string directed at the Comet AI browser, with the malicious instruction added using the “collection” parameter of the URL, causing the agent to consult its memory rather than perform a live web search. While Perplexity has classified the findings as having “no security impact,” they once again highlight how AI-native tools introduce new security risks that can get around traditional defenses, allow bad actors to commandeer them to do their bidding, and expose users and organizations to potential data theft in the process. In August 2020, Guardio Labs disclosed an attack technique dubbed Scamlexity wherein browsers like Comet could be tricked by threat actors into interacting with phishing landing pages or counterfeit e-commerce storefronts without the human user’s knowledge or intervention.

“AI browsers are the next enterprise battleground,” Or Eshed, CEO of LayerX, said. “When an attacker can direct your assistant with a link, the browser becomes a command-and-control point inside the company perimeter. Organizations must urgently evaluate controls that detect and neutralize malicious agent prompts before these PoCs become widespread campaigns.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Scanning Activity on Palo Alto Networks Portals Jump 500% in One Day

Threat intelligence firm GreyNoise disclosed on Friday that it has observed a spike in scanning activity targeting Palo Alto Networks login portals. The company said it observed a nearly 500% increase in IP addresses scanning Palo Alto Networks login portals on October 3, 2025, the highest level recorded in the last three months. It described the traffic as targeted and structured, and aimed primarily at Palo Alto login portals. As many as 1,300 unique IP addresses have participated in the effort, a significant jump from around 200 unique IP addresses observed before.

Of these IP addresses, 93% are classified as suspicious and 7% as malicious. The vast majority of the IP addresses are geolocated to the U.S., with smaller clusters detected in the U.K., the Netherlands, Canada, and Russia. “This Palo Alto surge shares characteristics with Cisco ASA scanning occurring in the past 48 hours,” GreyNoise noted. “In both cases, the scanners exhibited regional clustering and fingerprinting overlap in the tooling used.” “Both Cisco ASA and Palo Alto login scanning traffic in the past 48 hours share a dominant TLS fingerprint tied to infrastructure in the Netherlands.” In April 2025, GreyNoise reported a similar suspicious login scanning activity targeting Palo Alto Networks PAN-OS GlobalProtect gateways, prompting the network security company to urge customers to ensure that they are running the latest versions of the software.

The development comes as GreyNoise noted in its Early Warning Signals report back in July 2025 that surges in malicious scanning, brute-forcing, or exploit attempts are often followed by the disclosure of a new CVE affecting the same technology within six weeks. In early September, Greynoise warned about suspicious scans that occurred as early as late August, targeting Cisco Adaptive Security Appliance (ASA) devices. The first wave originated from over 25,100 IP addresses, mainly located in Brazil, Argentina, and the U.S. Weeks later, Cisco disclosed two new zero-days in Cisco ASA (CVE-2025-20333 and CVE-2025-20362) that had been exploited in real-world attacks to deploy malware families like RayInitiator and LINE VIPER .

Data from the Shadowserver Foundation shows that over 45,000 Cisco ASA/FTD instances, out of which more than 20,000 are located in the U.S. and about 14,000 are located in Europe, are still susceptible to the two vulnerabilities. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Detour Dog Caught Running DNS-Powered Malware Factory for Strela Stealer

A threat actor named Detour Dog has been outed as powering campaigns distributing an information stealer known as Strela Stealer. That’s according to findings from Infoblox, which found the threat actor to maintain control of domains hosting the first stage of the stealer, a backdoor called StarFish. The DNS threat intelligence firm said it has been tracking Detour Dog since August 2023, when GoDaddy-owned Sucuri disclosed details of attacks targeting WordPress sites to embed malicious JavaScript that used DNS TXT records as a communication channel for a traffic distribution system (TDS), redirecting site visitors to sketchy sites and malware. Traces of the threat actor date back to February 2020.

“While traditionally these redirects led to scams, the malware has evolved recently to execute remote content through the DNS-based command-and-control (C2) system,” Infoblox said . “We are tracking the threat actor who controls this malware as Detour Dog.” Detour Dog-owned infrastructure, per the company, has been used to host StarFish, a simple reverse shell that serves as a conduit for Strela Stealer. In a report published in July 2025, IBM X-Force said the backdoor is delivered by means of malicious SVG files with the goal of enabling persistent access to infected machines. Hive0145 , the threat actor exclusively behind Strela Stealer campaigns since at least 2022, is assessed to be financially motivated and is likely operating as an initial access broker (IAB), acquiring and selling access to compromised systems for profit.

Infoblox’s analysis has revealed that at least 69% of the confirmed StarFish staging hosts were under the control of Detour Dog, and that a MikroTik botnet advertised as REM Proxy – which, in turn, is powered by SystemBC, as uncovered by Lumen’s Black Lotus Labs last month – was also part of the attack chain. Specifically, it has come to light that the spam email messages that distributed Strela Stealer originated from REM Proxy and another botnet dubbed Tofsee, the latter of which has been propagated via a C++-based loader called PrivateLoader in the past. In both cases, Detour Dog infrastructure hosted the first stage of the attack. “The botnets were contracted to deliver the spam messages, and Detour Dog was contracted to deliver the malware,” Dr.

Renée Burton, vice president of threat intelligence at Infoblox, told The Hacker News. What’s more, Detour Dog has been found to facilitate the distribution of the stealer via DNS TXT records, with the threat actor-controlled DNS name servers modified to parse specially formatted DNS queries from the compromised sites and to respond to them with remote code execution commands. Multiple attack vectors utilize Detour Dog-controlled assets Detour Dog’s modus operandi when it comes to acquiring new infrastructure is by exploiting vulnerable WordPress sites to perform malicious code injections, although the company said the methods have since continued to evolve. A notable aspect of the attack is that the compromised website functions normally 90% of the time, thereby raising no red flags and allowing the malware to persist for extended periods of time.

In select instances (about 9%), however, a site visitor is redirected to a scam via Help TDS or Monetizer TDS; in a much rarer scenario (1%), the site receives a remote file execution command. It’s believed that the redirections are limited in a bid to avoid detection. Theorized attack chain utilizing DNS TXT records for C2 The development marks the first time Detour Dog has been spotted distributing malware, a shift from acting as an entity responsible for exclusively forwarding traffic to Los Pollos, a malicious advertising technology company operating under the VexTrio Viper umbrella. “We suspect that they evolved from scams to include malware distribution for financial reasons,” Burton said.

“There has been a great deal of focus in the security industry over the last 12-18 months to stop the type of scams Detour Dog has supported in the past. We believe they were making less money, though we can’t verify that.” Complementing these changes is the fact that the website malware used by Detour Dog has witnessed an evolution of its own, gaining the ability to command infected websites to execute code from remote servers. As of June 2025, the responses have directed the infected site to retrieve the output of PHP scripts from verified Strela Stealer C2 servers to likely distribute the malware – suggesting the dual use of DNS as both a communication channel and a delivery mechanism. “Responses to TXT record queries are Base64-encoded and explicitly include the word ‘down’ to trigger this new action,” the company noted.

“We believe this has created a novel networked malware distribution model using DNS in which the different stages are fetched from different hosts under the threat actor’s control and are relayed back when the user interacts with the campaign lure, for example, the email attachment. “A novel setup like this would allow an attacker to hide their identity behind compromised websites, making their operations more resilient, meanwhile serving to mislead threat hunters because the malware isn’t really where the analyzed attachments indicate the stage is hosted.” The entire sequence of actions unfolds as follows - Victim opens a malicious document, launching an SVG file that reaches out to an infected domain The compromised site sends a TXT record request to the Detour Dog C2 server via DNS The name server responds with a TXT record containing a Strela C2 URL, prefixed with “down” The compromised site removes the down prefix and uses curl to possibly fetch the StarFish downloader from the URL The compromised site acts as a relay to send the downloader to the client (i.e., the victim) The downloader initiates a call to another compromised domain The second compromised domain sends a similar DNS TXT query to the Detour Dog C2 server The Detour Dog name server responds with a new Strela C2 URL, again prefixed with “down” The second compromised domain strips the prefix and sends a curl request to the Strela C2 server to fetch StarFish The second compromised domain acts as a relay to send the malware to the client (i.e., the victim) Infoblox said it worked with the Shadowserver Foundation to sinkhole two of Detour Dog’s C2 domains (webdmonitor[.]io and aeroarrows[.]io) on July 30 and August 6, 2025. The company also pointed out that the threat actor likely functions as a distribution-as-a-service ( DaaS ) provider, adding it found evidence of an “apparently unrelated file” propagated through its infrastructure. However, it noted it “couldn’t validate what was delivered.” Found this article interesting?

How to Remove Otter AI from Your Org

Rhadamanthys Stealer Evolves: Adds Device Fingerprinting, PNG Steganography Payloads

The threat actor behind Rhadamanthys has also advertised two other tools called Elysium Proxy Bot and Crypt Service on their website, even as the flagship information stealer has been updated to support the ability to collect device and web browser fingerprints, among others. “Rhadamanthys was initially promoted through posts on cybercrime forums, but soon it became clear that the author had a more ambitious plan to connect with potential customers and build visibility,” Check Point researcher Aleksandra “Hasherezade” Doniec said in a new report. First advertised by a threat actor named kingcrete2022, Rhadamanthys has emerged as one of the most popular information stealers available under a malware-as-a-service (MaaS) model alongside Lumma, Vidar, StealC, and, more recently, Acreed. The current version of the stealer is 0.9.2.

Over the years, the stealer’s capabilities have extended far beyond simple data collection, representing a comprehensive threat to personal and corporate security. In an analysis of version 0.7.0 of the malware last October, Recorded Future detailed the addition of a new artificial intelligence (AI) feature for optical character recognition (OCR) to capture cryptocurrency wallet seed phrases. The latest findings from Check Point show that the threat actors rebranded themselves as “RHAD security” and “Mythical Origin Labs,” marketing their offerings as “intelligent solutions for innovation and efficiency.” Rhadamanthys is available in three tiered packages, starting from $299 per month for a self-hosted version to $499 per month that comes with additional benefits, including priority technical support, server, and advanced API access. Prospective customers can also purchase an Enterprise plan by directly contacting their sales team.

“The combination of the branding, product portfolio, and pricing structure suggest that the authors treat Rhadamanthys as a long-term business venture rather than a side project,” Hasherezade noted. “For defenders, this professionalization signals that Rhadamanthys with its growing customer base and an expanding ecosystem is likely here to stay, making it important to track not only its malware updates but also the business infrastructure that sustains it.” Like Lumma version 4.0 , Rhadamanthys version 0.9.2 includes a feature to avoid leaking unpacked artifacts by displaying to the user an alert that allows them to finish the execution of the malware without inflicting any harm to the machine on which it’s running. This is done so in an attempt to prevent malware distributors from spreading the initial executable in its plain, unprotected form so as to curtail detection efforts, as well as getting their systems infected in the process. That said, while the alert message may be the same in both the stealers, the implementation is completely different, Check Point said, suggesting “surface-level mimicry.” “In Lumma, opening and reading the file is implemented via raw syscalls, and the message box is executed via NtRaiseHardError,” it noted.

“In Rhadamanthys, raw syscalls aren’t used, and the same message box is displayed by MessageBoxW. Both loaders are obfuscated, but the obfuscation patterns are different.” Other updates to Rhadamanthys concern slight tweaks to the custom XS format used to ship the executable modules, the checks executed to confirm if the malware should continue its execution on the host, and the obfuscated configuration embedded into it. The modifications also extend to obfuscating the names of the modules to fly under the radar. One of the modules, previously referred to as Strategy, is responsible for a series of environment checks to ensure that it’s not running in a sandboxed environment.

Furthermore, it checks running processes against a list of forbidden ones, gets the current wallpaper, and verifies it against a hard-coded one that represents the Triage sandbox. It also runs a check to confirm if the current username matches anything that resembles those used for sandboxes, and compares the machine’s HWID (hardware identifier) against a predefined list, once again to ascertain the presence of a sandbox. It’s only when all these checks are passed that the sample proceeds to establish a connection with a command-and-control (C2) server to fetch the core component of the stealer. The payload is concealed using steganographic techniques, either as a WAV, JPEG, or PNG file, from where it’s extracted, decrypted, and launched.

It’s worth noting that decrypting the package from the PNG requires a shared secret that’s agreed upon during the initial phase of the C2 communication. The stealer module, for its part, is equipped with a built-in Lua runner that serves additional plugins written in the programming language to facilitate data theft and conduct extensive device and browser fingerprinting. “The latest variant represents an evolution rather than a revolution. Analysts should update their config parsers, monitor PNG-based payload delivery, track changes in mutex and bot ID formats, and expect further churn in obfuscation as tooling catches up,” Check Point said.

“Currently, the development is slower and steadier: the core design remains intact, with changes focused on refinements – such as new stealer components, changes in obfuscation, and more advanced customization options.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Researchers Warn of Self-Spreading WhatsApp Malware Named SORVEPOTEL

Brazilian users have emerged as the target of a new self-propagating malware that spreads via the popular messaging app WhatsApp. The campaign, codenamed SORVEPOTEL by Trend Micro, weaponizes the trust with the platform to extend its reach across Windows systems, adding the attack is “engineered for speed and propagation” rather than data theft or ransomware. “SORVEPOTEL has been observed to spread across Windows systems through convincing phishing messages with malicious ZIP file attachments,” researchers Jeffrey Francis Bonaobra, Maristel Policarpio, Sophia Nilette Robles, Cj Arsley Mateo, Jacob Santos, and Paul John Bardon said . “Interestingly, the phishing message that contains the malicious file attachment requires users to open it on a desktop, suggesting that threat actors might be more interested in targeting enterprises rather than consumers.” Once the attachment is opened, the malware automatically propagates via the desktop web version of WhatsApp, ultimately causing the infected accounts to be banned for engaging in excessive spam.

There are no indications that the threat actors have leveraged the access to exfiltrate data or encrypt files. The vast majority of the infections – 457 of the 477 cases – are concentrated in Brazil, with entities in government, public service, manufacturing, technology, education, and construction sectors impacted the most. The starting point of the attack is a phishing message sent from an already compromised contact on WhatsApp to lend it a veneer of credibility. The message contains a ZIP attachment that masquerades as a seemingly harmless receipt or health app-related file.

That said, there is evidence to suggest that the operators behind the campaign have also used emails to distribute the ZIP files from seemingly legitimate email addresses. Should the recipient fall for the trick and open the attachment, they are lured into opening a Windows shortcut (LNK) file that, when launched, silently triggers the execution of a PowerShell script responsible for retrieving the main payload from an external server (e.g., sorvetenopoate[.]com). The downloaded payload is a batch script designed to establish persistence on the host by copying itself to the Windows Startup folder so that it’s automatically launched following a system start. It’s also designed to run a PowerShell command that reaches out to a command-and-control (C2) server to fetch further instructions or additional malicious components.

Central to SORVEPOTEL operations is the WhatsApp-focused propagation mechanism. If the malware detects that WhatsApp Web is active on the infected system, it proceeds to distribute the malicious ZIP file to all contacts and groups associated with the victim’s compromised account, allowing it to spread rapidly. “This automated spreading results in a high volume of spam messages and frequently leads to account suspensions or bans due to violations of WhatsApp’s terms of service,” Trend Micro said. “The SORVEPOTEL campaign demonstrates how threat actors are increasingly leveraging popular communication platforms like WhatsApp to achieve rapid, large-scale malware propagation with minimal user interaction.” Found this article interesting?

[Download Report] State of AI in the SOC 2025: What 280+ Security Leaders Say

Product Walkthrough: How Passwork 7 Addresses Complexity of Enterprise Security

Passwork is positioned as an on-premises unified platform for both password and secrets management, aiming to address the increasing complexity of credential storage and sharing in modern organizations. The platform recently received a major update that reworks all the core mechanics. Passwork 7 introduces significant changes to how credentials are organized, accessed, and managed, reflecting feedback from real-world users. The redesign prioritizes usability and security, with a focus on streamlining workflows and making key features more accessible.

Passwork isn’t trying to reinvent the wheel. Instead, it focuses on solving a very real problem: how do businesses keep credentials organized, secure, and accessible without adding complexity or risk? In this article, we’ll look at what Passwork 7 delivers, how it fits into a business environment, and what makes it different. Below is a walkthrough of its main features and workflows.

Getting started: User experience and onboarding The first thing you notice with Passwork 7 is its new interface that immediately signals its focus on simplicity. The dashboard provides a clear overview of vaults, folders, passwords, and recent activity. The idea is simple: streamline onboarding and avoid distracting users from their core tasks. This approach is especially important in sectors like public service, education, and healthcare, where staff often have limited time or technical expertise.

By reducing the learning curve, Passwork helps organizations roll out secure password management quickly and efficiently, without disrupting daily operations or requiring extensive user education. Search and filtering options are simple, ensuring users can locate the right password without unnecessary complexity. Vaults, folders, and password Passwork 7 uses a hierarchical structure for organizing data: Vaults are the main containers for credentials Folders help organize related passwords within a vault Password cards store individual credentials, including username, password, URL, notes, 2FA codes, and attachments To add a new password, users select the appropriate vault, create a folder (if needed), and fill out a password card with the required details. The system is flexible: organizations can build a structure or hierarchy of vaults and folders to reflect their internal company layout and security requirements.

This approach allows businesses to align credential management with their own processes, whether that means mirroring a strict departmental separation or supporting cross-functional teams. Vault types: Data segmentation Solution introduces a flexible vault architecture designed to improve security and management. Administrators can define custom vault types that align with an organization’s structure, making it easier to control data access across large teams. There are two primary vault categories: User vaults: Private by default, accessible only to their creator.

These can be shared with others as needed. Company vaults: Accessible to the creator and corporate administrators, who are automatically included to maintain oversight. Beyond these standard options, administrators have the ability to set up custom vault types for specific departments or projects — such as IT, finance, or HR. For each vault type, it’s possible to assign designated administrators, configure access levels, and set rules about who can create new vaults of that type.

This approach ensures that department heads or IT leads maintain control over sensitive data, supports granular permission management, and simplifies auditing. Managing access: Roles and groups Access control in Passwork 7 is role-based. Administrators assign roles to users, defining what actions they can take within the system. There’s no limit on the number of roles you can create, so it’s possible to tailor permissions as granularly as needed.

You can grant specific users rights to manage certain roles and groups or access activity logs, give other administrators control over SSO and LDAP settings while blocking access to other system configurations, or create specialized departmental roles with precisely tailored permissions. Groups further streamline permission management: by adding users to a group, they automatically inherit the group’s permissions across relevant vaults and folders — such as viewing, editing, or managing credentials. This structure helps organizations maintain security and compliance by ensuring only authorized users have access to sensitive information. Sharing credentials: Internal and external workflows Passwork offers several methods for sharing credentials: Internal sharing: Credentials can be shared with individuals or groups within the organization (internal sharing system, shortcuts and access sharing).

Permissions (view, edit, manage) are set per user or group. External sharing: Time-limited, secure links can be generated to share passwords with contractors outside the organization. All sharing activities are logged, providing a transparent audit trail for compliance and incident investigation. Password and secrets management: DevOps-ready tools One notable feature is Passwork’s integration of secrets management and a comprehensive API.

Beyond passwords, the platform stores keys, database logins, SSH keys, tokens, and certificates. Secrets can be managed alongside passwords, in dedicated encrypted vaults. In other words, the latest release now combines two fully developed solutions under one roof:
Password manager: A user-friendly interface designed for secure storage and sharing of credentials within a team. Secrets management system: This side caters to developers and administrators, offering programmatic access via REST API, Python connector, CLI, and Docker container.

These tools make it possible to automate secret handling in scripts, services, and DevOps workflows. The Passwork API supports all system actions, providing complete programmatic control over password and secrets management operations. This unified approach simplifies workflows for end-users, IT, and DevOps teams, reducing tool sprawl and centralizing oversight. Secrets are accessible via the web interface, API, CLI, and Python-connector, enabling integration with automated systems.

Security monitoring and incident response Comprehensive logging now provides detailed records of every action and system change, ensuring administrators have complete visibility over the environment. Real-time tracking and instant alerts enable rapid detection of suspicious activity, supporting both security and regulatory compliance requirements. Whether monitoring access attempts, credential updates, or changes in permissions, the system delivers timely, actionable information. Administrators have access to detailed audit logs and a security dashboard.

In the event of a breach or suspicious activity, compromised users can be blocked and credentials rotated. These features support rapid incident response and ongoing risk management. Integration with corporate systems For enterprise environments, Passwork offers SSO and LDAP integration. Users authenticate with existing credentials, and user management synchronizes with Active Directory.

This streamlines onboarding, offboarding, and ongoing access control. Deployment To start with, the system uses a zero-knowledge architecture — credentials aren’t stored on user devices. Instead, everything, including change logs and notes, lives in a dedicated MongoDB instance and is encrypted using end-to-end AES-256. This setup keeps sensitive data out of reach, even from the platform itself.

It supports both single-server and multi-server setups for those needing redundancy or fault tolerance. For everyday use, there’s a browser extension compatible with all major browsers. The mobile app is available for both Android and iOS, so users aren’t tied to their desktops. There’s also a dedicated 2FA app for added authentication, also supporting both platforms.

For organizations with stricter security requirements, there’s the option to switch on client-side encryption right from the start. In practice, this means every piece of data (moving or stored) is locked down using a master password unique to each user. By combining password and secrets management, Passwork can help businesses reduce their total cost of ownership. Conclusion Passwork offers a practical, unified solution for managing both passwords and secrets.

Its emphasis on usability, flexible data organization, and granular access control makes it suitable for diverse environments and businesses of any size. By combining password and secret management in one solution, Passwork streamlines workflows, adapts to internal processes, and simplifies secure collaboration across teams. Passwork has ISO 27001 certification, ensuring compliance with international information security management standards — a critical requirement for organizations operating in regulated industries or handling sensitive data. The platform’s streamlined onboarding and integration capabilities allow organizations to secure sensitive data without disrupting daily operations.

For businesses looking to centralize credential management and improve security posture, Passwork 7 provides a comprehensive toolkit designed for fast, seamless implementation. To learn more or request a free demo, visit passwork.pro . Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

New “Cavalry Werewolf” Attack Hits Russian Agencies with FoalShell and StallionRAT

A threat actor that’s known to share overlaps with a hacking group called YoroTrooper has been observed targeting the Russian public sector with malware families such as FoalShell and StallionRAT. Cybersecurity vendor BI.ZONE is tracking the activity under the moniker Cavalry Werewolf . It’s also assessed to have commonalities with clusters tracked as SturgeonPhisher, Silent Lynx, Comrade Saiga, ShadowSilk, and Tomiris. “In order to gain initial access, the attackers sent out targeted phishing emails disguising them as official correspondence from Kyrgyz government officials,” BI.ZONE said .

“The main targets of the attacks were Russian state agencies, as well as energy, mining, and manufacturing enterprises.” In August 2025, Group-IB revealed attacks mounted by ShadowSilk targeting government entities in Central Asia and Asia-Pacific (APAC), using reverse proxy tools and remote access trojans written in Python and subsequently ported to PowerShell. Cavalry Werewolf’s ties to Tomiris are significant, not least because it further lends credence to a hypothesis that it’s a Kazakhstan-affiliated threat actor. In a report late last year, Microsoft attributed the Tomiris backdoor to a Kazakhstan-based threat actor tracked as Storm-0473. The latest phishing attacks, observed between May and August 2025, involve sending email messages using fake email addresses that impersonate Kyrgyzstan government employees to distribute RAR archives that deliver FoalShell or StallionRAT.

In at least one case, the threat actor is said to have compromised a legitimate email address associated with the Kyrgyz Republic’s regulatory authority to send the messages. FoalShell is a lightweight reverse shell that appears in Go, C++, and C# versions, allowing the operators to run arbitrary commands using cmd.exe. StallionRAT is no different in that it is written in Go, PowerShell, and Python, and enables the attackers to execute arbitrary commands, load additional files, and exfiltrate collected data using a Telegram bot. Some of the commands supported by the bot include - /list, to receive a list of compromised hosts (DeviceID and computer name) connected to the command-and-control (C2) server /go [DeviceID] [command], to execute the given command using Invoke-Expression /upload [DeviceID], to upload a file to the victim’s device Also executed on the compromised hosts are tools like ReverseSocks5Agent and ReverseSocks5, as well as commands to gather device information.

The Russian cybersecurity vendor said it also uncovered various filenames in English and Arabic, suggesting that the targeting focus of Cavalry Werewolf may be broader in scope than previously assumed. “Cavalry Werewolf is actively experimenting with expanding its arsenal,” BI.ZONE said. “This highlights the importance of having quick insights into the tools used by the cluster; otherwise, it would be impossible to maintain up-to-date measures to prevent and detect such attacks.” The disclosure comes as the company disclosed that an analysis of publications on Telegram channels or underground forums by both financially motivated attackers and hacktivists over the past year has identified compromises of at least 500 companies in Russia, most of which spanned commerce, finance, education, and entertainment sectors. “In 86% of cases attackers published data stolen from compromised public‑facing web applications,” it noted .

“After gaining access to the public web application, the attackers installed gs‑netcat on the compromised server to ensure persistent access. Sometimes, the attackers would load additional web shells. They also used legitimate tools such as Adminer, phpMiniAdmin, and mysqldump to extract data from databases.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

CISA Flags Meteobridge CVE-2025-4008 Flaw as Actively Exploited in the Wild

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting Smartbedded Meteobridge to its Known Exploited Vulnerabilities ( KEV ) catalog, citing evidence of active exploitation. The vulnerability, CVE-2025-4008 (CVSS score: 8.7), is a case of command injection in the Meteobridge web interface that could result in code execution. “Smartbedded Meteobridge contains a command injection vulnerability that could allow remote unauthenticated attackers to gain arbitrary command execution with elevated privileges (root) on affected devices,” CISA Said.

According to ONEKEY, which discovered and reported the issue in late February 2025, the Meteobridge web interface lets an administrator manage their weather station data collection and control the system through a web application written in CGI shell scripts and C. Specifically, the web interface exposes a “template.cgi” script through “/cgi-bin/template.cgi,” which is vulnerable to command injection stemming from the insecure use of eval calls, allowing an attacker to supply specially crafted requests to execute arbitrary code - curl -i -u meteobridge: meteobridge
‘https://192.168.88.138/cgi-bin/template.cgi?$(id>/tmp/a)=whatever’ Furthermore, ONEKEY said the vulnerability can be exploited by unauthenticated attackers due to the fact that the CGI script is hosted in a public directory without requiring any authentication. “Remote exploitation through a malicious webpage is also possible since it’s a GET request without any kind of custom header or token parameter,” security researcher Quentin Kaiser noted back in May. “Just send a link to your victim and create img tags with the src set to ‘https://subnet.a/public/template.cgi?templatefile=$(command).’” There are currently no public reports referencing how CVE-2025-4008 is being exploited in the wild.

The vulnerability was addressed in Meteobridge version 6.2, released on May 13, 2025. Also added by CISA to the KEV catalog are four other flaws - CVE-2025-21043 (CVSS score: 8.8) - Samsung mobile devices contain an out-of-bounds write vulnerability in libimagecodec.quram.so that could allow remote attackers to execute arbitrary code. CVE-2017-1000353 (CVSS score: 9.8) - Jenkins contains a deserialization of untrusted data vulnerability that could allow unauthenticated remote code execution, bypassing denylist-based protection mechanisms. CVE-2015-7755 (CVSS score: 9.8) - Juniper ScreenOS contains an improper authentication vulnerability that could allow unauthorized remote administrative access to the device.

CVE-2014-6278 , aka Shellshock (CVSS score: 8.8) - GNU Bash contains an OS command injection vulnerability that could allow remote attackers to execute arbitrary commands via a crafted environment. In light of active exploitation, Federal Civilian Executive Branch (FCEB) agencies are required to apply the necessary updates by October 23, 2025, for optimal protection. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Confucius Hackers Hit Pakistan With New WooperStealer and Anondoor Malware

The threat actor known as Confucius has been attributed to a new phishing campaign that has targeted Pakistan with malware families like WooperStealer and Anondoor. “Over the past decade, Confucius has repeatedly targeted government agencies, military organizations, defense contractors, and critical industries – especially in Pakistan – using spear-phishing and malicious documents as initial access vectors,” Fortinet FortiGuard Labs researcher Cara Lin said . Confucius is a long-running hacking group that’s believed to have been active since 2013 and operating across South Asia. Recent campaigns undertaken by the threat actor have employed a Python-based backdoor called Anondoor, signaling an evolution of the group’s tradecraft and its technical agility.

One of the attack chains documented by Fortinet targeted users in Pakistan sometime in December 2024, tricking recipients into opening a .PPSX file, which then triggers the delivery of WooperStealer using DLL side-loading techniques. A subsequent attack wave observed in March 2025 has been found to employ Windows shortcut (.LNK) files to unleash the malicious WooperStealer DLL, again launched using DLL side-loading, to steal sensitive data from compromised hosts. Another .LNK file spotted in August 2025 also leveraged similar tactics to sideload a rogue DLL, only this time the DLL paves the way for Anondoor, a Python implant that’s designed to exfiltrate device information to an external server and await further tasks to execute commands, take screenshots, enumerate files and directories, and dump passwords from Google Chrome. It’s worth noting that the threat actor’s use of Anondoor was documented in July 2025 by Seebug’s KnownSec 404 Team.

The progression from deploying information stealers to a backdoor is a sign that the threat actor is eyeing a pivot towards long-term monitoring and persistence. “The group has demonstrated strong adaptability, layering obfuscation techniques to evade detection and tailoring its toolset to align with shifting intelligence-gathering priorities,” Fortinet said. “Its recent campaigns not only illustrate Confucius’ persistence but also its ability to pivot rapidly between techniques, infrastructure, and malware families to maintain operational effectiveness.” The disclosure comes as K7 Security Labs detailed an infection sequence associated with the Patchwork group that commences with a malicious macro that’s designed to download a .LNK file containing PowerShell code responsible for downloading additional payloads and leveraging DLL side-loading to launch the primary malware while simultaneously displaying a decoy PDF document. The final payload, for its part, establishes contact with the threat actor’s command-and-control (C2) server, gathers system information, and retrieves an encoded instruction that’s subsequently decrypted for execution using cmd.exe.

It’s also equipped to take screenshots, upload files from the machine, and download files from a remote URL and save them locally in a temporary directory. “The malware waits for a configurable period and retries sending the data up to 20 times, tracking failures to ensure persistent and stealthy data exfiltration without alerting the user or security systems,” the company said . Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Alert: Malicious PyPI Package soopsocks Infects 2,653 Systems Before Takedown

Cybersecurity researchers have flagged a malicious package on the Python Package Index (PyPI) repository that claims to offer the ability to create a SOCKS5 proxy service, while also providing a stealthy backdoor-like functionality to drop additional payloads on Windows systems. The deceptive package, named soopsocks, attracted a total of 2,653 downloads before it was taken down. It was first uploaded by a user named “ soodalpie “ on September 26, 2025, the same date the account was created. “While providing this capability, it exhibits behavior as a backdoor proxy server targeting Windows platforms, using automated installation processes via VBScript or an executable version,” JFrog said in an analysis.

The executable (“_AUTORUN.EXE”) is a compiled Go file that, besides including a SOCKS5 implementation as advertised, is also designed to run PowerShell scripts, set firewall rules, and relaunch itself with elevated permissions. It also carries out basic system and network reconnaissance, including Internet Explorer security settings and Windows installation date, and exfiltrates the information to a hard-coded Discord webhook. “_AUTORUN.VBS,” the Visual Basic Script launched by the Python package in versions 0.2.5 and 0.2.6, is also capable of running a PowerShell script, which then downloads a ZIP file containing the legitimate Python binary from an external domain (“install.soop[.]space:6969”) and generates a batch script that’s configured to install the package using the “pip install” command and run it. The PowerShell script then invokes the batch script, causing the Python package to be executed, which, in turn, elevates itself to run with administrative privileges (if not already), configure firewall rules to allow UDP and TCP communication via port 1080, install as a service, maintain communication with a Discord webhook, and set up persistence on the host using a scheduled task to make sure it automatically starts upon a system reboot.

“soopsocks is a well-designed SOCKS5 proxy with full bootstrap Windows support,” JFrog said. “However, given the way it performs and actions it takes during runtime, it shows signs of malicious activity, such as firewall rules, elevated permissions, various PowerShell commands, and the transfer from simple, configurable Python scripts to a Go executable with hardcoded parameters, version with reconnaissance capabilities to a predetermined Discord webhook.” The disclosure comes as npm package maintainers have raised concerns related to a lack of native 2FA workflows for CI/CD, self-hosted workflow support for trusted publishing, and token management following sweeping changes introduced by GitHub in response to a growing wave of software supply chain attacks, Socket said . Earlier this week, GitHub said it will shortly revoke all legacy tokens for npm publishers and that all granular access tokens for npm will have a default expiration of seven days (down from 30 days) and a maximum expiration of 90 days, which used to be unlimited previously. “Long-lived tokens are a primary vector for supply chain attacks.

When tokens are compromised, shorter lifetimes limit the window of exposure and reduce potential damage,” it said . “This change brings npm in line with security best practices already adopted across the industry.” It also comes as the software supply chain security firm released a free tool called Socket Firewall that blocks malicious packages at install time across npm, Python, and Rust ecosystems, giving developers the ability to safeguard their environments against potential threats. “Socket Firewall isn’t limited to protecting you from problematic top-level dependencies. It will also prevent the package manager from fetching any transitive dependency that is known to be malicious,” the company added .

Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Automating Pentest Delivery: 7 Key Workflows for Maximum Impact

Penetration testing is critical to uncovering real-world security weaknesses. With the shift into continuous testing and validation, it is time we automate the delivery of these results. The way results are delivered hasn’t kept up with today’s fast-moving threat landscape. Too often, findings are packaged into static reports, buried in PDFs or spreadsheets, and handed off manually to already-overloaded IT and engineering teams.

By the time remediation begins, days or even weeks may have passed since the issues were first discovered. As we explored in our recent article on how automation is redefining pentest delivery , static, manual processes no longer cut it. Security teams need faster insights, cleaner handoffs, and more consistent workflows if they want to keep pace with modern exposure management. That’s where automation makes the difference, ensuring findings move seamlessly from discovery to remediation in real time.

Where Should You Start? Knowing automation matters is only the first step. The bigger challenge is understanding where to start. Not every workflow carries equal impact, and trying to automate everything at once can be overwhelming.

This article focuses on the seven key workflows that deliver the greatest immediate value. By automating these first, security teams can accelerate delivery, reduce friction, and build the foundation for a modern, scalable approach to penetration test delivery. Platforms like PlexTrac help automate pentest finding delivery in real time through robust, rule-based workflows. (No waiting for the final report!) 1.

Create Tickets for Remediation When Findings Are Discovered One of the most powerful ways to accelerate penetration test delivery is by integrating findings directly into the tools that engineering and IT teams already use. Instead of manually transcribing vulnerabilities into Jira, ServiceNow, or Azure DevOps, automation can create remediation tickets the moment findings are published. This ensures findings reach the right teams without delay, while eliminating the risk of human error during handoff. For organizations with multiple stakeholders — from internal IT groups to external clients — automated ticketing ensures everyone works within familiar systems, without adding new friction.

The result is faster remediation cycles, bidirectional visibility between teams, and ensuring all findings are tracked and resolved promptly. 2. Auto-Close Informational Findings Not every discovery requires action. Informational findings, while valuable for historical context, can clutter dashboards and distract teams from higher-priority risks.

By automatically closing findings tagged as informational during scan ingestion, organizations can reduce triage noise and keep workflows streamlined. This automation helps security leaders ensure their teams stay focused on what truly matters, while still retaining visibility into lower-level data if needed. It’s a simple but effective way to declutter queues, improve dashboard accuracy, and give teams back valuable time. 3.

Send Real-Time Alerts for Critical Findings Critical vulnerabilities discovered in active environments need immediate attention, often before a report is finalized. With automation, real-time alerts can be pushed directly to communication channels like Slack, Microsoft Teams, email, or even text using custom webhooks based on the severity of the finding. This workflow ensures high-severity issues are escalated instantly, enabling faster response and reducing risk exposure. In many cases, alerts can be paired with auto-ticket creation, sending findings to the right remediation team the moment they’re identified.

This proactive approach helps organizations shorten the time from discovery to mitigation. 4. Request Proofreading of Draft Findings Delivering high-quality penetration tests requires collaboration and potentially multiple levels of review. Instead of sending manual messages asking teammates to review a draft or running into duplicate versioning issues, automation can trigger real-time notifications when findings are ready for proofreading.

This workflow promotes stronger peer review practices, reduces communication overhead, and helps teams scale their quality assurance process without slowing delivery. For junior analysts, it provides a structured way to involve more experienced team members in the editing process, ultimately improving the end deliverable. 5. Send Alerts When Findings Are Ready for Retest Closing the loop on vulnerabilities is just as important as identifying them in the first place.

Retesting is often delayed because communication between testing and remediation teams breaks down. By automating alerts when findings are ready for retest, organizations ensure timely follow-up and avoid SLA misses. This workflow helps teams align more effectively, improves accountability, and reduces the risk of lingering vulnerabilities. It’s a small but high-impact automation that strengthens trust in the overall pentesting process by ensuring that vulnerabilities are truly resolved.

Auto-Assign Findings to Users Based on Role, Team, or Asset Type Findings can quickly get lost in the shuffle if they’re not routed correctly. Manual assignment leads to delays, confusion, and even rework when issues land with the wrong team or individual. Automating assignment rules based on attributes like asset type, vulnerability category, or team role ensures findings are delivered directly to the subject matter experts best equipped to address them.

This targeted delivery not only speeds up triage but also reduces human error and boosts overall efficiency. Whether findings need to go to a specific department, system owner, or regional team, auto-assignment builds clarity into the remediation process and ensures accountability from day one. 7. Send Finding Updates to Client Portals or Alert Clients Directly For service providers, keeping clients informed during and after a pentest is critical for trust and satisfaction.

Instead of relying on periodic emails or manual updates, automation can send findings directly into client-facing portals or dashboards. Clients can also receive real-time alerts for critical issues, ensuring they have immediate visibility into high-severity risks. This creates a bridge between security providers and their clients, enabling faster responses and stronger collaboration so providers can position themselves as trusted partners. PlexTrac supports each of these capabilities through its Workflow Automation Engine.

Explore their Workflow Automation Playbook for deeper guidance on how these automations work together. Automation Amplifies the Impact of Penetration Testers By eliminating repetitive tasks, reducing delays, and ensuring findings reach the right people at the right time, automation frees teams to focus on what matters most: protecting the organization. The seven workflows we’ve outlined are not only practical starting points, but also building blocks for more advanced automation in the future. Whether it’s auto-assigning findings, streamlining retests, or delivering updates directly to stakeholders, each step helps create a more resilient, efficient, and collaborative security practice.

Want to see what automated pentest workflows look like in action? Platforms like PlexTrac help teams unify and accelerate delivery, remediation, and closure in one platform, enabling real-time delivery and standardized workflows across the entire vulnerability lifecycle. Found this article interesting? This article is a contributed piece from one of our valued partners.

ThreatsDay Bulletin: CarPlay Exploit, BYOVD Tactics, SQL C2 Attacks, iCloud Backdoor Demand & More

From unpatched cars to hijacked clouds, this week’s Threatsday headlines remind us of one thing — no corner of technology is safe. Attackers are scanning firewalls for critical flaws, bending vulnerable SQL servers into powerful command centers, and even finding ways to poison Chrome’s settings to sneak in malicious extensions. On the defense side, AI is stepping up to block ransomware in real time, but privacy fights over data access and surveillance are heating up just as fast. It’s a week that shows how wide the battlefield has become — from the apps on our phones to the cars we drive.

Don’t keep this knowledge to yourself: share this bulletin to protect others, and add The Hacker News to your Google News list so you never miss the updates that could make the difference. Claude Now Finds Your Bugs Anthropic Touts Safety Protections Built Into Claude Sonnet 4.6 Anthropic said it has rolled out a number of safety and security improvements to Claude Sonnet 4.5, its latest coding focused model, that make it difficult for bad actors to exploit and secure the system against prompt injection attacks, sycophancy (i.e., the tendency of an AI to echo and validate user beliefs no matter how delusional or harmful they may be), and child safety risks. “Claude’s improved capabilities and our extensive safety training have allowed us to substantially improve the model’s behavior, reducing concerning behaviors like sycophancy, deception, power-seeking, and the tendency to encourage delusional thinking,” the company said . “For the model’s agentic and computer use capabilities, we’ve also made considerable progress on defending against prompt injection attacks, one of the most serious risks for users of these capabilities.” The AI company said the latest model has better defensive cybersecurity abilities, such as vulnerability discovery, patching, and basic penetration testing capabilities.

However, it did acknowledge that these tools could be “dual-use,” meaning they might also potentially be used by malicious actors, as well as cybersecurity professionals. Generative AI systems like those offered by Microsoft and OpenAI are at the forefront of a battle between companies providing sophisticated text and image generation capabilities and malicious actors looking to exploit them. Scan Waves Hint Pre-Exploit Staging Exploit Attempts Target CVE-2024-3400 The SANS Internet Storm Center Security has disclosed its observation of a significant increase in internet-wide scans targeting the critical PAN-OS GlobalProtect vulnerability ( CVE-2024-3400 ). The vulnerability, disclosed last year, is a command injection vulnerability that could be exploited by an unauthenticated attacker to execute arbitrary code with root privileges on susceptible firewalls.

SANS ISC said it has detected specially crafted requests that seek to upload a TXT file and subsequently attempt to retrieve that file via an HTTP GET request. “This will return a ‘403’ error if the file exists, and a ‘404’ error if the upload failed. It will not execute code,” it noted . “The content of the file is a standard Global Protect session file, and will not execute.

A follow-up attack would upload the file to a location that leads to code execution.” In recent weeks, exploit attempts have also been registered against Hikvision cameras susceptible to an older flaw ( CVE-2017-7921 ), SANS ISC said . Open DBs Turn into Persistent Backdoors Microsoft SQL Servers Targeted to Deploy XiebroC2 A sophisticated attack campaign has targeted improperly managed Microsoft SQL servers to deploy the open-source XiebroC2 command-and-control (C2) framework using PowerShell to establish persistent access to compromised systems. The attack leverages vulnerable credentials on publicly accessible database servers, allowing threat actors to obtain an initial foothold and escalate privileges through a tool called JuicyPotato. “XiebroC2 is a C2 framework with open-source code that supports various features such as information collection, remote control, and defense evasion, similar to Cobalt Strike,” AhnLab said .

Vishers Bypass Code—They Hijack Humans Recommendations to Secure Against UNC6040 Google has outlined the various hardening recommendations that organizations can take to safeguard against attacks mounted by UNC6040 , a financially motivated threat cluster that specializes in voice phishing (vishing) campaigns specifically designed to compromise organizations’ Salesforce instances for large-scale data theft and subsequent extortion. Central to the operation involves deceiving victims into authorizing a malicious connected app to their organization’s Salesforce portal. “Over the past several months, UNC6040 has demonstrated repeated success in breaching networks by having its operators impersonate IT support personnel in convincing telephone-based social engineering engagements,” it said . “This approach has proven particularly effective in tricking employees, often within English-speaking branches of multinational corporations, into actions that grant the attackers access or lead to the sharing of sensitive credentials, ultimately facilitating the theft of the organization’s Salesforce data.

In all observed cases, attackers relied on manipulating end users, not exploiting any vulnerability inherent to Salesforce.” Phishers Use Robots.txt to Block Reporters Dozens of Crypto Phishing Pages Flagged Censys said it identified over 60 cryptocurrency phishing pages impersonating popular hardware wallet brands Trezor and Ledger through an analysis of robots.txt files. These sites have an entry in the file: “Disallow: /add_web_phish.php.” “Notably, the actor behind the pages attempted to block popular phishing reporting sites from indexing the pages by including endpoints of the phishing reporting sites in their own robots.txt file,” the company said. The unusual robots.txt pattern has also been discovered on several GitHub repositories, some of which date back to January 2025. “The misuse of robots.txt and the merge conflicts found in multiple READMEs could also suggest that the actor behind these pages is not well-versed in web development practices,” security researcher Emily Austin added .

Drive Pauses Syncs — Buys You Minutes Google Drive Adds AI-Powered Smarts to Block Ransomware Google has announced that it’s updating Google Drive for desktop with AI-powered ransomware detection to automatically stop file syncing and allow users to easily restore files with a few clicks. “Our AI-powered detection in Drive for desktop identifies the core signature of a ransomware attack — an attempt to encrypt or corrupt files en masse — and rapidly intervenes to put a protective bubble around a user’s files by stopping file syncing to the cloud before the ransomware can spread,” Google Cloud said . “The detection engine adapts to novel ransomware by continuously analyzing file changes and incorporating new threat intelligence from VirusTotal. When Drive detects unusual activity that suggests a ransomware attack, it automatically pauses syncing of affected files, helping to prevent widespread data corruption across an organization’s Drive and the disruption of work.” Users subsequently receive an alert on their desktop and via email, guiding them to restore their files.

The real-time ransomware detection capability is built atop a specialized AI model trained on millions of real victim files encrypted by various ransomware strains. Imgur Cuts U.K. Users, Investigation Still Open Imgur Blocks Access to Service in the U.K. Imgur, a popular image hosting platform with more than 130 million users, has blocked access to users in the U.K.

after regulators signalled their intention to impose penalties over concerns around children’s data. The U.K.’s data watchdog, the Information Commissioner’s Office (ICO), said it recently notified the platform’s parent company, MediaLab AI, of plans to fine Imgur after investigating its approach to age checks and handling of children’s personal data. The probe was launched earlier this March . “Imgur’s decision to restrict access in the U.K.

is a commercial decision taken by the company,” the ICO said . “We have been clear that exiting the U.K. does not allow an organisation to avoid responsibility for any prior infringement of data protection law, and our investigation remains ongoing.” In a help page, Imgur confirmed U.K. users will not be able to log in, view content, or upload images.

App Could Collect Data — But Didn’t (Observed) Russia’s MAX App Audited An audit of the Russian government’s new MAX instant messenger mobile app has found no evidence of surveillance beyond accessing features necessary for the app to function. “During two days of observation, no test configurations revealed improper access to the camera, location, microphone, notifications, contacts, photos, and videos,” RKS Global said . “Technically, the application had the ability to collect these data and send them, but experts did not record what happened. After revoking permits, the application does not record attempts to obtain these accesses again through requests or unauthorized.” U.K.

Demands Access — Targets Britons’ Backups U.K. Government Issues New Order to Access iCloud User Data The U.K. government has issued a new request for Apple to provide access to encrypted iCloud user data, this time focusing specifically on the ‌iCloud‌ data of British citizens, according to the Financial Times. The request, issued in early September 2025, has demanded that Apple create a way for officials to access encrypted ‌iCloud‌ backups.

In February, Apple withdrew ‌iCloud‌’s Advanced Data Protection feature in the U.K. Subsequent pushback from civil liberty groups and the U.S. government led to the U.K. apparently abandoning its plans to force Apple to weaken encryption protections and include a backdoor that would have enabled access to the protected data of U.S.

citizens. In late August, the Financial Times also reported that the U.K. government’s secret order was “not limited to” Apple’s ADP feature and included requirements for Apple to “provide and maintain a capability to disclose categories of data stored within a cloud-based backup service,” suggesting that the access was far broader in scope than previously known. Car Hacks Work Remotely — Cars Still Unfixed Apple CarPlay RCE Exploit Left Unpatched in Most Cars Back in April 2025, Oligo Security disclosed a set of flaws in AirPlay called AirBorne (CVE-2025-24252 and CVE-2025-24132) that could be chained together to take over Apple CarPlay, in some cases, without even requiring any user interaction or authentication.

While the underlying technology uses the iAP2 protocol to establish a wireless connection over Bluetooth and negotiate a CarPlay Wi-Fi password to allow an iPhone to connect to the network and initiate screen mirroring, the researcher found that many devices and systems default to a “No-PIN” approach during the Bluetooth pairing phase, making the attacks “frictionless and harder to detect.” This, coupled with the fact that iAP2 does not authenticate the iPhone, meant that an attacker with a Bluetooth radio and a compatible iAP2 client can impersonate an iPhone, request the Wi-Fi credentials, trigger app launches, and issue any arbitrary iAP2 command. From there, attackers can exploit CVE-2025-24132 to achieve remote code execution with root privileges. “Although patches for CVE-2025-24132 were published on April 29, 2025, only a few select vendors actually patched,” Oligo said . “To our knowledge, as of this post, no car manufacturer has applied the patch.” New Rules: Companies Must Stop Hoarding Data Russia Planning to Tighten Data Protection Laws Russia’s Ministry of Digital Development is working on regulations to force companies to restrict the type of data they collect from citizens in the country, in the hopes of minimizing future leaks of confidential data.

“Systems should not process information containing personal data beyond what is necessary to ensure business processes,” said Evgeny Khasin, acting director of the Ministry of Digital Development’s cybersecurity department. “This is because many organizations tend to collect as much data as possible in order to interact with it in some way or use it for their own purposes, while the law stipulates that data should be minimized.” EU Vote Split — Backdoors Lose Key Ally Netherlands Says No to E.U. Chat Control The Dutch government has said it won’t support Denmark’s proposal for an E.U. Chat Control legislation to force tech companies to introduce encryption backdoors so as to scan communications for “abusive material.” The proposal is up for a vote on October 14.

The Electronic Frontier Foundation (EFF) has called the legislative proposal “dangerous” and tantamount to “chat surveillance.” Other E.U. countries that have opposed the controversial legislation include Austria, Czechia, Estonia, Finland, Luxembourg, and Poland. Big Payout — Period Data Traded for Ads Google and Flo Health to Settle Privacy Class Action Lawsuit Google has agreed to pay $48 million, and the menstrual tracking app Flo Health will pay $8 million to resolve a class action lawsuit alleging the app illegally shared people’s health data. Google is expected to set up a $48 million fund for Flo app users who entered information about menstruation or pregnancy from November 2016 until the end of February 2019.

In March 2025, defunct data analytics company Flurry said it would pay $3.5 million for harvesting sexual and reproductive health data from the period tracking app. The complaint, filed in 2021, alleged that Flo used software development kits to allow Google, Meta, and Flurry to intercept users’ communications within the app. our Bot Chats Fuel Targeting — No Opt-Out Meta to Use AI Chats for Facebook, Instagram Ads Meta Platforms said it plans to start using people’s conversations with its AI chatbot to help personalize ads and content. The policy is set to go into effect on December 16, 2025.

It won’t apply to users in the U.K., South Korea, and the European Union, for now. While there is no opt-out mechanism, conversations related to religious or political views, sexual orientation, health, and racial or ethnic origin will be automatically excluded from the company’s personalization efforts. The company said its AI digital assistant now has more than 1 billion active monthly users. Kids’ Data Sold, Fake ‘People’ Messages Used FTC Accuses Sendit of Privacy Violations The Federal Trade Commission (FTC) has sued Sendit’s operating company, Iconic Hearts, and its CEO for “unlawfully collecting personal data from children, misleading users by sending messages from fake ‘people,’ and tricking consumers into purchasing paid subscriptions by falsely promising to reveal the senders of anonymous messages.” The agency said , “Even though it was aware that many users were under 13, Iconic Hearts failed to notify parents that it collected personal information from children, including their phone numbers, birthdates, photos, and usernames for Snapchat, Instagram, TikTok, and other accounts, and did not obtain parents’ verifiable consent to such data collection.” Normal PDFs Turn Into Malware Traps New MatrixPDF Toolkit Turns PDFs into Phishing Lures Threat actors are selling access to MatrixPDF, a tool that lets them alter ordinary PDF files to lures that can redirect users to malware or phishing sites.

“It bundles phishing and malware features into a builder that alters legitimate PDF files with fake secure document prompts, embedded JavaScript actions, content blurring, and redirects,” Varonis said . “To the recipient, the file looks routine, yet opening it and following a prompt or link can result in credential theft or payload delivery.” Edge Will Auto-Revoke Sideloads — Even Offline Microsoft to Add Option to Block Sideloaded Edge Extensions Microsoft said it’s planning to introduce a new Edge security feature that will protect users against malicious extensions sideloaded into the web browser. “Microsoft Edge will detect and revoke malicious sideloaded extensions,” it said. The rollout is expected to start sometime in November 2025.

It did not provide further details on how these dangerous extensions will be identified. Algorithm to be Cloned — China Keeps Stake U.S.-Led Consortium to Takeover TikTok Operations in the Country The U.S. government extended the deadline for ByteDance to divest TikTok’s U.S. operations until December 16, 2025, making it the fourth such extension.

The development came as China said the U.S. spin-off of TikTok will use ByteDance’s Chinese algorithm as part of a U.S.-agreed framework that includes “licensing the algorithm and other intellectual property rights.” The artificial intelligence (AI)-powered algorithm that underpins the app has been a source of concern among national security circles, as it could be manipulated to push Chinese propaganda or polarizing material to users. China has also called the framework deal a “win-win.” Under the framework deal, about 80% of TikTok’s U.S. business would be owned by a joint venture that includes Oracle, Silver Lake Partners, media mogul Rupert Murdoch, and Dell CEO Michael Dell, with ByteDance’s stake dropping below 20% to comply with the national security law.

The divestiture also extends to other applications like Lemon8 and CapCut that are operated by ByteDance. Furthermore, TikTok’s algorithm will be copied and retrained using U.S. user data as part of the deal, with Oracle auditing the recommendation system. The White House has also promised that all U.S.

user data on TikTok will be stored on Oracle servers in the U.S. New Stealer Climbs Fast — Linked to Vidar Acreed Becomes the Third Biggest Infotealer An information stealer known as Acreed is gaining traction among threat actors, with a steady rise in Acreed logs in Russian-speaking forums. The stealer was first advertised on the Russian Market in February 2025 by a user named “Nu####ez” and is assessed to be a private project. As of September 2025, the top five information stealer strains included Rhadamanthys (33%), Lumma (33%), Acreed (17%), Vidar (12%), and StealC (5%).

“At the present time, Acreed is maybe a privately developed project, but our infrastructure analysis shows that it is also integrated in an existing ecosystem that overlaps with Vidar,” Intrinsec said . Forensics Tool Reused to Tunnel and Ransom Warlock Ransomware Actors Use Velociraptor in Attacks Cybersecurity company Sophos said it observed Warlock ransomware actors (aka Storm-2603 or Gold Salem) abusing the legitimate open-source Velociraptor digital forensics and incident response (DFIR) tool to establish a Visual Studio Code network tunnel within the compromised environment. Some of the incidents led to the deployment of the ransomware. Warlock gained prominence in July 2025 after it was found to be one of the first threat actors abusing a set of security flaws in Microsoft SharePoint called ToolShell to infiltrate target networks.

The group has claimed 60 victims as of mid-September 2025, since starting its operations in March, including a Russian company, suggesting that it may be operating from outside the Kremlin. Microsoft has described it with moderate confidence as a China-based threat actor. The group has also been observed weaponizing the ToolShell flaws to drop an ASPX web shell that’s used to download a Golang-based WebSockets server that allows continued access to the compromised server independently of the web shell. Furthermore, Gold Salem has employed the Bring Your Own Vulnerable Driver (BYOVD) technique to bypass security defenses by using a vulnerability ( CVE-2024-51324 ) in the Baidu Antivirus driver BdApiUtil.sys to terminate EDR software.

“The emerging group demonstrates competent tradecraft using a familiar ransomware playbook and hints of ingenuity,” Sophos said . Chat’ Extensions Hijack Searches to Spy Fake Extensions Disguised as AI Tools Threat actors are distributing fake Chrome extensions posing as artificial intelligence (AI) tools like OpenAI ChatGPT, Llama, Perplexity, and Claude. Once installed, the extensions let users type prompts in the Chrome search bar, but will hijack the prompts to redirect queries to attacker-controlled domains and track search activity. The browser add-ons “override the default search engine settings via the chrome_settings_overrides manifest key,” Palo Alto Networks Unit 42 said .

The queries are redirected to domains like chatgptforchrome[.]com, dinershtein[.]com, and gen-ai-search[.]com. Routers Rented Out for Mining and DDoS Botnet Loader Operation Distributes Miner and DDoS Malware A sophisticated operation has been found to break into routers and IoT devices using weak credentials and known security flaws, and rent the compromised devices to other botnet operators. The operation has witnessed a major spike in activity this year, jumping 230% in mid-2025, with the botnet loader-as-a-service infrastructure used to deliver payloads for DDoS and cryptomining botnets like RondoDoX, Mirai, and Morte, per CloudSEK . Trackers Leak IDs — Stalking Made Simple Tile Trackers Expose Users to Stalking Risks Tile location trackers leak sensitive information that can allow threat actors to track a device’s location.

That’s according to researchers from the Georgia Institute of Technology, who reverse-engineered the location-tracking service and found that the devices leak MAC addresses and unique device IDs. An attacker can take advantage of the absence of encryption protections to intercept and collect the information using a simple radio antenna, ultimately enabling them to track all of the company’s customers. “Tile’s servers can persistently learn the location of all users and tags, unprivileged adversaries can track users through Bluetooth advertisements emitted by Tile’s devices, and Tile’s anti-theft mode is easily subverted,” the researchers said in a study. The issues were reported to its parent company Life360 in November 2024, following which it said a “ number of improvements “ were rolled out to address the problem, without specifying what those were.

Quantum-Ready SSH Up 30% — TLS Lags PQC Adoption for SSH Slowly Grows New statistics released by Forescout show that a quarter of all OpenSSH and 8.5% of all SSH servers now support post-quantum cryptography (PQC). In contrast, TLSv1.3 adoption remains at 19% and TLSv1.2 – which does not support PQC – increased from 43% to 46%. The report also found that manufacturing, oil and gas, and mining have the lowest PQC adoption rates, whereas professional and business services have the highest. “The absolute number of servers with PQC support grew from 11.5 million in April to almost 15 million in August, an increase of 30%,” it added .

The relative number grew from 6.2% of total servers to 8.5%. Prefs Can Be Poisoned — Extensions Forced Active New Technique to Load Malicious Chrome Extensions Synacktiv has documented a new technique to programmatically inject and activate Chrome extensions in Chromium-based browsers within Windows domains for malicious purposes by manipulating Chromium internal preference files and their associated JSON MAC property (“super_mac”). The research “highlights the inherent challenge in cryptographically protecting browser-internal secrets like the MAC seed, as any truly robust solution would need to account for diverse operating system-specific security mechanisms (like DPAPI on Windows) without affecting cross-platform compatibility,” the company said . Phish Kits Grab Duo Codes, Then Move Laterally Attackers Steal Duo OTPs to Compromise Higher Ed Accounts An email phishing campaign has been spotted targeting entities in the higher education sector to steal credentials and Cisco Duo one-time passwords (OTPs) with the goal of compromising accounts, exfiltrating data, and launching lateral attacks.

“Targets are funneled to spoofed sign-in portals that perfectly mimic university login pages,” Abnormal AI said . “Then, purpose-built phishing kits harvest both credentials and Duo one-time passwords (OTPs) through seamless multi-step flows. With these details in hand, attackers swiftly hijack accounts, hide their tracks with malicious mailbox rules, and launch lateral phishing campaigns within the same organization.” More than 40 compromised organizations and over 30 targeted universities and colleges have been identified as part of the campaign. Every breach has one thing in common: people.

Whether it’s a tricked employee, a careless click, or a decision to delay a patch — humans shape the outcome. Stay sharp, stay informed, and help others do the same. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.