2025-12-05 AI创业新闻

Silver Fox Uses Fake Microsoft Teams Installer to Spread ValleyRAT Malware in China

The threat actor known as Silver Fox has been spotted orchestrating a false flag operation to mimic a Russian threat group in attacks targeting organizations in China. The search engine optimization (SEO) poisoning campaign leverages Microsoft Teams lures to trick unsuspecting users into downloading a malicious setup file that leads to the deployment of ValleyRAT (Winos 4.0), a known malware associated with the Chinese cybercrime group. The activity has been underway since November 2025. “This campaign targets Chinese-speaking users, including those within Western organizations operating in China, using a modified ‘ValleyRAT’ loader containing Cyrillic elements – likely an intentional move to mislead attribution,” ReliaQuest researcher Hayden Evans said in a report shared with The Hacker News.

ValleyRAT, a variant of Gh0st RAT, allows threat actors to remotely control infected systems, exfiltrate sensitive data, execute arbitrary commands, and maintain long-term persistence within targeted networks. It’s worth noting that the use of Gh0st RAT is primarily attributed to Chinese hacking groups. The use of Teams for the SEO poisoning campaign marks a departure from prior efforts that have leveraged other popular programs like Google Chrome, Telegram, WPS Office, and DeepSeek to activate the infection chain. The SEO campaign is meant to redirect users to a bogus website that features an option to download the supposed Teams software.

In reality, a ZIP file named “MSTчamsSetup.zip” is retrieved from an Alibaba Cloud URL. The archive utilizes Russian linguistic elements to confuse attribution efforts. Present within the file is “Setup.exe,” a trojanized version of Teams that’s engineered to scan running processes for binaries related to 360 Total Security (“360tray.exe”), configure Microsoft Defender Antivirus exclusions, and write the trojanized version of the Microsoft installer (“Verifier.exe”) to the “AppData\Local" path and execute it. The malware proceeds to write additional files, including “AppData\Local\Profiler.json,” “AppData\Roaming\Embarcadero\GPUCache2.xml,” “AppData\Roaming\Embarcadero\GPUCache.xml,” and “AppData\Roaming\Embarcadero\AutoRecoverDat.dll.” In the next step, it loads data from “Profiler.json” and “GPUcache.xml,” and launches the malicious DLL into the memory of “rundll32.exe,” a legitimate Windows process, so as to fly under the radar.

The attack moves to the final stage with the malware establishing a connection to an external server to fetch the final payload to facilitate remote control. “Silver Fox’s objectives include financial gain through theft, scams, and fraud, alongside the collection of sensitive intelligence for geopolitical advantage,” ReliaQuest said. “Targets face immediate risks such as data breaches, financial losses, and compromised systems, while Silver Fox maintains plausible deniability, allowing it to operate discreetly without direct government funding.” The disclosure comes as Nextron Systems highlighted another ValleyRAT attack chain that uses a trojanized Telegram installer as the starting point to kick off a multi-stage process that ultimately delivers the trojan. This attack is also notable for leveraging the Bring Your Own Vulnerable Driver ( BYOVD ) technique to load “NSecKrnl64.sys” and terminate security solution processes.

“This installer sets a dangerous Microsoft Defender exclusion, stages a password-protected archive together with a renamed 7-Zip binary, and then extracts a second-stage executable,” security researcher Maurice Fielenbach said . “That second-stage orchestrator, men.exe, deploys additional components into a folder under the public user profile, manipulates file permissions to resist cleanup, and sets up persistence through a scheduled task that runs an encoded VBE script. This script in turn launches a vulnerable driver loader and a signed binary that sideloads the ValleyRAT DLL.” Men.exe is also responsible for enumerating running processes to identify endpoint security-related processes, as well as loading the vulnerable “NSecKrnl64.sys” driver using “NVIDIA.exe” and executing ValleyRAT. Furthermore, one of the key components dropped by the orchestrator binary is “bypass.exe,” which enables privilege escalation by means of a User Account Control ( UAC ) bypass.

“On the surface, victims see a normal installer,” Fielenbach said. “In the background, the malware stages files, deploys drivers, tampers with defenses, and finally launches a ValleyRat beacon that keeps long-term access to the system.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

ThreatsDay Bulletin: Wi-Fi Hack, npm Worm, DeFi Theft, Phishing Blasts— and 15 More Stories

Think your Wi-Fi is safe? Your coding tools? Or even your favorite financial apps? This week proves again how hackers, companies, and governments are all locked in a nonstop race to outsmart each other.

Here’s a quick rundown of the latest cyber stories that show how fast the game keeps changing. DeFi exploit drains funds Critical yETH Exploit Used to Steal $9M A critical exploit targeting Yearn Finance’s yETH pool on Ethereum has been exploited by unknown threat actors, resulting in the theft of approximately $9 million from the protocol. The attack is said to have abused a flaw in how the protocol manages its internal accounting, stemming from the fact that a cache containing calculated values to save on gas fees was never cleared when the pool was completely emptied. “The attacker achieved this by minting an astronomical number of tokens – 235 septillion yETH (a 41-digit number) – while depositing only 16 wei, worth approximately $0.000000000000000045,” Check Point said .

“This represents one of the most capital-efficient exploits in DeFi history.” Linux malware evolves stealth New Symbiote and BPFDoor Variants Spotted Fortinet said it discovered 151 new samples of BPFDoor and three of Symbiote exploiting extended Berkeley Packet Filters (eBPFs) to enhance stealth through IPv6 support, UDP traffic, and dynamic port hopping for covert command-and-control (C2) communication. In the case of Symbiote, the BPF instructions show the new variant only accepts IPv4 or IPv6 packets for protocols TCP, UDP, and SCTP on non-standard ports 54778, 58870, 59666, 54879, 57987, 64322, 45677, and 63227. Coming to BPFDoor, the newly identified artifacts have been found to support both IPv4 and IPv6, as well as switch to a completely different magic packet mechanism. “Malware authors are enhancing their BPF filters to increase their chances of evading detection.

Symbiote uses port hopping on UDP high ports, and BPFDoor implements IPv6 support,” security researcher Axelle Apvrille said . Phishing blitz blocked Microsoft Blocks Storm-0900 Phishing Campaign Microsoft said it detected and blocked on November 26, 2025, a high-volume phishing campaign from a threat actor named Storm-0900. “The campaign used parking ticket and medical test result themes and referenced Thanksgiving to lend credibility and lower recipients’ suspicion,” it said . “The campaign consisted of tens of thousands of emails and targeted primarily users in the United States.” The URLs redirected to an attacker-controlled landing page that first required users to solve a slider CAPTCHA by clicking and dragging a slider, followed by ClickFix , which tricked users into running a malicious PowerShell script under the guise of completing a verification step.

The end goal of the attacks was to deliver a modular malware known as XWorm that enables remote access, data theft, and deployment of additional payloads. “Storm-0900 is a prolific threat actor that, when active, launches phishing campaigns every week,” Microsoft said. Grant scam hides malware ClickFix Campaign Delivers Stealerium Infostealer A new phishing campaign has been observed distributing bogus emails claiming to be about a professional achievement grant that lures them with supposed monetary grants. “It includes a password-protected ZIP and personalized details to appear legitimate, urging the victim to open the attached ‘secure digital package’ to claim the award, setting up the credential phish and malware chain that follows,” Trustwave said .

The ZIP archive contains an HTML page that’s designed to phish their webmail credentials and exfiltrate it to a Telegram bot. Then a malicious SVG image is used to trigger a PowerShell ClickFix chain that installs the Stealerium infostealer to fix a purported issue with Google Chrome. Russian spies hit NGOs COLDRIVER Targets French NGO Reporters Without Borders A fresh wave of spear-phishing activity linked to the Russia-nexus intrusion set COLDRIVER has targeted non-profit organization Reporters Without Borders (RSF), which was designated as an “undesirable” entity by the Kremlin in August 2025. The attack, observed in March 2025, originated from a Proton Mail address, urging targets to review a malicious document by sharing a link that likely redirected to a Proton Drive URL hosting a PDF file.

In another case targeting a different victim, the PDF came attached to the email message. “The retrieved file is a typical Calisto decoy: it displays an icon and a message claiming that the PDF is encrypted, instructing the user to click a link to open it in Proton Drive,” Sekoia said . “When the user clicks the link, they are first redirected to a Calisto redirector hosted on a compromised website, which then forwards them to the threat actor’s phishing kit.” The redirector is a PHP script deployed on compromised websites, which ultimately takes the victims to an adversary-in-the-middle (AiTM) phishing page that can capture their Proton credentials. Proton has since taken down the attacker-controlled accounts.

Android boosts scam defense Google Expands Android Scam Protection to Cash App, JPMorganChase in U.S. Google has expanded in-call scam protection on Android to Cash App and JPMorganChase in the U.S., after piloting the feature in the U.K., Brazil , and India . “When you launch a participating financial app while screen sharing and on a phone call with a number that is not saved in your contacts, your Android device will automatically warn you about the potential dangers and give you the option to end the call and to stop screen sharing with just one tap,” Google said . “The warning includes a 30-second pause period before you’re able to continue, which helps break the ‘spell’ of the scammer’s social engineering, disrupting the false sense of urgency and panic commonly used to manipulate you into a scam.” The feature is compatible with Android 11+ devices.

Ransomware hides behind packer New TangleCrypt Packer Spotted in the Wild A previously undocumented packer for Windows malware named TangleCrypt has been used in a September 2025 Qilin ransomware attack to conceal malicious payloads like the STONESTOP EDR killer by using the ABYSSWORKER driver as part of a bring your own vulnerable driver (BYOVD) attack to forcefully terminate installed security products on the device. “The payload is stored inside the PE Resources via multiple layers of base64 encoding, LZ78 compression, and XOR encryption,” WithSecure said . “The loader supports two methods of launching the payload: in the same process or in a child process. The chosen method is defined by a string appended to the embedded payload.

To hinder analysis and detection, it uses a few common techniques like string encryption and dynamic import resolving, but all of these were found to be relatively simple to bypass. Although the packer has an overall interesting design, we identified several flaws in the loader implementation that may cause the payload to crash or show other unexpected behaviour.” SSL certificates shorten lifespan Let’s Encrypt to Decrease Certificate Lifetimes to 45 Days Let’s Encrypt has officially announced plans to reduce the maximum validity period of its SSL/TLS certificates from 90 days to 45 days. The transition, which will be completed by 2028, aligns with broader industry shifts mandated by the CA/Browser Forum Baseline Requirements. “Reducing how long certificates are valid for helps improve the security of the internet, by limiting the scope of compromise, and making certificate revocation technologies more efficient,” Let’s Encrypt said .

“We are also reducing the authorization reuse period, which is the length of time after validating domain control that we allow certificates to be issued for that domain. It is currently 30 days, which will be reduced to 7 hours by 2028.” Fake extension drops RATs Malicious VS Code Extension Delivers Anivia Loader and OctoRAT A malicious Visual Studio Code (VS Code) extension named “prettier-vscode-plus” has been published to the official VS Code Marketplace, impersonating the legitimate Prettier formatter. The attack starts with a Visual Basic Script dropper that’s designed to run an embedded PowerShell script to fetch the next-stage payloads. “The extension served as the entry point for a multi-stage malware chain, starting with the Anivia loader, which decrypted and executed further payloads in memory,” Hunt.io said .

“OctoRAT, the third-stage payload dropped by the Anivia loader, provided full remote access, including over 70 commands for surveillance, file theft, remote desktop control, persistence, privilege escalation, and harassment.” Some aspects of the attack were disclosed last month by Checkmarx. Nations issue OT AI guidance Australia, U.S., and Others Release OT AI Security Guidance Cybersecurity and intelligence agencies from Australia, Canada, Germany, the Netherlands, New Zealand, the U.K., and the U.S. have released new guidelines for secure integration of Artificial Intelligence (AI) in Operational Technology (OT) environments. The key principles include educating personnel on AI risks and its impacts, evaluating business cases, implementing governance frameworks to ensure regulatory compliance, and maintaining oversight, keeping safety and security in mind.

“That kind of coordination is rare and signals the importance of this issue,” Floris Dankaart, lead product manager of managed extended detection and response at NCC Group, said. “Equally important, most AI-guidance addresses IT, not OT (the systems that keep power grids, water treatment, and industrial processes running). It’s refreshing and necessary to see regulators acknowledge OT-specific risks and provide actionable principles for integrating AI safely in these environments.” Airports hit by GPS spoofing India Reveals GPS Spoofing at Major Airports The Indian government has revealed that local authorities have detected GPS spoofing and jamming at eight major airports, including those in Delhi, Kolkata, Amritsar, Mumbai, Hyderabad, Bangalore, and Chennai. Civil Aviation Minister Ram Mohan Naidu Kinjarapu, however, did not provide any details on the source of the spoofing and/or jamming, but noted the incidents did not cause any harm.

“To enhance cyber security against global threats, AAI [Airports Authority of India] is implementing advanced cyber security solutions for IT networks and infrastructure,” Naidu said . npm worm leaks secrets Shai-Hulud 2.0 Exposed 400K Secrets The second Shai-Hulud supply chain attack targeting the npm registry exposed around 400,000 unique raw secrets after compromising over 800 packages and publishing stolen data in 30,000 GitHub repositories. Of these, only about 2.5% those are verified. “The dominant infection vector is the @postman/tunnel-agent-0.6.7 package, with @asyncapi/specs-6.8.3 identified as the second-most frequent,” Wiz said .

“These two packages account for over 60% of total infections. PostHog, which provided a detailed postmortem of the incident, is believed to be the ‘patient zero’ of the campaign. The attack stemmed from a flaw in CI/CD workflow configuration that allowed malicious code from a pull request to run with enough privileges to grab high-value secrets. “At this point, it is confirmed that the initial access vector in this incident was abuse of pull_request_target via PWN request,” Wiz added.

The self-replicating worm has been found to steal cloud credentials and use them to “access cloud-native secret management services,” as well as unleash destructive code that wipes user data if the worm is unsuccessful in propagating further. Fake Wi-Fi hacker jailed Perth Hacker Jailed for Running “Evil Twin” Wi-Fi Michael Clapsis, a 44-year-old Australian man, has been sentenced to over seven years in prison for setting up fake Wi-Fi access points to steal personal data. The defendant, who was charged in June 2024, ran fake free Wi-Fi access points at the Perth, Melbourne, and Adelaide airports during multiple domestic flights and at work. He deployed evil twin networks to redirect users to phishing pages and capture credentials, subsequently using the information to access personal accounts and collect intimate photos and videos of women.

Clapsis also hacked his employer in April 2024 and accessed emails between his boss and the police after his arrest. The investigation was launched that month after an airline employee discovered a suspicious Wi-Fi network during a domestic flight. “The man used a portable wireless access device, sometimes known as a Wi-Fi Pineapple, to passively listen for device probe requests,” the Australian Federal Police (AFP) said . “When detecting a request, the Wi-Fi Pineapple instantly creates a matching network with the same name, tricking a device into thinking it is a trusted network.

The device would then connect automatically.” Massive camera hack exposed South Korea Arrests Suspects Behind Massive IP Camera Snooping Authorities in South Korea have arrested four individuals, believed to be working independently, for collectively hacking into more than 120,000 internet protocol cameras. Three of the suspects are said to have taken the footage recorded from private homes and commercial facilities, including a gynaecologist’s clinic , and created hundreds of sexually exploitative materials to sell them to a foreign adult site (referred to as “Site C”). In addition, three individuals who purchased such illegal content from the website have already been arrested and face up to three years in prison. Thousands of secrets exposed Public GitLab Repositories Leak 17K Secrets A scan of about 5.6 million public repositories on GitLab has revealed over 17,000 verified live secrets, according to TruffleHog.

Google Cloud Platform (GCP) credentials were the most leaked secret type on GitLab repositories, followed by MongoDB, Telegram bots, OpenAI, OpenWeather, SendGrid, and Amazon Web Services. The 17,430 leaked secrets belonged to 2804 unique domains, with the earliest valid secret dating back to December 16, 2009. Fake Zendesk sites lure victims Scattered LAPSUS$ Hunters Target Zendesk Users with Fake Domains The cybercriminal alliance known as Scattered LAPSUS$ Hunters has been observed going after Zendesk servers in an effort to steal corporate data they can use for ransom operations. ReliaQuest said it detected more than 40 typosquatted and impersonating domains mimicking Zendesk environments.

“Some of the domains are hosting phishing pages with fake single sign-on (SSO) portals designed to steal credentials and deceive users,” it said . “We also have evidence to suggest that fraudulent tickets are being submitted directly to legitimate Zendesk portals operated by organizations using the platform for customer service. These fake submissions are crafted to target support and help-desk personnel, infecting them with remote access trojans (RATs) and other types of malware.” While the infrastructure patterns point to the notorious cybercrime group, ReliaQuest said that copycats inspired by the group’s success couldn’t be ruled out. AI skills abused for ransomware Weaponizing Claude Skills for MedusaLocker Attack Cato Networks has demonstrated that it’s possible to leverage Anthropic’s Claude Skills , which allows users to create and share custom code modules that expand on the AI chatbot’s capabilities, to execute a MedusaLocker ransomware attack.

The test shows “how a trusted Skill could trigger real ransomware behavior end-to-end under the same approval context,” the company said . “Because Skills can be freely shared through public repositories and social channels, a convincing ‘productivity’ Skill could easily be propagated through social engineering, turning a feature designed to extend your AI’s capabilities into a malware delivery vector.” However, Anthropic has responded to the proof-of-concept (PoC) by stating the feature is by design, adding “Skills are intentionally designed to execute code” and that users are explicitly asked and warned prior to running a skill. Cato Networks has argued that the chief concern revolves around trusting the skill. “Once a Skill is approved, it gains persistent permissions to read/write files, download or execute additional code, and open outbound connections, all without further prompts or visibility,” it noted.

“This creates a consent gap: users approve what they see, but hidden helpers can still perform sensitive actions behind the scenes.” Stego loader hides LokiBot .NET Steganography Loader Drops LokiBot A .NET loader has been observed using steganographic techniques to deliver various remote access trojans like Quasar RAT and LokiBot . The loader, per Splunk, disguises itself as a legitimate business document to trick users into decompressing and opening the file. Once launched, it decrypts and loads an additional module directly into the process’s allocated memory space. LokiBot “primarily targets Windows (and later Android variants), harvesting browser and app credentials, cryptocurrency wallets, and keystrokes, and can provision backdoors for further payloads,” Splunk said.

Iranian malware spreads fast New Nimbus Manticore Malware Detailed Deep Instinct has analyzed a 64-bit binary that’s linked to a hacking group known as Nimbus Manticore . It’s compiled using Microsoft Visual C/C++ and the Microsoft Linker. The malware, besides featuring advanced capabilities to dynamically load additional components at runtime and hide itself from static analysis tools, attempts to move laterally across the network and gain elevated access. “This malware isn’t content to sit on a single compromised machine,” the company said .

“It wants to spread, gain administrative access, and position itself for maximum impact across your infrastructure.” Teams guest access exploited Threat Actors Abuse Teams Guest Access to Drop Quick Assist Threat actors have been found to impersonate IT personnel in social engineering attacks via Microsoft Teams to approach victims and deceive them into installing Quick Assist after providing their credentials on a phishing link shared on the messaging platform. Also executed were commands to conduct reconnaissance, command and control (C2), and data exfiltration, as well as drop what appears to be a Python-compiled infostealer. However, the most notable aspect of the attack is that it leverages Teams’ guest access feature to send invites. “On November 4, 2025, suspicious activity was observed in a customer environment through the Microsoft Teams ‘Chat with Anyone’ feature, which allows direct messaging with external users via email addresses,” CyberProof said .

“An external user (mostafa.s@dhic.edu[.]eg) contacted the user in Teams, claiming to be from IT support.” Stealer updates add Protobufs What’s New in Matanbuchus 3.0? A C++ downloader named Matanbuchus has been used in campaigns distributing the Rhadamanthys information stealer and the NetSupport RAT. First observed in 2020, the malware is mainly designed to download and execute second-stage payloads. Version 3.0 of Matanbuchus was identified in the wild in July 2025.

“In version 3.0, the malware developer added Protocol Buffers (Protobufs) for serializing network communication data,” Zscaler said . “Matanbuchus implements a number of obfuscation techniques to evade detection, such as adding junk code, encrypted strings, and resolving Windows API functions by hash. Additional anti-analysis features include a hardcoded expiration date that prevents Matanbuchus from running indefinitely and establishes persistence via downloaded shellcode that creates a scheduled task.” If there’s one thing these stories show, it’s that cybersecurity never sleeps. The threats might sound technical, but the impact always lands close to home — our money, our data, our trust.

Staying alert and informed isn’t paranoia anymore; it’s just good sense. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

5 Threats That Reshaped Web Security This Year [2025]

As 2025 draws to a close, security professionals face a sobering realization: the traditional playbook for web security has become dangerously obsolete. AI-powered attacks, evolving injection techniques, and supply chain compromises affecting hundreds of thousands of websites forced a fundamental rethink of defensive strategies. Here are the five threats that reshaped web security this year, and why the lessons learned will define digital protection for years to come. 1.

Vibe Coding Natural language coding, “ vibe coding “ , transformed from novelty to production reality in 2025, with nearly 25% of Y Combinator startups using AI to build core codebases. One developer launched a multiplayer flight simulator in under three hours, eventually scaling it to 89,000 players and generating thousands in monthly revenue. The Result Code that functions perfectly yet contains exploitable flaws, bypassing traditional security tools. AI generates what you ask for, not what you forget to ask.

The Damage Production Database Deleted – Replit’s AI assistant wiped Jason Lemkin’s database (1,200 executives, 1,190 companies) despite code freeze orders AI Dev Tools Compromised – Three CVEs exposed critical flaws in popular AI coding assistants: CurXecute (CVE-2025-54135) enabled arbitrary command execution in Cursor, EscapeRoute (CVE-2025-53109) allowed file system access in Anthropic’s MCP server, and (CVE-2025-55284) permitted data exfiltration from Claude Code via DNS-based prompt injection Authentication Bypassed – AI-generated login code skipped input validation, enabling payload injection at a U.S. fintech startup Unsecure code statistics in Vibe coding – 45% of all AI-generated code contains exploitable flaws; 70% Vulnerability Rate in the Java language. Base44 Platform Compromised (July 2025) In July 2025, security researchers discovered a critical authentication bypass vulnerability in Base44, a popular vibe coding platform owned by Wix. The flaw allowed unauthenticated attackers to access any private application on the shared infrastructure, affecting enterprise applications handling PII, HR operations, and internal chatbots.

Wix patched the flaw within 24 hours, but the incident exposed a critical risk: when platform security fails, every application built on top becomes vulnerable simultaneously. The Defense Response Organizations now implement security-first prompting, multi-step validation, and behavioral monitoring that detects unexpected API calls, deviant serialization patterns, or timing vulnerabilities. With the EU AI Act classifying some vibe coding as “high-risk AI systems,” functional correctness no longer guarantees security integrity. 2.

JavaScript Injection In March 2025, 150,000 websites were compromised by a coordinated JavaScript injection campaign promoting Chinese gambling platforms. Attackers injected scripts and iframe elements impersonating legitimate betting sites like Bet365, using full-screen CSS overlays to replace actual web content with malicious landing pages. The campaign’s scale and sophistication demonstrated how lessons from 2024’s Polyfill.io compromise , where a Chinese company weaponized a trusted library affecting 100,000+ sites, including Hulu, Mercedes-Benz, and Warner Bros., had been weaponized into repeatable attack patterns. With 98% of websites using client-side JavaScript, the attack surface has never been larger.

The Impact Even React’s XSS protection failed as attackers exploited prototype pollution, DOM-based XSS, and AI-driven prompt injections. The Damage 150,000+ Sites Compromised – Gambling campaign demonstrated industrial-scale JavaScript injection in 2025 22,254 CVEs Reported – A 30% jump from 2023, exposing massive vulnerability growth 50,000+ Banking Sessions Hijacked – Malware targeted 40+ banks across three continents using real-time page structure detection The Solution Organizations now store raw data and encode by output context: HTML encoding for divs, JavaScript escaping for script tags, URL encoding for links. Behavioral monitoring flags when static libraries suddenly make unauthorized POST requests. Download the 47-page JavaScript injection playbook with framework-specific defenses 3.

Magecart/E-skimming 2.0 Magecart attacks surged 103% in just six months as attackers weaponized supply chain dependencies, according to Recorded Future’s Insikt Group. Unlike traditional breaches that trigger alarms, web skimmers masquerade as legitimate scripts while harvesting payment data in real-time. The Reality Attacks demonstrated alarming sophistication: DOM shadow manipulation, WebSocket connections, and geofencing. One variant went dormant when Chrome DevTools opened.

The Damage Major Brands Compromised – British Airways, Ticketmaster, and Newegg lost millions in fines and reputation damage Modernizr Library Weaponized – Code activated only on payment pages across thousands of websites, invisible to WAFs AI-Powered Selectivity – Attackers profiled browsers for luxury purchases, exfiltrating only high-value transactions cc-analytics Domain Campaign (Sep 2025) Security researchers uncovered a sophisticated Magecart campaign leveraging heavily obfuscated JavaScript to steal payment card data from compromised e-commerce websites, with the malicious infrastructure centered around the domain cc-analytics[.]com has actively been harvesting sensitive customer information for at least one year The Defense Response Organizations discovered CSP provided false confidence; attackers simply compromised whitelisted domains. The solution: validate code by behavior, not source. PCI DSS 4.0.1 Section 6.4.3 now requires continuous monitoring of all scripts accessing payment data, with compliance mandatory from March 2025. 4.

AI Supply Chain Attacks Malicious package uploads to open-source repositories jumped 156% in 2025 as attackers weaponized AI. Traditional attacks meant stolen credentials. New threats introduced polymorphic malware that rewrites itself with each instance and context-aware code that detects sandboxes. The Consequence AI-generated variants mutate daily, rendering signature-based detection useless.

IBM’s 2025 report showed breaches take 276 days to identify and 73 days to contain. The Damage Solana Web3.js Backdoor – Hackers drained $160,000–$190,000 in cryptocurrency during a five-hour window 156% Surge in Malicious Packages – Semantically camouflaged with documentation and unit tests to appear legitimate 276-Day Detection Window – AI-generated polymorphic malware evades traditional security scanning The Shai-Hulud Worm (Sep-Dec 2025) Self-replicating malware used AI-generated bash scripts (identified by comments and emojis) to compromise 500+ npm packages and 25,000+ GitHub repositories in 72 hours. The attack weaponized AI command-line tools for reconnaissance and was designed to evade AI-based security analysis – both ChatGPT and Gemini incorrectly classified the malicious payloads as safe. The worm harvested credentials from developer environments and automatically published trojanized versions using stolen tokens, turning CI/CD pipelines into distribution mechanisms.

The Counter-Measures Organizations deployed AI-specific detection, behavioral provenance analysis, zero-trust runtime defense, and “proof of humanity” verification for contributors. The EU AI Act added penalties up to €35 million or 7% of global revenue. 5. Web Privacy Validation Research revealed that 70% of top US websites drop advertising cookies even when users opt out, exposing organizations to compliance failures and reputational damage.

Periodic audits and static cookie banners couldn’t keep pace with “privacy drift.” The Problem Marketing pixels collect unauthorized IDs, third-party code tracks outside stated policies, and consent mechanisms break after updates, all silently. The Damage €4.5 Million Fine for Retailer – Loyalty program script sent customer emails to external domains for four months undetected HIPAA Violations at Hospital Network – Third-party analytics scripts silently collected patient data without consent 70% Cookie Non-Compliance – Top US websites ignore user opt-out preferences, contradicting privacy claims Capital One Tracking Pixels (March 2025) The federal court ruled that Meta Pixel, Google Analytics, and Tealium’s sharing of credit card application status, employment details, and bank account information constituted “data exfiltration” under CCPA. The March 2025 decision expanded liability beyond traditional breaches, exposing companies to $100-$750 per incident (CCPA) plus $5,000 per incident (CIPA wiretap violations), turning routine tracking into litigation risk equivalent to security breaches. The Defense Response: Continuous web privacy validation became the solution: agentless monitoring ensuring real-world activity aligns with declared policies through data mapping, instant alerts, and fix verification.

Only 20% of companies felt confident in compliance at the year’s start; those implementing continuous monitoring simplified audits and integrated privacy into security workflows. Download the CISO’s Expert Guide to Web Privacy Validation with vendor-specific recommendations here . The Path Forward: Proactive Security in an AI-Driven World These five threats share a common thread: reactive security has become a liability. The lesson of 2025 is clear: by the time you detect a problem with traditional methods, you’ve already been compromised.

Organizations thriving in this landscape share three characteristics: They assume breach as the default state. Rather than preventing all intrusions, they focus on rapid detection and containment, understanding that perfect prevention is impossible. They embrace continuous validation. Successful security programs operate in constant vigilance mode rather than periodic audit cycles.

They treat AI as both a tool and threat. The same technology that generates vulnerabilities can power defensive systems. Deploying AI-aware security to detect AI-generated threats has moved from experimental to essential. Your 2026 Security Readiness Checklist Security teams should prioritize these five validations: Inventory third-party dependencies – Map every external script, library, and API endpoint in production.

Unknown code is an unmonitored risk. Implement behavioral monitoring – Deploy runtime detection that flags anomalous data flows, unauthorized API calls, and unexpected code execution. Audit AI-generated code – Treat all LLM-generated code as untrusted input. Require security review, secrets scanning, and penetration testing before deployment.

Validate privacy controls in production – Test cookie consent, data collection boundaries, and third-party tracking in live environments, not just staging. Establish continuous validation – Move from quarterly audits to real-time monitoring with automated alerting. The question isn’t whether to adopt these security paradigms but how quickly organizations can implement them. The threats that reshaped web security in 2025 aren’t temporary disruptions – they’re the foundation for years to come.

The organizations that act now will define the security standards; those that hesitate will scramble to catch up. Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

GoldFactory Hits Southeast Asia with Modified Banking Apps Driving 11,000+ Infections

Cybercriminals associated with a financially motivated group known as GoldFactory have been observed staging a fresh round of attacks targeting mobile users in Indonesia, Thailand, and Vietnam by impersonating government services. The activity , observed since October 2024, involves distributing modified banking applications that act as a conduit for Android malware, Group-IB said in a technical report published Wednesday. Assessed to be active as far back as June 2023, GoldFactory first gained attention early last year, when the Singapore-headquartered cybersecurity company detailed the threat actor’s use of custom malware families like GoldPickaxe, GoldDigger, and GoldDiggerPlus targeting both Android and iOS devices. Evidence points to GoldFactory being a well-organized Chinese-speaking cybercrime group with close connections to Gigabud , another Android malware that was spotted in mid-2023.

Despite major disparities in their codebases, both GoldDigger and Gigabud have been found to share similarities in their impersonation targets and landing pages. The first cases in the latest attack wave were detected in Thailand, with the threat subsequently appearing in Vietnam by late 2024 and early 2025 and in Indonesia from mid-2025 onwards. Group-IB said it has identified more than 300 unique samples of modified banking applications that have led to almost 2,200 infections in Indonesia. Further investigation has uncovered over 3,000 artifacts that it said led to no less than 11,000 infections.

About 63% of the altered banking apps cater to the Indonesian market. The infection chains, in a nutshell, involve the impersonation of government entities and trusted local brands and approaching prospective targets over the phone to trick them into installing malware by instructing them to click on a link sent on messaging apps like Zalo. In at least one case documented by Group-IB, fraudsters posed as Vietnam’s public power company EVN and urged victims to pay overdue electricity bills or risk facing immediate suspension of the service. During the call, the threat actors are said to have asked the victims to add them on Zalo so as to receive a link to download an app and link their accounts.

The links redirect the victims to fake landing pages that masquerade as Google Play Store app listings, resulting in the deployment of a remote access trojan like Gigabud, MMRat, or Remo, which surfaced earlier this year using the same tactics as GoldFactory. These droppers then pave the way for the main payload that abuses Android’s accessibility services to facilitate remote control. “The malware […] is based on the original mobile banking applications,” researchers Andrey Polovinkin, Sharmine Low, Ha Thi Thu Nguyen, and Pavel Naumov said. “It operates by injecting malicious code into only a portion of the application, allowing the original application to retain its normal functionality.

The functionality of injected malicious modules can differ from one target to another, but mainly it bypasses the original application’s security features.” Specifically, it works by hooking into the application’s logic to execute the malware. Three different malware families have been discovered based on the frameworks used in the modified applications to perform runtime hooking: FriHook, SkyHook, and PineHook. Regardless of these differences, the functionality of the modules overlaps, making it possible to - Hide the list of applications that have accessibility services enabled Prevent screencast detection Spoof the signature of an Android application Hide the installation source Implement custom integrity token providers, and Obtain the victims’ balance account While SkyHook makes use of the publicly available Dobby framework to execute the hooks, FriHook employs a Frida gadget that’s injected into the legitimate banking application. PineHook, as the name implies, utilizes a Java-based hooking framework called Pine .

Group-IB said its analysis of the malicious infrastructure erected by GoldFactory also uncovered a pre-release testing build of a new Android malware variant dubbed Gigaflower that’s likely a successor to the Gigabud malware. It supports around 48 commands to enable real-time screen and device activity streaming using WebRTC; weaponize accessibility services for keylogging, reading user interface content, and performing gestures; serve fake screens to mimic system updates, PIN prompts, and account registration to harvest personal information, and extract data from images associated with identification cards using a built-in text recognition algorithm. Also currently in the works is a QR code scanner feature that attempts to read the QR code on Vietnamese identity cards, likely with the goal of simplifying the process of capturing the details. Interestingly, GoldFactory appears to have ditched its bespoke iOS trojan in favor of an unusual approach that now instructs victims to borrow an Android device from a family member or relative to continue the process.

It’s currently not clear what prompted the shift, but it’s believed that it’s due to stricter security measures and app store moderation on iOS. “While earlier campaigns focused on exploiting KYC processes, recent activity shows direct patching of legitimate banking applications to commit fraud,” the researchers said. “The use of legitimate frameworks such as Frida, Dobby, and Pine to modify trusted banking applications demonstrates a sophisticated yet low-cost approach that allows cybercriminals to bypass traditional detection and rapidly scale their operation.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Record 29.7 Tbps DDoS Attack Linked to AISURU Botnet with up to 4 Million Infected Hosts

Cloudflare on Wednesday said it detected and mitigated the largest ever distributed denial-of-service (DDoS) attack that measured at 29.7 terabits per second (Tbps). The activity, the web infrastructure and security company said, originated from a DDoS botnet-for-hire known as AISURU , which has been linked to a number of hyper-volumetric DDoS attacks over the past year. The attack lasted for 69 seconds. It did not disclose the target of the attack.

The botnet has prominently targeted telecommunication providers, gaming companies, hosting providers, and financial services. Also tackled by Cloudflare was a 14.1 Bpps DDoS attack from the same botnet. AISURU is believed to be powered by a massive network comprising an estimated 1-4 million infected hosts worldwide. “The 29.7 Tbps was a UDP carpet-bombing attack bombarding an average of 15,000 destination ports per second,” Omer Yoachimik and Jorge Pacheco said .

“The distributed attack randomized various packet attributes in an attempt to evade defenses.” In all, Cloudflare has mitigated 2,867 Aisuru attacks since the start of the year, out of which 1,304 hyper-volumetric attacks were launched from the botnet in the third quarter of 2025 alone. A total of 8.3 million DDoS attacks were blocked during the entire time period, a figure that represents a 15% increase from the previous quarter and a 40% jump from last year. As many as 36.2 million DDoS attacks were thwarted in 2025, of which 1,304 were network-layer attacks exceeding 1 Tbps, up from 717 in Q1 2025 and 846 in Q2 2025. Some of the other notable trends observed in Q3 2025 are listed below - The number of DDoS attacks that exceeded 100 million packets per second (Mpps) increased by 189% QoQ.

Most attacks, 71% of HTTP DDoS and 89% of network layer, lasted less than 10 minutes. Seven out of the 10 top sources of DDoS were locations within Asia, including Indonesia, Thailand, Bangladesh, Vietnam, India, Hong Kong, and Singapore. The other three sources are Ecuador, Russia, and Ukraine. DDoS attacks against the mining, minerals, and metals industry surged, making it the 49th most attacked sector globally.

The automotive industry saw the largest increase in DDoS attacks, placing it as the sixth most attacked sector globally. DDoS attack traffic against artificial intelligence (AI) companies spiked by 347% in September 2025 Information technology, telecommunications, gambling, gaming, and internet services topped the list of most attacked sectors. China, Turkey, Germany, Brazil, the U.S., Russia, Vietnam, Canada, South Korea, and the Philippines were the most attacked countries. Nearly 70% of HTTP DDoS attacks originated from known botnets.

“We’ve entered an era where DDoS attacks have rapidly grown in sophistication and size — beyond anything we could’ve imagined a few years ago,” Cloudflare said. “Many organizations have faced challenges in keeping pace with this evolving threat landscape.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Critical RSC Bugs in React and Next.js Allow Unauthenticated Remote Code Execution

A maximum-severity security flaw has been disclosed in React Server Components (RSC) that, if successfully exploited, could result in remote code execution. The vulnerability, tracked as CVE-2025-55182, carries a CVSS score of 10.0. The vulnerability has been codenamed React2shell . It allows “unauthenticated remote code execution by exploiting a flaw in how React decodes payloads sent to React Server Function endpoints,” the React Team said in an alert issued today.

“Even if your app does not implement any React Server Function endpoints, it may still be vulnerable if your app supports React Server Components.” According to cloud security firm Wiz , the issue is a case of logical deserialization that stems from processing RSC payloads in an unsafe manner. As a result, an unauthenticated attacker could craft a malicious HTTP request to any Server Function endpoint that, when deserialized by React, achieves execution of arbitrary JavaScript code on the server. “The issue stems from unsafe handling of serialized payloads in the React Flight protocol,” software supply chain security company Aikido said . “Malformed or adversarial payloads can influence server-side execution in unintended ways.

Patched React versions include stricter validation and hardened deserialization behavior.” The vulnerability impacts versions 19.0, 19.1.0, 19.1.1, and 19.2.0 of the following npm packages - react-server-dom-webpack react-server-dom-parcel react-server-dom-turbopack It has been addressed in versions 19.0.1, 19.1.2, and 19.2.1. New Zealand-based security researcher Lachlan Davidson has been credited with discovering and reporting the flaw to Meta on November 29, 2025. The social media giant originally created and maintained the JavaScript library before moving it to the React Foundation in October 2025. It’s worth noting that the vulnerability also affects Next.js using App Router.

The issue was initially assigned the CVE identifier CVE-2025-66478 (CVSS score: 10.0), but it has since been rejected by the NIST National Vulnerability Database (NVD) as a duplicate of CVE-2025-55182. It impacts versions >=14.3.0-canary.77, >=15, and >=16. Patched versions are 16.0.7, 15.5.7, 15.4.8, 15.3.6, 15.2.6, 15.1.9, and 15.0.5. That said, any library that bundles RSC is likely to be affected by the flaw.

This includes, but is not limited to, Vite RSC plugin, Parcel RSC plugin, React Router RSC preview, RedwoodJS, and Waku. Endor Labs , Miggo Security , and VulnCheck have all emphasized that no special setup is required to weaponize the flaw, adding that it’s exploitable both without requiring a login and over HTTP. “An attacker needs only network access to send a crafted HTTP request to any Server Function endpoint,” Endor Labs said. “The vulnerability affects default framework configurations, meaning standard deployments are immediately exploitable without special conditions.” Until patches can be applied, it’s recommended to deploy Web Application Firewall (WAF) rules if available, monitor HTTP traffic to Server Function endpoints for any suspicious or malformed request, and consider temporarily restricting network access to affected applications.

Web infrastructure provider Cloudflare said it has deployed a new safeguard in its cloud-based WAF solution to address CVE-2025-55182. It noted that all customers on free and paid plans are protected “as long as their React application traffic is proxied” through the service. Akamai , Amazon Web Services ( AWS ), Fastly , and Google Cloud have also deployed similar rules to counter the threat. Wiz said 39% of cloud environments have instances vulnerable to CVE-2025-55182 and/or CVE-2025-66478.

In light of the severity of the vulnerability, it’s advised that users apply the fixes as soon as possible for optimal protection. Justin Moore, senior manager of threat intel research at Palo Alto Networks Unit 42, said more than 968,000 servers running modern frameworks like React and Next.js have been identified, exposing a lucrative attack surface that’s ripe for exploitation. “This newly discovered flaw is a critical threat because it is a master key exploit, succeeding not by crashing the system, but by abusing its trust in incoming data structures,” Moore said. “The system executes the malicious payload with the same reliability as legitimate code because it operates exactly as intended, but on malicious input.” Additional Details of CVE-2025-55182 Emerge In a report published Wednesday, OX Security said the vulnerability exists due to unsafe deserialization of React Flight reply payloads on the server, leading to unauthenticated remote code execution.

Searchlight Cyber has devised an HTTP request that can be used to confirm the presence of the vulnerability. “The vulnerability resides in the requireModule function within the react-server-dom-webpack package,” Upwind researchers Avital Harel and Guy Gilad said . “This function is responsible for resolving and loading the exported functions that a client is trying to call on the server.” An attacker can exploit the flaw by crafting a malicious payload in an HTTP POST request designed to trigger a “Server Action” using “vm.runInThisContext,” which causes React to execute the function with the attacker-supplied malicious code as the argument. This, in turn, results in code execution on the server with the same privileges as the Node.js process.

Upwind also noted that while React doesn’t expose the vulnerable React Flight reply server endpoint, Next.js does, turning the bug from a theoretical issue into a “real, remotely reachable attack surface.” “These endpoints accept structured Flight payloads directly from the browser,” it added. “That means anyone on the internet can send a request, attach their own Flight stream, and rely on Next.js to forward it into React’s deserializer. Once that happens, the vulnerable code path handles the payload exactly as if it came from a trusted client.” (The story was updated after publication to include additional insights.) Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Discover the AI Tools Fueling the Next Cybercrime Wave — Watch the Webinar

Remember when phishing emails were easy to spot? Bad grammar, weird formatting, and requests from a “Prince” in a distant country? Those days are over. Today, a 16-year-old with zero coding skills and a $200 allowance can launch a campaign that rivals state-sponsored hackers.

They don’t need to be smart; they just need to subscribe to the right AI tool. We are witnessing the industrialization of cybercrime. The barrier to entry has collapsed, and your current email filters are looking for threats that no longer exist. Watch the Live Breakdown of AI Phishing Tools ➜ The New “Big Three” of Cybercrime Security leaders don’t need another lecture on what phishing is.

You need to see exactly what you are up against. This isn’t science fiction—these tools are being sold on the dark web right now. In this webinar , we are going inside the “AI Phishing Factory” to deconstruct the three tools rewriting the threat landscape: WormGPT: Think of ChatGPT, but without the “ethical guardrails.” It doesn’t have a conscience. It writes flawless, highly personalized Business Email Compromise (BEC) messages that sound exactly like your CEO—no typos, perfect tone.

FraudGPT: The “Netflix” of hacking. For a low monthly subscription, attackers get a full suite of tools to write malicious code, create scam landing pages, and draft emails. It is hacking-as-a-service. SpamGPT: This acts like a high-end marketing automation tool, but for criminals.

It allows attackers to A/B test their scams and deliver them at a volume that overwhelms standard detection limits. Here is the hard truth: You cannot train your employees fast enough to outsmart a machine that learns instantly. If an email is written by AI to be indistinguishable from a legitimate sender, someone will click. It is a statistical certainty.

Most defensive strategies focus on detection —trying to spot the bad email. But when the AI changes the emails’ signature every second, detection fails. Register for the Webinar ➜ Stop the Damage, Not Just the Email This session isn’t about scaring you with the problem; it’s about fixing it. Since we know users will eventually click, we have to change the strategy.

We need to make the click irrelevant. We need to ensure that even if they land on the phishing page, the attacker gets nothing. Join us to learn how to: Identify the specific signatures of WormGPT and FraudGPT attacks. Shift your defense strategy from “blocking emails” to “protecting identity.” Neutralize the attack at the point of access by removing the one thing hackers want: the credentials.

The bad guys are using AI to scale their attacks. You need to use intelligence to scale your defense. Secure Your Seat Now ➜ Don’t wait for the quarterly report to find out you were vulnerable. Get the strategy you need to shut this down now.

Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Microsoft Silently Patches Windows LNK Flaw After Years of Active Exploitation

Microsoft has silently plugged a security flaw that has been exploited by several threat actors since 2017 as part of the company’s November 2025 Patch Tuesday updates , according to ACROS Security’s 0patch . The vulnerability in question is CVE-2025-9491 (CVSS score: 7.8/7.0), which has been described as a Windows Shortcut (LNK) file UI misinterpretation vulnerability that could lead to remote code execution. “The specific flaw exists within the handling of .LNK files,” according to a description in the NIST National Vulnerability Database (NVD). “Crafted data in an .LNK file can cause hazardous content in the file to be invisible to a user who inspects the file via the Windows-provided user interface.

An attacker can leverage this vulnerability to execute code in the context of the current user.” In other words, these shortcut files are crafted such that viewing their properties in Windows conceals the malicious commands executed by them out of the user’s sight by using various “whitespace” characters. To trigger their execution, attackers could disguise the files as harmless documents. Details of the shortcoming first emerged in March 2025, when Trend Micro’s Zero Day Initiative (ZDI) disclosed that the issue had been exploited by 11 state-sponsored groups from China, Iran, North Korea, and Russia as part of data theft, espionage, and financially motivated campaigns, some of which date back to 2017. The issue is also tracked as ZDI-CAN-25373.

At that time, Microsoft told The Hacker News that the flaw does not meet the bar for immediate servicing and that it will consider fixing it in a future release. It also pointed out that the LNK file format is blocked across Outlook, Word, Excel, PowerPoint, and OneNote, as a result of which any attempt to open such files will trigger a warning to users not to open files from unknown sources. Subsequently, a report from HarfangLab found that the shortcoming was abused by a cyber espionage cluster known as XDSpy to distribute a Go-based malware called XDigo as part of attacks targeting Eastern European governmental entities, the same month the flaw was publicly disclosed. Then, in late October 2025, the issue reared up a third time after Arctic Wolf flagged an offensive campaign in which China-affiliated threat actors weaponized the flaw in attacks aimed at European diplomatic and government entities and delivered the PlugX malware.

This development prompted Microsoft to issue a formal guidance on CVE-2025-9491, reiterating its decision not to patch it and emphasizing that it does not consider it a vulnerability “due to the user interaction involved and the fact that the system already warns users that this format is untrusted.” 0patch said the vulnerability is not just about hiding the malicious part of the command out of the Target field, but the fact that a LNK file “allows the Target arguments to be a very long string (tens of thousands of characters), but the Properties dialog only shows the first 260 characters, silently cutting off the rest.” This also means that a bad actor can create an LNK file that can run a long command, which would cause only the first 260 characters of it to be displayed to the user who viewed its properties. The rest of the command string is simply truncated. According to Microsoft, the file’s structure theoretically allows for strings of up to 32k characters. The silent patch released by Microsoft addresses the problem by showing in the Properties dialog the entire Target command with arguments, no matter its length.

That said, this behavior hinges on the possibility that there can exist shortcut files with more than 260 characters in their Target field. 0patch’s micropatch for the same flaw takes a different route by displaying a warning when users attempt to open an LNK file with command-line arguments over 260 characters by padding the Target field. “Even though malicious shortcuts could be constructed with fewer than 260 characters, we believe disrupting actual attacks detected in the wild can make a big difference for those targeted,” it said. When reached for comment, a Microsoft spokesperson did not directly confirm the release of a patch, but passed along the tech giant’s security guidance that states the company is “continuously rolling out product and UI enhancements to help keep customers protected and improve the experience.” “As a security best practice, Microsoft encourages customers to exercise caution when downloading files from unknown sources as indicated in security warnings, which have been designed to recognize and warn users about potentially harmful files,” the spokesperson added.

(The story was updated after publication to include a response from Microsoft.) Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

WordPress King Addons Flaw Under Active Attack Lets Hackers Make Admin Accounts

A critical security flaw impacting a WordPress plugin known as King Addons for Elementor has come under active exploitation in the wild. The vulnerability, CVE-2025-8489 (CVSS score: 9.8), is a case of privilege escalation that allows unauthenticated attackers to grant themselves administrative privileges by simply specifying the administrator user role during registration. It affects versions from 24.12.92 through 51.1.14. It was patched by the maintainers in version 51.1.35 released on September 25, 2025.

Security researcher Peter Thaleikis has been credited with discovering and reporting the flaw. The plugin has over 10,000 active installs. “This is due to the plugin not properly restricting the roles that users can register with,” Wordfence said in an alert. “This makes it possible for unauthenticated attackers to register with administrator-level user accounts.” Specifically, the issue is rooted in the “handle_register_ajax()” function that’s invoked during user registration.

But an insecure implementation of the function meant that unauthenticated attackers can specify their role as “administrator” in a crafted HTTP request to the “/wp-admin/admin-ajax.php” endpoint, allowing them to obtain elevated privileges. Successful exploitation of the vulnerability could enable a bad actor to seize control of a susceptible site that has installed the plugin, and weaponize the access to upload malicious code that can deliver malware, redirect site visitors to sketchy sites, or inject spam. Wordfence said it has blocked over 48,400 exploit attempts since the flaw was publicly disclosed in late October 2025, with 75 attempts thwarted in the last 24 hours alone. The attacks have originated from the following IP addresses - 45.61.157.120 182.8.226.228 138.199.21.230 206.238.221.25 2602:fa59:3:424::1 “Attackers may have started actively targeting this vulnerability as early as October 31, 2025, with mass exploitation starting on November 9, 2025,” the WordPress security company said.

Site administrators are advised to ensure that they are running the latest version of the plugin, audit their environments for any suspicious admin users, and monitor for any signs of abnormal activity. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Brazil Hit by Banking Trojan Spread via WhatsApp Worm and RelayNFC NFC Relay Fraud

The threat actor known as Water Saci is actively evolving its tactics, switching to a sophisticated, highly layered infection chain that uses HTML Application (HTA) files and PDFs to propagate via WhatsApp a worm that deploys a banking trojan in attacks targeting users in Brazil. The latest wave is characterized by the attackers shifting from PowerShell to a Python-based variant that spreads the malware in a worm-like manner over WhatsApp Web. “Their new multi-format attack chain and possible use of artificial intelligence (AI) to convert propagation scripts from PowerShell to Python exemplifies a layered approach that has enabled Water Saci to bypass conventional security controls, exploit user trust across multiple channels, and ramp up their infection rates,” Trend Micro researchers Jeffrey Francis Bonaobra, Sarah Pearl Camiling, Joe Soares, Byron Gelera, Ian Kenefick, and Emmanuel Panopio said . In these attacks, users receive messages from trusted contacts on WhatsApp, urging them to interact with malicious PDF or HTA attachments and activate the infection chain and ultimately drop a banking trojan that can harvest sensitive data.

The PDF lure instructs victims to update Adobe Reader by clicking on an embedded link. Users who receive HTA files are deceived into executing a Visual Basic Script immediately upon opening, which then runs PowerShell commands to fetch next-stage payloads from a remote server, an MSI installer for the trojan and a Python script that’s responsible for spreading the malware via WhatsApp Web. “This newly observed variant allows for broader browser compatibility, object-oriented code structure, enhanced error handling, and faster automation of malware delivery through WhatsApp Web,” Trend Micro said. “Together, these changes make propagation faster, more resilient to failure, and easier to maintain or extend.” The MSI installer, for its part, serves as a conduit for delivering the banking trojan using an AutoIt script.

The script also runs checks to ensure that only one instance of the trojan is running at any given point of time. It accomplishes this by verifying the presence of a marker file named “executed.dat.” If it does not exist, the script creates the file and notifies an attacker-controlled server (“manoelimoveiscaioba[.]com”). Other AutoIt artifacts uncovered by Trend Micro have also been found to verify whether the Windows system language is set to Portuguese (Brazil), proceeding further to scan the infected system for banking-related activity only if this criteria is met. This includes checking for folders related to major Brazilian banking applications, security, and anti-fraud modules, such as Bradesco, Warsaw, Topaz OFD, Sicoob, and Itaú.

It’s worth noting Latin America (LATAM)-focused banking trojans like Casbaneiro (aka Metamorfo and Ponteiro) have incorporated similar features as far back as 2019. Furthermore, the script analyzes the user’s Google Chrome browsing history to search visits to banking websites, specifically a hard-coded list comprising Santander, Banco do Brasil, Caixa Econômica Federal, Sicredi, and Bradesco. The script then proceeds to another critical reconnaissance step that involves checking for installed antivirus and security software, as well as harvesting detailed system metadata. The main functionality of the malware is to monitor open windows and extract their window titles to compare them against a list of banks, payment platforms, exchanges, and cryptocurrency wallets.

If any of these windows contain keywords related to targeted entities, the script looks for a TDA file dropped by the installer and decrypts and injects it into a hollowed “svchost.exe” process, following which the loader searches for an additional DMP file containing the banking trojan. “If a TDA file is present, the AutoIt script decrypts and loads it as an intermediate PE loader (Stage 2) into memory,” Trend Micro explained. “However, if only a DMP file is found (no TDA present), the AutoIt script bypasses the intermediate loader entirely and loads the banking trojan directly into the AutoIt process memory, skipping the process hollowing step and running as a simpler two-stage infection.” Persistence is achieved by constantly keeping tabs on the newly spawned “svchost.exe” process. Should the process be terminated, the malware starts afresh and waits to re-inject the payload the next time the victim opens a browser window for a financial service that’s targeted by Water Saci.

The attacks stand out for a major tactical shift. The banking trojan deployed is not Maverick, but rather a malware that exhibits structural and behavioral continuity with Casbaneiro. This assessment is based on the AutoIt-based delivery and loader mechanism employed, as well as the window title monitoring, Registry-based persistence, and IMAP-based fallback command-and-control (C2 or C&C) mechanism. Once launched, the trojan carries out “aggressive” anti-virtualization checks to sidestep analysis and detection, and gathers host information through Windows Management Instrumentation ( WMI ) queries.

It makes Registry modifications to set up persistence and establishes contact with a C2 server (“serverseistemasatu[.]com”) to send the collected details and receive backdoor commands that grant remote control over the infected system. Besides scanning the titles of active windows to identify whether the user is interacting with banking or cryptocurrency platforms, the trojan forcibly terminates several browsers to force victims to reopen banking sites under “attacker-controlled conditions.” Some of the supported features of the trojan are listed below - Send system information Enable keyboard capture Start/stop screen capture Modify screen resolution Simulate mouse movements and clicks Perform file operations Upload/download files Enumerate windows, and Create fake banking overlays to capture credentials and transaction data The second aspect of the campaign is the use of a Python script, an enhanced version of its PowerShell predecessor, to enable malware delivery to every contact via WhatsApp Web sessions using the Selenium browser automation tool. There is “compelling” evidence to suggest that Water Saci may have used a large language model (LLMs) or code-translation tool to port their propagation script from PowerShell to Python, given the functional similarities between the two versions and the inclusion of emojis in console outputs. “The Water Saci campaign exemplifies a new era of cyber threats in Brazil, where attackers exploit the trust and reach of popular messaging platforms like WhatsApp to orchestrate large-scale, self-propagating malware campaigns,” Trend Micro said.

“By weaponizing familiar communication channels and employing advanced social engineering, threat actors are able to swiftly compromise victims, bypass traditional defenses, and sustain persistent banking trojan infections. This campaign demonstrates how legitimate platforms can be transformed into powerful vectors for malware delivery and underscores the growing sophistication of cybercriminal operations in the region.” Brazil Targeted by New RelayNFC Android Malware The development comes as Brazilian banking users are also being targeted by a previously undocumented Android malware dubbed RelayNFC that’s designed to carry out Near-Field Communication ( NFC ) relay attacks and siphon contactless payment data. The campaign has been running since early November 2025. “RelayNFC implements a full real-time APDU relay channel, allowing attackers to complete transactions as though the victim’s card were physically present,” Cyble said in an analysis.

“The malware is built using React Native and Hermes bytecode, which complicates static analysis and helps evade detection.” Primarily spread via phishing, the attack makes use of decoy Portuguese-language sites (e.g., “maisseguraca[.]site”) to trick users into installing the malware under the pretext of securing their payment cards. The end goal of the campaign is to capture the victim’s card details and relay them to attackers, who can then perform fraudulent transactions using the stolen data. Like other NFC relay malware families such as SuperCard X and PhantomCard , RelayNFC operates as a reader that’s designed to gather the card data by instructing the victim to tap their payment card on the device. Once the card data is read, the malware displays a message that prompts them to enter their 4- or 6-digit PIN.

The captured information is then sent to the attacker’s server through a WebSocket connection. “When the attacker initiates a transaction from their POS-emulator device, the C&C server sends a specially crafted message of type ‘apdu’ to the infected phone,” Cyble said. “This message contains a unique request ID, a session identifier, and the APDU command encoded as a hexadecimal string.” “Upon receiving this instruction, RelayNFC parses the packet, extracts the APDU data, and forwards it directly to the victim device’s NFC subsystem, effectively acting as a remote interface to the physical payment card.” The cybersecurity company said its investigation also uncovered a separate phishing site (“test.ikotech[.]online”) that distributes an APK file with a partial implementation of Host Card Emulation (HCE), indicating that the threat actors are experimenting with different NFC relay techniques. Because HCE allows an Android device to emulate a payment card, the mechanism permits a victim’s card interactions to be transmitted between a legitimate payment-of-sale (PoS) terminal and an attacker-controlled device, thereby facilitating a real-time NFC relay attack.

The feature is assessed to be under development, as the APK file does not register the HCE service in the package manifest file. “The RelayNFC campaign highlights the rapid evolution of NFC relay malware targeting payment systems, particularly in Brazil,” the company said. “By combining phishing-driven distribution, React Native-based obfuscation, and real-time APDU relaying over WebSockets, the threat actors have created a highly effective mechanism for remote EMV transaction fraud.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Chopping AI Down to Size: Turning Disruptive Technology into a Strategic Advantage

Most people know the story of Paul Bunyan. A giant lumberjack, a trusted axe, and a challenge from a machine that promised to outpace him. Paul doubled down on his old way of working, swung harder, and still lost by a quarter inch. His mistake was not losing the contest.

His mistake was assuming that effort alone could outmatch a new kind of tool. Security professionals are facing a similar moment. AI is our modern steam-powered saw. It is faster in some areas, unfamiliar in others, and it challenges a lot of long-standing habits.

The instinct is to protect what we know instead of learning what the new tool can actually do. But if we follow Paul’s approach, we’ll find ourselves on the wrong side of a shift that is already underway. The right move is to learn the tool, understand its capabilities, and leverage it for outcomes that make your job easier. AI’s Role in Daily Cybersecurity Work AI is now embedded in almost every security product we touch.

Endpoint protection platforms, mail filtering systems, SIEMs, vulnerability scanners, intrusion detection tools, ticketing systems, and even patch management platforms advertise some form of “intelligent” decision-making. The challenge is that most of this intelligence lives behind a curtain. Vendors protect their models as proprietary IP, so security teams only see the output. This means models are silently making risk decisions in environments where humans still carry accountability.

Those decisions come from statistical reasoning, not an understanding of your organization, its people, or its operational priorities. You cannot inspect an opaque model, and you cannot rely on it to capture nuance or intent. That is why security professionals should build or tune their own AI-assisted workflows. The goal is not to rebuild commercial tools.

The goal is to counterbalance blind spots by building capabilities you control. When you design a small AI utility, you determine what data it learns from, what it considers risky, and how it should behave. You regain influence over the logic shaping your environment. Removing Friction and Raising Velocity A large portion of security work is translational.

Anyone who has written complex JQ filters, SQL queries, or regular expressions just to pull a small piece of information from logs knows how much time that translation step can consume. These steps slow down investigations not because they are difficult, but because they interrupt your flow of thought. AI can remove much of that translation burden. For example, I have been writing small tools that put AI on the front end and a query language on the back end.

Instead of writing the query myself, I can ask for what I want in plain English, and the AI generates the correct syntax to extract it. It becomes a human-to-computer translator that lets me focus on what I am trying to investigate rather than the mechanics of the query language. In practice, this allows me to: Pull the logs associated with a specific incident without writing the JQ myself Extract the data I need using AI-generated SQL or regex syntax Build small, AI-assisted utilities that automate these repetitive query steps When AI handles the repetitive translation and filtration steps, security teams can direct their attention toward higher-order reasoning — the part of the job that actually moves investigations forward. It is also important to remember that while AI can store more information than humans, effective security is not about knowing everything.

It is about knowing how to apply what matters in the context of an organization’s mission and risk tolerance. AI will make decisions that are mathematically sound but contextually wrong. It will approximate nuance, but it cannot truly understand it. It can simulate ethics, but it cannot feel responsibility for an outcome.

Statistical reasoning is not moral reasoning, and it never will be. Our value across offensive, defensive, and investigative roles is not in memorizing information. It is in applying judgment, understanding nuance, and directing tools toward the right outcomes. AI enhances what we do, but the decisions still rest with us.

How Security Professionals Can Begin: Skills to Develop Now Much of today’s AI work happens in Python, and for many security practitioners it has traditionally felt like a barrier. AI changes that dynamic. You can express your intent in plain English and have the model produce most of the code. The model gets you most of the way there.

Your job is to close the remaining gap with judgment and technical literacy. That requires a baseline level of fluency. You need enough Python to read and refine what the model generates. You need a working sense of how AI systems interpret inputs so you can recognize when the logic drifts.

And you need a practical understanding of core machine learning concepts so you know what the tool is doing beneath the surface, even if you are not building full models yourself. With that foundation, AI becomes a force multiplier. You can build targeted utilities to analyze internal data, use language models to compress information that would take hours to process manually, and automate the routine steps that slow down investigations, offensive testing, and forensic workflows. Here are concrete ways to start developing those capabilities: Start with a tool audit: Map where AI already operates in your environment and understand what decisions it is making by default.

Engage actively with your AI systems: Do not treat outputs as final. Feed models better data, question their results, and tune behaviors where possible. Automate one weekly task: Pick a recurring workflow and use Python plus an AI model to streamline part of it. Small wins build momentum.

Build light ML literacy: Learn the basics of how models interpret instructions, where they break, and how to redirect them. Participate in community learning: Share what you build, compare approaches, and learn from others navigating the same transition. These habits compound over time. They turn AI from an opaque feature inside someone else’s product into a capability you understand, direct, and use with confidence.

Join me For a Deeper Dive at SANS 2026 AI is changing how security professionals work, but it does not diminish the need for human judgment, creativity, and strategic thinking. When you understand the tool and guide it with intent, you become more capable, not less necessary. I will be covering this topic in greater detail during my keynote session at SANS 2026 . If you want practical and actionable guidance for strengthening your AI fluency across defensive, offensive, and investigative disciplines, I hope you’ll join me in the room.

Register for SANS 2026 here. Note: This article was expertly authored by Mark Baggett, SANS Fellow . Found this article interesting? This article is a contributed piece from one of our valued partners.

Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Picklescan Bugs Allow Malicious PyTorch Models to Evade Scans and Execute Code

Three critical security flaws have been disclosed in an open-source utility called Picklescan that could allow malicious actors to execute arbitrary code by loading untrusted PyTorch models, effectively bypassing the tool’s protections. Picklescan , developed and maintained by Matthieu Maitre (@mmaitre314), is a security scanner that’s designed to parse Python pickle files and detect suspicious imports or function calls, before they are executed. Pickle is a widely used serialization format in machine learning, including PyTorch , which uses the format to save and load models. But pickle files can also be a huge security risk , as they can be used to automatically trigger the execution of arbitrary Python code when they are loaded.

This necessitates that users and organizations load trusted models, or load model weights from TensorFlow and Flax. The issues discovered by JFrog essentially make it possible to bypass the scanner, present the scanned model files as safe, and enable malicious code to be executed, which could then pave the way for a supply chain attack. “Each discovered vulnerability enables attackers to evade PickleScan’s malware detection and potentially execute a large-scale supply chain attack by distributing malicious ML models that conceal undetectable malicious code,” security researcher David Cohen said . Picklescan, at its core, works by examining the pickle files at bytecode level and checking the results against a blocklist of known hazardous imports and operations to flag similar behavior.

This approach, as opposed to allowlisting, also means that it prevents the tools from detecting any new attack vector and requires the developers to take into account all possible malicious behaviors. The identified flaws are as follows - CVE-2025-10155 (CVSS score: 9.3/7.8) - A file extension bypass vulnerability that can be used to undermine the scanner and load the model when providing a standard pickle file with a PyTorch-related extension such as .bin or .pt CVE-2025-10156 (CVSS score: 9.3/7.5) - A bypass vulnerability that can be used to disable ZIP archive scanning by introducing a Cyclic Redundancy Check (CRC) error CVE-2025-10157 (CVSS score: 9.3/8.3) - A bypass vulnerability that can be used to undermine Picklescan’s unsafe globals check, leading to arbitrary code execution by getting around a blocklist of dangerous imports Successful exploitation of the aforementioned flaws could allow attackers to conceal malicious pickle payloads within files using common PyTorch extensions, deliberately introduce CRC errors into ZIP archives containing malicious models, or craft malicious PyTorch models with embedded pickle payloads to bypass the scanner. Following responsible disclosure on June 29, 2025, the three vulnerabilities have been addressed in Picklescan version 0.0.31 released on September 9. The development comes as SecDim and DCODX detailed another high-severity security flaw in the same utility ( CVE-2025-46417 , CVSS score: 7.5/7.1) that could be abused to bypass the tool’s blocklist and allow malicious pickle files to exfiltrate sensitive information via DNS when the model is loaded.

In a hypothetical attack scenario, an attacker can repurpose legitimate Python modules like linecache and ssl to read sensitive data from files like “/etc/passwd” using “linecache.getline()” and leverage “ssl.get_server_certificate()” to transmit the data to a domain under their control. “The leaked content appears in DNS logs. Scanning this payload with Picklescan 0.0.24 returns ‘no issues found,’ because linecache and ssl were not on the deny-list,” SecDim said . The findings illustrate some key systemic issues, including the reliance on a single scanning tool, discrepancies in file-handling behavior between security tools and PyTorch, thereby rendering security architectures vulnerable to attacks.

“AI libraries like PyTorch grow more complex by the day, introducing new features, model formats, and execution pathways faster than security scanning tools can adapt,” Cohen said. “This widening gap between innovation and protection leaves organizations exposed to emerging threats that conventional tools simply weren’t designed to anticipate.” “Closing this gap requires a research-backed security proxy for AI models, continuously informed by experts who think like both attackers and defenders. By actively analyzing new models, tracking library updates, and uncovering novel exploitation techniques, this approach delivers adaptive, intelligence-driven protection against the vulnerabilities that matter most.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.