2026-01-20 AI创业新闻

Google Gemini Prompt Injection Flaw Exposed Private Calendar Data via Malicious Invites

Cybersecurity researchers have disclosed details of a security flaw that leverages indirect prompt injection targeting Google Gemini as a way to bypass authorization guardrails and use Google Calendar as a data extraction mechanism. The vulnerability, Miggo Security’s Head of Research, Liad Eliyahu, said, made it possible to circumvent Google Calendar’s privacy controls by hiding a dormant malicious payload within a standard calendar invite. “This bypass enabled unauthorized access to private meeting data and the creation of deceptive calendar events without any direct user interaction,” Eliyahu said in a report shared with The Hacker News. The starting point of the attack chain is a new calendar event that’s crafted by the threat actor and sent to a target.

The invite’s description embeds a natural language prompt that’s designed to do their bidding, resulting in a prompt injection. The attack gets activated when a user asks Gemini a completely innocuous question about their schedule (e.g., Do I have any meetings for Tuesday?), prompting the artificial intelligence (AI) chatbot to parse the specially crafted prompt in the aforementioned event’s description to summarize all of users’ meetings for a specific day, add this data to a newly created Google Calendar event, and then return a harmless response to the user. “Behind the scenes, however, Gemini created a new calendar event and wrote a full summary of our target user’s private meetings in the event’s description,” Miggo said. “In many enterprise calendar configurations, the new event was visible to the attacker, allowing them to read the exfiltrated private data without the target user ever taking any action.” Although the issue has since been addressed following responsible disclosure, the findings once again illustrate that AI-native features can broaden the attack surface and inadvertently introduce new security risks as more organizations use AI tools or build their own agents internally to automate workflows.

“AI applications can be manipulated through the very language they’re designed to understand,” Eliyahu noted. “Vulnerabilities are no longer confined to code. They now live in language, context, and AI behavior at runtime.” The disclosure comes days after Varonis detailed an attack named Reprompt that could have made it possible for adversaries to exfiltrate sensitive data from artificial intelligence (AI) chatbots like Microsoft Copilot in a single click, while bypassing enterprise security controls. The findings illustrate the need for constantly evaluating large language models (LLMs) across key safety and security dimensions, testing their penchant for hallucination, factual accuracy, bias, harm, and jailbreak resistance, while simultaneously securing AI systems from traditional issues.

Just last week, Schwarz Group’s XM Cyber revealed new ways to escalate privileges inside Google Cloud Vertex AI’s Agent Engine and Ray, underscoring the need for enterprises to audit every service account or identity attached to their AI workloads. “These vulnerabilities allow an attacker with minimal permissions to hijack high-privileged Service Agents, effectively turning these ‘invisible’ managed identities into ‘double agents’ that facilitate privilege escalation,” researchers Eli Shparaga and Erez Hasson said . Successful exploitation of the double agent flaws could permit an attacker to read all chat sessions, read LLM memories, and read potentially sensitive information stored in storage buckets, or obtain root access to the Ray cluster. With Google stating that the services are currently “working as intended,” it’s essential that organizations review identities with the Viewer role and ensure adequate controls are in place to prevent unauthorized code injection.

The development coincides with the discovery of multiple vulnerabilities and weaknesses in different AI systems - Security flaws (CVE-2026-0612, CVE-2026-0613, CVE-2026-0615, and CVE-2026-0616) in The Librarian, an AI-powered personal assistant tool provided by TheLibrarian.io, that enable an attacker to access its internal infrastructure, including the administrator console and cloud environment, and ultimately leak sensitive information, such as cloud metadata, running processes within the backend, and system prompt, or log in to its internal backend system. A vulnerability that demonstrates how system prompts can be extracted from intent-based LLM assistants by prompting them to display the information in Base64-encoded format in form fields. “If an LLM can execute actions that write to any field, log, database entry, or file, each becomes a potential exfiltration channel, regardless of how locked down the chat interface is,” Praetorian said. An attack that demonstrates how a malicious plugin uploaded to a marketplace for Anthropic Claude Code can be used to bypass human-in-the-loop protections via hooks and exfiltrate a user’s files via indirect prompt injection.

A critical vulnerability in Cursor ( CVE-2026-22708 ) that enables remote code execution via indirect prompt injection by exploiting a fundamental oversight in how agentic IDEs handle shell built-in commands. “By abusing implicitly trusted shell built-ins like export, typeset, and declare, threat actors can silently manipulate environment variables that subsequently poison the behavior of legitimate developer tools,” Pillar Security said . “This attack chain converts benign, user-approved commands – such as git branch or python3 script.py – into arbitrary code execution vectors.” A security analysis of five Vibe coding IDEs, viz. Cursor, Claude Code, OpenAI Codex, Replit, and Devin, who found coding agents, are good at avoiding SQL injections or XSS flaws, but struggle when it comes to handling SSRF issues, business logic, and enforcing appropriate authorization when accessing APIs.

To make matters worse, none of the tools included CSRF protection, security headers, or login rate limiting. The test highlights the current limits of vibe coding, showing that human oversight is still key to addressing these gaps. “Coding agents cannot be trusted to design secure applications,” Tenzai’s Ori David said . While they may produce secure code (some of the time), agents consistently fail to implement critical security controls without explicit guidance.

Where boundaries aren’t clear-cut – business logic workflows, authorization rules, and other nuanced security decisions – agents will make mistakes.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

⚡ Weekly Recap: Fortinet Exploits, RedLine Clipjack, NTLM Crack, Copilot Attack & More

In cybersecurity, the line between a normal update and a serious incident keeps getting thinner. Systems that once felt reliable are now under pressure from constant change. New AI tools, connected devices, and automated systems quietly create more ways in, often faster than security teams can react. This week’s stories show how easily a small mistake or hidden service can turn into a real break-in.

Behind the headlines, the pattern is clear. Automation is being used against the people who built it. Attackers reuse existing systems instead of building new ones. They move faster than most organizations can patch or respond.

From quiet code flaws to malware that changes while it runs, attacks are focusing less on speed and more on staying hidden and in control. If you’re protecting anything connected—developer tools, cloud systems, or internal networks—this edition shows where attacks are going next, not where they used to be. ⚡ Threat of the Week Critical Fortinet Flaw Comes Under Attack — A critical security flaw in Fortinet FortiSIEM has come under active exploitation in the wild. The vulnerability, tracked as CVE-2025-64155 (CVSS score: 9.4), allows an unauthenticated attacker to execute unauthorized code or commands via crafted TCP requests.

In a technical analysis, Horizon3.ai described the issue as comprising two issues: an unauthenticated argument injection vulnerability that leads to arbitrary file write, allowing for remote code execution as the admin user, and a file overwrite privilege escalation vulnerability that leads to root access and complete compromise of the appliance. The vulnerability affects the phMonitor service, an internal FortiSIEM component that runs with elevated privileges and plays an integral role in system health and monitoring. Because the service is deeply embedded in FortiSIEM’s operational workflow, successful exploitation grants attackers full control of the appliance. When Your CEO Calls, Will You Know It’s Real?

Today’s phishing attacks involve AI voices, videos, and exec deepfakes. Adaptive Security is the first security awareness platform built to stop AI-powered social engineering. Adaptive protects your team with custom training and deepfake simulations featuring your own executives. Get a demo and chat with an interactive deepfake of your CEO Tour the platform Book a Demo ➝ 🔔 Top News VoidLink Linux Malware Enables Long-Term Access — A new cloud-native Linux malware framework named VoidLink focuses on cloud environments, providing attackers with a wide assortment of custom loaders, implants, rootkits, and plugins that are designed for additional stealth and for reconnaissance, privilege escalation, and lateral movement inside a compromised network.

The feature-rich framework is engineered for long-term access, surveillance, and data collection rather than short-term disruption, allowing an operator to control agents, implants, and plugins via a web-based dashboard localized for Chinese users. Key to the malware’s architecture is to “automate evasion as much as possible” by profiling a Linux environment and intelligently choosing the best strategy for operating without detection. Indeed, when signs of tampering or malware analysis are detected on an infected machine, it can delete itself and invoke anti-forensics modules designed to remove traces of its activity. It’s fitted with an “unusually broad” feature set, including rootkit-style capabilities, an in-memory plug-in system for extending functionality, and the ability to adjust runtime evasion based on the security products it detects.

VoidLink draws inspiration from Cobalt Strike, an adversary simulation framework that has been widely adopted and misused by attackers over the years. It’s believed to be the work of Chinese developers. “Together, these plugins sit atop an already sophisticated core implementation, enriching VoidLink’s capabilities beyond cloud environments to developer and administrator workstations that interface directly with those cloud environments, turning any compromised machine into a flexible launchpad for deeper access or supply-chain compromise,” Check Point said. “Its design reflects a level of planning and investment typically associated with professional threat actors rather than opportunistic attackers.” However, its intended use remains unclear, and no evidence of real-world infections has been observed, which supports the assumption that the modular malware was created “either as a product offering or as a framework developed for a customer.” Microsoft Disrupts RedVDS Criminal Service — A cybercriminal subscription service responsible for fraud campaigns causing millions of dollars in losses has been disrupted in a coordinated action by Microsoft alongside legal partners in the U.S.

and, for the first time, the U.K. The Windows makers said it seized the website and infrastructure of RedVDS, a platform that hosted cybercrime-as-a-service tools for phishing and fraud campaigns, which cost users as little as $24 a month. The subscription service is known to have cost victims in the U.S. alone over $40 million since March 2025.

In total, Microsoft has identified nearly 190,000 organizations worldwide that fell victim to RedVDS-supported campaigns. In one month, the company noted approximately 2,600 RedVDS virtual machines sent an average of 1 million phishing messages to Microsoft customers daily. RedVDS provided cybercriminals with access to cheap, effective, and disposable virtual computers running unlicensed software, including Windows, allowing criminals to conduct phishing attacks and business email compromise (BEC) schemes. The service is also said to have been a player in the spread of real estate payment diversion scams, affecting more than 9,000 customers primarily in Canada and Australia.

RedVDS did not own physical data centers and instead rented servers from third-party hosting providers in the U.S., Canada, the U.K., France, and the Netherlands. “Once provisioned, these cloned Windows hosts gave actors a ready‑made platform to research targets, stage phishing infrastructure, steal credentials, hijack mailboxes, and execute impersonation‑based financial fraud with minimal friction,” Microsoft said. “Threat actors benefited from RedVDS’s unrestricted administrative access and negligible logging, allowing them to operate without meaningful oversight. The uniform, disposable nature of RedVDS servers allowed cybercriminals to rapidly iterate campaigns, automate delivery at scale, and move quickly from initial targeting to financial theft.” Over 550 Kimwolf Botnet C2 Nodes Null-Routed — Lumen Technologies’ Black Lotus Labs has blocked more than 550 command-and-control (C2) nodes linked to Aisuru and Kimwolf’s servers since October 2025, as the botnets gained attention for their role in orchestrating hypervolumetric distributed denial-of-service (DDoS) attacks.

Kimwolf, which is said to mainly target unsanctioned Android TV boxes, has caught on like wildfire, corralling over 2 million devices into its botnet. The disruption of RapperBot and the arrest of its alleged leader in August 2025 played a key factor in the rise of Aisuru and Kimwolf. Recent research by QiAnXin XLab and Synthient revealed how the botnet’s operators have leveraged proxy services to expand its reach. In a separate report, Infoblox said nearly 25% of its cloud customers made a query to a Kimwolf domain since October 1, 2025.

“The main takeaway is these residential proxies are literally everywhere,” Chris Formosa, senior lead information security engineer at Lumen Technologies’ Black Lotus Labs, told The Hacker News. “Like everywhere and in most organizations you can think of. Given we know the actors were exploiting it, the story is mainly a story of a lot of networks you may think are secured, but have devices running residential proxies which can provide attackers with an opportunity to get an initial foothold, bypassing a large majority of your devices you likely have in place.” Reprompt Attack Targets Microsoft Copilot — Security researchers discovered a new attack named Reprompt that allowed them to exfiltrate user data from Microsoft Copilot once a victim clicks on a specifically crafted link pointing to the artificial intelligence (AI) chatbot. The attack bypasses data leak protections and allows for persistent session exfiltration even after the Copilot session was closed.

The attack leverages a combination of Parameter 2 Prompt (P2P) injection (i.e., the exploitation of the “q” parameter), a double-request technique, and a chain-request technique to obtain a data exfiltration primitive. “Client-side monitoring tools won’t catch these malicious prompts, because the real data leaks happen dynamically during back-and-forth communication — not from anything obvious in the prompt the user submits,” Varonis said. The attack does not affect enterprise customers using Microsoft 365 Copilot. Microsoft has since addressed the issue.

AWS CodeBuild Misconfiguration Creates Supply Chain Risks — A critical misconfiguration in Amazon Web Services (AWS) CodeBuild could have allowed complete takeover of the cloud service provider’s own GitHub repositories, including its AWS JavaScript SDK, putting every AWS environment at risk. The vulnerability, codenamed CodeBreach, was fixed by AWS in September 2025. “By exploiting CodeBreach, attackers could have injected malicious code to launch a platform-wide compromise, potentially affecting not just the countless applications depending on the SDK, but the Console itself, threatening every AWS account,” Wiz said. ‎️‍🔥 Trending CVEs Hackers act fast.

They can use new bugs within hours. One missed update can cause a big breach. Here are this week’s most serious security flaws. Check them, fix what matters first, and stay protected.

This week’s list includes — CVE-2025-20393 (Cisco AsyncOS Software), CVE-2026-23550 (Modular DS plugin), CVE-2026-0227 (Palo Alto Networks PAN-OS), CVE-2025-64155 (Fortinet FortiSIEM), CVE-2026-20805 (Microsoft Windows Desktop Window Manager), CVE-2025-12420 (ServiceNow), CVE-2025-55131, CVE-2025-55131, CVE-2025-59466, CVE-2025-59465 (Node.js), CVE-2025-68493 (Apache Struts 2), CVE-2026-22610 (Angular Template Compiler), CVE-2025-66176, CVE-2025-66177 (Hikvision), CVE-2026-0501, CVE-2026-0500, CVE-2026-0498​, CVE-2026-0491 (SAP), CVE-2026-21859, CVE-2026-22689 (Mailpit), CVE-2026-22601, CVE-2026-22602, CVE-2026-22603, CVE-2026-22604 (OpenProject), CVE-2026-23478 (Cal.com), CVE-2025-14364 (Demo Importer Plus plugin), CVE-2025-14502 (News and Blog Designer Bundle), CVE-2025-14301 (Integration Opvius AI for WooCommerce plugin), CVE-2025-52493 (PagerDuty Runbook), CVE-2025-55315 (ASP.NET Core Kestrel server), CVE-2026-20965 (Microsoft Windows Admin Center), and CVE-2025-14894 (Livewire Filemanager). 📰 Around the Cyber World Unpatched Flaw in Livewire Filemanager — An unpatched security flaw was disclosed in Livewire Filemanager, a file manager component for Laravel-based websites that allows file uploads. The vulnerability (CVE-2025-14894, CVSS score: 7.5) can permit threat actors to upload malicious PHP files to a remote server and trigger its execution. “When a user uploads a PHP file to the application, it can be accessed and executed by visiting the web-accessible file hosting directory,” the CERT Coordination Center (CERT/CC) said .

“This enables an attacker to create a malicious PHP file, upload it to the application, then force the application to execute it, enabling unauthenticated arbitrary code execution on the host device.” More GhostPoster Extensions Spotted — LayerX said it found a new cluster of 17 extensions related to GhostPoster impacting Google Chrome and Microsoft Edge. The new extensions, which are designed to hijack affiliate links, inject tracking code, and commit click and ad fraud, have a collective install base of over 840,000 users, and some of them date back to 2020. GhostPoster, first disclosed last month, is part of a broader campaign undertaken by a Chinese threat actor dubbed DarkSpectre . The new findings show that GhostPoster first originated on Microsoft Edge in February 2020 and then expanded to Firefox and Chrome.

RedLineCyber Distributes Clipboard Hijacking Malware — A threat actor named RedLineCyber has been observed leveraging the notoriety of the well-known RedLine information stealer to distribute an executable called “Pro.exe” (or “peeek.exe”). It’s a Python-based clipboard hijacking trojan that is designed for cryptocurrency theft by continuously monitoring the Windows clipboard for cryptocurrency wallet addresses and substituting them with a wallet address under their control to facilitate cryptocurrency theft. “The threat actor exploits trust relationships within Discord communities focused on gaming, gambling, and cryptocurrency streaming,” CloudSEK said . “Distribution occurs through direct social engineering, where the actor cultivates relationships with potential victims, particularly cryptocurrency streamers and influencers, over extended periods before introducing the malicious payload as a ‘security tool’ or ‘streaming utility.’” Fake Shipping Documents Deliver Remcos RAT — A new phishing campaign is using shipping-themed lures to trick recipients into opening a malicious Microsoft Word document that, in turn, triggers an exploit for a years-old security flaw in Microsoft Office ( CVE-2017-11882 ) to distribute a new variant of Remcos RAT that’s executed directly in memory, Fortinet said .

Successful exploitation of the vulnerability triggers the download of a Visual Basic Script, which executes Base64-code PowerShell code to download and launch a .NET DLL loader module responsible for launching the RAT in addition to setting up persistence using scheduled tasks. An off-the-shelf malware, Remcos RAT (version 7.0.4 Pro) enables comprehensive data gathering capabilities, including system management, surveillance, networking, communication, and agent control. Google Releases Rainbow Tables to Speed Up Demise of Net-NTLMv1 — Google’s Mandiant threat intelligence division released a comprehensive dataset of Net-NTLMv1 rainbow tables to emphasize the need for urgently moving away from the outdated protocol. While Microsoft previously announced its plans to deprecate NTLM in favor of Kerberos, Google said it continues to identify the use of Net-NTLMv1 in active environments, leaving organizations vulnerable to trivial credential theft.

“While tools to exploit this protocol have existed for years, they often required uploading sensitive data to third-party services or expensive hardware to brute-force keys,” Google said . “The release of this dataset allows defenders and researchers to recover keys in under 12 hours using consumer hardware costing less than $600 USD.” Former U.S. Navy Sailor Sentenced to 200 Months for Spying for China — Jinchao Wei (aka Patrick Wei), 25, a former U.S. Navy sailor, was sentenced in the U.S.

to 200 months in prison for selling secrets to China by abusing his security clearance and access to sensitive national defense information about the amphibious assault ship U.S.S. Essex. Wei was convicted of espionage charges in August 2025 following his arrest in August 2023. “By sharing thousands of documents, operating manuals, and export-controlled and sensitive information with a Chinese intelligence officer, Petty Officer Wei knowingly betrayed his fellow service members and the American people,” said NCIS Director Omar Lopez.

Wei was recruited by a Chinese intelligence officer in February 2022 and sent photographs and videos of the Essex via an encrypted messaging application, and advised the officer of the location of various Navy ships. He also described the defensive weapons of the Essex, sent thousands of pages of technical and operational information about U.S. Navy surface warfare ships, and sold approximately 60 technical and operational manuals about U.S. Navy ships.

In exchange, Wei received more than $12,000 over 18 months. Post his arrest, Wei admitted to the Federal Bureau of Investigation (FBI) that what he did amounted to espionage and that “I’m screwed.” Australia Warns Domestic Firms About AI Security Risks — The Australian Signals Directorate (ASD) has warned local businesses against uploading customer data and files to AI chatbots or genAI platforms without proper anonymization. “Some artificial intelligence providers may use customer‑submitted data to train or refine their models. This can depend on the configuration settings or the type of subscription,” ASD said .

“As a result, information entered into these platforms could potentially be reused or disclosed in unexpected contexts later.” It also warned that AI systems are susceptible to hallucinations and can be tricked by malicious cyber actors through prompt injections, which refer to malicious inputs disguised as legitimate requests designed to confuse or mislead the AI into giving sensitive, wrong, or unsafe answers. Furthermore, ASD warned of potential supply chain risks resulting from AI integration, emphasizing the need for secure deployment of AI chatbots. Jordan National Pleads Guilty to Selling Access — A Jordanian national pleaded guilty in the U.S. to charges of selling access to the networks of at least 50 companies through a cybercriminal forum.

Feras Khalil Ahmad Albashiti (aka r1z, Feras Bashiti, and Firas Bashiti), 40, is facing a maximum penalty of 10 years in prison after being charged with fraud and related activity in connection with access credentials. Albashiti was arrested in July 2024. His sentencing will take place in May 2026. The FBI, which contacted the defendant in September 2026 under cover, said it was able to trace the “r1z” cybercrime forum account to Albashiti because it was registered in 2018 with the same Gmail address that was used to apply for a U.S.

visa in October 2016. According to a report from SentinelOne, the “r1z” account marketed a malware dropper and bypass service called EDR Killer on underground forums. The account was previously identified as advertising access to 50 vulnerable Confluence servers acquired by exploiting the critical Confluence unauthenticated RCE vulnerability, tracked as CVE-2022-26134, and claimed to be in possession of a list of over 10,000 vulnerable Confluence servers. Other tools included illicit versions of Cobalt Strike , private exploits for local privilege escalation (LPE) vulnerabilities in different services, access to 30 SonicWall VPN and 50 Microsoft Exchange servers with a working exploit, as well as a service that buys compromised VPN and RDP login credentials from other criminals on the XSS forum.

R1z is said to have been active on XSS since 2019. Google Agrees to Pay $8.25M to Settle Children Privacy Violations — Google has agreed to pay $8.25 million to settle a class-action lawsuit that claimed the company illegally collected data from devices belonging to children under age 13, The Record reported . The case was brought more than two years ago by the parents of six minors who allegedly downloaded apps and games from the Play Store that were targeted at children, such as Fun Kid Racing, GummyBear, and Friends Speed Racing. The apps, according to the lawsuit, came with Google’s AdMob software development kit that collected data from children at scale, violating the Children’s Online Privacy Protection Act (COPPA).

U.S. Bank Targeted by Keylogger — Sansec identified a keylogger on the employee merchandise store of a major U.S. bank. The store is used by the bank’s 200,000 employees to order company-branded items.

“The malware intercepts everything typed into the site’s forms: login credentials, payment card numbers, personal information,” the Dutch company said. “The stolen data is exfiltrated via image beacon, a common technique that bypasses many security controls.” The malware has since been removed from the site. The activity is assessed to share overlaps with an October 2024 breach of the Green Bay Packers Pro Shop, citing infrastructure pattern similarities. Payroll Pirates Redirect Paychecks to Accounts Under Their Control — In a new social engineering attack targeting an unnamed organization, the threat actors behind Payroll Pirates reached out via a phone call, impersonating employees to manipulate multiple help desks and successfully perform password resets and re-enroll multi-factor authentication (MFA) devices.

The threat actor has also been observed attempting to establish persistence by registering an external email address as an authentication method for a service account within the client’s Azure AD environment. “Once authenticated into the payroll system, the attacker moved quickly,” Palo Alto Networks Unit 42 said . “In total, they compromised multiple employee accounts, each one granting access to sensitive payroll information. The attacker then proceeded to modify direct-deposit details for multiple individuals, redirecting their paychecks into bank accounts under the attacker’s control.

Because the credentials were valid and MFA appeared legitimate, the activity blended in with normal operations. The incident was discovered only when employees reported missing paychecks.” New Attack Uses DLL Side-Loading to Distribute PDFSIDER Malware — An unknown threat actor is leveraging DLL side-loading to deploy PDFSIDER, a backdoor with encrypted C2 capabilities, using a legitimate executable associated with PDF24 Creator (“pdf24.exe”). The malware operates primarily in memory, minimizing disk artifacts. “PDFSIDER blends traditional cyber-espionage behaviors with modern remote-command functionality, enabling operators to gather system intelligence and remotely execute shell commands covertly,” Resecurity said .

“The malware uses a fake cryptbase.dll to bypass endpoint detection mechanisms. Once loaded, the malware provides attackers with an interactive, hidden command shell and can exfiltrate command output through its encrypted channel.” The malware is delivered via spear-phishing emails that guide victims to a ZIP archive attached to the message. Resecurity told The Hacker News that PDFSIDER has been used in targeted attacks either via spear-phishing or a social engineering attack in which the threat actors impersonate tech support personnel to contact employees in large enterprises and government agencies and deliver the package over Teams or QuickAssist. The cybersecurity company also said it observed an affiliate of Qilin ransomware using the malware, although it expects more groups to join the bandwagon.

There is no evidence it’s being advertised under a malware-as-a-service (MaaS) model. 🎥 Cybersecurity Webinars How Top MSSPs Are Using AI to Grow in 2026: Learn Their Formula — By 2026, MSSPs are under pressure to do more with less, and AI is becoming the edge that separates those who scale from those who stall. This session explores how automation reduces manual work, improves margins, and enables growth without adding headcount, with real-world insights from Cynomi founder David Primor and Secure Cyber Defense CISO Chad Robinson on turning expertise into repeatable, high-value services. Stop Guessing Your SOC Strategy: Learn What to Build, Buy, or Automate — Modern SOC teams are overloaded with tools, noise, and promises that don’t translate into results, making it hard to know what to build, buy, or automate.

In this session, AirMDR CEO Kumar Saurabh and SACR CEO Francis Odum cut through the clutter with a practical, vendor-neutral look at SOC operating models, maturity, and real-world decision frameworks—leaving teams with a clear, actionable path to simplify their stack and make their SOC work more effectively. 🔧 Cybersecurity Tools AuraInspector — It is an open-source tool for auditing Salesforce Experience Cloud security. It helps find misconfigurations that could expose data or admin functions by checking accessible records, self-registration options, and hidden “home URLs.” The tool automates much of the testing, including object discovery through GraphQL methods, and works in both guest and authenticated contexts. It’s a research utility, not an official Google product, designed to make Salesforce Aura security testing faster and more reliable.

Maltrail — It is an open-source tool for detecting malicious network traffic. It compares network activity against known blacklists of suspicious domains, IPs, URLs, and user agents linked to malware or attacks, and can also flag new threats using heuristics. The system uses sensors to monitor traffic and a central server to log and display events through a web interface, helping identify infected hosts or abnormal activity in real time. Disclaimer: These tools are for learning and research only.

They haven’t been fully tested for security. If used the wrong way, they could cause harm. Check the code first, test only in safe places, and follow all rules and laws. Conclusion The message is clear.

Today’s threats aren’t just single break-ins. They come from connected weak spots, where one exposed service or misused tool can affect an entire system. Attackers don’t see cloud platforms, AI tools, and enterprise software as separate. They see one shared space.

Defenders need to think the same way, treating every part of their environment as connected and worth watching all the time, not just after something goes wrong. What happened this week isn’t unusual. It’s a warning. Every update, setting, and access rule matters, because the next attack will likely begin from something already inside.

This recap shows how small gaps turned into big openings—and what’s being done to close them before the next round begins. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

DevOps & SaaS Downtime: The High (and Hidden) Costs for Cloud-First Businesses

Just a few years ago, the cloud was touted as the “magic pill” for any cyber threat or performance issue. Many were lured by the “always-on” dream, trading granular control for the convenience of managed services. In recent years, many of us have learned (often the hard way) that public cloud service providers are not immune to attacks and SaaS downtime, hiding behind the Shared Responsibility cushion. To stay operational, competitive, and resilient in today’s threat landscape, teams must move beyond the dependency on SaaS providers and understand what cyber resilience really means.

The Myth of DevOps SaaS Resilience In 2024 alone, popular DevOps SaaS platforms—like GitHub, Jira, or Azure DevOps— experienced 502 incidents in total, which resulted in degraded performance and outages totaling over 4,755 hours . The conclusion is clear: Entrusting “the big players” with your source code, development metadata, and workflow projects doesn’t make your business immune to downtime and subsequent financial loss. The Numbers Say It All According to the 2024 CISO’s Guide to DevOps Threats report by GitProtect , leading cloud DevOps services suffered from 48 critical and major incidents . Comparing this with the 2025 edition of the report we’ve been working on by analyzing official providers’ and third-party communications (to be published soon), we can see a 69% increase year-over-year (YoY) with 156 critical and major incidents in total!

The total time of service performance degradation jumped from 4,755 hours in 2024 to over 9,255 hours in 2025. Whether it’s total downtime, login failures, or sluggish responsiveness, these disruptions are becoming a relentless threat to daily operations. For detailed overviews of the most prominent incidents, we encourage you to look inside the report. The Model of Shared Responsibility The Shared Responsibility model is a common agreement between your business and a SaaS provider, where they are responsible for their cloud infrastructure, but you’re responsible for your data within it , including source code repositories, metadata, issues, or anything else.

Even though some providers might offer help in restoring data, the nature and scope of this help are not always clear. Ultimately, you bear the final responsibility. Furthermore, shared responsibility provisions might also apply to backups you make in the provider’s cloud, using native backup features. Some providers explicitly state that you can’t use such backups to revert certain types of changes (e.g., intentional deletion), leaving you exposed.

The bottom line: No DevOps SaaS provider is contractually obligated to protect or restore your data. The Single Point of Failure Relying on the native DevOps cloud backups without a multi‑layered data protection strategy is becoming increasingly risky. First, backing up your code within the same infrastructure as your production creates a single point of failure. Everyone knows the proverb about not keeping all eggs in one basket.

If, for example, Atlassian’s Jira is down, both your production and backup data might be unavailable as well, unless your SaaS provider has implemented properly isolated configurations. Native DevOps cloud backups are a baseline expectation, but in isolation, they are not a panacea. Other problems you might face include:
Restore limitations
As mentioned earlier, native backups might be limited to restore scenarios defined precisely by your SaaS provider. As a result, you won’t be able to recover data or will need to negotiate with them to get real assistance at best.
Lack of flexibility
Native backup mechanisms usually don’t offer any granularity of backup and restore. So, if you lose just a single branch of your project, you will need to recover everything, wasting time and resources. Data gaps
Given the dynamic nature of repositories with new pull/merge/push requests, or Jira with its work items, there’s a risk of native backup mechanisms creating data gaps that’ll turn out problematic during restore. The conclusion?

Native backup from SaaS providers is not enough anymore, further contributing to the myth of SaaS resilience. What Are the Actual Problems for the Enterprise Customers of DevOps SaaS Providers? While high‑profile cyberattacks grab headlines, the everyday reality for SaaS cloud- dependent companies is that service outages inflict significant financial and operational damage. Research shows that downtime is far more than a technical inconvenience—it erodes revenue, productivity, and customer trust, among other things.

Rising Costs of Downtime and Impact on Financial Liquidity For cloud-first organizations, upstream SaaS provider downtime can translate into hundreds of thousands or even millions of dollars in losses. Information Technology Intelligence Consulting survey found that the cost of hourly downtime exceeds $300,000 for 90% of mid-size and large firms.1 The situation becomes critical for large enterprises. Fortune 1000 companies can face hourly downtime costs ranging from $1 million to over $5 million . Other sources unanimously cite high costs of downtime, too.

For example, in the Uptime Institute’s Annual outage analysis 2024 , over half of the respondents reported that their most recent serious outage cost more than $100,000, while 16% cited the amount of more than $1 million.2 One thing is for certain: Downtime costs are already huge and are rising every year . While they are bearable (but still painful) for enterprises, they might seriously impact the finances of smaller software vendors, or even cause them to close down completely. Engineering and Operational Paralysis The failure of your SaaS cloud provider can paralyze your research and development (R&D) or even the whole business activity. Especially when you heavily rely on the cloud, treating it like a kind of ‘central nervous system’ orchestrating your operations.

Being cloud-first might be convenient, but if the cloud’s on fire, you’re burning, too. See how it can affect you from the technical perspective: Source control management (SCM) freeze —your developers can’t push pull requests to remote git repositories, and managers or seniors can’t run checks, review, or accept them. Workflow chaos —if a task management SaaS like Jira fails, and your team can’t access projects and issues, no one knows what to do next. No access to dependencies —if, for example, GitHub Packages or Azure Artifacts don’t work, the functionalities of your app that use dependencies won’t work either.

Knowledge source loss —your team can’t access issues and wikis to consult information, check facts, or prioritize bugs. Testing stops —with the testing orchestrator module like GitHub Actions or Azure Pipelines down, test & validation stages are interrupted. Others (authentication fails, no centralized communication, etc.) As you can see, the impact can be enormous, disrupting your business in many ways. Affected Customers, Reputation, and SLAs This paralysis can lead to failed or delayed projects, impacting your organization’s customers or partners.

This eroded trust can, in turn, lead to reputation losses that translate into real financial costs. And if you’re a software vendor creating apps under demanding Service Level Agreements (SLA), downtime can mean real problems. It can halt a critical release or a hotfix for a customer-facing error. Many SLAs require these fixes within 4–8 hours.

Failing to meet these “Resolution Times” often results in contractual penalties, adding to the total cost of the outage. Security Risks Under pressure to meet deadlines during an outage, teams often turn to Shadow IT—using unsanctioned software or workarounds without IT oversight. This might include sharing code snippets, confidential information, or credentials over Slack or personal email. Such practices are highly undesirable for these reasons: potential code and know-how leaks, potential intellectual property loss, creating vulnerabilities in your code (once third-party intercepts it), creating vulnerabilities in your environment (if users also share credentials).

The hidden threat? Your organization may become compromised long after the downtime actually happened. And it’s just another cost, isn’t it? Compliance Issues Especially when you belong to a regulated industry, you must ensure compliance in different areas of your business operations, including data protection.

SaaS downtime (as well as other disastrous events like accidental data deletion) might expose your insufficient measures, which, for your business, might mean audit failure, unsuccessful certification, or even additional costs. Native backup might turn out insufficient to cover each recovery scenario. Just to remind you, the obligation to backup your data is defined in many regulations and industry standards: Article 21 of the NI2 Directive , area: Business continuity, such as backup management and disaster recovery, and crisis management. The A.8.13 (Information backup) control is defined in Annex A to ISO 27001 standard.

The Trust Services Criteria (TSC), like Availability (A1.2), Security (CC7.1,) under SOC2 . How to Create a Setup that Protects You against Downtime To improve immunity to downtime incidents affecting your upstream SaaS provider, you need a shift from being reactive to proactive. You need a plan B. Resiliency Strategy to Minimize Impact True availability is not about if systems fail, it’s about how quickly you can recover and resume business as usual.

That’s why an effective resiliency strategy for your business should include: Frequent and comprehensive backups covering not just source code or issues, but also configurations and metadata. The data should allow you to quickly recreate your setup locally (e.g., using a self-managed solution like Azure DevOps Server or Bitbucket Data Center) or with a competitive cloud vendor, using the cross-restore functionality. Immutable and isolated storage that doesn’t rely on a single cloud vendor’s infrastructure. The safest option is to ensure copy replication, following the popular 3-2-1 backup rule , where you keep 3 separate copies in 2 different locations, storing 1 copy offsite.

It’s also a good idea to set up optimal data retention that fits your project lifecycle and needs. Integrated restore orchestration that understands dependencies across services, APIs, and environments to be able to resume quickly, without organizational chaos. Continuous testing of recovery flows to avoid making your backup another risk. Clearly defined backup KPIs like Recovery Time Objective (RTO) and Recovery Point Objective (RPO) to know how much time you need to resume after a disaster and how often to back up your SaaS data to prevent loss.

Extra Benefits for Your Organization A robust backup and recovery solution can be the pillar of your resiliency strategy against SaaS downtime. At the same time, it can bring extra convenience and security for your cloud-stored repositories or projects. Here’s what you can get as a bonus: Migrating/merging SaaS environments —with a backup tool, you can migrate to a different SaaS provider or cloud region; it’s also possible to consolidate repositories or Jira instances in case of restructuring, mergers, department moves, etc. Sandboxing —you can use a backup copy to quickly create a sandbox environment for testing new integrations, configuration changes, etc.

Retention and archiving for compliance —combining a backup tool with your storage, you can go well beyond retention periods of SaaS providers. You can also archive legacy repositories or Jira projects without losing access to them. That way, you can still access historical data while saving space in SaaS. Selective restores —you can fix accidental or malicious deletion of a branch or several Jira issues in an instant, saving time and remaining agile.

Storage sovereignty —you can implement on-premises deployments where your most precious data (know-how, intellectual property, customers’ and partners’ personal information) never leaves your infrastructure. And many more . Trust the Experienced DevSecOps Experts DevOps SaaS platforms—just like any IT environment—can’t give you 100% security and uptime. The well-planned resiliency strategy is a must if you want to focus on innovation rather than firefighting outages in the future.

The GitProtect Team can help you with that. Thanks to over 15 years’ experience in the backup industry and our unique focus on SaaS and DevSecOps, we can together develop a strategy that’s the most beneficial and optimized for your very needs. Visit GitProtect.io , meet the product, and contact our experts to discuss your use case, personalize the setup, and efficiently protect what’s most precious. Found this article interesting?

This article is a contributed piece from one of our valued partners. Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

New StackWarp Hardware Flaw Breaks AMD SEV-SNP Protections on Zen 1–5 CPUs

A team of academics from the CISPA Helmholtz Center for Information Security in Germany has disclosed the details of a new hardware vulnerability affecting AMD processors. The security flaw, codenamed StackWarp , can allow bad actors with privileged control over a host server to run malicious code within confidential virtual machines (CVMs), undermining the integrity guarantees provided by AMD Secure Encrypted Virtualization with Secure Nested Paging ( SEV-SNP ). It impacts AMD Zen 1 through Zen 5 processors. “In the context of SEV-SNP, this flaw allows malicious VM [virtual machine] hosts to manipulate the guest VM’s stack pointer ,” researchers Ruiyi Zhang, Tristan Hornetz, Daniel Weber, Fabian Thomas, and Michael Schwarz said .

“This enables hijacking of both control and data flow, allowing an attacker to achieve remote code execution and privilege escalation inside a confidential VM.” AMD, which is tracking the vulnerability as CVE-2025-29943 (CVSS v4 score: 4.6), characterized it as a medium-severity, improper access control bug that could allow an admin-privileged attacker to alter the configuration of the CPU pipeline, causing the stack pointer to be corrupted inside an SEV-SNP guest. The issue affects the following product lines - AMD EPYC 7003 Series Processors AMD EPYC 8004 Series Processors AMD EPYC 9004 Series Processors AMD EPYC 9005 Series Processors AMD EPYC Embedded 7003 Series Processors AMD EPYC Embedded 8004 Series Processors AMD EPYC Embedded 9004 Series Processors AMD EPYC Embedded 9005 Series Processors While SEV is designed to encrypt the memory of protected VMs and is intended to isolate them from the underlying hypervisor, the new findings from CISPA show that the safeguard can be bypassed without reading the VM’s plaintext memory by instead targeting a microarchitectural optimization called stack engine, responsible for accelerated stack operations. “The vulnerability can be exploited via a previously undocumented control bit on the hypervisor side,” Zhang said in a statement shared with The Hacker News. “An attacker running a hyperthread in parallel with the target VM can use this to manipulate the position of the stack pointer inside the protected VM.” This, in turn, enables redirection of program flow or manipulation of sensitive data.

The StackWarp attack can be used to expose secrets from SEV-secured environments and compromise VMs hosted on AMD-powered cloud environments. Specifically, it can be exploited to recover an RSA-2048 private key from a single faulty signature, effectively getting around OpenSSH password authentication and sudo’s password prompt, and attain kernel-mode code execution in a VM. The chipmaker released microcode updates for the vulnerability in July and October 2025, with AGESA patches for EPYC Embedded 8004 and 9004 Series Processors scheduled for release in April 2026. The development builds upon a prior study from CISPA that detailed CacheWarp (CVE-2023-20592, CVSS v3 score:m 6.5), a software fault attack on AMD SEV-SNP, which permits attackers to hijack control flow, break into encrypted VMs, and perform privilege escalation inside the VM.

It’s worth noting that both are hardware architectural attacks. “For operators of SEV-SNP hosts, there are concrete steps to take: First, check whether hyperthreading is enabled on the affected systems. If it is, plan a temporary disablement for CVMs that have particularly high integrity requirements,” Zhang said. “At the same time, any available microcode and firmware updates from the hardware vendors should be installed.

StackWarp is another example of how subtle microarchitectural effects can undermine system-level security guarantees.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

CrashFix Chrome Extension Delivers ModeloRAT Using ClickFix-Style Browser Crash Lures

Cybersecurity researchers have disclosed details of an ongoing campaign dubbed KongTuke that used a malicious Google Chrome extension masquerading as an ad blocker to deliberately crash the web browser and trick victims into running arbitrary commands using ClickFix -like lures to deliver a previously undocumented remote access trojan (RAT) dubbed ModeloRAT. This new escalation of ClickFix has been codenamed CrashFix by Huntress. KongTuke , also tracked as 404 TDS, Chaya_002, LandUpdate808, and TAG-124, is the name given to a traffic distribution system (TDS) known for profiling victim hosts before redirecting them to a payload delivery site that infects their systems. Access to these compromised hosts is then handed off to other threat actors, including ransomware groups, for follow-on malware delivery.

Some of the cybercriminal groups that have leveraged TAG-124 infrastructure include Rhysida ransomware , Interlock ransomware , and TA866 (aka Asylum Ambuscade), with the threat actor also associated with SocGholish and D3F@ck Loader , according to a Recorded Future report from April 2025. In the attack chain documented by the cybersecurity company, the victim is said to have searched for an ad blocker when they were served a malicious advertisement that redirected them to an extension hosted on the Official Chrome Web Store. The browser extension in question, “NexShield – Advanced Web Guardian” (ID: cpcdkmjddocikjdkbbeiaafnpdbdafmi), masquerades as the “ultimate privacy shield” and claims to protect users against ads, trackers, malware, and intrusive content on web pages. It was downloaded at least 5,000 times.

It’s currently no longer available for download. The extension, per Huntress, is a near-identical clone of uBlock Origin Lite version 2025.1116.1841, a legitimate ad blocker add-on available for all major web browsers. It’s engineered to display a fake security warning, claiming the browser had “stopped abnormally” and prompting users to run a “scan” to remediate a potential security threat detected by Microsoft Edge. Should the user opt to run the scan, the victim is presented with a bogus security alert that instructs them to open the Windows Run dialog and paste the displayed command already copied to the clipboard, and execute it.

This, in turn, causes the browser to completely freeze, crashing it by launching a denial-of-service (DoS) attack that creates new runtime port connections through an infinite loop that triggers one billion iterations of the same step repeatedly. This resource exhaustion technique results in excessive memory consumption, causing the web browser to become slow, unresponsive, and eventually crash. Once installed, the extension is also designed to transmit a unique ID to an attacker-controlled server (“ nexsnield[.]com “), giving the operators the ability to track victims. In addition, it adopts a delayed execution mechanism that ensures the malicious behavior is only triggered 60 minutes after it’s installed.

After that, the payload is executed every 10 minutes. “The pop-up only appears on browser startup after the browser becomes unresponsive,” researchers Anna Pham, Tanner Filip, and Dani Lopez said. “Before the DoS executes, a timestamp is stored in local storage. When the user force-quits and restarts their browser, the startup handler checks for this timestamp, and if it exists, the CrashFix popup appears, and the timestamp is removed.” “The DoS only executes if the UUID exists (meaning the user is being tracked), the C2 server responds successfully to a fetch request, and the pop-up window has been opened at least once and subsequently closed.

This last condition may be intentional to ensure user interaction with the extension before triggering the payload.” The end result is that it creates a loop of its own, activating the fake warning every time the victim force-quits and restarts the browser after it becomes unresponsive due to the DoS attack. In the event the extension is not removed, the attack is triggered again after 10 minutes. The pop-up also incorporates various anti-analysis techniques that disable right-click context menus and prevent attempts to use keyboard shortcuts to launch developer tools. The CrashFix command employs the legitimate Windows utility, finger.exe , to retrieve and execute the next-stage payload from the attacker’s server (“199.217.98[.]108”).

KongTuke’s use of the Finger command was documented by security researcher Brad Duncan in December 2025. The payload received from the server is a PowerShell command that’s configured to retrieve a secondary PowerShell script, which, in turn, takes a page out of SocGholish’s playbook, using multiple layers of Base64 encoding and XOR operations to conceal the next-stage malware. The decrypted blob scans running processes for over 50 analysis tools and virtual machine indicators, and immediately ceases execution, if found. It also checks if the machine is domain-joined or standalone, and sends an HTTP POST request to the same server containing two pieces of information - A list of installed antivirus products A flag with the value “ABCD111” for standalone “WORKGROUP” machines or “BCDA222” for domain-joined hosts If the compromised system is marked as domain-joined in the HTTP request, the KongTuke attack chain culminates with the deployment of ModeloRAT, a fully-featured Python-based Windows RAT that uses RC4 encryption for command-and-control (C2) communications (“170.168.103[.]208” or “158.247.252[.]178”), sets up persistence using Registry, and facilitates the execution of binaries, DLLs, Python scripts, and PowerShell commands.

ModeloRAT is equipped to update or terminate itself upon receiving a self-update (“VERSION_UPDATE”) or exit (“TERMINATION_SIGNAL”) command. It also implements a varied beaconing logic to fly under the radar. “Under normal operation, it uses a standard interval of 300 seconds (5 minutes),” Huntress said. “When the server sends an activation configuration command, the implant enters active mode with rapid polling at a configurable interval, defaulting to 150 milliseconds.” “After six or more consecutive communication failures, the RAT backs off to an extended interval of 900 seconds (15 minutes) to avoid detection.

When recovering from a single communication failure, it uses a reconnection interval of 150 seconds before resuming normal operations.” While the targeting of domain-joined machines with ModeloRAT suggests that KongTuke is going after corporate environments to facilitate deeper access, users on standalone workstations are subjected to a separate multi-stage infection sequence that ends with the C2 server responding with the message “TEST PAYLOAD!!!!,” indicating it could still be in the testing phase. “KongTuke’s CrashFix campaign demonstrates how threat actors continue to evolve their social engineering tactics,” the cybersecurity company concluded. “By impersonating a trusted open-source project (uBlock Origin Lite), crashing the user’s browser on purpose, and then offering a fake fix, they have built a self-sustaining infection loop that preys on user frustration.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Most AI Risk Isn’t in Models, It’s in Your SaaS Stack

Security Bug in StealC Malware Panel Let Researchers Spy on Threat Actor Operations

Cybersecurity researchers have disclosed a cross-site scripting (XSS) vulnerability in the web-based control panel used by operators of the StealC information stealer, allowing them to gather crucial insights on one of the threat actors using the malware in their operations. “By exploiting it, we were able to collect system fingerprints, monitor active sessions, and – in a twist that will surprise no one – steal cookies from the very infrastructure designed to steal them,” CyberArk researcher Ari Novick said in a report published last week. StealC is an information stealer that first emerged in January 2023 under a malware-as-a-service (MaaS) model, allowing potential customers to leverage YouTube as a primary mechanism – a phenomenon called the YouTube Ghost Network – to distribute the malicious program by disguising it as cracks for popular software. Over the past year, the stealer has also been observed being propagated via rogue Blender Foundation files and a social engineering tactic known as FileFix .

StealC, in the meantime, received updates of its own, offering Telegram bot integration for sending notifications, enhanced payload delivery, and a redesigned panel. The updated version was codenamed StealC V2. Weeks later, the source code for the malware’s administration panel was leaked , providing an opportunity for the research community to identify characteristics of the threat actor’s computers, such as general location indicators and computer hardware details, as well as retrieve active session cookies from their own machines. The exact details of the XSS flaw in the panel have not been disclosed to prevent the developers from plugging the hole or enabling any other copycats from using the leaked panel to try to start their own stealer MaaS offerings.

In general, XSS flaws are a form of client-side injections that allows an attacker to get a susceptible website to execute malicious JavaScript code in the web browser on the victim’s computer when the site is loaded. They arise as a result of not validating and correctly encoding user input, allowing a threat actor to steal cookies, impersonate them, and access sensitive information. “Given the core business of the StealC group involves cookie theft, you might expect the StealC developers to be cookie experts and to implement basic cookie security features, such as httpOnly , to prevent researchers from stealing cookies via XSS,” Novick said. “The irony is that an operation built around large-scale cookie theft failed to protect its own session cookies from a textbook attack.” CyberArk also shared details of a StealC customer named YouTubeTA (short for “YouTube Threat Actor”), who has extensively used Google’s video sharing platform to distribute the stealer by advertising cracked versions of Adobe Photoshop and Adobe After Effects, amassing over 5,000 logs that contained 390,000 stolen passwords and more than 30 million stolen cookies.

Most of the cookies are assessed to be tracking cookies and other non-sensitive cookies. It’s suspected that these efforts have enabled the threat actor to seize control of legitimate YouTube accounts and use them to promote cracked software, creating a self-perpetuating propagation mechanism. There is also evidence highlighting the use of ClickFix -like fake CAPTCHA lures to distribute StealC, suggesting they aren’t confined to infections through YouTube. Further analysis has determined that the panel enables operators to create multiple users and differentiate between admin users and regular users.

In the case of YouTubeTA, the panel has been found to feature only one admin user, who is said to be using an Apple M3 processor-based machine with English and Russian language settings. In what can be described as an operational security blunder on the threat actor’s part, their location was exposed around mid-July 2025 when the threat actor forgot to connect to the StealC panel through a virtual private network (VPN). This revealed their real IP address, which was associated with a Ukrainian provider called TRK Cable TV. The findings indicate that YouTubeTA is a lone-wolf actor operating from an Eastern European country where Russian is commonly spoken.

The research also underscores the impact of the MaaS ecosystem, which empowers threat actors to mount at scale within a short span of time, while inadvertently also exposing them to security risks legitimate businesses deal with. “The StealC developers exhibited weaknesses in both their cookie security and panel code quality, allowing us to gather a great deal of data about their customers,” CyberArk said. “If this holds for other threat actors selling malware, researchers and law enforcement alike can leverage similar flaws to gain insights into, and perhaps even reveal the identities of, many malware operators.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Black Basta Ransomware Leader Added to EU Most Wanted and INTERPOL Red Notice

Ukrainian and German law enforcement authorities have identified two Ukrainians suspected of working for the Russia-linked ransomware-as-a-service (RaaS) group Black Basta. In addition, the group’s alleged leader, a 35-year-old Russian national named Oleg Evgenievich Nefedov (Нефедов Олег Евгеньевич), has been added to the European Union’s Most Wanted and INTERPOL’s Red Notice lists, authorities noted. “According to the investigation, the suspects specialized in technical hacking of protected systems and were involved in preparing cyberattacks using ransomware,” the Cyber Police of Ukraine said in a statement. The agency said the accused individuals functioned as “hash crackers,” who specialize in extracting passwords from information systems using specialized software.

Once the credential information was obtained, members of the ransomware group broke into corporate networks and ultimately deployed ransomware and extorted money to recover the encrypted information. Authorities conducted searches at the defendants’ residences located in Ivano-Frankivsk and Lviv, allowing them to seize digital storage devices and cryptocurrency assets. Black Basta first emerged in the threat landscape in April 2022, and is said to have targeted more than 500 companies across North America, Europe, and Australia. The ransomware group is estimated to have earned hundreds of millions of dollars in cryptocurrency from illicit payments.

Early last year, a year’s worth of internal chat logs from Black Basta leaked online , offering a glimpse into the group’s inner workings , its structure and key members, and the various security vulnerabilities exploited to gain initial access to organizations of interest. The leaked dossier also unmasked Nefedov as Black Basta’s ringleader, adding he goes by various aliases, such as Tramp, Trump, GG, and AA. Some documents alleged that Nefedov had ties to high-ranking Russian politicians and intelligence agencies, including the FSB and GRU. Nefedov is believed to have leveraged these connections to protect his operations and evade international justice.

A subsequent analysis from Trellix revealed that Nefedov was able to secure his freedom despite getting arrested in Yerevan, Armenia, in June 2024. His other aliases include kurva, Washingt0n, and S.Jimmi. Although Nefedov is said to be in Russia, his exact whereabouts are unknown. Furthermore, there is evidence linking Nefedov to Conti , a now-defunct group that sprang forth in 2020 as a successor to Ryuk.

In August 2022, the U.S. State Department announced a $10 million reward for information related to five individuals associated with the Conti ransomware group. They included Target, Tramp, Dandis, Professor, and Reshaev. It’s worth mentioning here that Black Basta surfaced as an autonomous group, alongside BlackByte and KaraKurt , following the retirement of the Conti brand in 2022.

Other members joined groups like BlackCat , Hive , AvosLocker , and HelloKitty , all of which are now no longer active. Another detailed report published by Analyst1 this week also uncovered Black Basta’s extensive reliance on Media Land, a bulletproof hosting service provider that was sanctioned by the U.S., the U.K., and Australia in November 2025, along with its general director Aleksandr Volosovik (aka Yalishanda). The infrastructure acquired through Media Land notwithstanding, it’s said the group was given VIP treatment. “[Nefedov] served as the head of the group.

As such, he decided who or which organisations would be the targets of attacks, recruited members, assigned them tasks, took part in ransom negotiations, managed the ransom obtained by extortion, and used it to pay the members of the group,” Germany’s Federal Criminal Police Office (BKA or Bundeskriminalamt) said. The leaks have led to Black Basta’s apparent demise, with the group remaining silent after February and taking down its data leak later that month. But with ransomware gangs known to shut down, rebrand, and reemerge under a different identity, it won’t be surprising if members of the erstwhile criminal syndicate pivot to other ransomware groups or form new ones. Indeed, per reports from ReliaQuest and Trend Micro , it’s suspected that several of the former Black Basta affiliates might have migrated to the CACTUS ransomware operation – an assessment based on the fact that there was a massive spike in organizations named on the latter’s data leak site in February 2025, coinciding with Black Basta’s site going offline.

Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

OpenAI to Show Ads in ChatGPT for Logged-In U.S. Adults on Free and Go Plans

OpenAI on Friday said it would start showing ads in ChatGPT to logged-in adult U.S. users in both the free and ChatGPT Go tiers in the coming weeks, as the artificial intelligence (AI) company expanded access to its low-cost subscription globally. “You need to know that your data and conversations are protected and never sold to advertisers,” OpenAI said . “And we need to keep a high bar and give you control over your experience, so you see truly relevant, high-quality ads—and can turn off personalization if you want.” The company has positioned advertising as a way to ensure that the benefits of artificial general intelligence – a term used to describe a stage in machine learning when an AI system can reach or surpass human-level intelligence – can be made more accessible to the masses.

In addition, it can be “transformative” for small businesses and emerging brands trying to compete, it added. It also emphasized that ads do not influence responses from the chatbot, user data and conversations are kept private from advertisers, and that users are in control of the ad experience. The ads will be clearly labeled and will show up at the bottom of a user’s conversation. OpenAI did not detail exactly what data it will collect on users to serve relevant ads.

Users will be able to learn more about why they are seeing specific ads, or dismiss them and submit feedback. Users on the more expensive Plus, Pro, Business, and Enterprise tiers will not see ads. “To start, we plan to test ads at the bottom of answers in ChatGPT when there’s a relevant sponsored product or service based on your current conversation,” it said. “During our test, we will not show ads in accounts where the user tells us or we predict that they are under 18, and ads are not eligible to appear near sensitive or regulated topics like health, mental health, or politics.” In a post on X, OpenAI CEO Sam Altman noted that the company will not “accept money” to influence the responses ChatGPT serves to the users.

“It is clear to us that a lot of people want to use a lot of AI and don’t want to pay, so we are hopeful a business model like this can work,” Altman added. The development marks a major departure for the company that had so far primarily relied on subscriptions. At an event at Harvard University in May 2024, Altman described ads “as like a last resort for us for a business model,” characterizing “ads plus AI is sort of uniquely unsettling.” Altman’s softened stance is indicative of how OpenAI views advertising as a way to unlock a new revenue stream in order to sustain the costly endeavor . ChatGPT had 800 million weekly active users as of early October 2025.

It’s not just OpenAI. Google has also been running tests to show ads inside AI Mode search results, Search Engine Land reported late last year. Earlier this week, Google announced personalized advertising for retailers to target shoppers purchasing items through AI Mode. Found this article interesting?

Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

GootLoader Malware Uses 500–1,000 Concatenated ZIP Archives to Evade Detection

The JavaScript (aka JScript) malware loader called GootLoader has been observed using a malformed ZIP archive that’s designed to sidestep detection efforts by concatenating anywhere from 500 to 1,000 archives. “The actor creates a malformed archive as an anti-analysis technique,” Expel security researcher Aaron Walton said in a report shared with The Hacker News. “That is, many unarchiving tools are not able to consistently extract it, but one critical unarchiving tool seems to work consistently and reliably: the default tool built into Windows systems.” This leads to a scenario where the archive cannot be processed by tools like WinRAR or 7-Zip, and, therefore, prevents many automated workflows from analyzing the contents of the file. At the same time, it can be opened by the default Windows unarchiver, thereby ensuring that victims who fall victim to the social engineering scheme can extract and run the JavaScript malware.

GootLoader is typically distributed via search engine optimization (SEO) poisoning tactics or malvertising, targeting users looking for legal templates to take them to compromised WordPress sites hosting malicious ZIP archives. Like other loaders, it’s designed to deliver secondary payloads, including ransomware. The malware has been detected in the wild since at least 2020. In late October 2025, malware campaigns propagating the malware resurfaced with new tricks: leveraging custom WOFF2 fonts with glyph substitution to obfuscate filenames and exploiting the WordPress comment endpoint (“/wp-comments-post.php”) to deliver the ZIP payloads when a user clicks a “Download” button on the site.

The latest findings from Expel highlight continued evolution of the delivery methods, with the threat actors employing more sophisticated obfuscation mechanisms to evade detection - Concatenate together 500-1,000 archives to craft the malicious ZIP file Truncate the archive’s end of central directory ( EOCD ) record such that it misses two critical bytes from the expected structure, triggering parsing errors Randomize values in non-critical fields, such as disk number and Number of Disks, causing unarchiving tools to expect a sequence of ZIP archives that are non-existent “The random number of files concatenated together, and the randomized values in specific fields are a defense-evasion technique called ‘hashbusting,’” Walton explained. “In practice, every user who downloads a ZIP file from GootLoader’s infrastructure will receive a unique ZIP file, so looking for that hash in other environments is futile. The GootLoader developer uses hashbusting for the ZIP archive and for the JScript file contained in the archive.” The attack chain essentially involves the delivery of the ZIP archive as an XOR-encoded blob, which is decoded and repeatedly appended to itself on the client-side (i.e., on the victim’s browser) until it meets a set size, effectively bypassing security controls designed to detect the transmission of a ZIP file. As soon as the downloaded ZIP archive is double-clicked by the victim, it will cause Windows’ default unarchiver to open the ZIP folder containing the JavaScript payload in File Explorer.

Launching the JavaScript file, in turn, triggers its execution via “wscript.exe” from a temporary folder, since the file contents were not explicitly extracted. The JavaScript malware then creates a Windows shortcut (LNK) file in the Startup folder to establish persistence, ultimately executing a second JavaScript file using cscript, spawning PowerShell commands to take the infection to the next stage. In previous GootLoader attacks , the PowerShell script is used to collect system information and receive commands from a remote server. To counter the threat posed by GootLoader, organizations are advised to consider blocking “wscript.exe” and “cscript.exe” from executing downloaded content if not required and use a Group Policy Object (GPO) to ensure that JavaScript files are opened in Notepad by default, instead of executing them via “wscript.exe.” Found this article interesting?

Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Five Malicious Chrome Extensions Impersonate Workday and NetSuite to Hijack Accounts

Cybersecurity researchers have discovered five new malicious Google Chrome web browser extensions that masquerade as human resources (HR) and enterprise resource planning (ERP) platforms like Workday, NetSuite, and SuccessFactors to take control of victim accounts. “The extensions work in concert to steal authentication tokens, block incident response capabilities, and enable complete account takeover through session hijacking,” Socket security researcher Kush Pandya said in a Thursday report. The names of the extensions are listed below - DataByCloud Access (ID: oldhjammhkghhahhhdcifmmlefibciph, Published by: databycloud1104) - 251 Installs Tool Access 11 (ID: ijapakghdgckgblfgjobhcfglebbkebf, Published by: databycloud1104) - 101 Installs DataByCloud 1 (ID: mbjjeombjeklkbndcjgmfcdhfbjngcam, Published by: databycloud1104) - 1,000 Installs DataByCloud 2 (ID: makdmacamkifdldldlelollkkjnoiedg, Published by: databycloud1104) - 1,000 Installs Software Access (ID: bmodapcihjhklpogdpblefpepjolaoij, Published by: Software Access) - 27 Installs All of them, with the exception of Software Access, have been removed from the Chrome Web Store as of writing. That said, they are still available on third-party software download sites such as Softonic.

The add-ons are advertised as productivity tools that offer access to premium tools for different platforms, including Workday, NetSuite, and other platforms. Two of the extensions, DataByCloud 1 and DataByCloud 2, were first published on August 18, 2021. The campaign, despite using two different publishers, is assessed to be a coordinated operation based on identical functionality and infrastructure patterns. It specifically involves exfiltrating cookies to a remote server under the attackers’ control, manipulating the Document Object Model (DOM) tree to block security administration pages, and facilitating session hijacking via cookie injection.

Once installed, DataByCloud Access requests permissions for cookies, management, scripting, storage, and declarativeNetRequest across Workday, NetSuite, and SuccessFactors domains. It also collects authentication cookies for a specified domain and transmits them to the “api.databycloud[.]com” domain every 60 seconds. “Tool Access 11 (v1.4) prevents access to 44 administrative pages within Workday by erasing page content and redirecting to malformed URLs,” Pandya explained. “This extension blocks authentication management, security proxy configuration, IP range management, and session control interfaces.” This is achieved by DOM manipulation, with the extension maintaining a list of page titles that’s constantly monitored.

Data By Cloud 2 expands the blocking feature to 56 pages, adding crucial functions like password changes, account deactivation, 2FA device management, and security audit log access. It’s designed to target both production environments and Workday’s sandbox testing environment at “workdaysuv[.]com.” In contrast, Data By Cloud 1 replicates the cookie-stealing functionality from DataByCloud Access, while simultaneously incorporating features to prevent code inspection using web browser developer tools using the open-source DisableDevtool library . Both extensions encrypt their command-and-control (C2) traffic. The most sophisticated extension of the lot is Software Access, which combines cookie theft with the ability to receive stolen cookies from “api.software-access[.]com” and inject them into the browser to facilitate direct session hijacking.

Furthermore, it comes fitted with password input field protection to prevent users from inspecting credential inputs. “The function parses cookies from the server payload, removes existing cookies for the target domain, then iterates through the provided cookie array and injects each one using chrome.cookies.set(),” Socket said. “This installs the victim’s authentication state directly into the threat actor’s browser session.” A notable aspect that ties together all five extensions is that they feature an identical list comprising 23 security-related Chrome extensions, such as EditThisCookie, Cookie-Editor, ModHeader, Redux DevTools, and SessionBox, that are designed to monitor and flag their presence to the threat actor. This is likely an attempt to assess whether the web browser has any tool that can possibly interfere with their cookie harvesting objectives or reveal the extension’s behavior, Socket said.

What’s more, the presence of a similar extension ID list across all five extensions raises two possibilities: either it’s the work of the same threat actor who has published them under different publishers or a common toolkit. Chrome users who have installed any of the aforementioned add-ons are advised to remove them from their browsers, perform password resets, and review for any signs of unauthorized access from unfamiliar IP addresses or devices. “The combination of continuous credential theft, administrative interface blocking, and session hijacking creates a scenario where security teams can detect unauthorized access but cannot remediate through normal channels,” Socket said. Update The Software Access extension is no longer available for download from the Chrome Web Store.

Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Your Digital Footprint Can Lead Right to Your Front Door

You lock your doors at night. You avoid sketchy phone calls. You’re careful about what you post on social media. But what about the information about you that’s already out there—without your permission?

Your name. Home address. Phone number. Past jobs.

Family members. Old usernames. It’s all still online, and it’s a lot easier to find than you think. The hidden safety threat lurking online Most people don’t realize how much of their personal life is sitting on public websites, data broker platforms, and sketchy directories.

These sites don’t just sell your info to marketers—they make it available to anyone with internet access. And that’s when things can get dangerous. Exposed personal information can lead to: Doxxing incidents where personal info is leaked online Harassment that moves from your inbox to your doorstep Stalkers and scammers are building a profile on you using old addresses and phone numbers Strangers showing up where you live or work. It’s not just creepy—it’s a real safety threat.

The real risk of leaving your info unprotected When your personal details are accessible to everyone online: You’re easier to target for scams You’re vulnerable to identity theft Your physical safety is compromised. No one should have to worry about who might be watching them online or where that information might lead. How to stay safe online and offline The best defense is to delete your personal info from every sketchy site. You can do it manually by Googling yourself, sending out opt-out requests, and continuously hunting down data brokers.

It’ll take you days, if not weeks. That’s where a data removal tool like Incogni comes in. Incogni tracks down your personal data across the internet and forces companies to delete it on your behalf. They don’t just clean up the obvious data broker sites—they remove your details from: People search sites Public, non-governmental directories Sketchy websites distribute your information for profit.

And with their Unlimited plan , you can send custom removal requests if you find your information exposed somewhere they don’t already cover automatically. Send them the link, and their team will take care of it. Real people, real protection Thousands of people trust Incogni to help them feel safer online. Because personal safety isn’t just about antivirus software or strong passwords—it’s about keeping your private life truly private.

When no one can easily find your home address or phone number, you’re a lot harder to harass, stalk, or scam. Privacy equals security. Final thoughts You deserve to feel safe online and off. Start protecting your personal safety where it matters most—by removing the personal information that puts you at risk.

Get 55% off Incogni’s Unlimited Plan with code HACKER55 Because no one should feel unsafe in their own home because of what’s online. Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

LOTUSLITE Backdoor Targets U.S. Policy Entities Using Venezuela-Themed Spear Phishing

Security experts have disclosed details of a new campaign that has targeted U.S. government and policy entities using politically themed lures to deliver a backdoor known as LOTUSLITE . The targeted malware campaign leverages decoys related to the recent geopolitical developments between the U.S. and Venezuela to distribute a ZIP archive (“US now deciding what’s next for Venezuela.zip”) containing a malicious DLL that’s launched using DLL side-loading techniques.

It’s not known if the campaign managed to successfully compromise any of the targets. The activity has been attributed with moderate confidence to a Chinese state-sponsored group known as Mustang Panda (aka Earth Preta, HoneyMyte, and Twill Typhoon), citing tactical and infrastructure patterns. It’s worth noting that the threat actor is known for extensively relying on DLL side-loading to launch its backdoors, including TONESHELL. “This campaign reflects a continued trend of targeted spear phishing using geopolitical lures, favoring reliable execution techniques such as DLL side-loading over exploit-based initial access,” Acronis researchers Ilia Dafchev and Subhajeet Singha said in an analysis.

The backdoor (“kugou.dll”) employed in the attack, LOTUSLITE, is a bespoke C++ implant that’s designed to communicate with a hard-coded command-and-control (C2) server using Windows WinHTTP APIs to enable beaconing activity, remote tasking using “cmd.exe,” and data exfiltration. The complete list of supported commands is as follows - 0x0A, to initiate a remote CMD shell 0x0B, to terminate the remote shell 0x01, to send commands via the remote shell 0x06, to reset beacon state 0x03, to enumerate files in a folder 0x0D, to create an empty file 0x0E, to append data to a file 0x0F, to get beacon status LOTUSLITE is also capable of establishing persistence by making Windows Registry modifications to ensure that it’s automatically executed each time the user logs in to the system. Acronis said the backdoor “mimics the behavioral shenanigans of Claimloader by embedding provocative messages.” Claimloader is the name assigned to a DLL that’s launched using DLL side-loading and is used to deploy PUBLOAD, another Mustang Panda tool. The malware was first documented by IBM X-Force in June 2025 in connection with a cyber espionage campaign aimed at the Tibetan community.

“This campaign demonstrates how simple and well-tested techniques can still be effective when paired with targeted delivery and relevant geopolitical lures,” the Singaporean cybersecurity company concluded. “Although the LOTUSLITE backdoor lacks advanced evasion features, its use of DLL sideloading, reliable execution flow, and basic command-and-control functionality reflects a focus on operational dependability rather than sophistication.” The disclosure comes as The New York Times published details about a purported cyber attack undertaken by the U.S. to disrupt electricity for most residents in the capital city of Caracas for a few minutes, before the January 3, 2026, military operation that captured Venezuelan President Nicolás Maduro. “Turning off the power in Caracas and interfering with radar allowed US military helicopters to move into the country undetected on their mission to capture Nicolás Maduro, the Venezuelan president who has now been brought to the United States to face drug charges,” the Times reported.

“The attack caused most of Caracas’s residents to lose their power for a few minutes, though some neighborhoods near the military base where Mr. Maduro was captured were left without electricity for up to 36 hours.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.