2025-12-09 AI创业新闻

Experts Confirm JS#SMUGGLER Uses Compromised Sites to Deploy NetSupport RAT

Cybersecurity researchers are calling attention to a new campaign dubbed JS#SMUGGLER that has been observed leveraging compromised websites as a distribution vector for a remote access trojan named NetSupport RAT . The attack chain, analyzed by Securonix, involves three main moving parts: An obfuscated JavaScript loader injected into a website, an HTML Application (HTA) that runs encrypted PowerShell stagers using “mshta.exe,” and a PowerShell payload that’s designed to download and execute the main malware. “NetSupport RAT enables full attacker control over the victim host, including remote desktop access, file operations, command execution, data theft, and proxy capabilities,” researchers Akshay Gaikwad, Shikha Sangwan, and Aaron Beardslee said . There is little evidence at this stage to tie the campaign to any known threat group or country.

The activity has been found to target enterprise users through compromised websites, indicative of a broad-strokes effort. The cybersecurity company described it as a multi-stage web-based malware operation that employs hidden iframes, obfuscated loaders, and layered script execution for malware deployment and remote control. In these attacks, silent redirects embedded into the infected websites act as a conduit for a heavily scrambled JavaScript loader (“phone.js”) retrieved from an external domain, which then profiles the device to determine whether to serve a full-screen iframe (when visiting from a mobile phone) or load another remote second-stage script (when visiting from a desktop). The invisible iframe is designed to direct the victim to a malicious URL.

The JavaScript loader incorporates a tracking mechanism to ensure that the malicious logic is fired only once and during the first visit, thereby minimizing the chances of detection. “This device-aware branching enables attackers to tailor the infection path, hide malicious activity from certain environments, and maximize their success rate by delivering platform-appropriate payloads while avoiding unnecessary exposure,” the researchers said. The remote script downloaded in the first stage of the attack lays the foundation by constructing at runtime a URL from which an HTA payload is downloaded and executed using “mshta.exe.” The HTA payload is another loader for a temporary PowerShell stager, which is written to disk, decrypted, and executed directly in memory to evade detection. Furthermore, the HTA file is run stealthily by disabling all visible window elements and minimizing the application at startup.

Once the decrypted payload is executed, it also takes steps to remove the PowerShell stager from disk and terminates itself to avoid leaving as much forensic trail as possible. The primary goal of the decrypted PowerShell payload is to retrieve and deploy NetSupport RAT, granting the attacker complete control over the compromised host. “The sophistication and layered evasion techniques strongly indicate an actively maintained, professional-grade malware framework,” Securonix said. “Defenders should deploy strong CSP enforcement, script monitoring, PowerShell logging, mshta.exe restrictions, and behavioral analytics to detect such attacks effectively.” CHAMELEON#NET Delivers Formbook Malware The disclosure comes weeks after the company also detailed another multi-stage malspam campaign dubbed CHAMELEON#NET that uses phishing emails to deliver Formbook , a keylogger and information stealer.

The email messages are aimed at luring victims in the National Social Security Sector into downloading a seemingly harmless archive after their credentials on a bogus webmail portal designed for this purpose. “This campaign begins with a phishing email that tricks users into downloading a .BZ2 archive, initiating a multi-stage infection chain,” Sangwan said . “The initial payload is a heavily obfuscated JavaScript file that acts as a dropper, leading to the execution of a complex VB.NET loader. This loader uses advanced reflection and a custom conditional XOR cipher to decrypt and execute its final payload, the Formbook RAT, entirely in memory.” Specifically, the JavaScript dropper decodes and writes to disk in the %TEMP% directory two additional JavaScript files - svchost.js, which drops a .NET loader executable dubbed DarkTortilla (“QNaZg.exe”), a crypter that’s often used to distribute next-stage payloads adobe.js, which drops a file named “PHat.jar,” an MSI installer package that exhibits similar behavior as “svchost.js” In this campaign, the loader is configured to decrypt and execute an embedded DLL, the Formbook malware.

Persistence is achieved by adding it to the Windows startup folder to ensure that it’s automatically launched upon a system reboot. Alternatively, it also manages persistence through the Windows Registry. “The threat actors combine social engineering, heavy script obfuscation, and advanced .NET evasion techniques to successfully compromise targets,” Securonix said. “The use of a custom decryption routine followed by reflective loading allows the final payload to be executed in a fileless manner, significantly complicating detection and forensic analysis.” Found this article interesting?

Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

⚡ Weekly Recap: USB Malware, React2Shell, WhatsApp Worms, AI IDE Bugs & More

It’s been a week of chaos in code and calm in headlines. A bug that broke the internet’s favorite framework, hackers chasing AI tools, fake apps stealing cash, and record-breaking cyberattacks — all within days. If you blink, you’ll miss how fast the threat map is changing. New flaws are being found, published, and exploited in hours instead of weeks.

AI-powered tools meant to help developers are quickly becoming new attack surfaces. Criminal groups are recycling old tricks with fresh disguises — fake apps, fake alerts, and fake trust. Meanwhile, defenders are racing to patch systems, block massive DDoS waves, and uncover spy campaigns hiding quietly inside networks. The fight is constant, the pace relentless.

For a deeper look at these stories, plus new cybersecurity tools and upcoming expert webinars, check out the full ThreatsDay Bulletin. ⚡ Threat of the Week Max Severity React Flaw Comes Under Attack — A critical security flaw impacting React Server Components (RSC) has come under extensive exploitation within hours of publication disclosure. The vulnerability, CVE-2025-55182 (CVSS score: 10.0), relates to a case of remote code execution that could be triggered by an unauthenticated attacker without requiring any special setup. It’s also tracked as React2Shell.

Amazon reported that it observed attack attempts originating from infrastructure associated with Chinese hacking groups like Earth Lamia and Jackpot Panda within hours of public disclosure of the flaw. Coalition, Fastly, GreyNoise, VulnCheck, and Wiz have also reported seeing exploitation efforts targeting the flaw, indicating that multiple threat actors are engaging in opportunistic attacks. The Shadowserver Foundation said it has detected 28,964 IP addresses vulnerable to the React2Shell flaw as of December 7, 2025, down from 77,664 on December 5, with approximately 10,100 located in the U.S., 3,200 in Germany, and 1,690 in China. 2025 Cloud Security Survey Report Learn from 400+ security leaders and practitioners to get the latest insights and trends on cloud security including risks and threats, leveraging AI, managing deployments, managing cloud data volumes and more.

Read the 2025 Cloud Security Survey Report ➝ 🔔 Top News Over 30 Flaws in AI-Powered IDEs — Security researcher Ari Marzouk disclosed details of more than 30 security vulnerabilities in various artificial intelligence (AI)-powered Integrated Development Environments (IDEs) that combine prompt injection primitives with legitimate features to achieve data exfiltration and remote code execution. The vulnerabilities have been collectively dubbed IDEsaster. “All AI IDEs (and coding assistants that integrate with them) effectively ignore the base software (IDE) in their threat model,” Marzouk said. “They treat their features as inherently safe because they’ve been there for years.

However, once you add AI agents that can act autonomously, the same features can be weaponized into data exfiltration and RCE primitives.” Patches have been released to address the issues, with Anthropic acknowledging the risk via a security warning. Chinese Hackers Use BRICKSTORM to Target U.S. Entities — China-linked threat actors, including UNC5221 and Warp Panda, are using a backdoor dubbed BRICKSTORM to maintain long-term persistence on compromised systems, according to an advisory from the U.S. government.

“BRICKSTORM is a sophisticated backdoor for VMware vSphere and Windows environments,” the Cybersecurity and Infrastructure Security Agency (CISA) said. “BRICKSTORM enables cyber threat actors to maintain stealthy access and provides capabilities for initiation, persistence, and secure command-and-control. The activity has once again revived concerns about China’s sustained ability to tunnel deeper into critical infrastructure and government agency networks undetected, often for extended periods. The attacks have also amplified enduring concerns about China’s cyber espionage activity, which has increasingly targeted edge networks and leveraged living-off-the-land techniques to fly under the radar.

GoldFactory Targets Southeast Asia with Bogus Banking Apps — Cybercriminals associated with a financially motivated group known as GoldFactory have been observed staging a fresh round of attacks targeting mobile users in Indonesia, Thailand, and Vietnam by impersonating government services. The activity, observed since October 2024, involves distributing modified banking applications that act as a conduit for Android malware. Group-IB said it has identified more than 300 unique samples of modified banking applications that have led to almost 2,200 infections in Indonesia. The infection chains involve the impersonation of government entities and trusted local brands and approaching prospective targets over the phone to trick them into installing malware by instructing them to click on a link sent on messaging apps like Zalo.

The links redirect the victims to fake landing pages that masquerade as Google Play Store app listings, resulting in the deployment of a remote access trojan like Gigabud, MMRat, or Remo, which surfaced earlier this year using the same tactics as GoldFactory. These droppers then pave the way for the main payload that abuses Android’s accessibility services to facilitate remote control. Cloudflare Blocks Record 29.7 Tbps DDoS Attack — Cloudflare detected and mitigated the largest ever distributed denial-of-service (DDoS) attack that measured at 29.7 terabits per second (Tbps). The activity originated from a DDoS botnet-for-hire known as AISURU, which has been linked to a number of hyper-volumetric DDoS attacks over the past year.

The attack lasted for 69 seconds. It did not disclose the target of the attack. The botnet has prominently targeted telecommunication providers, gaming companies, hosting providers, and financial services. Also tackled by Cloudflare was a 14.1 Bpps DDoS attack from the same botnet.

AISURU is believed to be powered by a massive network comprising an estimated 1-4 million infected hosts worldwide. Brazil Hit by Banking Trojan Spread via WhatsApp Worm — Brazilian users are being targeted by various campaigns that leverage WhatsApp Web as a distribution vector for banking malware. While one campaign attributed to a threat actor known as Water Saci drops a Casbaneiro variant, another set of attacks has led to the deployment of the Astaroth banking trojan. Sophos is tracking the second cluster under the moniker STAC3150 since September 24, 2025.

“The lure delivers a ZIP archive that contains a malicious VBS or HTA file,” Sophos said . “When executed, this malicious file launches PowerShell to retrieve second-stage payloads, including a PowerShell or Python script that collects WhatsApp user data and, in later cases, an MSI installer that delivers the Astaroth malware.” Despite the tactical overlaps, it’s currently not clear if they are the work of the same threat actor. “In this particular campaign, the malware spreads through WhatsApp,” K7 Security Labs said . “Because the malicious file is sent by someone already in our contacts, we tend not to verify its authenticity the same way we would if it came from an unknown sender.

This trust in familiar contacts reduces our caution and increases the chances of the malware being opened and executed.” ‎️‍🔥 Trending CVEs Hackers act fast. They can use new bugs within hours. One missed update can cause a big breach. Here are this week’s most serious security flaws.

Check them, fix what matters first, and stay protected. This week’s list includes — CVE-2025-6389 (Sneeit Framework plugin), CVE-2025-66516 (Apache Tika), CVE-2025-55182 (React), CVE-2025-9491 (Microsoft Windows), CVE-2025-10155, CVE-2025-10156, CVE-2025-10157 (Picklescan), CVE-2025-48633, CVE-2025-48572 (Google Android), CVE-2025-11699 (nopCommerce), CVE-2025-64775 (Apache Struts), CVE-2025-59789 (Apache bRPC), CVE-2025-13751 , CVE-2025-13086 , CVE-2025-12106 (OpenVPN), CVE-2025-13658 (Industrial Video & Control Longwatch), CVE-2024-36424 (K7 Ultimate Security), CVE-2025-66412 (Angular), CVE-2025-13510 (Iskra iHUB and iHUB Lite), CVE-2025-13372, CVE-2025-64460 (Django), CVE-2025-13486 (Advanced Custom Fields: Extended plugin), CVE-2025-64772 (Sony INZONE Hub), CVE-2025-64983 (SwitchBot), CVE-2025-31649, CVE-2025-31361 (Dell ControlVault), CVE-2025-47151 (Entr’ouvert Lasso), CVE-2025-66373 (Akamai), CVE-2025-13654 (Duc), CVE-2025-13032 (Avast), CVE-2025-33211, CVE-2025-33201 (NVIDIA Triton), CVE-2025-66399 (Cacti), CVE-2025-20386, CVE-2025-20387 (Splunk), and CVE-2025-66476 (Vim for Windows). 📰 Around the Cyber World Compromised USBs Used for Crypto Miner Delivery — An ongoing campaign has been observed using USB drives to infect other hosts and deploy cryptocurrency miners since September 2024. While a previous iteration of the campaign used malware families like DIRTYBULK and CUTFAIL , the latest version spotted by AhnLab employs a batch script to launch a dropper DLL that launches PrintMiner, which then installs additional payloads, including XMRig.

“The malware is hidden in a folder, and only a shortcut file named ‘USB Drive’ is visible,” AhnLab said . “When a user opens the shortcut file, they are able to see not only the malware but also the files belonging to the previous user, making it difficult for users to realize that they have been infected with malware.” The development comes as Cyble said it identified an active Linux-targeting campaign that deploys a Mirai-derived botnet codenamed V3G4 that’s paired with a stealthy, fileless-configured cryptocurrency miner. “Once active, the bot masquerades as systemd-logind, performs environment reconnaissance, conducts large-scale raw-socket SSH scanning, maintains persistent C2 communication, and ultimately launches a concealed XMRig-based Monero miner dynamically configured at runtime,” the company said . Fake Cryptocurrency Investment Domain Seized — The U.S.

Department of Justice’s (DoJ) Scam Center Task Force seized Tickmilleas[.]com, a website used by scammers located at the Tai Chang scam compound (aka Casino Kosai) located in the village of Kyaukhat, Burma, to target and defraud Americans through cryptocurrency investment fraud (CIF) scams. “The tickmilleas[.]com domain was disguised as a legitimate investment platform to trick victims into depositing their funds,” the DoJ said . “Victims who used the domain reported to the FBI that the site showed lucrative returns on what they believed to be their investments and displayed purported deposits made by scammers to the victims ‘accounts when the scammers walked the victims through supposed trades.” In tandem, Meta removed approximately 2000 accounts associated with the Tai Chang compound. The domain is also said to have redirected visitors to fraudulent apps hosted on Google Play Store and Apple App Store.

Several of these apps have since been taken down. In a related move, Cambodian officials raided a cyber scam compound in the country’s capital Phnom Penh and arrested 28 suspects. Of the 28 individuals detained, 27 are Vietnamese nationals, and one is Cambodian. Cyber scam compounds in Cambodia are shifting from the country’s western border with Thailand to the east, to locations near the Vietnamese border, according to Cyber Scam Monitor .

Portugal Modifies Cybercrime Law to Exempt Researchers — Portugal has amended its cybercrime law to establish a legal safe harbor for white hat security research and making hacking non-punishable under strict conditions, including identifying vulnerabilities aimed at improving cybersecurity through disclosure, not seeking any economic benefit, immediately reporting the vulnerability to the system owner, deleting any data obtained during the research period within 10 of the vulnerability being fixed, and not violating data privacy regulations like GDPR. Last November, Germany floated a draft law that provided similar protections to the research community when discovering and responsibly reporting security flaws to vendors. CastleRAT Malware Detailed — A remote access trojan called CastleRAT has been detected in the wild with two main builds: a Python version and a compiled C version. While both versions offer similar capabilities, Splunk said the C build is more powerful and can include extra features.

“The malware gathers basic system information, such as computer name, username, machine GUID, public IP address, and product/version details, which it then transmits to the C2 server,” the Cisco-owned company said . “Additionally, it can download and execute further files from the server and provides a remote shell, allowing an attacker to run commands on the compromised machine.” CastleRAT is attributed to a threat actor known as TAG-150 . DoJ Indicts Brothers for Wiping 96 Government Databases — The DoJ indicted two Virginia brothers for allegedly conspiring to steal sensitive information and deleting 96 government databases. Muneeb and Sohaib Akhter, both 34, stole data and deleted databases minutes after they were fired from their contractor roles.

The incident impacted multiple government agencies, including the IRS and DHS. Bloomberg reported in May that the contractor is a software company named Opexus. “Many of these databases contained records and documents related to Freedom of Information Act matters administered by federal government departments and agencies, as well as sensitive investigative files of federal government components,” the DoJ said . The brothers allegedly asked an artificial intelligence tool how to clear system logs of their actions.

In June 2015, the twin brothers were sentenced to several years in prison for conspiracy to commit wire fraud, conspiracy to access a protected computer without authorization, and conspiracy to access a government computer without authorization. They were rehired as government contractors after serving their sentences. Muneeb Akhter faces a maximum penalty of up to 45 years in prison, whereas Sohaib Akhter could get up to six years. U.K.

NCSC Debuts Proactive Notifications — The U.K.’s National Cyber Security Center (NCSC) announced the testing phase of a new service called Proactive Notifications, designed to inform organizations in the country of vulnerabilities present in their environment. The service is delivered through cybersecurity firm Netcraft and is based on publicly available information and internet scanning. “This notification is based on scanning open source information, such as publicly available software versions,” NCSC said . “The service was launched to responsibly report vulnerabilities to system owners to help them protect their services.” FinCEN Ransomware Trend Analysis Reveals Drop in Payments — According to a new analysis released by the U.S.

Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN), ransomware incidents reported to the authority decreased in 2024, with 1,476 incidents following law enforcement’s disruption of two high-profile ransomware groups, BlackCat and LockBit. Financial institutions paid $734 million to ransomware gangs, down from $1.1 billion in 2023. “The median amount of a single ransomware transaction was $124,097 in 2022; $175,000 in 2023; and $155,257 in 2024,” FinCEN said . “Between 2022 and 2024, the most common payment amount range was below $250,000.” More than $2.1 billion was paid to ransomware groups between 2022 and 2024, with about $1.1 billion paid in 2023 alone.

Akira led with the highest number of reported incidents, at 376, but BlackCat received the highest amount in payments, at approximately $395.3 million. Bangladeshi Student Behind New Botnet — A student hacker from Bangladesh is assessed to be behind a new botnet targeting WordPress and cPanel servers. “The perpetrator is using a botnet panel to distribute newly compromised websites to buyers, primarily Chinese threat actors,” Cyderes said . “The sites were primarily compromised via misconfigured WordPress and cPanel instances.” Some of the compromised websites are injected with a PHP-based web shell known as Beima PHP and leased to other threat actors for anywhere between $3 to $200.

The PHP backdoor script is designed to provide remote control over a compromised web server, allowing an attacker to manipulate files, inject arbitrary content, and rename files. The government and education sectors are the primary targets of this campaign, accounting for 76% of the compromised websites for sale. The college student claimed he is selling access to over 5,200 compromised websites through Telegram to pay for his education. Most of the operation’s customers are Chinese threat actors.

U.S. State Department Offers $10m Reward for Iranian Hacker Duo — The U.S. State Department announced a $10 million reward for two Iranian nationals linked to Iran’s cyber operations. Fatemeh Sedighian Kashi and Mohammad Bagher Shirinkar allegedly work for a company named Shahid Shushtari that operates with Iran’s Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC).

“Shahid Shushtari members have caused significant financial damage and disruption to U.S. businesses and government agencies through coordinated cyber and cyber-enabled information operations,” the State Department said . “These campaigns have targeted multiple critical infrastructure sectors, including news, shipping, travel, energy, financial, and telecommunications in the United States, Europe, and the Middle East.” The front company has also been linked to a multi-faceted campaign targeting the U.S. presidential election in August 2020.

New Arkanix and Sryxen Stealers Spotted — Two new information stealers, Arkanix and Sryxen , are being marketed as a way to steal sensitive data and make short-term, quick financial gains. “Written in C++, [Sryxen] combines DPAPI decryption for traditional browser credentials with a Chrome 127+ bypass that sidesteps Google’s new App-Bound Encryption – by simply launching Chrome headlessly and asking it to decrypt its own cookies via DevTools Protocol,” DeceptIQ said. “The anti-analysis is ‘more sophisticated’ than most commodity stealers: VEH-based code encryption means the main payload is garbage at rest, only decrypted during execution via exception handling.” The disclosures coincide with a campaign codenamed AIRedScam that uses booby-trapped AI tools shared on GitHub to deliver SmartLoader and other infostealers. “What sets AIRedScam apart is its choice in targeting Offensive Cybersecurity professionals looking for tools that can automate their enumeration and recon,” UltraViolet Cyber said .

FBI Warns of Virtual Kidnapping Ransom Scams — The U.S. Federal Bureau of Investigation (FBI) warned that scammers are demanding ransoms in fake kidnapping schemes that alter photos found on social media or other publicly available sites to use as fake proof-of-life photos. “Criminal actors typically will contact their victims through text message, claiming they have kidnapped their loved one and demand a ransom be paid for their release,” the FBI said . “The criminal actors pose as kidnappers and provide seemingly real photos or videos of victims along with demands for ransom payments.

Criminal actors will sometimes purposefully send these photos using timed message features to limit the amount of time victims have to analyze the images.” Russian Hackers Spoof European Security Events in Phishing Wave — Threat actors from Russia have continued to heavily target both Microsoft and Google environments by abusing OAuth and Device Code authentication workflows to phish credentials from end users. “These attacks involved the creation of fake websites masquerading as legitimate international security events taking place in Europe, with the aim of tricking users who registered for these events into granting unauthorized access to their accounts,” Volexity said . What’s notable about the new wave is that the attackers offer to provide “live support” to targeted users via messaging apps like Signal and WhatsApp to ensure they correctly return the URL, in the case of OAuth phishing workflows. The campaigns, a continuation of prior waves detected earlier this year, have been attributed to a cyber espionage group known as UTA0355.

Shanya PaaS Fuels New Attacks — A packer-as-a-service (PaaS) offering known as Shanya has taken over the role previously played by HeartCrypt to decrypt and load a malicious program capable of killing endpoint security solutions. The attack leverages a vulnerable legitimate driver (“ ThrottleStop.sys “) and a malicious unsigned kernel driver (“hlpdrv.sys”) to achieve its goals. “The user mode killer searches the running processes and installed services,” Sophos researchers Gabor Szappanos and Steeve Gaudreault said . “If it finds a match, it sends a kill command to the malicious kernel driver.

The malicious kernel driver abuses the vulnerable clean driver, gaining write access that enables the termination and deletion of the processes and services of the protection products.” The first deployment of the EDR killer is said to have occurred near the end of April 2025 in a Medusa ransomware attack. It has since been put to use in multiple ransomware operations, including Akira, Qilin, and Crytox. The packer has also been employed to distribute CastleRAT as part of a Booking.com-themed ClickFix campaign. 🎥 Cybersecurity Webinars

How to Detect Hidden Risks in AWS, AI, and Kubernetes — Before Attackers Do

Cloud threats are getting smarter—and harder to see.

Join our experts to learn how code-to-cloud detection reveals hidden risks across identities, AI, and Kubernetes, helping you stop attacks before they reach production. Learn How Top Teams Secure Cloud Infrastructure While Staying Fully Compliant

Securing cloud workloads isn’t just defense — it’s about enabling innovation safely. Learn practical, proven ways to strengthen access control, maintain compliance, and protect infrastructure without slowing agility. 🔧 Cybersecurity Tools RAPTOR — It is an open-source AI-powered security tool that automates code scanning, fuzzing, vulnerability analysis, exploit generation, and OSS forensics.

It’s useful when you need to quickly test software for bugs, understand whether a vulnerability is real, or gather evidence from a public GitHub repo. Instead of running many separate tools, RAPTOR chains them together and uses an AI agent to guide the process. Google Threat Intelligence Browser Extension — For security analysts and threat researchers: highlights suspicious IPs, URLs, domains, and file hashes directly in your browser. Get instant context, investigate without switching tabs, track threats, and collaborate — all while staying protected.

Available for Chrome, Edge, and Firefox. Disclaimer: These tools are for learning and research only. They haven’t been fully tested for security. If used the wrong way, they could cause harm.

Check the code first, test only in safe places, and follow all rules and laws. Conclusion Each story this week points to the same truth: the line between innovation and exploitation keeps getting thinner. Every new tool brings new risks, and every fix opens the door to the next discovery. The cycle isn’t slowing — but awareness, speed, and shared knowledge still make the biggest difference.

Stay sharp, keep your systems patched, and don’t tune out the quiet warnings. The next breach always starts small. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

How Can Retailers Cyber-Prepare for the Most Vulnerable Time of the Year?

The holiday season compresses risk into a short, high-stakes window. Systems run hot, teams run lean, and attackers time automated campaigns to get maximum return. Multiple industry threat reports show that bot-driven fraud, credential stuffing and account takeover attempts intensify around peak shopping events , especially the weeks around Black Friday and Christmas. Why holiday peaks amplify credential risk Credential stuffing and password reuse are attractive to attackers because they scale: leaked username/password lists are tested automatically against retail login portals and mobile apps, and successful logins unlock stored payment tokens, loyalty balances and shipping addresses.

These are assets that can be monetized immediately. Industry telemetry indicates adversaries “pre-stage” attack scripts and configurations in the days before major sale events to ensure access during peak traffic. Retail history also shows how vendor or partner credentials expand the blast radius. The 2013 Target breach remains a classic case: attackers used credentials stolen from an HVAC vendor to gain network access and install malware on POS systems, leading to large-scale card data theft.

That incident is a clear reminder that third-party access must be treated with the same rigor as internal accounts. Customer account security: Passwords, MFA and UX tradeoffs Retailers can’t afford to over-friction checkout flows, but they also can’t ignore the fact that most account takeover attempts start with weak, reused, or compromised passwords . Adaptive (conditional) MFA is the best compromise: prompt for a second factor when the login or transaction is risky (new device, high-value change, anomalous location) but keep the common customer journey smooth. NIST’s digital identity guidance and major vendor recommendations suggest blocking known compromised credentials, focusing on password length and entropy rather than archaic complexity rules, and moving toward phishing-resistant passwordless options such as passkeys where feasible.

Being careful with staff and third-party access can reduce the operational blast radius. Employee and partner accounts often have more authority than customer accounts. Admin consoles, POS backends, vendor portals, and remote access all deserve mandatory MFA and strict access controls. Use SSO with conditional MFA to reduce friction for legitimate staff while protecting high-risk actions, and require privileged credentials to be unique and stored in a vault or PAM system.

Incidents that illustrate the risk Target (2013) : Attackers used stolen vendor credentials to penetrate the network and deploy POS malware, showing how third-party access can enable broad compromise. Boots (2020) : Boots temporarily suspended Advantage Card payments after attackers reused credentials from other breaches to attempt logins, affecting roughly 150,000 customer accounts and forcing an operational response to protect loyalty balances. Zoetop / SHEIN (investigation and settlement) : New York’s Attorney General found Zoetop inadequately handled a large credential compromise, resulting in enforcement action and fines, an example of how poor breach response and weak password handling amplify risk. Technical controls to prevent credential abuse at scale Peak season requires layered defenses that stop automated abuse without creating friction for real users: Bot management and device-behavior fingerprints to separate human shoppers from scripted attacks.

Rate limits and progressive challenge escalation to slow credential-testing campaigns. Credential-stuffing detection that flags behavioral patterns, not just volume. IP reputation and threat intelligence to block known malicious sources. Invisible or risk-based challenge flows instead of aggressive CAPTCHAs that harm conversion.

Industry reports repeatedly call out bot automation and “pre-staged” attack configs as primary drivers of holiday fraud, so investing in these controls ahead of peak weeks pays off. Operational continuity: Test failovers before they’re needed Authentication providers and SMS routes can fail. And if they do during peak trading, the result can be lost revenue and long queues. Retailers should test and document failover procedures: Pre-approved emergency access via short-lived, auditable credentials in a secure vault.

Manual verification of workflows for in-store or phone purchases. Tabletop exercises and load testing that include MFA and SSO failovers. These steps protect revenue as much as they protect data. Where Specops Password Policy helps Specops Password Policy addresses several high-impact controls retailers need before peak weeks: Block compromised and common passwords by checking resets and new passwords against known breach datasets.

Continuously scanning your Active Directory against our database of over 4.5 billion compromised passwords Enforce user-friendly rules (passphrases, pattern blocklists) that improve security without adding help-desk overhead. Integrate with Active Directory for rapid enforcement across POS, admin, and backend systems. Provide operational telemetry so you can spot risky password patterns and ATO attempts early. Book a live walkthrough of Specops Password Policy with an expert today .

Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Android Malware FvncBot, SeedSnatcher, and ClayRat Gain Stronger Data Theft Features

Cybersecurity researchers have disclosed details of two new Android malware families dubbed FvncBot and SeedSnatcher , as another upgraded version of ClayRat has been spotted in the wild. The findings come from Intel 471 , CYFIRMA , and Zimperium , respectively. FvncBot, which masquerades as a security app developed by mBank, targets mobile banking users in Poland. What’s notable about the malware is that it’s completely written from scratch and is not inspired by other Android banking trojans like ERMAC that have had their source code leaked.

The malware “implemented multiple features including keylogging by abusing Android’s accessibility services, web-inject attacks, screen streaming and hidden virtual network computing (HVNC) to perform successful financial fraud,” Intel 471 said. Similar to the recently uncovered Albiriox banking malware, the malware is protected by a crypting service known as apk0day that’s offered by Golden Crypt. The malicious app acts as a loader by installing the embedded FvncBot payload. As soon as the dropper app is launched, users are prompted to install a Google Play component to ensure the security and stability of the app, when, in reality, it leads to the deployment of the malware by making use of a session-based approach that has been adopted by other threat actors to bypass accessibility restrictions on Android devices running versions 13 and newer.

“During the malware runtime, the log events were sent to the remote server at the naleymilva.it.com domain to track the current status of the bot,” Intel 471 said. “The operators included a build identifier call_pl, which indicated Poland as a targeted country, and the malware version was set to 1.0-P, suggesting an early stage of development. The malware then proceeds to ask the victim to grant it accessibility services permissions, allowing it to operate with elevated privileges and connect to an external server over HTTP to register the infected device and receive commands in return using the Firebase Cloud Messaging (FCM) service. FvncBot’s process enabling the accessibility service Some of the support functions are listed below - Start/stop a WebSocket connection to remotely control the device and swipe, click, or scroll to navigate the device’s screen Exfiltrate logged accessibility events to the controller Exfiltrate list of installed applications Exfiltrate device information and bot configuration Receive configuration to serve malicious overlays atop targeted applications Show a full screen overlay to capture and exfiltrate sensitive data Hide an overlay Check accessibility services status Abuse accessibility services to log keystrokes Fetch pending commands from the controller Abuse Android’s MediaProjection API to stream screen content FvncBot also facilitates what’s called a text mode to inspect the device screen layout and content even in scenarios where an app prevents screenshots from being taken by setting the FLAG_SECURE option .

It’s currently not known how FvncBot is distributed, but Android banking trojans are known to leverage SMS phishing and third-party app stores as a propagation vector. “Android’s accessibility service is intended to aid users with disabilities, but it also can give attackers the ability to know when certain apps are launched and overwrite the screen’s display,” Intel 471 said. “Although this particular sample was configured to target Polish-speaking users, it is plausible we will observe this theme shifting to target other regions or to impersonate other Polish institutions.” While FvncBot’s core focus is on data theft, SeedSnatcher – distributed under the name Coin through Telegram – is designed to enable the theft of cryptocurrency wallet seed phrases. It also supports the ability to intercept incoming SMS messages to steal two-factor authentication (2FA) codes for account takeovers, as well as capture device data, contacts, call logs, files, and sensitive data by displaying phishing overlays.

It’s assessed that the operators of SeedSnatcher are either China-based or Chinese-speaking based on the presence of Chinese language instructions shared via Telegram and the stealer’s control panel. “The malware leverages advanced techniques to evade detection, including dynamic class loading, stealthy WebView content injection, and integer-based command-and-control instructions,” CYFIRMA said. “While initially requesting minimal runtime permissions such as SMS access, it later escalates privileges to access the Files manager, overlays, contacts, call logs, and more.” The developments come as Zimperium zLabs said it discovered an improved version of ClayRat that has been updated to abuse accessibility services along with exploiting its default SMS permissions, making it a more potent threat capable of recording keystrokes and the screen, serving different overlays like a system update screen to conceal malicious activity, and creating fake interactive notifications to steal victims’ responses. ClayRat’s default SMS and accessibility permission The expansion in ClayRat’s capabilities, in a nutshell, facilitates full device takeover through accessibility services abuse, automated unlocking of device PIN/password/pattern, screen recording, notification harvesting, and persistent overlays.

ClayRat has been disseminated via 25 fraudulent phishing domains that impersonate legitimate services like YouTube, advertising a Pro version for background playback and 4K HDR support. Dropper apps distributing the malware have also been found to mimic Russian taxi and parking applications. “Together, these capabilities make ClayRat a more dangerous spyware compared to its previous version where the victim could uninstall the application or turn off the device upon detecting the infection,” researchers Vishnu Pratapagiri and Fernando Ortega said. Found this article interesting?

Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Sneeit WordPress RCE Exploited in the Wild While ICTBroadcast Bug Fuels Frost Botnet Attacks

A critical security flaw in the Sneeit Framework plugin for WordPress is being actively exploited in the wild, per data from Wordfence. The remote code execution vulnerability in question is CVE-2025-6389 (CVSS score: 9.8), which affects all versions of the plugin prior to and including 8.3. It has been patched in version 8.4, released on August 5, 2025. The plugin has more than 1,700 active installations.

“This is due to the [sneeit_articles_pagination_callback()] function accepting user input and then passing that through call_user_func(),” Wordfence said . “This makes it possible for unauthenticated attackers to execute code on the server, which can be leveraged to inject backdoors or, for example, create new administrative user accounts.” In other words, the vulnerability can be leveraged to call an arbitrary PHP function, such as wp_insert_user(), to insert a malicious administrator user, which an attacker can then weaponize to seize control of the site and inject malicious code that can redirect site visitors to other sketchy sites, malware, or spam. Wordfence said in-the-wild exploitation commenced on November 24, 2025, the same day it was publicly disclosed, with the company blocking over 131,000 attempts targeting the flaw. Out of these, 15,381 attack attempts were recorded over the past 24 hours alone.

Some of the efforts include sending specially crafted HTTP requests to the “/wp-admin/admin-ajax.php” endpoint to create a malicious admin user account like “arudikadis” and upload a malicious PHP file “tijtewmg.php” that likely grants backdoor access. The attacks have originated from the following IP addresses - 185.125.50[.]59 182.8.226[.]51 89.187.175[.]80 194.104.147[.]192 196.251.100[.]39 114.10.116[.]226 116.234.108[.]143 The WordPress security company said it also observed malicious PHP files that come with capabilities to scan directories, read, edit, or delete files and their permissions, and allow for the extraction of ZIP files. These PHP files go by the names “xL.php,” “Canonical.php,” “.a.php,” and “simple.php.” The “xL.php” shell, per Wordfence, is downloaded by another PHP file called “up_sf.php” that’s designed to exploit the vulnerability. It also downloads an “.htaccess” file from an external server (“racoonlab[.]top”) onto the compromised host.

“This .htaccess file ensures that access to files with certain file extensions is granted on Apache servers,” István Márton said. “This is useful in cases where other .htaccess files prohibit access to scripts, for example, in upload directories.” ICTBroadcast Flaw Exploited to Deliver “Frost” DDoS Botnet The disclosure comes as VulnCheck said it observed fresh attacks exploiting a critical ICTBroadcast flaw ( CVE-2025-2611 , CVSS score: 9.3) targeting its honeypot systems to download a shell script stager that downloads multiple architecture-specific versions of a binary called “frost.” Each of the downloaded versions is executed, followed by the deletion of the payloads and the stager itself to cover up traces of the activity. The end goal of the activity is to carry out distributed denial-of-service (DDoS) attacks against targets of interest. “The ‘frost’ binary combines DDoS tooling with spreader logic that includes fourteen exploits for fifteen CVEs,” VulnCheck’s Jacob Baines said .

“The important part is how it spreads. The operator is not carpet bombing the internet with exploits. ‘Frost’ checks the target first and only proceeds with exploitation when it sees the specific indicators it expects.” For instance, the binary exploits CVE-2025-1610 only after receiving an HTTP response that contains “Set-Cookie: user=(null)” and then a follow-on response to a second request that contains “Set-Cookie: user=admin.” If those markers are not present, the binary stays dormant and does nothing. The attacks are launched from the IP address 87.121.84[.]52.

While the identified vulnerabilities have been exploited by various DDoS botnets, evidence points to the latest attacks being a small, targeted operation, given that there are fewer than 10,000 internet-exposed systems that are susceptible to them. “This limits how large a botnet built on these CVEs can get, which makes this operator a relatively small player,” Baines said. “Notably, the ICTBroadcast exploit that delivered this sample does not appear in the binary, which indicates the operator has additional capabilities not visible here.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

MuddyWater Deploys UDPGangster Backdoor in Targeted Turkey-Israel-Azerbaijan Campaign

The Iranian hacking group known as MuddyWater has been observed leveraging a new backdoor dubbed UDPGangster that uses the User Datagram Protocol (UDP) for command-and-control (C2) purposes. The cyber espionage activity targeted users in Turkey, Israel, and Azerbaijan, according to a report from Fortinet FortiGuard Labs. “This malware enables remote control of compromised systems by allowing attackers to execute commands, exfiltrate files, and deploy additional payloads – all communicated through UDP channels designed to evade traditional network defenses,” security researcher Cara Lin said . The attack chain involves using spear-phishing tactics to distribute booby-trapped Microsoft Word documents that trigger the execution of a malicious payload once macros are enabled.

Some of the phishing messages impersonate the Turkish Republic of Northern Cyprus Ministry of Foreign Affairs and purport to invite recipients to an online seminar titled “Presidential Elections and Results.” Attached along with the emails are a ZIP file (“seminer.zip”) and a Word document (“seminer.doc”). The ZIP file also contains the same Word file, opening which users are asked to enable macros to stealthily execute embedded VBA code. For its part, the VBA script in the dropper file is equipped to conceal any sign of malicious activity by displaying a Hebrew-language decoy image from Israeli telecommunications provider Bezeq about supposed disconnection periods in the first week of November 2025 across various cities in the country. “The macro uses the Document_Open() event to automatically execute, decoding Base64-encoded data from a hidden form field (UserForm1.bodf90.Text) and writing the decoded content to C:\Users\Public\ui.txt,” Lin explained.

“It then executes this file using the Windows API CreateProcessA, launching the UDPGangster payload.” UDPGangster establishes persistence through Windows Registry modifications and boasts of various anti-analysis checks to resist efforts made by security researchers to take it apart. This includes - Verifying if the process is being debugged Analyzing CPU configurations for sandboxes or virtual machines Determining if the system has less than 2048 MB of RAM Retrieving network adapter information to validate if the MAC address prefix matches a list of known virtual machine vendors Validating if the computer is part of the default Windows workgroup rather than a joined domain Examining running processes for tools like VBoxService.exe, VBoxTray.exe, vmware.exe, and vmtoolsd.exe Running Registry scans to searches for matches to known virtualization vendor identifiers, such as VBox, VMBox, QEMU, VIRTUAL, VIRTUALBOX, VMWARE, and Xen Searching for known sandboxing or debugging tools, and Ascertaining whether the file is running in an analysis environment It’s only after these checks are satisfied does UDPGangster proceed to gather system information and connects to an external server (“157.20.182[.]75”) over UDP port 1269 to exfiltrate collected data, run commands using “cmd.exe,” transmit files, update C2 server, and drop and execute additional payloads. “UDPGangster uses macro-based droppers for initial access and incorporates extensive anti-analysis routines to evade detection,” Lin said. “Users and organizations should remain cautious of unsolicited documents, particularly those requesting macro activation.” The development comes days after ESET attributed the threat actor to attacks spanning academia, engineering, local government, manufacturing, technology, transportation, and utilities sectors in Israel that delivered another backdoor referred to as MuddyViper .

Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Researchers Uncover 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks

Over 30 security vulnerabilities have been disclosed in various artificial intelligence (AI)-powered Integrated Development Environments (IDEs) that combine prompt injection primitives with legitimate features to achieve data exfiltration and remote code execution. The security shortcomings have been collectively named IDEsaster by security researcher Ari Marzouk (MaccariTA). They affect popular IDEs and extensions such as Cursor, Windsurf, Kiro.dev, GitHub Copilot, Zed.dev, Roo Code, Junie, and Cline, among others. Of these, 24 have been assigned CVE identifiers.

“I think the fact that multiple universal attack chains affected each and every AI IDE tested is the most surprising finding of this research,” Marzouk told The Hacker News. “All AI IDEs (and coding assistants that integrate with them) effectively ignore the base software (IDE) in their threat model. They treat their features as inherently safe because they’ve been there for years. However, once you add AI agents that can act autonomously, the same features can be weaponized into data exfiltration and RCE primitives.” At its core, these issues chain three different vectors that are common to AI-driven IDEs - Bypass a large language model’s (LLM) guardrails to hijack the context and perform the attacker’s bidding (aka prompt injection) Perform certain actions without requiring any user interaction via an AI agent’s auto-approved tool calls Trigger an IDE’s legitimate features that allow an attacker to break out of the security boundary to leak sensitive data or execute arbitrary commands The highlighted issues are different from prior attack chains that have leveraged prompt injections in conjunction with vulnerable tools (or abusing legitimate tools to perform read or write actions) to modify an AI agent’s configuration to achieve code execution or other unintended behavior.

What makes IDEsaster notable is that it takes prompt injection primitives and an agent’s tools, using them to activate legitimate features of the IDE to result in information leakage or command execution. Context hijacking can be pulled off in myriad ways, including through user-added context references that can take the form of pasted URLs or text with hidden characters that are not visible to the human eye, but can be parsed by the LLM. Alternatively, the context can be polluted by using a Model Context Protocol (MCP) server through tool poisoning or rug pulls , or when a legitimate MCP server parses attacker-controlled input from an external source. Some of the identified attacks made possible by the new exploit chain is as follows - CVE-2025-49150 (Cursor), CVE-2025-53097 (Roo Code), CVE-2025-58335 (JetBrains Junie), GitHub Copilot (no CVE), Kiro.dev (no CVE), and Claude Code (addressed with a security warning )

• Using a prompt injection to read a sensitive file using either a legitimate (“read_file”) or vulnerable tool (“search_files” or “search_project”) and writing a JSON file via a legitimate tool (“write_file” or “edit_file)) with a remote JSON schema hosted on an attacker-controlled domain, causing the data to be leaked when the IDE makes a GET request CVE-2025-53773 (GitHub Copilot), CVE-2025-54130 (Cursor), CVE-2025-53536 (Roo Code), CVE-2025-55012 (Zed.dev), and Claude Code (addressed with a security warning )
• Using a prompt injection to edit IDE settings files (“.vscode/settings.json” or “.idea/workspace.xml”) to achieve code execution by setting “php.validate.executablePath” or “PATH_TO_GIT” to the path of an executable file containing malicious code CVE-2025-64660 (GitHub Copilot), CVE-2025-61590 (Cursor), and CVE-2025-58372 (Roo Code)
• Using a prompt injection to edit workspace configuration files (*.code-workspace) and override multi-root workspace settings to achieve code execution It’s worth noting that the last two examples hinge on an AI agent being configured to auto-approve file writes, which subsequently allows an attacker with the ability to influence prompts to cause malicious workspace settings to be written.

But given that this behavior is auto-approved by default for in-workspace files, it leads to arbitrary code execution without any user interaction or the need to reopen the workspace. With prompt injections and jailbreaks acting as the first step for the attack chain, Marzouk offers the following recommendations - Only use AI IDEs (and AI agents) with trusted projects and files. Malicious rule files, instructions hidden inside source code or other files (README), and even file names can become prompt injection vectors. Only connect to trusted MCP servers and continuously monitor these servers for changes (even a trusted server can be breached).

Review and understand the data flow of MCP tools (e.g., a legitimate MCP tool might pull information from attacker controlled source, such as a GitHub PR) Manually review sources you add (such as via URLs) for hidden instructions (comments in HTML / css-hidden text / invisible unicode characters, etc.) Developers of AI agents and AI IDEs are advised to apply the principle of least privilege to LLM tools, minimize prompt injection vectors, harden the system prompt, use sandboxing to run commands, perform security testing for path traversal, information leakage, and command injection. The disclosure coincides with the discovery of several vulnerabilities in AI coding tools that could have a wide range of impacts - A command injection flaw in OpenAI Codex CLI ( CVE-2025-61260 ) that takes advantage of the fact that the program implicitly trusts commands configured via MCP server entries and executes them at startup without seeking a user’s permission. This could lead to arbitrary command execution when a malicious actor can tamper with the repository’s “.env” and “./.codex/config.toml” files. An indirect prompt injection in Google Antigravity using a poisoned web source that can be used to manipulate Gemini into harvesting credentials and sensitive code from a user’s IDE and exfiltrating the information using a browser subagent to browse to a malicious site.

Multiple vulnerabilities in Google Antigravity that could result in data exfiltration and remote command execution via indirect prompt injections, as well as leverage a malicious trusted workspace to embed a persistent backdoor to execute arbitrary code every time the application is launched in the future. A new class of vulnerability named PromptPwnd that targets AI agents connected to vulnerable GitHub Actions (or GitLab CI/CD pipelines) with prompt injections to trick them into executing built-in privileged tools that lead to information leak or code execution. As agentic AI offerings are becoming increasingly popular in enterprise environments, these findings demonstrate how AI tools expand the attack surface of development machines, often by leveraging an LLM’s inability to distinguish between instructions provided by a user to complete a task and content that it may ingest from an external source, which, in turn, can contain an embedded malicious prompt. “Any repository using AI for issue triage, PR labeling, code suggestions, or automated replies is at risk of prompt injection, command injection, secret exfiltration, repository compromise and upstream supply chain compromise,” Aikido researcher Rein Daelman said.

Marzouk also said the discoveries emphasized the importance of “Secure for AI,” which is a new paradigm that has been coined by the researcher to tackle security challenges introduced by AI features, thereby ensuring that products are not only secure by default and secure by design, but are also conceived keeping in mind how AI components can be abused over time. “This is another example of why the ‘Secure for AI’ principle is needed,” Marzouk said. “Connecting AI agents to existing applications (in my case IDE, in their case GitHub Actions) creates new emerging risks.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Critical React2Shell Flaw Added to CISA KEV After Confirmed Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday formally added a critical security flaw impacting React Server Components (RSC) to its Known Exploited Vulnerabilities ( KEV ) catalog following reports of active exploitation in the wild. The vulnerability, CVE-2025-55182 (CVSS score: 10.0), relates to a case of remote code execution that could be triggered by an unauthenticated attacker without requiring any special setup. It’s also tracked as React2Shell.

“Meta React Server Components contains a remote code execution vulnerability that could allow unauthenticated remote code execution by exploiting a flaw in how React decodes payloads sent to React Server Function endpoints,” CISA said in an advisory. The problem stems from insecure deserialization in the library’s Flight protocol, which React uses to communicate between a server and client. As a result, it leads to a scenario where an unauthenticated, remote attacker can execute arbitrary commands on the server by sending specially crafted HTTP requests. “The process of converting text into objects is widely considered one of the most dangerous classes of software vulnerabilities,” Martin Zugec, technical solutions director at Bitdefender, said .

“The React2Shell vulnerability resides in the react-server package, specifically in how it parses object references during deserialization.” The vulnerability has been addressed versions 19.0.1, 19.1.2, and 19.2.1 of the following libraries - react-server-dom-webpack react-server-dom-parcel react-server-dom-turbopack Some of the downstream frameworks that depend on React are also impacted. This includes: Next.js, React Router, Waku, Parcel, Vite, and RedwoodSDK. The development comes after Amazon reported that it observed attack attempts originating from infrastructure associated with Chinese hacking groups like Earth Lamia and Jackpot Panda within hours of public disclosure of the flaw. Coalition , Fastly , GreyNoise , VulnCheck , and Wiz have also reported seeing exploitation efforts targeting the flaw, indicating that multiple threat actors are engaging in opportunistic attacks.

Image Source: GreyNoise Some of the attacks have involved the deployment of cryptocurrency miners, as well as the execution of “cheap math” PowerShell commands to ascertain successful exploitation, followed by running commands to drop in-memory downloaders capable of retrieving an additional payload from a remote server. Jacob Baines, VulnCheck CTO, told The Hacker News that the company has also seen “a lot of attacks from RondoDox botnet,” which has been steadily expanding its arsenal of N-day vulnerabilities in recent months. Other attacks have distributed Mirai and cryptocurrency miners, as well as running simple checks to determine if the server is vulnerable or run commands like “whoami.” “So far, we are not seeing any of the tricky payloads like in memory web shells/reverse shells,” Baines added. “Generally speaking, we aren’t seeing typical reverse shells.

When an attacker wants to gain execution, it appears that all we are seeing is downloading secondary payloads and executing them.” According to data shared by attack surface management platform Censys, there are about 2.15 million instances of internet-facing services that may be affected by this vulnerability. This comprises exposed web services using React Server Components and exposed instances of frameworks such as Next.js, Waku, React Router, and RedwoodSDK. The Shadowserver Foundation said it has detected 28,964 IP addresses vulnerable to the React2Shell flaw as of December 7, 2025, down from 77,664 on December 5, with approximately 10,100 located in the U.S., 3,200 in Germany, and 1,690 in China. In a statement shared with The Hacker News, Palo Alto Networks Unit 42 said it has confirmed over 30 affected organizations across numerous sectors, with one set of activity consistent with a Chinese hacking crew tracked as UNC5174 (aka CL-STA-1015).

The attacks are characterized by the deployment of SNOWLIGHT and VShell . “We have observed scanning for vulnerable RCE, reconnaissance activity, attempted theft of AWS configuration and credential files, as well as installation of downloaders to retrieve payloads from attacker command and control infrastructure,” Justin Moore, senior manager of threat intel research at Palo Alto Networks Unit 42, said. Security researcher Lachlan Davidson, who is credited with discovering and reporting the flaw, has since released multiple proof-of-concept (PoC) exploits, making it imperative that users update their instances to the latest version as soon as possible. Another working PoC has been published by a Taiwanese researcher who goes by the GitHub handle maple3142.

Pursuant to Binding Operational Directive (BOD) 22-01, Federal Civilian Executive Branch (FCEB) agencies have until December 26, 2025, to apply the necessary updates to secure their networks. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Zero-Click Agentic Browser Attack Can Delete Entire Google Drive Using Crafted Emails

A new agentic browser attack targeting Perplexity’s Comet browser that’s capable of turning a seemingly innocuous email into a destructive action that wipes a user’s entire Google Drive contents, findings from Straiker STAR Labs show. The zero-click Google Drive Wiper technique hinges on connecting the browser to services like Gmail and Google Drive to automate routine tasks by granting them access to read emails, as well as browse files and folders, and perform actions like moving, renaming, or deleting content. For instance, a prompt issued by a benign user might look like this: “Please check my email and complete all my recent organization tasks.” This will cause the browser agent to search the inbox for relevant messages and perform the necessary actions. “This behavior reflects excessive agency in LLM-powered assistants where the LLM performs actions that go far beyond the user’s explicit request,” security researcher Amanda Rousseau said in a report shared with The Hacker News.

An attacker can weaponize this behavior of the browser agent to send a specially crafted email that embeds natural language instructions to organize the recipient’s Drive as part of a regular cleanup task, delete files matching certain extensions or files that are not inside any folder, and review the changes. Given that the agent interprets the email message as routine housekeeping, it treats the instructions as legitimate and deletes real user files from Google Drive without requiring any user confirmation. “The result: a browser-agent-driven wiper that moves critical content to trash at scale, triggered by one natural-language request from the user,” Rousseau said. “Once an agent has OAuth access to Gmail and Google Drive, abused instructions can propagate quickly across shared folders and team drives.” What’s notable about this attack is that it neither relies on a jailbreak nor a prompt injection.

Rather, it achieves its goal by simply being polite, providing sequential instructions, and using phrases like “take care of,” “handle this,” and “do this on my behalf,” that shift the ownership to the agent. In other words, the attack highlights how sequencing and tone can nudge the large language model (LLM) to comply with malicious instructions without even bothering to check if each of those steps is actually safe. To counter the risks posed by the threat, it’s advised to take steps to secure not just the model, but also the agent, its connectors, and the natural language instructions it follows through. “Agentic browser assistants turn everyday prompts into sequences of powerful actions across Gmail and Google Drive,” Rousseau said.

“When those actions are driven by untrusted content (especially polite, well-structured emails) organizations inherit a new class of zero-click data-wiper risk.” HashJack Exploits URL Fragments for Indirect Prompt Injection The disclosure comes as Cato Networks demonstrated another attack aimed at artificial intelligence (AI)-powered browsers that hides rogue prompts after the “#” symbol in legitimate URLs (e.g., “www.example[.]com/home#") to deceive the agents into executing them. The technique has been dubbed HashJack. In order to trigger the client-side attack, a threat actor can share such a specially crafted URL via email, social media, or by embedding it directly on a web page. Once the victim loads the page and asks the AI browser a relevant question, it executes the hidden prompt.

“HashJack is the first known indirect prompt injection that can weaponize any legitimate website to manipulate AI browser assistants,” security researcher Vitaly Simonovich said . “Because the malicious fragment is embedded in a real website’s URL, users assume the content is safe while hidden instructions secretly manipulate the AI browser assistant.” Following responsible disclosure, Google classified it as “won’t fix (intended behavior)” and low severity, while Perplexity and Microsoft have released patches for their respective AI browsers (Comet v142.0.7444.60 and Edge 142.0.3595.94). Claude for Chrome and OpenAI Atlas have been found to be immune to HashJack. It’s worth noting that Google does not treat policy-violating content generation and guardrail bypasses as security vulnerabilities under its AI Vulnerability Reward Program (AI VRP).

Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Critical XXE Bug CVE-2025-66516 (CVSS 10.0) Hits Apache Tika, Requires Urgent Patch

A critical security flaw has been disclosed in Apache Tika that could result in an XML external entity ( XXE ) injection attack. The vulnerability, tracked as CVE-2025-66516 , is rated 10.0 on the CVSS scoring scale, indicating maximum severity. “Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF,” according to an advisory for the vulnerability. It affects the following Maven packages - org.apache.tika:tika-core >= 1.13, <= 3.2.1 (Patched in version 3.2.2) org.apache.tika:tika-parser-pdf-module >= 2.0.0, <= 3.2.1 (Patched in version 3.2.2) org.apache.tika:tika-parsers >= 1.13, < 2.0.0 (Patched in version 2.0.0) XXE injection refers to a web security vulnerability that allows an attacker to interfere with an application’s processing of XML data.

This, in turn, makes it possible to access files on the application server file system and, in some cases, even, achieve remote code execution. CVE-2025-66516 is assessed to be the same as CVE-2025-54988 (CVSS score: 8.4), another XXE flaw in the content detection and analysis framework that was patched by the project maintainers in August 2025. The new CVE, the Apache Tika team said, expands the scope of affected packages in two ways. “First, while the entrypoint for the vulnerability was the tika-parser-pdf-module as reported in CVE-2025-54988, the vulnerability and its fix were in tika-core,” the team said.

“Users who upgraded the tika-parser-pdf-module but did not upgrade tika-core to >= 3.2.2 would still be vulnerable.” “Second, the original report failed to mention that in the 1.x Tika releases, the PDFParser was in the “org.apache.tika:tika-parsers” module.” In light of the criticality of the vulnerability, users are advised to apply the updates as soon as possible to mitigate potential threats. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Chinese Hackers Have Started Exploiting the Newly Disclosed React2Shell Vulnerability

Two hacking groups with ties to China have been observed weaponizing the newly disclosed security flaw in React Server Components (RSC) within hours of it becoming public knowledge. The vulnerability in question is CVE-2025-55182 (CVSS score: 10.0), aka React2Shell , which allows unauthenticated remote code execution . It has been addressed in React versions 19.0.1, 19.1.2, and 19.2.1. According to a new report shared by Amazon Web Services (AWS), two China-linked threat actors known as Earth Lamia and Jackpot Panda have been observed attempting to exploit the maximum-severity security flaw.

“Our analysis of exploitation attempts in AWS MadPot honeypot infrastructure has identified exploitation activity from IP addresses and infrastructure historically linked to known China state-nexus threat actors,” CJ Moses, CISO of Amazon Integrated Security, said in a report shared with The Hacker News. Specifically, the tech giant said it identified infrastructure associated with Earth Lamia , a China-nexus group that was attributed to attacks exploiting a critical SAP NetWeaver flaw (CVE-2025-31324) earlier this year. The hacking crew has targeted sectors across financial services, logistics, retail, IT companies, universities, and government organizations across Latin America, the Middle East, and Southeast Asia. The attack efforts have also originated from infrastructure related to another China-nexus cyber threat actor known as Jackpot Panda , which has primarily singled out entities that are either engaged in or support online gambling operations in East and Southeast Asia.

Jackpot Panda, per CrowdStrike, is assessed to be active since at least 2020, and has targeted trusted third-party relationships in an attempt to deploy malicious implants and gain initial access. Notably, the threat actor was connected to the supply chain compromise of a chat app known as Comm100 in September 2022. The activity is tracked by ESET as Operation ChattyGoblin . It has since emerged that a Chinese hacking contractor, I-Soon, may have been involved in the supply chain attack , citing infrastructure overlaps .

Interestingly, attacks mounted by the group in 2023 have primarily focused on Chinese-speaking victims, indicating possible domestic surveillance. “Beginning in May 2023, the adversary used a trojanized installer for CloudChat, a China-based chat application popular with illegal, Chinese-speaking gambling communities in Mainland China,” CrowdStrike said in its Global Threat Report released last year. “The trojanized installer served from CloudChat’s website contained the first stage of a multi-step process that ultimately deployed XShade – a novel implant with code that overlaps with Jackpot Panda’s unique CplRAT implant.” Amazon said it also detected threat actors exploiting 2025-55182 along with other N-day flaws, including a vulnerability in NUUO Camera ( CVE-2025-1338 , CVSS score: 7.3), suggesting broader attempts to scan the internet for unpatched systems. The observed activity involves attempts to run discovery commands (e.g., whoami), write files (“/tmp/pwned.txt”), and read files containing sensitive information (e.g., “/etc/passwd”).

“This demonstrates a systematic approach: threat actors monitor for new vulnerability disclosures, rapidly integrate public exploits into their scanning infrastructure, and conduct broad campaigns across multiple Common Vulnerabilities and Exposures (CVEs) simultaneously to maximize their chances of finding vulnerable targets,” Moses said. Cloudflare Blames Outage on React2Shell Patch The development comes as Cloudflare experienced a brief but widespread outage that caused websites and online platforms to return a “500 Internal Server Error” message. “A change made to how Cloudflare’s Web Application Firewall parses requests caused Cloudflare’s network to be unavailable for several minutes this morning,” the web infrastructure provider said in a statement Friday. “This was not an attack; the change was deployed by our team to help mitigate the industry-wide vulnerability disclosed this week in React Server Components.” Found this article interesting?

Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Intellexa Leaks Reveal Zero-Days and Ads-Based Vector for Predator Spyware Delivery

A human rights lawyer from Pakistan’s Balochistan province received a suspicious link on WhatsApp from an unknown number, marking the first time a civil society member in the country was targeted by Intellexa’s Predator spyware, Amnesty International said in a report. The link, the non-profit organization said, is a “Predator attack attempt based on the technical behaviour of the infection server, and on specific characteristics of the one-time infection link which were consistent with previously observed Predator 1-click links.” Pakistan has dismissed the allegations, stating “there is not an iota of truth in it.” The findings come from a new joint investigation published in collaboration with Israeli newspaper Haaretz, Greek news site Inside Story, and Swiss tech site Inside IT. It’s based on documents and other materials leaked from the company, including internal documents, sales and marketing material, and training videos. Intellexa is the maker of a mercenary spyware tool called Predator that, similar to NSO Group’s Pegasus, can covertly harvest sensitive data from targets’ Android and iOS devices without their knowledge.

The leaks show that Predator has also been marketed as Helios, Nova, Green Arrow, and Red Arrow. Often, this involves using different initial access vectors like messaging platforms that weaponize previously undisclosed flaws to stealthily install the spyware either via a zero-click or 1-click approach. The attack, therefore, requires a malicious link to be opened in the target’s phone in order to trigger the infection. Should the victim end up clicking the booby-trapped link, a browser exploit for Google Chrome (on Android) or Apple Safari (on iOS) is loaded to gain initial access to the device and download the main spyware payload.

According to data from Google Threat Intelligence Group (GTIG), Intellexa has been linked to the exploitation of the following zero-days, either developed in-house or procured from external entities - CVE-2025-48543

• Use-after-free in Android Runtime (Google) CVE-2025-6554
• Type confusion in V8 (Google Chrome) CVE-2023-41993
• WebKit JIT RCE (Apple Safari) CVE-2023-41992
• Kernel IPC use-after-free (Apple) CVE-2023-41991
• Certificate validation bypass in Security framework (Apple) CVE-2024-4610
• Use-after-free in Bifrost GPU and Valhall GPU Kernel Driver (Arm) CVE-2023-4762
• Type confusion in V8 (Google Chrome) CVE-2023-3079
• Type confusion in V8 (Google Chrome) CVE-2023-2136
• Integer overflow in Skia (Google Chrome) CVE-2023-2033
• Use-after-free in V8 (Google Chrome) CVE-2021-38003
• Inappropriate implementation in V8 (Google Chrome) CVE-2021-38000
• Insufficient validation of untrusted input in Intents (Google Chrome) CVE-2021-37976
• Information leak in memory_instrumentation (Google Chrome) CVE-2021-37973
• Use-after-free in Portals (Google Chrome) CVE-2021-1048
• Use-after-free in Android Kernel (Google) One such iOS zero-day exploit chain used against targets in Egypt in 2023 involved leveraging CVE-2023-41993 and a framework named JSKit to perform native code execution. GTIG said it observed the same exploit and framework used in a watering hole attack orchestrated by Russian government-backed hackers against Mongolian government websites, raising the possibility that the exploits are being sourced from a third-party. Marketing brochure presenting the capabilities of Intellexa’s spyware product “The JSKit framework is well maintained, supports a wide range of iOS versions, and is modular enough to support different Pointer Authentication Code (PAC) bypasses and code execution techniques,” Google explained . “The framework can parse in-memory Mach-O binaries to resolve custom symbols and can ultimately manually map and execute Mach-O binaries directly from memory.” Screenshot of an example PDS (Predator Delivery Studio) dashboard interface used to manage targets and view collected surveillance data Following the exploitation of CVE-2023-41993, the attack moved to the second stage to break out of the Safari sandbox and execute an untrusted third-stage payload dubbed PREYHUNTER by taking advantage of CVE-2023-41991 and CVE-2023-41992.

PREYHUNTER consists of two modules - Watcher, which monitors crashes, makes sure that the infected device does not exhibit any suspicious behavior, and proceeds to terminate the exploitation process if such patterns are detected Helper, which communicates with the other parts of the exploit via a Unix socket and deploys hooks to record VoIP conversations, run a keylogger, and capture pictures from the camera Intellexa is also said to be using a custom framework that facilitates the exploitation of various V8 flaws in Chrome – i.e., CVE-2021-38003, CVE-2023-2033, CVE-2023-3079, CVE-2023-4762, and CVE-2025-6554 – with the abuse of CVE-2025-6554 observed in June 2025 in Saudi Arabia. Once the tool is installed, it collects data from messaging apps, calls, emails, device locations, screenshots, passwords, and other on-device information and exfiltrates them to an external server physically located in the customer’s country. Predator also comes fitted with the ability to activate the device’s microphone to silently capture ambient audio and leverage the camera to take photos. The company, along with some key executives, was subjected to U.S.

sanctions last year for developing and distributing the surveillance tool and undermining civil liberties. Despite continued public reporting, Recorded Future’s Insikt Group disclosed in June 2025 that it detected Predator-related activity in over a dozen countries, primarily in Africa, suggesting “growing demand for spyware tools.” Perhaps the most significant revelation is that people working at Intellexa allegedly had the capability to remotely access the surveillance systems of at least some of its customers, including those located on the premises of its governmental customers, using TeamViewer. “The fact that, at least in some cases, Intellexa appears to have retained the capability to remotely access Predator customer logs – allowing company staff to see details of surveillance operations and targeted individuals raises questions about its own human rights due diligence processes,” Jurre van Bergen, technologist at Amnesty International Security Lab, said in a news release. “If a mercenary spyware company is found to be directly involved in the operation of its product, then by human rights standards, it could potentially leave them open to claims of liability in cases of misuse and if any human rights abuses are caused by the use of spyware.” The report has also highlighted the different delivery vectors adopted by Intellexa to trigger the opening of the malicious link without the need for the target to manually click on it.

This includes tactical vectors like Triton (disclosed in October 2023), Thor, and Oberon (both unknown at this stage), as well as strategic vectors that are delivered remotely via the internet or mobile network. The three strategic vectors are listed below - Mars and Jupiter , which are network injection systems that require cooperation between the Predator customer and the victim’s mobile operator or internet service provider (ISP) to stage an adversary-in-the-middle (AitM) attack by waiting for the target to open an unencrypted HTTP website to activate the infection or when the target visits a domestic HTTPS website that’s been already intercepted using valid TLS certificates. Aladdin , which exploits the mobile advertising ecosystem to carry out a zero-click attack that’s triggered simply upon viewing the specially-crafted ad. The system is believed to have been under development since at least 2022.

“The Aladdin system infects the target’s phone by forcing a malicious advertisement created by the attacker to be shown on the target’s phone,” Amnesty said. “This malicious ad could be served on any website which displays ads.” Mapping of Intellexa’s corporate web linked to Czech cluster Google said the use of malicious ads on third-party platforms is an attempt to abuse the advertising ecosystem for fingerprinting users and redirecting targeted users to Intellexa’s exploit delivery servers. It also said it worked with other partners to identify the companies Intellexa created to create the ads and shut those accounts. In a separate report, Recorded Future said it discovered two companies called Pulse Advertise and MorningStar TEC that appear to be operating in the advertising sector and are likely tied to the Aladdin infection vector.

Furthermore, there is evidence of Intellexa customers based in Saudi Arabia, Kazakhstan, Angola, and Mongolia still communicating with Predator’s multi-tiered infrastructure. “In contrast, customers in Botswana, Trinidad and Tobago, and Egypt ceased communication in June, May, and March 2025, respectively,” it added . “This may indicate that these entities discontinued their use of Predator spyware around those times; however, it is also possible that they merely modified or migrated their infrastructure setups.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

“Getting to Yes”: An Anti-Sales Guide for MSPs

Most MSPs and MSSPs know how to deliver effective security. The challenge is helping prospects understand why it matters in business terms. Too often, sales conversations stall because prospects are overwhelmed, skeptical, or tired of fear-based messaging. That’s why we created “Getting to Yes”: An Anti-Sales Guide for MSPs .

This guide helps service providers transform resistance into trust and turn sales conversations into long-term partnerships. In the guide, you’ll learn how to shift from persuasion to partnership, uncover what really drives objections, and lead with credibility as a trusted cyber advisor. Why Traditional Cybersecurity Sales Strategies Don’t Work Today’s buyers aren’t saying “no” to your services because they don’t care about security. They’re saying “no” because they don’t understand what they’re hearing.

Most SMBs already know cybersecurity is important. In fact, 57% call it a top priority. However, they’re lost in complexity, jargon, and vendor noise. When MSPs respond by “selling harder,” it only fuels skepticism.

What prospects actually want is confidence. They want to know: Will this protect my business, my reputation, and my bottom line? Your role as an MSP is to bridge that gap and help clients connect cybersecurity to what truly matters: uptime, revenue, and resilience. To do that, you first need to understand why prospects hesitate.

Below are five of the most common objections MSPs hear from prospects, along with strategies to turn each one into an opportunity to educate and build trust. (For the complete list of the top 10 objections and strategies to overcome them, download the “Getting to Yes” guide.) Top 5 Cybersecurity Sales Objections Why prospects hesitate, and how to respond. “It’s too expensive.” Security feels like a cost center. √ Reframe it as business protection that safeguards revenue and uptime.

“We’re already protected.” Basic tools feel “good enough.” √ A quick assessment often reveals hidden gaps and outdated defenses. “We’re too small to be a target.” SMBs make up most ransomware victims. √ No business is “too small”, only underprepared. “It’s too complicated.” Jargon and acronyms create confusion.

√ Simplify the story. Clarity builds confidence and momentum. “We don’t have time for this.” Security feels like extra work. √ Show how managed services save time and reduce operational noise.

These objections are often based on perception rather than fact. Responding with empathy, clear education, and real evidence is how trust is built, and where the trust-first conversation begins. The Trust-First Framework The trust-first framework is a practical model for transforming every prospect conversation into a collaborative business discussion. It’s built on three core pillars: 1.

Empathy: Seek to understand before advising Listen first. Identify what your client truly values, whether it’s growth, uptime, reputation, etc., and tie security to those outcomes. 2. Education: Translate risk into business impact Replace technical jargon and FUD with clear, value-driven language.

Explain how cybersecurity supports continuity, compliance, and revenue. 3. Evidence: Show the proof, don’t just promise it Build credibility through proof points: client results, clear reports, and measurable progress. Turning Selling into Partnership The most effective MSPs lead sales conversations that feel like collaborative problem-solving by: Asking discovery questions that elevate the dialogue from IT issues to core business outcomes Reframing objections, like “It’s too expensive,” “We’re too small,” or “We’re already compliant,” into opportunities for collaboration Using structured frameworks such as the Cyber Advisor’s First-Call Checklist to create meaningful, trust-driven discussions (to download the Cyber Advisor’s First-Call Checklist, download the full “Getting to Yes” guide).

Making progress visible from day one with clear goals, measurable milestones, and regular business reviews When you approach every client as a partner rather than a prospect, the “yes” follows naturally. Proving the Partnership: Demonstrating Value and Differentiation Once you’ve reframed cybersecurity around business value, the next step is proving it. MSPs that win consistently are those that make their value clear, measurable, and aligned with client goals. Here are some key ways to show proof of value: Share real results: Use case studies and success metrics to show how similar businesses improved resilience and compliance.

Set clear expectations:

Outline deliverables and progress milestones from the start. Align with trusted frameworks:

Map services to established security and compliance standards. Visualize progress:

Show dashboards and reports to make improvement visible and tangible. Highlight AI-driven insights

Show how intelligent automation enhances protection, efficiency, and real-time risk visibility.

For more in-depth guidance and examples on how to prove value and build trust through measurable outcomes, download the full “Getting to Yes” guide . Building a “Yes” Environment Trust is created through structure, consistency, and clear communication. When clients can see steady progress and tangible value at every step, confidence grows naturally. Create regular, value-driven touchpoints: Start with an initial assessment, follow with a collaborative workshop, and maintain quarterly business reviews to keep the partnership strategic.

Make progress measurable: Establish a baseline, share dashboards, and connect every action to ROI. Putting Trust Into Action with Automation Automation makes the trust-first model repeatable, scalable, and consistent. The right tools help MSPs streamline their process and focus on what matters most: building stronger client relationships. Automated platforms, like Cynomi, enable providers to: Accelerate discovery with fast, accurate assessments and framework mapping Prove value instantly through posture dashboards and measurable progress reports Identify upsell opportunities by uncovering gaps and emerging client needs Standardize delivery across accounts with repeatable, data-driven workflows By combining automation with human expertise, MSPs gain the visibility, structure, and credibility to scale their cybersecurity business and build lasting trust with every client.

The Secret Was Never About Selling Successful MSPs win by guiding with clarity and confidence. They act as trusted advisors, helping clients see where risk meets business reality and how smart security decisions enable growth. They combine human expertise with automated platforms that simplify assessments, visualize progress, and prove value at every stage. By focusing on education, transparency, and measurable outcomes, they shift the conversation toward value, resilience, and long-term partnerships.

When trust leads the way, every discussion becomes a step toward collaboration and lasting success. The “Getting to Yes” Guide for MSPs provides a clear and practical roadmap for leveraging trust and automation as your most powerful growth driver. Download Getting to Yes: An Anti-Sales Guide for MSPs to learn more. Found this article interesting?

This article is a contributed piece from one of our valued partners. Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.