2026-01-21 AI创业新闻

North Korea-Linked Hackers Target Developers via Malicious VS Code Projects

The North Korean threat actors associated with the long-running Contagious Interview campaign have been observed using malicious Microsoft Visual Studio Code (VS Code) projects as lures to deliver a backdoor on compromised endpoints. The latest finding demonstrates continued evolution of the new tactic that was first discovered in December 2025, Jamf Threat Labs said. “This activity involved the deployment of a backdoor implant that provides remote code execution capabilities on the victim system,” security researcher Thijs Xhaflaire said in a report shared with The Hacker News. First disclosed by OpenSourceMalware last month, the attack essentially involves instructing prospective targets to clone a repository on GitHub, GitLab, or Bitbucket, and launch the project in VS Code as part of a supposed job assessment.

The end goal of these efforts is to abuse VS Code task configuration files to execute malicious payloads staged on Vercel domains, depending on the operating system on the infected host. The task is configured such that it runs every time that file or any other file in the project folder is opened in VS Code by setting the “runOn: folderOpen” option. This ultimately leads to the deployment of BeaverTail and InvisibleFerret. Subsequent iterations of the campaign have been found to conceal sophisticated multi-stage droppers in task configuration files by disguising the malware as harmless spell-check dictionaries as a fallback mechanism in the event the task is unable to retrieve the payload from the Vercel domain.

Like before, the obfuscated JavaScript embedded with these files is executed as soon as the victim opens the project in the integrated development environment (IDE). It establishes communication with a remote server (“ip-regions-check.vercel[.]app”) and executes any JavaScript code received from it. The final stage delivered as part of the attack is another heavily obfuscated JavaScript. Jamf said it discovered yet another change in this campaign, with the threat actors using a previously undocumented infection method to deliver a backdoor that offers remote code execution capabilities on the compromised host.

The starting point of the attack chain is no different in that it’s activated when the victim clones and opens a malicious Git repository using VS Code. “When the project is opened, Visual Studio Code prompts the user to trust the repository author,” Xhaflaire explained. “If that trust is granted, the application automatically processes the repository’s tasks.json configuration file, which can result in embedded arbitrary commands being executed on the system.” “On macOS systems, this results in the execution of a background shell command that uses nohup bash -c in combination with curl -s to retrieve a JavaScript payload remotely and pipe it directly into the Node.js runtime. This allows execution to continue independently if the Visual Studio Code process is terminated, while suppressing all command output.” The JavaScript payload, hosted on Vercel, contains the main backdoor logic to establish a persistent execution loop that harvests basic host information and communicates with a remote server to facilitate remote code execution, system fingerprinting, and continuous communication.

In one case, the Apple device management firm said it observed more JavaScript instructions being executed roughly eight minutes after the initial infection. The newly downloaded JavaScript is designed to beacon to the server every five seconds, run additional JavaScript, and erase traces of its activity upon receiving a signal from the operator. It’s suspected that the script may have been generated using an artificial intelligence (AI) tool owing to the presence of inline comments and phrasing in the source code. Threat actors with ties to the Democratic People’s Republic of Korea (DPRK) are known to specifically go after software engineers, particular those working in cryptocurrency, blockchain, and fintech sectors, as they often tend to have privileged access to financial assets, digital wallets, and technical infrastructure.

Compromising their accounts and systems could allow the attackers unauthorized access to source code, intellectual property, internal systems, and siphon digital assets. These consistent changes to their tactics are seen as an effort to achieve more success in their cyber espionage and financial goals to support the heavily-sanctioned regime. The development comes as Red Asgard detailed its investigation into a malicious repository that has been found to use a VS Code task configuration to fetch obfuscated JavaScript designed to drop a full-featured backdoor named Tsunami (aka TsunamiKit) along with an XMRig cryptocurrency miner. Another analysis from Security Alliance last week has also laid out the campaign’s abuse of VS Code tasks in an attack where an unspecified victim was approached on LinkedIn, with the threat actors claiming to be the chief technology officer of a project called Meta2140 and sharing a Notion[.]so link contains a technical assessment and a URL to a Bitbucket repository hosting the malicious code.

Interestingly, the attack chain is engineered to fallback to two other methods: installing a malicious npm dependency named “ grayavatar “ or running JavaScript code that’s responsible for retrieving a sophisticated Node.js controller, which, in turn, runs five distinct modules to log keystrokes, take screenshots, scans the system’s home directory for sensitive files, substitute wallet addresses copied to the clipboard, credentials from web browsers, and establish a persistent connection to a remote server. The malware then proceeds to set up a parallel Python environment using a stager script that enables data collection, cryptocurrency mining using XMRig, keylogging, and the deployment of AnyDesk for remote access. It’s worth noting that the Node.js and Python layers are referred to as BeaverTail and InvisibleFerret, respectively. These findings indicate that the state-sponsored actors are experimenting with multiple delivery methods in tandem to increase the likelihood of success of their attacks.

“This activity highlights the continued evolution of DPRK-linked threat actors, who consistently adapt their tooling and delivery mechanisms to integrate with legitimate developer workflows,” Jamf said. “The abuse of Visual Studio Code task configuration files and Node.js execution demonstrates how these techniques continue to evolve alongside commonly used development tools.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Three Flaws in Anthropic MCP Git Server Enable File Access and Code Execution

A set of three security vulnerabilities has been disclosed in mcp-server-git , the official Git Model Context Protocol ( MCP ) server maintained by Anthropic, that could be exploited to read or delete arbitrary files and execute code under certain conditions. “These flaws can be exploited through prompt injection, meaning an attacker who can influence what an AI assistant reads (a malicious README, a poisoned issue description, a compromised webpage) can weaponize these vulnerabilities without any direct access to the victim’s system,” Cyata researcher Yarden Porat said in a report shared with The Hacker News. Mcp-server-git is a Python package and an MCP server that provides a set of built-in tools to read, search, and manipulate Git repositories programmatically via large language models (LLMs). The security issues, which have been addressed in versions 2025.9.25 and 2025.12.18 following responsible disclosure in June 2025, are listed below - CVE-2025-68143 (CVSS score: 8.8 [v3] / 6.5 [v4]) - A path traversal vulnerability arising as a result of the git_init tool accepting arbitrary file system paths during repository creation without validation (Fixed in version 2025.9.25) CVE-2025-68144 (CVSS score: 8.1 [v3] / 6.4 [v4]) - An argument injection vulnerability arising as a result of git_diff and git_checkout functions passing user-controlled arguments directly to git CLI commands without sanitization (Fixed in version 2025.12.18) CVE-2025-68145 (CVSS score: 7.1 [v3] / 6.3 [v4]) - A path traversal vulnerability arising as a result of a missing path validation when using the –repository flag to limit operations to a specific repository path (Fixed in version 2025.12.18) Successful exploitation of the above vulnerabilities could allow an attacker to turn any directory on the system into a Git repository, overwrite any file with an empty diff, and access any repository on the server.

In an attack scenario documented by Cyata, the three vulnerabilities could be chained with the Filesystem MCP server to write to a “.git/config” file (typically located within the hidden .git directory) and achieve remote code execution by triggering a call to git_init by means of a prompt injection. Use git_init to create a repo in a writable directory Use the Filesystem MCP server to write a malicious .git/config with a clean filter Write a .gitattributes file to apply the filter to certain files Write a shell script with the payload Write a file that triggers the filter Call git_add, which executes the clean filter, running the payload In response to the findings, the git_init tool has been removed from the package and adds extra validation to prevent path traversal primitives. Users of the Python package are recommended to update to the latest version for optimal protection. “This is the canonical Git MCP server, the one developers are expected to copy,” Shahar Tal, CEO and co-founder of Agentic AI security company Cyata, said.

“If security boundaries break down even in the reference implementation, it’s a signal that the entire MCP ecosystem needs deeper scrutiny. These are not edge cases or exotic configurations, they work out of the box.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Hackers Use LinkedIn Messages to Spread RAT Malware Through DLL Sideloading

Cybersecurity researchers have uncovered a new phishing campaign that exploits social media private messages to propagate malicious payloads, likely with the intent to deploy a remote access trojan (RAT). The activity delivers “weaponized files via Dynamic Link Library (DLL) sideloading, combined with a legitimate, open-source Python pen-testing script,” ReliaQuest said in a report shared with The Hacker News. The attack involves approaching high-value individuals through messages sent on LinkedIn, establishing trust, and deceiving them into downloading a malicious WinRAR self-extracting archive (SFX). Once launched, the archive extracts four different components - A legitimate open-source PDF reader application A malicious DLL that’s sideloaded by the PDF reader A portable executable (PE) of the Python interpreter A RAR file that likely serves as a decoy The infection chain gets activated when the PDF reader application is run, causing the rogue DLL to be sideloaded.

The use of DLL side-loading has become an increasingly common technique adopted by threat actors to evade detection and conceal signs of malicious activity by taking advantage of legitimate processes. Over the past week, at least three documented campaigns have leveraged DLL side-loading to deliver malware families tracked as LOTUSLITE and PDFSIDER , along with other commodity trojans and information stealers . In the campaign observed by ReliaQuest, the sideloaded DLL is used to drop the Python interpreter onto the system and create a Windows Registry Run key that makes sure that the Python interpreter is automatically executed upon every login. The interpreter’s primary responsibility is to execute a Base64-encoded open-source shellcode that’s directly executed in memory to avoid leaving forensic artifacts on disk.

The final payload attempts to communicate with an external server, granting the attackers persistent remote access to the compromised host and exfiltrating data of interest. The abuse of legitimate open-source tools, coupled with the use of phishing messages sent on social media platforms, shows that phishing attacks are not confined to emails alone and that alternative delivery methods can exploit security gaps to increase the odds of success and break into corporate environments. ReliaQuest told The Hacker News that the campaign appears to be broad and opportunistic, with activity spanning various sectors and regions. “That said, because this activity plays out in direct messages, and social media platforms are typically less monitored than email, it’s difficult to quantify the full scale,” it added.

“This approach allows attackers to bypass detection and scale their operations with minimal effort while maintaining persistent control over compromised systems,” the cybersecurity company said. “Once inside, they can escalate privileges, move laterally across networks, and exfiltrate data.” This is not the first time LinkedIn has been misused for targeted attacks. In recent years, multiple North Korean threat actors , including those linked to the CryptoCore and Contagious Interview campaigns, have singled out victims by contacting them on LinkedIn under the pretext of a job opportunity and convincing them to run a malicious project as part of a supposed assessment or code review. In March 2025, Cofense also detailed a LinkedIn-themed phishing campaign that employs lures related to LinkedIn InMail notifications to get recipients to click on a “Read More” or “Reply To” button and download the remote desktop software developed by ConnectWise for gaining complete control over victim hosts.

“Social media platforms commonly used by businesses represent a gap in most organizations’ security posture,” ReliaQuest said. “Unlike email, where organizations tend to have security monitoring tools, social media private messages lack visibility and security controls, making them an attractive delivery channel for phishing campaigns.” “Organizations must recognize social media as a critical attack surface for initial access and extend their defenses beyond email-centric controls.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

The Hidden Risk of Orphan Accounts

The Problem: The Identities Left Behind As organizations grow and evolve, employees, contractors, services, and systems come and go - but their accounts often remain. These abandoned or “orphan” accounts sit dormant across applications, platforms, assets, and cloud consoles. The reason they persist isn’t negligence - it’s fragmentation. Traditional IAM and IGA systems are designed primarily for human users and depend on manual onboarding and integration for each application - connectors, schema mapping, entitlement catalogs, and role modeling.

Many applications never make it that far. Meanwhile, non-human identities (NHIs): service accounts, bots, APIs, and agent-AI processes are natively ungoverned, operating outside standard IAM frameworks and often without ownership, visibility, or lifecycle controls. The result? A shadow layer of untracked identities forming part of the broader identity dark matter - accounts invisible to governance but still active in infrastructure.

Why They’re Not Tracked Integration Bottlenecks: Every app requires a unique configuration before IAM can manage it. Unmanaged and local systems are rarely prioritized. Partial Visibility: IAM tools see only the “managed” slice of identity - leaving behind local admin accounts, service identities, and legacy systems. Complex Ownership: Turnover, mergers, and distributed teams make it unclear who owns which application or account.

AI-Agents and Automation: Agent-AI introduces a new category of semi-autonomous identities that act independently from their human operators, further breaking the IAM model. Learn more about IAM shortcuts and the impacts that accompany them visit . The Real-World Risk Orphan accounts are the unlocked back doors of the enterprise. They hold valid credentials, often with elevated privileges, but no active owner.

Attackers know this and use them. Colonial Pipeline (2021)

• attackers entered via an old/inactive VPN account with no MFA. Multiple sources corroborate the “inactive/legacy” account detail. Manufacturing company hit by Akira ransomware (2025)
• breach came through a “ghost” third-party vendor account that wasn’t deactivated (i.e., an orphaned/vendor account).

SOC write-up from Barracuda Managed XDR. M&A context

• during post-acquisition consolidation, it’s common to discover thousands of stale accounts/tokens; Enterprises note orphaned (often NHI) identities as a persistent post-M&A threat, citing very high rates of still-active former employee tokens. Orphan accounts fuel multiple risks: Compliance exposure: Violates least-privilege and deprovisioning requirements (ISO 27001, NIS2, PCI DSS, FedRAMP). Operational inefficiency: Inflated license counts and unnecessary audit overhead.

Incident response drag: Forensics and remediation slow down when unseen accounts are involved. The Way Forward: Continuous Identity Audit Enterprises need evidence, not assumptions. Eliminating orphan accounts requires full identity observability - the ability to see and verify every account, permission, and activity, whether managed or not. Modern mitigation includes: Identity Telemetry Collection: Extract activity signals directly from applications, managed and unmanaged.

Unified Audit Trail: Correlate joiner/mover/leaver events, authentication logs, and usage data to confirm ownership and legitimacy. Role Context Mapping: File real usage insights and privilege context into identity profiles - showing who used what, when, and why. Continuous Enforcement: Automatically flag or decommission accounts with no activity or ownership, reducing risk without waiting for manual reviews. When this telemetry feeds into a central identity audit layer, it closes the visibility gap, turning orphan accounts from hidden liabilities into measurable, managed entities.

To learn more, visit Audit Playbook: Continuous Application Inventory Reporting . The Orchid Perspective Orchid’s Identity Audit capability delivers this foundation. By combining application-level telemetry with automated audit collection, it provides verifiable, continuous insight into how identities - human, non-human, and agent-AI - are actually used. It’s not another IAM system; it’s the connective tissue that ensures IAM decisions are based on evidence, not estimation.

Note: This article was written and contributed by Roy Katmor , CEO of Orchid Security . Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Evelyn Stealer Malware Abuses VS Code Extensions to Steal Developer Credentials and Crypto

Cybersecurity researchers have disclosed details of a malware campaign that’s targeting software developers with a new information stealer called Evelyn Stealer by weaponizing the Microsoft Visual Studio Code (VS Code) extension ecosystem. “The malware is designed to exfiltrate sensitive information, including developer credentials and cryptocurrency-related data. Compromised developer environments can also be abused as access points into broader organizational systems,” Trend Micro said in an analysis published Monday. The activity is designed to single out organizations with software development teams that rely on VS Code and third-party extensions, along with those with access to production systems, cloud resources, or digital assets, it added.

It’s worth noting that details of the campaign were first documented by Koi Security last month, when details emerged of three VS Code extensions – BigBlack.bitcoin-black, BigBlack.codo-ai, and BigBlack.mrbigblacktheme – that ultimately dropped a malicious downloader DLL (“Lightshot.dll”) responsible for launching a hidden PowerShell command to fetch and execute a second-stage payload (“runtime.exe”). The executable, for its part, decrypts and injects the main stealer payload into a legitimate Windows process (“grpconv.exe”) directly in memory, allowing it to harvest sensitive data and exfiltrate it to a remote server (“server09.mentality[.]cloud”) over FTP in the form of a ZIP file. Some of the information collected by the malware includes - Clipboard content Installed apps Cryptocurrency wallets Running processes Desktop screenshots Stored Wi-Fi credentials System information Credentials and stored cookies from Google Chrome and Microsoft Edge In addition, it implements safeguards to detect analysis and virtual environments and takes steps to terminate active browser processes to ensure a seamless data collection process and prevent any potential interference when attempting to extract cookies and credentials. This is achieved by launching the browser via the command line by setting the following flags for detection and forensic traces - –headless=new, to run in headless mode –disable-gpu, to prevent GPU acceleration –no-sandbox, to disable browser security sandbox –disable-extensions, to prevent legitimate security extensions from interfering –disable-logging, to disable browser log generation –silent-launch, to suppress startup notifications –no-first-run, to bypass initial setup dialogs –disable-popup-blocking, to ensure malicious content can execute –window-position=-10000,-10000, to position the window off-screen –window-size=1,1, to minimize window to 1x1 pixel “The [DLL] downloader creates a mutual exclusion (mutex) object to ensure that only one instance of the malware can run at any given time, ensuring that multiple instances of the malware cannot be executed on a compromised host,” Trend Micro said.

“The Evelyn Stealer campaign reflects the operationalization of attacks against developer communities, which are seen as high-value targets given their important role in the software development ecosystem.” The disclosure coincides with the emergence of two new Python-based stealer malware families referred to as MonetaStealer and SolyxImmortal , with the former also capable of targeting Apple macOS systems to enable comprehensive data theft. “[SolyxImmortal] leverages legitimate system APIs and widely available third-party libraries to extract sensitive user data and exfiltrate it to attacker-controlled Discord webhooks,” CYFIRMA said. “Its design emphasizes stealth, reliability, and long-term access rather than rapid execution or destructive behaviour. By operating entirely in user space and relying on trusted platforms for command-and-control, the malware reduces its likelihood of immediate detection while maintaining persistent visibility into user activity.

Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Most AI Risk Isn’t in Models, It’s in Your SaaS Stack

Cloudflare Fixes ACME Validation Bug Allowing WAF Bypass to Origin Servers

Cloudflare has addressed a security vulnerability impacting its Automatic Certificate Management Environment ( ACME ) validation logic that made it possible to bypass security controls and access origin servers . “The vulnerability was rooted in how our edge network processed requests destined for the ACME HTTP-01 challenge path (/.well-known/acme-challenge/*),” the web infrastructure company’s Hrushikesh Deshpande, Andrew Mitchell, and Leland Garofalo said. The web infrastructure company said it found no evidence that the vulnerability was ever exploited in a malicious context. ACME is a communications protocol ( RFC 8555 ) that facilitates automatic issuance, renewal, and revocation of SSL/TLS certificates.

Every certificate provisioned to a website by a certificate authority (CA) is validated using challenges to prove domain ownership. This process is typically achieved using an ACME client like Certbot that proves domain ownership via an HTTP-01 (or DNS-01) challenge and manages the certificate lifecycle. The HTTP-01 challenge checks for a validation token and a key fingerprint located in the web server at “https:///.well-known/acme-challenge/" over HTTP port 80. The CA's server makes an HTTP GET request to that exact URL to retrieve the file.

Once the verification succeeds, the certificate is issued and the CA marks the ACME account (i.e., the registered entity on its server) as authorized to manage that specific domain. In the event the challenge is used by a certificate order managed by Cloudflare, then Cloudflare will respond on the aforementioned path and provide the token provided by the CA to the caller. But if it does not correlate to a Cloudflare-managed order, the request is routed to the customer origin, which may be using a different system for domain validation. The vulnerability, discovered and reported by FearsOff in October 2025, has to do with a flawed implementation of the ACME validation process that causes certain challenge requests to the URL to disable web application firewall (WAF) rules and allow it to reach the origin server when it should have been ideally blocked.

In other words, the logic failed to verify whether the token in the request actually matched an active challenge for that specific hostname, effectively permitting an attacker to send arbitrary requests to the ACME path and circumvent WAF protections entirely, granting them the ability to reach the origin server. “Previously, when Cloudflare was serving an HTTP-01 challenge token, if the path requested by the caller matched a token for an active challenge in our system, the logic serving an ACME challenge token would disable WAF features, since Cloudflare would be directly serving the response,” the company explained. “This is done because those features can interfere with the CA’s ability to validate the token values and would cause failures with automated certificate orders and renewals. However, in the scenario that the token used was associated with a different zone and not directly managed by Cloudflare, the request would be allowed to proceed onto the customer origin without further processing by WAF rulesets.” Kirill Firsov, founder and CEO of FearsOff, said the vulnerability could be exploited by a malicious user to obtain a deterministic, long‑lived token and access sensitive files on the origin server across all Cloudflare hosts, opening the door to reconnaissance.

The vulnerability was addressed by Cloudflare on October 27, 2025, with a code change that serves the response and disables WAF features only when the request matches a valid ACME HTTP-01 challenge token for that hostname. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Why Secrets in JavaScript Bundles are Still Being Missed

Leaked API keys are no longer unusual, nor are the breaches that follow. So why are sensitive tokens still being so easily exposed? To find out, Intruder’s research team looked at what traditional vulnerability scanners actually cover and built a new secrets detection method to address gaps in existing approaches. Applying this at scale by scanning 5 million applications revealed over 42,000 exposed tokens across 334 secret types, exposing a major class of leaked secrets that is not being handled well by existing tooling, particularly in single-page applications (SPAs).

In this article, we break down existing secrets detection methods and reveal what we found when we scanned millions of applications for secrets hidden in JavaScript bundles. Established secrets detection methods (and their limitations) Traditional secrets detection The traditional, fully automated approach to detecting application secrets is to search a set of known paths and apply regular expressions to match known secret formats. While this method is useful and can catch some exposures, it has clear limitations and will not detect all types of leaks, particularly those that require the scanner to spider the application or authenticate. A good example of this is Nuclei’s GitLab personal access token template .

The scanner is fed a base URL, for example, https://portal.intruder.io/, causing the template to: Make an HTTP GET request to https://portal.intruder.io/ Inspect the direct response to that single request, ignoring other pages and resources such as JavaScript files Attempt to identify the pattern of a GitLab personal access token If found, make a follow-up request to GitLab’s public API to check whether the token is active If active, raise an issue This is clearly a simple example, but this approach is effective. Especially so when templates define many paths where secrets are commonly exposed. This format is typical of infrastructure scanners, which do not typically run a headless browser. When the scanner is given the base URL to scan (for example, https://portal.intruder.io), subsequent requests that would be made by a browser (such as the JavaScript files required to render the page, e.g., https://portal.intruder.io/assets/index-DzChsIZu.js) will not be made using this old-school approach.

Dynamic Application Security Testing (DAST) Dynamic Application Security Testing (DAST) tools are generally a more robust way to scan applications, and tend to have more complex functionality, allowing for full spidering of applications, support for authentication, and a wider capability at detecting application layer weaknesses. Indeed, DAST scanners may seem the natural option for secrets detection in application front-ends. There should be nothing holding back a DAST scanner from discovering available JavaScript files or scanning for secrets within them. However, this type of scanning is more expensive, requires in-depth configuration, and in reality is usually reserved for a small number of high-value applications.

For example, you are unlikely to configure a DAST scanner for every application you have out there across a wide digital estate. Plus, many DAST tools do not implement a wide enough range of regular expressions compared to well-known command-line tools. This leaves a clear gap which should be covered by the traditional infrastructure scanner, but isn’t - and in all likelihood is also not being covered by DAST scanners because of deployment, budget, and maintenance limitations. Static Application Security Testing (SAST) Static Application Security Testing (SAST) tools analyze source code to identify vulnerabilities and are a primary way to detect secrets before code reaches production.

They are effective at catching hardcoded credentials and preventing some classes of exposure. However, we found that SAST methods also do not cover the full picture - and once again, some secrets within JavaScript bundles slipped through the gaps in a way that static analysis would miss. Building a secrets detection check for JavaScript bundles When we started this research, it was not clear how common this problem would be. Are secrets actually being bundled into JavaScript front-ends, and is it widespread enough to justify an automated approach?

To find out, we built an automated check and scanned approximately 5 million applications. The result was a large number of exposures, significantly more than we expected. The output file alone was over 100MB of plain text and contained more than 42,000 tokens across 334 different secret types. We did not fully triage every result, but among the samples we reviewed, we identified a number of high-impact exposures.

What we found Code Repository Tokens The most impactful exposures we identified were tokens for code repository platforms such as GitHub and GitLab. In total, we found 688 tokens, many of which were still active and gave full access to repositories. In one case, shown below, a GitLab personal access token was embedded directly in a JavaScript file. The token was scoped to allow access to all private repositories within the organization, including CI/CD pipeline secrets for onward services such as AWS and SSH.

Project Management API Keys Another significant exposure involved an API key for Linear, a project management application, embedded directly in front-end code: The token exposed the organization’s entire Linear instance, including internal tickets, projects, and links to downstream services and SaaS projects. And more We identified exposed secrets across a wide range of other services, including: CAD software APIs – access to user data, project metadata, and building designs, including a hospital Link shorteners – ability to create and enumerate links Email platforms – access to mailing lists, campaigns, and subscriber data Webhooks for chat and automation platforms – 213 Slack, 2 Microsoft Teams, 1 Discord, and 98 Zapier, all of them active PDF converters – access to third-party document generation tools Sales intelligence and analytics platforms – access to scraped company and contact data Don’t ship your secrets Shift-left controls matter. SAST, repository scanning, and IDE guardrails catch real issues and prevent entire classes of exposure. But as this research shows, they do not cover every path a secret can take into production.

Secrets introduced during build and deployment can bypass those safeguards and end up in front-end code, long after the point where shift-left controls have already run. And this problem will only grow as automation and AI-generated code become more common. That’s why single-page application spidering is needed to catch secrets before they reach production. We’ve built automated SPA secrets detection into Intruder so teams can actually catch this.

Learn more. Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Tudou Guarantee Marketplace Halts Telegram Transactions After Processing Over $12 Billion

A Telegram-based guarantee marketplace known for advertising a broad range of illicit services appears to be winding down its operations, according to new findings from Elliptic. The blockchain intelligence company said Tudou Guarantee has effectively ceased transactions through its public Telegram groups following a period of significant growth. The marketplace is estimated to have processed over $12 billion in transactions, making it the third-largest illicit marketplace of all time. “Other parts of Tudou Guarantee, such as its gambling operations, continue to function, so it remains to be seen whether this represents the first stages of a full shutdown or a pivot away from fraud-related activity,” the company said .

Tudou Guarantee is just one of the many Telegram-based marketplaces serving cyber fraudsters, the others being HuiOne Guarantee and Xinbi Guarantee , which collectively engaged in over $35 billion in USDT transactions. Thousands of channels associated with both services were shuttered by Telegram last year. The marketplace has since emerged as a leading platform, prompting merchants who previously sold through HuiOne Guarantee to migrate to Tudou Guarantee, offering stolen personal data, money laundering services, scam infrastructure like fraudulent investment platforms and phishing websites, and software programs to facilitate face swapping, voice cloning, and deepfake-powered impersonation during video calls with victims. Research from Chainalysis published in November 2025 has identified that scam technology vendors collectively received at least $375.9 million in cryptocurrency in 2024, with artificial intelligence (AI) service vendors witnessing a 1,900% compound annual growth rate from 2021 through 2024, enabling scammers to forge realistic identities, generate convincing content, and scale their operations.

The migration was no coincidence as HuiOne acquired a 30% financial stake in Tudou Guarantee in December 2024, setting up the latter as a key fallback for Huione-affiliated vendors. Elliptic’s Founder and Chief Scientist, Tom Robinson, told The Hacker News that Xinbi Guarantee has recovered and grown following Telegram’s intervention, and that there are a similar number of markets still in operation. “After shutting down HuiOne Guarantee, Telegram is no longer taking any action against these scam marketplaces. There’s no need for them to move to other messaging platforms,” Robinson added.

The apparent shutdown of Tudou Guarantee also appears to be related to the recent law enforcement actions against the Cambodian conglomerate Prince Group and its CEO, Chen Zhi, who was arrested and extradited to China earlier this month . Chatter referencing Tudou Guarantee in connection with the Chen Zhi scandal (Source: Elliptic) The billionaire businessman stands accused of masterminding a vast investment scam that involved luring trafficked workers to forced labour camps in Southeast Asia to defraud victims globally, a scheme known as romance baiting or pig butchering . Prince Group has denied wrongdoing. Elliptic said its real-time monitoring of Tudou’s central administrative wallets shows a sudden drop in activity in the following days, suggesting a link to the arrest.

“The closure of Tudou is a significant blow to the Southeast Asian scam economy, but history suggests the vacuum will not remain unfilled for long,” the company said, adding it expects the malicious activity to disperse across other guarantee marketplaces that may come in to swoop displaced merchants and customers. Meanwhile, governments and law enforcement authorities aren’t sitting idle. In November 2025, the U.S. government announced the creation of the Scam Center Strike Force to dismantle Southeast Asian transnational criminal networks behind cryptocurrency-related fraud and pig butchering scams.

So far, the team has seized and forfeited $401 million in cryptocurrency from these schemes. It’s also working with U.S. companies to seize and disable U.S.-based facilities and infrastructure that power the scams, as well as prevent them from being weaponized to target American citizens. Found this article interesting?

Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Google Gemini Prompt Injection Flaw Exposed Private Calendar Data via Malicious Invites

Cybersecurity researchers have disclosed details of a security flaw that leverages indirect prompt injection targeting Google Gemini as a way to bypass authorization guardrails and use Google Calendar as a data extraction mechanism. The vulnerability, Miggo Security’s Head of Research, Liad Eliyahu, said, made it possible to circumvent Google Calendar’s privacy controls by hiding a dormant malicious payload within a standard calendar invite. “This bypass enabled unauthorized access to private meeting data and the creation of deceptive calendar events without any direct user interaction,” Eliyahu said in a report shared with The Hacker News. The starting point of the attack chain is a new calendar event that’s crafted by the threat actor and sent to a target.

The invite’s description embeds a natural language prompt that’s designed to do their bidding, resulting in a prompt injection. The attack gets activated when a user asks Gemini a completely innocuous question about their schedule (e.g., Do I have any meetings for Tuesday?), prompting the artificial intelligence (AI) chatbot to parse the specially crafted prompt in the aforementioned event’s description to summarize all of users’ meetings for a specific day, add this data to a newly created Google Calendar event, and then return a harmless response to the user. “Behind the scenes, however, Gemini created a new calendar event and wrote a full summary of our target user’s private meetings in the event’s description,” Miggo said. “In many enterprise calendar configurations, the new event was visible to the attacker, allowing them to read the exfiltrated private data without the target user ever taking any action.” Although the issue has since been addressed following responsible disclosure, the findings once again illustrate that AI-native features can broaden the attack surface and inadvertently introduce new security risks as more organizations use AI tools or build their own agents internally to automate workflows.

“AI applications can be manipulated through the very language they’re designed to understand,” Eliyahu noted. “Vulnerabilities are no longer confined to code. They now live in language, context, and AI behavior at runtime.” The disclosure comes days after Varonis detailed an attack named Reprompt that could have made it possible for adversaries to exfiltrate sensitive data from artificial intelligence (AI) chatbots like Microsoft Copilot in a single click, while bypassing enterprise security controls. The findings illustrate the need for constantly evaluating large language models (LLMs) across key safety and security dimensions, testing their penchant for hallucination, factual accuracy, bias, harm, and jailbreak resistance, while simultaneously securing AI systems from traditional issues.

Just last week, Schwarz Group’s XM Cyber revealed new ways to escalate privileges inside Google Cloud Vertex AI’s Agent Engine and Ray, underscoring the need for enterprises to audit every service account or identity attached to their AI workloads. “These vulnerabilities allow an attacker with minimal permissions to hijack high-privileged Service Agents, effectively turning these ‘invisible’ managed identities into ‘double agents’ that facilitate privilege escalation,” researchers Eli Shparaga and Erez Hasson said . Successful exploitation of the double agent flaws could permit an attacker to read all chat sessions, read LLM memories, and read potentially sensitive information stored in storage buckets, or obtain root access to the Ray cluster. With Google stating that the services are currently “working as intended,” it’s essential that organizations review identities with the Viewer role and ensure adequate controls are in place to prevent unauthorized code injection.

The development coincides with the discovery of multiple vulnerabilities and weaknesses in different AI systems - Security flaws (CVE-2026-0612, CVE-2026-0613, CVE-2026-0615, and CVE-2026-0616) in The Librarian, an AI-powered personal assistant tool provided by TheLibrarian.io, that enable an attacker to access its internal infrastructure, including the administrator console and cloud environment, and ultimately leak sensitive information, such as cloud metadata, running processes within the backend, and system prompt, or log in to its internal backend system. A vulnerability that demonstrates how system prompts can be extracted from intent-based LLM assistants by prompting them to display the information in Base64-encoded format in form fields. “If an LLM can execute actions that write to any field, log, database entry, or file, each becomes a potential exfiltration channel, regardless of how locked down the chat interface is,” Praetorian said. An attack that demonstrates how a malicious plugin uploaded to a marketplace for Anthropic Claude Code can be used to bypass human-in-the-loop protections via hooks and exfiltrate a user’s files via indirect prompt injection.

A critical vulnerability in Cursor ( CVE-2026-22708 ) that enables remote code execution via indirect prompt injection by exploiting a fundamental oversight in how agentic IDEs handle shell built-in commands. “By abusing implicitly trusted shell built-ins like export, typeset, and declare, threat actors can silently manipulate environment variables that subsequently poison the behavior of legitimate developer tools,” Pillar Security said . “This attack chain converts benign, user-approved commands – such as git branch or python3 script.py – into arbitrary code execution vectors.” On top of that, a security analysis of five vibe coding IDEs, viz. Cursor, Claude Code, OpenAI Codex, Replit, and Devin, found that the coding agents, while good at avoiding SQL injections or XSS flaws, struggle when it comes to handling SSRF issues, business logic, and enforcing appropriate authorization when accessing APIs.

To make matters worse, none of the tools included CSRF protection, security headers, or login rate limiting. The test highlights the current limits of vibe coding, showing that human oversight is still key to addressing these gaps. “Coding agents cannot be trusted to design secure applications,” Tenzai’s Ori David said . While they may produce secure code (some of the time), agents consistently fail to implement critical security controls without explicit guidance.

Where boundaries aren’t clear-cut – business logic workflows, authorization rules, and other nuanced security decisions – agents will make mistakes.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

⚡ Weekly Recap: Fortinet Exploits, RedLine Clipjack, NTLM Crack, Copilot Attack & More

In cybersecurity, the line between a normal update and a serious incident keeps getting thinner. Systems that once felt reliable are now under pressure from constant change. New AI tools, connected devices, and automated systems quietly create more ways in, often faster than security teams can react. This week’s stories show how easily a small mistake or hidden service can turn into a real break-in.

Behind the headlines, the pattern is clear. Automation is being used against the people who built it. Attackers reuse existing systems instead of building new ones. They move faster than most organizations can patch or respond.

From quiet code flaws to malware that changes while it runs, attacks are focusing less on speed and more on staying hidden and in control. If you’re protecting anything connected—developer tools, cloud systems, or internal networks—this edition shows where attacks are going next, not where they used to be. ⚡ Threat of the Week Critical Fortinet Flaw Comes Under Attack — A critical security flaw in Fortinet FortiSIEM has come under active exploitation in the wild. The vulnerability, tracked as CVE-2025-64155 (CVSS score: 9.4), allows an unauthenticated attacker to execute unauthorized code or commands via crafted TCP requests.

In a technical analysis, Horizon3.ai described the issue as comprising two issues: an unauthenticated argument injection vulnerability that leads to arbitrary file write, allowing for remote code execution as the admin user, and a file overwrite privilege escalation vulnerability that leads to root access and complete compromise of the appliance. The vulnerability affects the phMonitor service, an internal FortiSIEM component that runs with elevated privileges and plays an integral role in system health and monitoring. Because the service is deeply embedded in FortiSIEM’s operational workflow, successful exploitation grants attackers full control of the appliance. When Your CEO Calls, Will You Know It’s Real?

Today’s phishing attacks involve AI voices, videos, and exec deepfakes. Adaptive Security is the first security awareness platform built to stop AI-powered social engineering. Adaptive protects your team with custom training and deepfake simulations featuring your own executives. Get a demo and chat with an interactive deepfake of your CEO Tour the platform Book a Demo ➝ 🔔 Top News VoidLink Linux Malware Enables Long-Term Access — A new cloud-native Linux malware framework named VoidLink focuses on cloud environments, providing attackers with a wide assortment of custom loaders, implants, rootkits, and plugins that are designed for additional stealth and for reconnaissance, privilege escalation, and lateral movement inside a compromised network.

The feature-rich framework is engineered for long-term access, surveillance, and data collection rather than short-term disruption, allowing an operator to control agents, implants, and plugins via a web-based dashboard localized for Chinese users. Key to the malware’s architecture is to “automate evasion as much as possible” by profiling a Linux environment and intelligently choosing the best strategy for operating without detection. Indeed, when signs of tampering or malware analysis are detected on an infected machine, it can delete itself and invoke anti-forensics modules designed to remove traces of its activity. It’s fitted with an “unusually broad” feature set, including rootkit-style capabilities, an in-memory plug-in system for extending functionality, and the ability to adjust runtime evasion based on the security products it detects.

VoidLink draws inspiration from Cobalt Strike, an adversary simulation framework that has been widely adopted and misused by attackers over the years. It’s believed to be the work of Chinese developers. “Together, these plugins sit atop an already sophisticated core implementation, enriching VoidLink’s capabilities beyond cloud environments to developer and administrator workstations that interface directly with those cloud environments, turning any compromised machine into a flexible launchpad for deeper access or supply-chain compromise,” Check Point said. “Its design reflects a level of planning and investment typically associated with professional threat actors rather than opportunistic attackers.” However, its intended use remains unclear, and no evidence of real-world infections has been observed, which supports the assumption that the modular malware was created “either as a product offering or as a framework developed for a customer.” Microsoft Disrupts RedVDS Criminal Service — A cybercriminal subscription service responsible for fraud campaigns causing millions of dollars in losses has been disrupted in a coordinated action by Microsoft alongside legal partners in the U.S.

and, for the first time, the U.K. The Windows makers said it seized the website and infrastructure of RedVDS, a platform that hosted cybercrime-as-a-service tools for phishing and fraud campaigns, which cost users as little as $24 a month. The subscription service is known to have cost victims in the U.S. alone over $40 million since March 2025.

In total, Microsoft has identified nearly 190,000 organizations worldwide that fell victim to RedVDS-supported campaigns. In one month, the company noted approximately 2,600 RedVDS virtual machines sent an average of 1 million phishing messages to Microsoft customers daily. RedVDS provided cybercriminals with access to cheap, effective, and disposable virtual computers running unlicensed software, including Windows, allowing criminals to conduct phishing attacks and business email compromise (BEC) schemes. The service is also said to have been a player in the spread of real estate payment diversion scams, affecting more than 9,000 customers primarily in Canada and Australia.

RedVDS did not own physical data centers and instead rented servers from third-party hosting providers in the U.S., Canada, the U.K., France, and the Netherlands. “Once provisioned, these cloned Windows hosts gave actors a ready‑made platform to research targets, stage phishing infrastructure, steal credentials, hijack mailboxes, and execute impersonation‑based financial fraud with minimal friction,” Microsoft said. “Threat actors benefited from RedVDS’s unrestricted administrative access and negligible logging, allowing them to operate without meaningful oversight. The uniform, disposable nature of RedVDS servers allowed cybercriminals to rapidly iterate campaigns, automate delivery at scale, and move quickly from initial targeting to financial theft.” Over 550 Kimwolf Botnet C2 Nodes Null-Routed — Lumen Technologies’ Black Lotus Labs has blocked more than 550 command-and-control (C2) nodes linked to Aisuru and Kimwolf’s servers since October 2025, as the botnets gained attention for their role in orchestrating hypervolumetric distributed denial-of-service (DDoS) attacks.

Kimwolf, which is said to mainly target unsanctioned Android TV boxes, has caught on like wildfire, corralling over 2 million devices into its botnet. The disruption of RapperBot and the arrest of its alleged leader in August 2025 played a key factor in the rise of Aisuru and Kimwolf. Recent research by QiAnXin XLab and Synthient revealed how the botnet’s operators have leveraged proxy services to expand its reach. In a separate report, Infoblox said nearly 25% of its cloud customers made a query to a Kimwolf domain since October 1, 2025.

“The main takeaway is these residential proxies are literally everywhere,” Chris Formosa, senior lead information security engineer at Lumen Technologies’ Black Lotus Labs, told The Hacker News. “Like everywhere and in most organizations you can think of. Given we know the actors were exploiting it, the story is mainly a story of a lot of networks you may think are secured, but have devices running residential proxies which can provide attackers with an opportunity to get an initial foothold, bypassing a large majority of your devices you likely have in place.” Reprompt Attack Targets Microsoft Copilot — Security researchers discovered a new attack named Reprompt that allowed them to exfiltrate user data from Microsoft Copilot once a victim clicks on a specifically crafted link pointing to the artificial intelligence (AI) chatbot. The attack bypasses data leak protections and allows for persistent session exfiltration even after the Copilot session was closed.

The attack leverages a combination of Parameter 2 Prompt (P2P) injection (i.e., the exploitation of the “q” parameter), a double-request technique, and a chain-request technique to obtain a data exfiltration primitive. “Client-side monitoring tools won’t catch these malicious prompts, because the real data leaks happen dynamically during back-and-forth communication — not from anything obvious in the prompt the user submits,” Varonis said. The attack does not affect enterprise customers using Microsoft 365 Copilot. Microsoft has since addressed the issue.

AWS CodeBuild Misconfiguration Creates Supply Chain Risks — A critical misconfiguration in Amazon Web Services (AWS) CodeBuild could have allowed complete takeover of the cloud service provider’s own GitHub repositories, including its AWS JavaScript SDK, putting every AWS environment at risk. The vulnerability, codenamed CodeBreach, was fixed by AWS in September 2025. “By exploiting CodeBreach, attackers could have injected malicious code to launch a platform-wide compromise, potentially affecting not just the countless applications depending on the SDK, but the Console itself, threatening every AWS account,” Wiz said. ‎️‍🔥 Trending CVEs Hackers act fast.

They can use new bugs within hours. One missed update can cause a big breach. Here are this week’s most serious security flaws. Check them, fix what matters first, and stay protected.

This week’s list includes — CVE-2025-20393 (Cisco AsyncOS Software), CVE-2026-23550 (Modular DS plugin), CVE-2026-0227 (Palo Alto Networks PAN-OS), CVE-2025-64155 (Fortinet FortiSIEM), CVE-2026-20805 (Microsoft Windows Desktop Window Manager), CVE-2025-12420 (ServiceNow), CVE-2025-55131, CVE-2025-55131, CVE-2025-59466, CVE-2025-59465 (Node.js), CVE-2025-68493 (Apache Struts 2), CVE-2026-22610 (Angular Template Compiler), CVE-2025-66176, CVE-2025-66177 (Hikvision), CVE-2026-0501, CVE-2026-0500, CVE-2026-0498​, CVE-2026-0491 (SAP), CVE-2026-21859, CVE-2026-22689 (Mailpit), CVE-2026-22601, CVE-2026-22602, CVE-2026-22603, CVE-2026-22604 (OpenProject), CVE-2026-23478 (Cal.com), CVE-2025-14364 (Demo Importer Plus plugin), CVE-2025-14502 (News and Blog Designer Bundle), CVE-2025-14301 (Integration Opvius AI for WooCommerce plugin), CVE-2025-52493 (PagerDuty Runbook), CVE-2025-55315 (ASP.NET Core Kestrel server), CVE-2026-20965 (Microsoft Windows Admin Center), and CVE-2025-14894 (Livewire Filemanager). 📰 Around the Cyber World Unpatched Flaw in Livewire Filemanager — An unpatched security flaw was disclosed in Livewire Filemanager, a file manager component for Laravel-based websites that allows file uploads. The vulnerability (CVE-2025-14894, CVSS score: 7.5) can permit threat actors to upload malicious PHP files to a remote server and trigger its execution. “When a user uploads a PHP file to the application, it can be accessed and executed by visiting the web-accessible file hosting directory,” the CERT Coordination Center (CERT/CC) said .

“This enables an attacker to create a malicious PHP file, upload it to the application, then force the application to execute it, enabling unauthenticated arbitrary code execution on the host device.” More GhostPoster Extensions Spotted — LayerX said it found a new cluster of 17 extensions related to GhostPoster impacting Google Chrome and Microsoft Edge. The new extensions, which are designed to hijack affiliate links, inject tracking code, and commit click and ad fraud, have a collective install base of over 840,000 users, and some of them date back to 2020. GhostPoster, first disclosed last month, is part of a broader campaign undertaken by a Chinese threat actor dubbed DarkSpectre . The new findings show that GhostPoster first originated on Microsoft Edge in February 2020 and then expanded to Firefox and Chrome.

RedLineCyber Distributes Clipboard Hijacking Malware — A threat actor named RedLineCyber has been observed leveraging the notoriety of the well-known RedLine information stealer to distribute an executable called “Pro.exe” (or “peeek.exe”). It’s a Python-based clipboard hijacking trojan that is designed for cryptocurrency theft by continuously monitoring the Windows clipboard for cryptocurrency wallet addresses and substituting them with a wallet address under their control to facilitate cryptocurrency theft. “The threat actor exploits trust relationships within Discord communities focused on gaming, gambling, and cryptocurrency streaming,” CloudSEK said . “Distribution occurs through direct social engineering, where the actor cultivates relationships with potential victims, particularly cryptocurrency streamers and influencers, over extended periods before introducing the malicious payload as a ‘security tool’ or ‘streaming utility.’” Fake Shipping Documents Deliver Remcos RAT — A new phishing campaign is using shipping-themed lures to trick recipients into opening a malicious Microsoft Word document that, in turn, triggers an exploit for a years-old security flaw in Microsoft Office ( CVE-2017-11882 ) to distribute a new variant of Remcos RAT that’s executed directly in memory, Fortinet said .

Successful exploitation of the vulnerability triggers the download of a Visual Basic Script, which executes Base64-code PowerShell code to download and launch a .NET DLL loader module responsible for launching the RAT in addition to setting up persistence using scheduled tasks. An off-the-shelf malware, Remcos RAT (version 7.0.4 Pro) enables comprehensive data gathering capabilities, including system management, surveillance, networking, communication, and agent control. In another campaign detected by AhnLab, users in South Korea have been targeted by Remcos RAT malware masquerading as VeraCrypt installers or software associated with illegal gambling websites. Google Releases Rainbow Tables to Speed Up Demise of Net-NTLMv1 — Google’s Mandiant threat intelligence division released a comprehensive dataset of Net-NTLMv1 rainbow tables to emphasize the need for urgently moving away from the outdated protocol.

While Microsoft previously announced its plans to deprecate NTLM in favor of Kerberos, Google said it continues to identify the use of Net-NTLMv1 in active environments, leaving organizations vulnerable to trivial credential theft. “While tools to exploit this protocol have existed for years, they often required uploading sensitive data to third-party services or expensive hardware to brute-force keys,” Google said . “The release of this dataset allows defenders and researchers to recover keys in under 12 hours using consumer hardware costing less than $600 USD.” Former U.S. Navy Sailor Sentenced to 200 Months for Spying for China — Jinchao Wei (aka Patrick Wei), 25, a former U.S.

Navy sailor, was sentenced in the U.S. to 200 months in prison for selling secrets to China by abusing his security clearance and access to sensitive national defense information about the amphibious assault ship U.S.S. Essex. Wei was convicted of espionage charges in August 2025 following his arrest in August 2023.

“By sharing thousands of documents, operating manuals, and export-controlled and sensitive information with a Chinese intelligence officer, Petty Officer Wei knowingly betrayed his fellow service members and the American people,” said NCIS Director Omar Lopez. Wei was recruited by a Chinese intelligence officer in February 2022 and sent photographs and videos of the Essex via an encrypted messaging application, and advised the officer of the location of various Navy ships. He also described the defensive weapons of the Essex, sent thousands of pages of technical and operational information about U.S. Navy surface warfare ships, and sold approximately 60 technical and operational manuals about U.S.

Navy ships. In exchange, Wei received more than $12,000 over 18 months. Post his arrest, Wei admitted to the Federal Bureau of Investigation (FBI) that what he did amounted to espionage and that “I’m screwed.” Australia Warns Domestic Firms About AI Security Risks — The Australian Signals Directorate (ASD) has warned local businesses against uploading customer data and files to AI chatbots or genAI platforms without proper anonymization. “Some artificial intelligence providers may use customer‑submitted data to train or refine their models.

This can depend on the configuration settings or the type of subscription,” ASD said . “As a result, information entered into these platforms could potentially be reused or disclosed in unexpected contexts later.” It also warned that AI systems are susceptible to hallucinations and can be tricked by malicious cyber actors through prompt injections, which refer to malicious inputs disguised as legitimate requests designed to confuse or mislead the AI into giving sensitive, wrong, or unsafe answers. Furthermore, ASD warned of potential supply chain risks resulting from AI integration, emphasizing the need for secure deployment of AI chatbots. Jordan National Pleads Guilty to Selling Access — A Jordanian national pleaded guilty in the U.S.

to charges of selling access to the networks of at least 50 companies through a cybercriminal forum. Feras Khalil Ahmad Albashiti (aka r1z, Feras Bashiti, and Firas Bashiti), 40, is facing a maximum penalty of 10 years in prison after being charged with fraud and related activity in connection with access credentials. Albashiti was arrested in July 2024. His sentencing will take place in May 2026.

The FBI, which contacted the defendant in September 2026 under cover, said it was able to trace the “r1z” cybercrime forum account to Albashiti because it was registered in 2018 with the same Gmail address that was used to apply for a U.S. visa in October 2016. According to a report from SentinelOne, the “r1z” account marketed a malware dropper and bypass service called EDR Killer on underground forums. The account was previously identified as advertising access to 50 vulnerable Confluence servers acquired by exploiting the critical Confluence unauthenticated RCE vulnerability, tracked as CVE-2022-26134, and claimed to be in possession of a list of over 10,000 vulnerable Confluence servers.

Other tools included illicit versions of Cobalt Strike , private exploits for local privilege escalation (LPE) vulnerabilities in different services, access to 30 SonicWall VPN and 50 Microsoft Exchange servers with a working exploit, as well as a service that acquired compromised VPN and RDP login credentials from other criminals on the XSS forum. R1z is said to have been active on XSS since 2019. Google Agrees to Pay $8.25M to Settle Children Privacy Violations — Google has agreed to pay $8.25 million to settle a class-action lawsuit that claimed the company illegally collected data from devices belonging to children under age 13, The Record reported . The case was brought more than two years ago by the parents of six minors who allegedly downloaded apps and games from the Play Store that were targeted at children, such as Fun Kid Racing, GummyBear, and Friends Speed Racing.

The apps, according to the lawsuit, came with Google’s AdMob software development kit that collected data from children at scale, violating the Children’s Online Privacy Protection Act (COPPA). U.S. Bank Targeted by Keylogger — Sansec identified a keylogger on the employee merchandise store of a major U.S. bank.

The store is used by the bank’s 200,000 employees to order company-branded items. “The malware intercepts everything typed into the site’s forms: login credentials, payment card numbers, personal information,” the Dutch company said. “The stolen data is exfiltrated via image beacon, a common technique that bypasses many security controls.” The malware has since been removed from the site. The activity is assessed to share overlaps with an October 2024 breach of the Green Bay Packers Pro Shop, citing infrastructure pattern similarities.

Payroll Pirates Redirect Paychecks to Accounts Under Their Control — In a new social engineering attack targeting an unnamed organization, the threat actors behind Payroll Pirates reached out via a phone call, impersonating employees to manipulate multiple help desks and successfully perform password resets and re-enroll multi-factor authentication (MFA) devices. The threat actor has also been observed attempting to establish persistence by registering an external email address as an authentication method for a service account within the client’s Azure AD environment. “Once authenticated into the payroll system, the attacker moved quickly,” Palo Alto Networks Unit 42 said . “In total, they compromised multiple employee accounts, each one granting access to sensitive payroll information.

The attacker then proceeded to modify direct-deposit details for multiple individuals, redirecting their paychecks into bank accounts under the attacker’s control. Because the credentials were valid and MFA appeared legitimate, the activity blended in with normal operations. The incident was discovered only when employees reported missing paychecks.” New Attack Uses DLL Side-Loading to Distribute PDFSIDER Malware — An unknown threat actor is leveraging DLL side-loading to deploy PDFSIDER, a backdoor with encrypted C2 capabilities, using a legitimate executable associated with PDF24 Creator (“pdf24.exe”). The malware operates primarily in memory, minimizing disk artifacts.

“PDFSIDER blends traditional cyber-espionage behaviors with modern remote-command functionality, enabling operators to gather system intelligence and remotely execute shell commands covertly,” Resecurity said . “The malware uses a fake cryptbase.dll to bypass endpoint detection mechanisms. Once loaded, the malware provides attackers with an interactive, hidden command shell and can exfiltrate command output through its encrypted channel.” The malware is delivered via spear-phishing emails that guide victims to a ZIP archive attached to the message. Resecurity told The Hacker News that PDFSIDER has been used in targeted attacks either via spear-phishing or a social engineering attack in which the threat actors impersonate tech support personnel to contact employees in large enterprises and government agencies and deliver the package over Microsoft Teams or Quick Assist.

The cybersecurity company also said it observed an affiliate of Qilin ransomware using the malware, although it expects more groups to join the bandwagon. There is no evidence it’s being advertised under a malware-as-a-service (MaaS) model. 🎥 Cybersecurity Webinars How Top MSSPs Are Using AI to Grow in 2026: Learn Their Formula — By 2026, MSSPs are under pressure to do more with less, and AI is becoming the edge that separates those who scale from those who stall. This session explores how automation reduces manual work, improves margins, and enables growth without adding headcount, with real-world insights from Cynomi founder David Primor and Secure Cyber Defense CISO Chad Robinson on turning expertise into repeatable, high-value services.

Stop Guessing Your SOC Strategy: Learn What to Build, Buy, or Automate — Modern SOC teams are overloaded with tools, noise, and promises that don’t translate into results, making it hard to know what to build, buy, or automate. In this session, AirMDR CEO Kumar Saurabh and SACR CEO Francis Odum cut through the clutter with a practical, vendor-neutral look at SOC operating models, maturity, and real-world decision frameworks—leaving teams with a clear, actionable path to simplify their stack and make their SOC work more effectively. 🔧 Cybersecurity Tools AuraInspector — It is an open-source tool for auditing Salesforce Experience Cloud security. It helps find misconfigurations that could expose data or admin functions by checking accessible records, self-registration options, and hidden “home URLs.” The tool automates much of the testing, including object discovery through GraphQL methods, and works in both guest and authenticated contexts.

It’s a research utility, not an official Google product, designed to make Salesforce Aura security testing faster and more reliable. Maltrail — It is an open-source tool for detecting malicious network traffic. It compares network activity against known blacklists of suspicious domains, IPs, URLs, and user agents linked to malware or attacks, and can also flag new threats using heuristics. The system uses sensors to monitor traffic and a central server to log and display events through a web interface, helping identify infected hosts or abnormal activity in real time.

Disclaimer: These tools are for learning and research only. They haven’t been fully tested for security. If used the wrong way, they could cause harm. Check the code first, test only in safe places, and follow all rules and laws.

Conclusion The message is clear. Today’s threats aren’t just single break-ins. They come from connected weak spots, where one exposed service or misused tool can affect an entire system. Attackers don’t see cloud platforms, AI tools, and enterprise software as separate.

They see one shared space. Defenders need to think the same way, treating every part of their environment as connected and worth watching all the time, not just after something goes wrong. What happened this week isn’t unusual. It’s a warning.

Every update, setting, and access rule matters, because the next attack will likely begin from something already inside. This recap shows how small gaps turned into big openings—and what’s being done to close them before the next round begins. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

DevOps & SaaS Downtime: The High (and Hidden) Costs for Cloud-First Businesses

Just a few years ago, the cloud was touted as the “magic pill” for any cyber threat or performance issue. Many were lured by the “always-on” dream, trading granular control for the convenience of managed services. In recent years, many of us have learned (often the hard way) that public cloud service providers are not immune to attacks and SaaS downtime, hiding behind the Shared Responsibility cushion. To stay operational, competitive, and resilient in today’s threat landscape, teams must move beyond the dependency on SaaS providers and understand what cyber resilience really means.

The Myth of DevOps SaaS Resilience In 2024 alone, popular DevOps SaaS platforms—like GitHub, Jira, or Azure DevOps— experienced 502 incidents in total, which resulted in degraded performance and outages totaling over 4,755 hours . The conclusion is clear: Entrusting “the big players” with your source code, development metadata, and workflow projects doesn’t make your business immune to downtime and subsequent financial loss. The Numbers Say It All According to the 2024 CISO’s Guide to DevOps Threats report by GitProtect , leading cloud DevOps services suffered from 48 critical and major incidents . Comparing this with the 2025 edition of the report we’ve been working on by analyzing official providers’ and third-party communications (to be published soon), we can see a 69% increase year-over-year (YoY) with 156 critical and major incidents in total!

The total time of service performance degradation jumped from 4,755 hours in 2024 to over 9,255 hours in 2025. Whether it’s total downtime, login failures, or sluggish responsiveness, these disruptions are becoming a relentless threat to daily operations. For detailed overviews of the most prominent incidents, we encourage you to look inside the report. The Model of Shared Responsibility The Shared Responsibility model is a common agreement between your business and a SaaS provider, where they are responsible for their cloud infrastructure, but you’re responsible for your data within it , including source code repositories, metadata, issues, or anything else.

Even though some providers might offer help in restoring data, the nature and scope of this help are not always clear. Ultimately, you bear the final responsibility. Furthermore, shared responsibility provisions might also apply to backups you make in the provider’s cloud, using native backup features. Some providers explicitly state that you can’t use such backups to revert certain types of changes (e.g., intentional deletion), leaving you exposed.

The bottom line: No DevOps SaaS provider is contractually obligated to protect or restore your data. The Single Point of Failure Relying on the native DevOps cloud backups without a multi‑layered data protection strategy is becoming increasingly risky. First, backing up your code within the same infrastructure as your production creates a single point of failure. Everyone knows the proverb about not keeping all eggs in one basket.

If, for example, Atlassian’s Jira is down, both your production and backup data might be unavailable as well, unless your SaaS provider has implemented properly isolated configurations. Native DevOps cloud backups are a baseline expectation, but in isolation, they are not a panacea. Other problems you might face include:

Restore limitations

As mentioned earlier, native backups might be limited to restore scenarios defined precisely by your SaaS provider. As a result, you won’t be able to recover data or will need to negotiate with them to get real assistance at best.

Lack of flexibility

Native backup mechanisms usually don’t offer any granularity of backup and restore. So, if you lose just a single branch of your project, you will need to recover everything, wasting time and resources. Data gaps

Given the dynamic nature of repositories with new pull/merge/push requests, or Jira with its work items, there’s a risk of native backup mechanisms creating data gaps that’ll turn out problematic during restore. The conclusion?

Native backup from SaaS providers is not enough anymore, further contributing to the myth of SaaS resilience. What Are the Actual Problems for the Enterprise Customers of DevOps SaaS Providers? While high‑profile cyberattacks grab headlines, the everyday reality for SaaS cloud- dependent companies is that service outages inflict significant financial and operational damage. Research shows that downtime is far more than a technical inconvenience—it erodes revenue, productivity, and customer trust, among other things.

Rising Costs of Downtime and Impact on Financial Liquidity For cloud-first organizations, upstream SaaS provider downtime can translate into hundreds of thousands or even millions of dollars in losses. Information Technology Intelligence Consulting survey found that the cost of hourly downtime exceeds $300,000 for 90% of mid-size and large firms.1 The situation becomes critical for large enterprises. Fortune 1000 companies can face hourly downtime costs ranging from $1 million to over $5 million . Other sources unanimously cite high costs of downtime, too.

For example, in the Uptime Institute’s Annual outage analysis 2024 , over half of the respondents reported that their most recent serious outage cost more than $100,000, while 16% cited the amount of more than $1 million.2 One thing is for certain: Downtime costs are already huge and are rising every year . While they are bearable (but still painful) for enterprises, they might seriously impact the finances of smaller software vendors, or even cause them to close down completely. Engineering and Operational Paralysis The failure of your SaaS cloud provider can paralyze your research and development (R&D) or even the whole business activity. Especially when you heavily rely on the cloud, treating it like a kind of ‘central nervous system’ orchestrating your operations.

Being cloud-first might be convenient, but if the cloud’s on fire, you’re burning, too. See how it can affect you from the technical perspective: Source control management (SCM) freeze —your developers can’t push pull requests to remote git repositories, and managers or seniors can’t run checks, review, or accept them. Workflow chaos —if a task management SaaS like Jira fails, and your team can’t access projects and issues, no one knows what to do next. No access to dependencies —if, for example, GitHub Packages or Azure Artifacts don’t work, the functionalities of your app that use dependencies won’t work either.

Knowledge source loss —your team can’t access issues and wikis to consult information, check facts, or prioritize bugs. Testing stops —with the testing orchestrator module like GitHub Actions or Azure Pipelines down, test & validation stages are interrupted. Others (authentication fails, no centralized communication, etc.) As you can see, the impact can be enormous, disrupting your business in many ways. Affected Customers, Reputation, and SLAs This paralysis can lead to failed or delayed projects, impacting your organization’s customers or partners.

This eroded trust can, in turn, lead to reputation losses that translate into real financial costs. And if you’re a software vendor creating apps under demanding Service Level Agreements (SLA), downtime can mean real problems. It can halt a critical release or a hotfix for a customer-facing error. Many SLAs require these fixes within 4–8 hours.

Failing to meet these “Resolution Times” often results in contractual penalties, adding to the total cost of the outage. Security Risks Under pressure to meet deadlines during an outage, teams often turn to Shadow IT—using unsanctioned software or workarounds without IT oversight. This might include sharing code snippets, confidential information, or credentials over Slack or personal email. Such practices are highly undesirable for these reasons: potential code and know-how leaks, potential intellectual property loss, creating vulnerabilities in your code (once third-party intercepts it), creating vulnerabilities in your environment (if users also share credentials).

The hidden threat? Your organization may become compromised long after the downtime actually happened. And it’s just another cost, isn’t it? Compliance Issues Especially when you belong to a regulated industry, you must ensure compliance in different areas of your business operations, including data protection.

SaaS downtime (as well as other disastrous events like accidental data deletion) might expose your insufficient measures, which, for your business, might mean audit failure, unsuccessful certification, or even additional costs. Native backup might turn out insufficient to cover each recovery scenario. Just to remind you, the obligation to backup your data is defined in many regulations and industry standards: Article 21 of the NI2 Directive , area: Business continuity, such as backup management and disaster recovery, and crisis management. The A.8.13 (Information backup) control is defined in Annex A to ISO 27001 standard.

The Trust Services Criteria (TSC), like Availability (A1.2), Security (CC7.1,) under SOC2 . How to Create a Setup that Protects You against Downtime To improve immunity to downtime incidents affecting your upstream SaaS provider, you need a shift from being reactive to proactive. You need a plan B. Resiliency Strategy to Minimize Impact True availability is not about if systems fail, it’s about how quickly you can recover and resume business as usual.

That’s why an effective resiliency strategy for your business should include: Frequent and comprehensive backups covering not just source code or issues, but also configurations and metadata. The data should allow you to quickly recreate your setup locally (e.g., using a self-managed solution like Azure DevOps Server or Bitbucket Data Center) or with a competitive cloud vendor, using the cross-restore functionality. Immutable and isolated storage that doesn’t rely on a single cloud vendor’s infrastructure. The safest option is to ensure copy replication, following the popular 3-2-1 backup rule , where you keep 3 separate copies in 2 different locations, storing 1 copy offsite.

It’s also a good idea to set up optimal data retention that fits your project lifecycle and needs. Integrated restore orchestration that understands dependencies across services, APIs, and environments to be able to resume quickly, without organizational chaos. Continuous testing of recovery flows to avoid making your backup another risk. Clearly defined backup KPIs like Recovery Time Objective (RTO) and Recovery Point Objective (RPO) to know how much time you need to resume after a disaster and how often to back up your SaaS data to prevent loss.

Extra Benefits for Your Organization A robust backup and recovery solution can be the pillar of your resiliency strategy against SaaS downtime. At the same time, it can bring extra convenience and security for your cloud-stored repositories or projects. Here’s what you can get as a bonus: Migrating/merging SaaS environments —with a backup tool, you can migrate to a different SaaS provider or cloud region; it’s also possible to consolidate repositories or Jira instances in case of restructuring, mergers, department moves, etc. Sandboxing —you can use a backup copy to quickly create a sandbox environment for testing new integrations, configuration changes, etc.

Retention and archiving for compliance —combining a backup tool with your storage, you can go well beyond retention periods of SaaS providers. You can also archive legacy repositories or Jira projects without losing access to them. That way, you can still access historical data while saving space in SaaS. Selective restores —you can fix accidental or malicious deletion of a branch or several Jira issues in an instant, saving time and remaining agile.

Storage sovereignty —you can implement on-premises deployments where your most precious data (know-how, intellectual property, customers’ and partners’ personal information) never leaves your infrastructure. And many more . Trust the Experienced DevSecOps Experts DevOps SaaS platforms—just like any IT environment—can’t give you 100% security and uptime. The well-planned resiliency strategy is a must if you want to focus on innovation rather than firefighting outages in the future.

The GitProtect Team can help you with that. Thanks to over 15 years’ experience in the backup industry and our unique focus on SaaS and DevSecOps, we can together develop a strategy that’s the most beneficial and optimized for your very needs. Visit GitProtect.io , meet the product, and contact our experts to discuss your use case, personalize the setup, and efficiently protect what’s most precious. Found this article interesting?

This article is a contributed piece from one of our valued partners. Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

New StackWarp Hardware Flaw Breaks AMD SEV-SNP Protections on Zen 1–5 CPUs

A team of academics from the CISPA Helmholtz Center for Information Security in Germany has disclosed the details of a new hardware vulnerability affecting AMD processors. The security flaw, codenamed StackWarp , can allow bad actors with privileged control over a host server to run malicious code within confidential virtual machines (CVMs), undermining the integrity guarantees provided by AMD Secure Encrypted Virtualization with Secure Nested Paging ( SEV-SNP ). It impacts AMD Zen 1 through Zen 5 processors. “In the context of SEV-SNP, this flaw allows malicious VM [virtual machine] hosts to manipulate the guest VM’s stack pointer ,” researchers Ruiyi Zhang, Tristan Hornetz, Daniel Weber, Fabian Thomas, and Michael Schwarz said .

“This enables hijacking of both control and data flow, allowing an attacker to achieve remote code execution and privilege escalation inside a confidential VM.” AMD, which is tracking the vulnerability as CVE-2025-29943 (CVSS v4 score: 4.6), characterized it as a medium-severity, improper access control bug that could allow an admin-privileged attacker to alter the configuration of the CPU pipeline, causing the stack pointer to be corrupted inside an SEV-SNP guest. The issue affects the following product lines - AMD EPYC 7003 Series Processors AMD EPYC 8004 Series Processors AMD EPYC 9004 Series Processors AMD EPYC 9005 Series Processors AMD EPYC Embedded 7003 Series Processors AMD EPYC Embedded 8004 Series Processors AMD EPYC Embedded 9004 Series Processors AMD EPYC Embedded 9005 Series Processors While SEV is designed to encrypt the memory of protected VMs and is intended to isolate them from the underlying hypervisor, the new findings from CISPA show that the safeguard can be bypassed without reading the VM’s plaintext memory by instead targeting a microarchitectural optimization called stack engine, responsible for accelerated stack operations. “The vulnerability can be exploited via a previously undocumented control bit on the hypervisor side,” Zhang said in a statement shared with The Hacker News. “An attacker running a hyperthread in parallel with the target VM can use this to manipulate the position of the stack pointer inside the protected VM.” This, in turn, enables redirection of program flow or manipulation of sensitive data.

The StackWarp attack can be used to expose secrets from SEV-secured environments and compromise VMs hosted on AMD-powered cloud environments. Specifically, it can be exploited to recover an RSA-2048 private key from a single faulty signature, effectively getting around OpenSSH password authentication and sudo’s password prompt, and attain kernel-mode code execution in a VM. The chipmaker released microcode updates for the vulnerability in July and October 2025, with AGESA patches for EPYC Embedded 8004 and 9004 Series Processors scheduled for release in April 2026. The development builds upon a prior study from CISPA that detailed CacheWarp (CVE-2023-20592, CVSS v3 score:m 6.5), a software fault attack on AMD SEV-SNP, which permits attackers to hijack control flow, break into encrypted VMs, and perform privilege escalation inside the VM.

It’s worth noting that both are hardware architectural attacks. “For operators of SEV-SNP hosts, there are concrete steps to take: First, check whether hyperthreading is enabled on the affected systems. If it is, plan a temporary disablement for CVMs that have particularly high integrity requirements,” Zhang said. “At the same time, any available microcode and firmware updates from the hardware vendors should be installed.

StackWarp is another example of how subtle microarchitectural effects can undermine system-level security guarantees.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.