2026-01-27 AI创业新闻

Indian Users Targeted in Tax Phishing Campaign Delivering Blackmoon Malware

Cybersecurity researchers have discovered an ongoing campaign that’s targeting Indian users with a multi-stage backdoor as part of a suspected cyber espionage campaign. The activity , per the eSentire Threat Response Unit (TRU), involves using phishing emails impersonating the Income Tax Department of India to trick victims into downloading a malicious archive, ultimately granting the threat actors persistent access to their machines for continuous monitoring and data exfiltration. The end goal of the sophisticated attack is to deploy a variant of a known banking trojan called Blackmoon (aka KRBanker) and a legitimate enterprise tool called SyncFuture TSM (Terminal Security Management) that’s developed by Nanjing Zhongke Huasai Technology Co., Ltd , a Chinese company. The campaign has not been attributed to any known threat actor or group.

“While marketed as a legitimate enterprise tool, it is repurposed in this campaign as a powerful, all-in-one espionage framework,” eSentire said. “By deploying this system as their final payload, the threat actors establish resilient persistence and gain a rich feature set to monitor victim activity and centrally manage the theft of sensitive information.” The ZIP file distributed through the fake tax penalty notices contains five different files, all of which are hidden except for an executable (“Inspection Document Review.exe”) that’s used to sideload a malicious DLL present in the archive. The DLL, for its part, implements checks to detect debugger-induced delays and contacts an external server to fetch the next-stage payload. The downloaded shellcode then uses a COM-based technique to bypass the User Account Control (UAC) prompt to gain administrative privileges.

It also modifies its own Process Environment Block ( PEB ) to masquerade as the legitimate Windows “explorer.exe” process to fly under the radar. On top of that, it retrieves the next stage “180.exe” from the “eaxwwyr[.]cn” domain, a 32-bit Inno Setup installer that adjusts its behavior based on whether the Avast Free Antivirus process (“AvastUI.exe”) is running on the compromised host. If the security program is detected, the malware uses automated mouse simulation to navigate Avast’s interface and add malicious files to its exclusion list without disabling the antivirus engine to bypass detection. This is achieved by means of a DLL that’s assessed to be a variant of the Blackmoon malware family, which is known for targeting businesses in South Korea , the U.S., and Canada .

It first surfaced in September 2015. The file added to the exclusion list is an executable named “Setup.exe,” which is a utility from SyncFutureTec Company Limited and is designed to write “mysetup.exe” to disk. The latter is assessed to be SyncFuture TSM, a commercial tool with remote monitoring and management (RMM) capabilities. In abusing a legitimate offering, the threat actors behind the campaign gain the ability to remotely control infected endpoints, record user activities, and exfiltrate data of interest.

Also deployed following the execution of the executable are other files - Batch scripts that create custom directories and modify their Access Control Lists (ACLs) to grant permissions to all users Batch scripts that manipulate user permissions on Desktop folders A batch script performs cleanup and restoration operations An executable called “MANC.exe” that orchestrates different services and enables extensive logging “It provides them with the tools to not only steal data but to maintain granular control over the compromised environment, monitor user activity in real-time, and ensure their own persistence,” eSentire said. “By blending anti‑analysis, privilege escalation, DLL sideloading, commercial‑tool repurposing, and security‑software evasion, the threat actor demonstrates both capability and intent.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code

Cybersecurity researchers have discovered two malicious Microsoft Visual Studio Code (VS Code) extensions that are advertised as artificial intelligence (AI)-powered coding assistants, but also harbor covert functionality to siphon developer data to China-based servers. The extensions, which have 1.5 million combined installs and are still available for download from the official Visual Studio Marketplace , are listed below - ChatGPT - 中文版 (ID: whensunset.chatgpt-china) - 1,340,869 installs ChatGPT - ChatMoss（CodeMoss）(ID: zhukunpeng.chat-moss) - 151,751 installs Koi Security said the extensions are functional and work as expected, but they also capture every file being opened and every source code modification to servers located in China without users’ knowledge or consent. The campaign has been codenamed MaliciousCorgi. “Both contain identical malicious code – the same spyware infrastructure running under different publisher names,” security researcher Tuval Admoni said.

What makes the activity particularly dangerous is that the extensions work exactly as advertised, providing autocomplete suggestions and explaining coding errors, thereby avoiding raising any red flags and lowering the users’ suspicion. At the same time, the embedded malicious code is designed to read all of the contents of every file being opened, encode it in Base64 format, and send it to a server located in China (“aihao123[.]cn”). The process is triggered for every edit. The extensions also incorporate a real-time monitoring feature that can be remotely triggered by the server, causing up to 50 files in the workspace to be exfiltrated.

Also present in the extension’s web view is a hidden zero-pixel iframe that loads four commercial analytics software development kits (SDKs) to fingerprint the devices and create extensive user profiles. The four SDKs used are Zhuge.io, GrowingIO, TalkingData, and Baidu Analytics, all of which are major data analytics platforms based in China. PackageGate Flaws Affect JavaScript Package Managers The disclosure comes as the supply chain security company said it identified six zero-day vulnerabilities in JavaScript package managers like npm, pnpm, vlt, and Bun that could be exploited to defeat security controls put in place to skip the automatic execution of lifecycle scripts during package installation. The flaws have been collectively named PackageGate.

Defenses such as disabling lifecycle scripts (“–ignore-scripts”) and committing lockfiles (“package-lock.json”) have become crucial mechanisms to confronting supply chain attacks , especially in the aftermath of Shai-Hulud , which leverages postinstall scripts to spread in a worm-like manner to hijack npm tokens and publish malicious versions of the packages to the registry. However, Koi found that it’s possible to bypass script execution and lockfile integrity checks in the four package managers. Following responsible disclosure, the issues have been addressed in pnpm ( version 10.26.0 ), vlt ( version 1.0.0-rc.10 ), and Bun ( version 1.3.5 ). Pnpm is tracking the two vulnerabilities as CVE-2025-69264 (CVSS score: 8.8) and CVE-2025-69263 (CVSS score: 7.5).

Npm, however, has opted not to fix the vulnerability, stating “users are responsible for vetting the content of packages that they choose to install.” When reached for comment, a GitHub spokesperson told The Hacker News that’s working actively to address the new issue as npm actively scans for malware in the registry. “If a package being installed through git contains a prepare script, its dependencies and devDependencies will be installed. As we shared when the ticket was filed, this is an intentional design and works as expected,” the company said. “When users install a git dependency, they are trusting the entire contents of that repository, including its configuration files.” The Microsoft-owned subsidiary has also urged projects to adopt trusted publishing and granular access tokens with enforced two-factor authentication (2FA) to secure the software supply chain.

As of September 2025, GitHub has deprecated legacy classic tokens, limited granular tokens with publishing permissions to a shorter expiration, and removed the option to bypass 2FA for local package publishing. “The standard advice, disable scripts and commit your lockfiles, is still worth following,” security researcher Oren Yomtov said. “But it’s not the complete picture. Until PackageGate is fully addressed, organizations need to make their own informed choices about risk.” (The story was updated after publication to include a response from GitHub.) Found this article interesting?

Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

⚡ Weekly Recap: Firewall Flaws, AI-Built Malware, Browser Traps, Critical CVEs & More

Security failures rarely arrive loudly. They slip in through trusted tools, half-fixed problems, and habits people stop questioning. This week’s recap shows that pattern clearly. Attackers are moving faster than defenses, mixing old tricks with new paths.

“Patched” no longer means safe, and every day, software keeps becoming the entry point. What follows is a set of small but telling signals. Short updates that, together, show how quickly risk is shifting and why details can’t be ignored. ⚡ Threat of the Week Improperly Patched Flaw Exploited Again in Fortinet Firewalls — Fortinet confirmed that it’s working to completely plug a FortiCloud SSO authentication bypass vulnerability following reports of fresh exploitation activity on fully-patched firewalls.

“We have identified a number of cases where the exploit was to a device that had been fully upgraded to the latest release at the time of the attack, which suggested a new attack path,” the company said. The activity has been found to exploit an incomplete patch for CVE-2025-59718 and CVE-2025-59719, which could allow unauthenticated bypass of SSO login authentication via crafted SAML messages if the FortiCloud SSO feature is enabled on affected devices. In the absence of a fix, users are advised to restrict administrative access of edge network devices and turn off FortiCloud SSO logins by disabling the “admin-forticloud-sso-login” setting. When Your CEO Calls, Will You Know It’s Real?

Keeper Security is officially FedRAMP High Authorized, meeting the highest standards for federal cybersecurity. Powered by zero-trust architecture and zero-knowledge encryption, KeeperPAM is built to protect mission-critical data and infrastructure. Book a demo to see KeeperPAM in action. Learn More ➝ 🔔 Top News TikTok Forms New U.S.

Entity to Avoid Federal Ban — TikTok officially announced that it formed a joint venture that will allow the hugely popular video-sharing application to continue operating in the U.S. The new venture, named TikTok USDS Joint Venture LLC, has been established in compliance with the Executive Order signed by U.S. President Donald Trump in September 2025, the platform said. The new deal will see TikTok’s Chinese parent company, ByteDance, selling the majority of its stake to a group of majority-American investors, while it will retain a 19.9% stake in the business.

The Chinese government hasn’t commented publicly on the agreement. The deal ends years of regulatory uncertainty that began in August 2020, when President Trump announced plans to ban the app, citing national security concerns. VoidLink Generated Almost Entirely Using AI — VoidLink, the recently discovered Linux malware which targets Linux-based cloud servers, was likely generated almost entirely by artificial intelligence (AI), signaling a significant evolution in the use of the technology to develop advanced malware. What was significant in alerting researchers to AI involvement in building VoidLink was a development plan that accompanied the project and was accidentally left exposed by its author.

The developer also utilized regular checkpoints to ensure that the model was developing as instructed and that the code worked. The result was a malware which the researchers who first detailed VoidLink described as “sophisticated, modern and feature-rich.” The discovery is a watershed moment for malware development, underscoring a shift in how AI can be used to design advanced malicious programs. “The security community has long anticipated that AI would be a force multiplier for malicious actors. Until now, however, the clearest evidence of AI-driven activity has largely surfaced in lower-sophistication operations, often tied to less experienced threat actors, and has not meaningfully raised the risk beyond regular attacks,” Check Point said.

“VoidLink shifts that baseline: its level of sophistication shows that when AI is in the hands of capable developers, it can materially amplify both the speed and the scale at which serious offensive capability can be produced.” From a defensive point of view, the use of AI also complicates attribution, as the generated code removes a lot of usual clues and makes it harder to determine who’s really behind an attack. Critical GNU InetUtils telnetd Flaw Detailed — A critical security flaw has been disclosed in the GNU InetUtils telnet daemon (telnetd) that went unnoticed for nearly 11 years. The vulnerability, tracked as CVE-2026-24061 (CVSS score: 9.8), affects all versions of GNU InetUtils from version 1.9.3 up to and including version 2.7. The vulnerability was introduced as part of a code change in March 2015.

The flaw allows an attacker to establish a Telnet session without providing valid credentials, granting unauthorized access to the target system. SafeBreach Labs, in a root cause analysis of CVE-2026-24061, described it as easy to exploit and that an attacker can supply a “-f” flag for the “/usr/bin/login” executable, effectively skipping the interactive authentication and giving them a root shell. It has also released a public proof-of-concept (PoC) exploit for the flaw. Vishing Attacks Target Identity Providers — Threat actors who specialize in voice phishing (aka vishing) have started using bespoke phishing kits that can intercept targets’ login credentials while also allowing attackers to control the authentication flow in a targeted user’s browser in real-time.

“Where threat actors could once pay for access to a kit with basic features that targeted all popular Identity Providers (Google, Microsoft Entra, Okta, etc.) and cryptocurrency platforms, a new generation of fraudsters are attempting to sell access to bespoke panels for each targeted service,” Okta said. The ShinyHunters extortion gang has claimed responsibility for some of the attacks, Bleeping Computer reported . CrashFix Crashes Browsers to Deliver Malware — A malvertising campaign is using a fake ad-blocking Chrome and Edge extension named NexShield that intentionally crashes the browser as a precursor to ClickFix attacks. Unlike typical ClickFix schemes that use non-existent security alerts or CAPTCHAs to lure users into executing malicious commands, the new CrashFix variant leverages a malicious extension that first intentionally crashes the victim’s browser and then delivers a fraudulent fix.

When the browser is restarted, the extension displays a deceptive pop-up that shows a fake warning and suggests scanning the system to identify the problem. Doing so opens a new window with a bogus warning about detected security issues, along with instructions on how to fix the problem, which involve executing malicious commands in the Windows Run prompt, in a typical ClickFix fashion. While the extension has since been removed, the attacks are designed to deliver a new Python-based remote access tool called ModeloRAT. The findings show that browser extensions are a high-risk attack vector for enterprises, allowing threat actors to bypass traditional security controls and gain a foothold on corporate endpoints.

Contagious Interview Evolves to Deliver Backdoor via VS Code — The North Korean threat actors behind the Contagious Interview campaign are employing a new mechanism that uses Microsoft Visual Studio Code (VS Code) to deliver a previously unseen backdoor that enables remote code execution on developer systems. The attack chain starts when targets are asked to clone and open malicious repositories hosted on GitHub, GitLab, or Bitbucket, typically framed as part of a technical assignment or code review exercise related to the hiring process. “The most important facilitator for this attack vector is the configuration’s runOptions property, which supports a runOn value of folderOpen, causing the defined task to execute automatically when a workspace is opened,” Abstract Security said . “Contagious Interview actors exploit this by including malicious shell commands in tasks.json files.

When a victim clones a repository to their local machine and opens it in VS Code, the malicious task executes and kicks off the infection chain leading to malware installation.” The malicious payloads are mostly hosted on Vercel domains, but other domains like vscodeconfig[.]com and vscode-load.onrender[.]com have also been identified. In at least one case, the “tasks.json” file is used to install a malicious npm package named “ jsonwebauth .” Contagious Interview has been active since 2022, primarily targeting software developers and IT professionals, especially in the blockchain and cryptocurrency sectors. As many as 3,136 individual IP addresses linked to likely targets of the Contagious Interview activity have been identified between August 2024 and September 2025, most of which are concentrated around South Asia and North America. ‎️‍🔥 Trending CVEs Hackers act fast.

They can use new bugs within hours. One missed update can cause a big breach. Here are this week’s most serious security flaws. Check them, fix what matters first, and stay protected.

This week’s list includes — CVE-2026-24061 (GNU InetUtils telnetd), CVE-2026-23760 (SmarterMail), CVE-2026-20045 (Cisco Unified Communications and Webex Calling Dedicated Instance), CVE-2026-22218, CVE-2026-22219 (Chainlit), CVE-2026-1245 (binary-parser), CVE-2025-68143, CVE-2025-68144, CVE-2025-68145 (Anthropic mcp-server-git), CVE-2026-22844 (Zoom), CVE-2025-13927, CVE-2025-13928, CVE-2026-0723 (GitLab CE/EE), CVE-2026-0629 (TP-Link), CVE-2025-49758 (Microsoft SQL Server), CVE-2025-47179 (Microsoft Configuration Manager), CVE-2025-60021 (Apache bRPC), CVE-2025-61937, CVE-2025-64691, CVE-2025-61943, CVE-2025-65118 (AVEVA Process Optimization), CVE-2025-14369 (dr_flac), CVE-2026-0828 (Safetica ProcessMonitorDriver.sys), CVE-2026-0685 (Genshi template engine), CVE-2025-68675 (Apache Airflow), CVE-2025-14533 (Advanced Custom Fields: Extended plugin), CVE-2025-13151 (GNU libtasn1), CVE-2026-0622 (Open5GS WebUI component), CVE-2025-65586 (libheif), CVE-2025-33206 (NVIDIA NSIGHT Graphics for Linux), CVE-2026-1220 (Google Chrome), CVE-2025-66516, CVE-2026-21962, CVE-2025-66516, CVE-2025-54988, CVE-2025-4949, CVE-2025-54874, CVE-2025-49796, CVE-2025-23048 (Oracle), CVE-2026-23744 (@mcpjam/inspector), CVE-2025-13878 (ISC BIND 9), CVE-2025-12383 (Atlassian Bamboo Data Center and Server), CVE-2025-66516 (Atlassian Confluence Data Center and Server), CVE-2026-22755 (Vivotek legacy camera models), CVE-2026-22794 (AppSmith), CVE-2025-67968 (RealHomes CRM plugin), CVE-2026-23594 (HPE Alletra 6000, Alletra 5000 and Nimble Storage), CVE-2026-0920 (LA-Studio Element Kit for Elementor plugin), and CVE-2026-22200 (osTicket). 📰 Around the Cyber World 1Password Adds Warnings for Phishing Sites — Password manager 1Password has added a new security feature that warns users when they’re on a phishing or spoofed site, and they’re prompted to enter their credentials. “When a 1Password user clicks a link where the URL doesn’t match their saved login, 1Password won’t autofill their credentials,” it said . “When a user attempts to paste their credentials, the 1Password browser extension displays a pop-up warning, prompting them to pause and exercise caution before proceeding.” Malicious Chrome Extensions Steal OpenAI API Keys and User Prompts — A malicious Google Chrome extension named H-Chat Assistant (ID: dcbcnpnaccfjoikaofjgcipcfbmfkpmj) with over 10,000 users has been found to steal users’ OpenAI API keys at scale.

It’s estimated to have exfiltrated at least 459 unique API keys to an attacker-controlled Telegram channel. “Once the extension is installed, users are prompted to add an OpenAI API key to interface with the chatbot,” Obsidian Security said . “The API key exfiltration occurs once a user deletes a chat or chooses to log out of the application.” While the extension works as advertised, compromised keys could enable unauthorized access to affected users’ OpenAI instances. The extension is still available for download as of writing.

Obsidian Security said it has since uncovered dozens of Chrome extensions that are sending user prompts and other data to third-party/external servers. “Several of the extensions impersonate ChatGPT, creating a false sense of trust that conversations and data are only being transmitted to OpenAI,” it added. PasteReady Extension Pushes Malware After Purchase — In more extension-related news, the PasteReady browser extension has been used to push malware after it was put up for sale. Secure Annex’s John Tuckner said the PasteReady was made available for sale on extensionhub[.]io May 7, 2025, and the ownership transfer happened on December 27, 2025.

“Version 3.4 with malware was pushed December 30, 2025,” Tuckner said in a post on X. “It was removed from the Chrome Web Store for malware January 14, 2026.” Microsoft Complies with Court Order to Hand Over a BitLocker Encryption Key in Fraud Case — Microsoft gave the U.S. Federal Bureau of Investigation (FBI) BitLocker keys to unlock encrypted data stored on three laptops of Windows users charged in a fraud indictment , Forbes reported . The development marks the first publicly known instance of Microsoft providing BitLocker keys.

Microsoft backs up BitLocker keys to its servers when the service is set up from an active Microsoft account. While Microsoft does offer the ability to stash the keys elsewhere, such as a file or to a USB flash drive, customers are encouraged to store it on its cloud for easy key recovery. The company has since confirmed that it provides BitLocker recovery keys for encrypted data if it receives a valid legal order and the user has stored the keys on its servers, and that it’s legally required to produce the keys stored on its servers. Apple also provides a similar service, but with two tiers: Standard data protection and Advanced Data Protection for iCloud.

According to Microsoft’s most recent Government Requests for Customer Data Report, covering July 2024 through December 2024, the company received a total of 128 requests from law enforcement organizations around the world. Of these, only four of them, three in Brazil and one in Canada, led to the disclosure of content. Ilya Lichtenstein Wants a Cybersecurity Job — Ilya Lichtenstein, who was behind the massive hack of cryptocurrency exchange Bitfinex in 2016, said he has changed his ways. “Ten years ago, I decided that I would hack the largest cryptocurrency exchange in the world,” Lichtenstein wrote on LinkedIn.

“This was a terrible idea. It was the worst thing I had ever done,” he added. “It upended my life, the lives of people close to me, and affected thousands of users of the exchange. I know I disappointed a lot of people who believed in me and grossly misused my talents.” Lichtenstein was arrested in 2022 for the hack, and was released to home confinement earlier this month after serving nearly four years in prison.

In the post, Lichtenstein said he has “always been motivated by technical challenges rather than material wealth” and that mathematics became his “escape from the hard realities of the prison world.” Lichtenstein concluded by saying he wants to work in cybersecurity. “I think like an adversary,” he said. “I’ve been an adversary. Now I can use those same skills to stop the next billion-dollar hack.” Anthropic Details Assistant Axis — AI company Anthropic has detailed what it describes as the “Assistant Axis,” a pattern of neural activity in large language models that governs their default identity and helpful behavior.

The axis is believed to be created during post-training, when models are taught to play the role of an “Assistant,” or it’s likely that it already exists in pre-trained models. “By monitoring models’ activity along this axis, we can detect when they begin to drift away from the Assistant and toward another character,” Anthropic said . “And by constraining their neural activity (‘activation capping’) to prevent this drift, we can stabilize model behavior in situations that would otherwise lead to harmful outputs.” China Blames Taiwan for 1000s of Cyber Attacks — The Chinese government said it investigated nearly 4,000 cyber attacks in 2025 that originated from Taiwan. The figure represents a 25% increase year-over-year.

The attacks sought to steal classified information from critical mainland sectors, including transportation, finance, science and technology, and energy. Some of the operations were allegedly carried out by the Taiwanese military. Romania Dismantles Murder-for-Hire Operation — Romanian authorities dismantled an organized criminal group that operated a murder-for-hire operation. The group ran a website that allowed anonymous users to pay for assassinations using cryptocurrencies through an escrow system.

Authorities executed three search warrants in the municipalities of Bucharest and Râmnicu Vâlcea and questioned two individuals behind the scheme. They also seized more than $750,000 in digital assets and cash worth 292,890 lei, $650,000, and €48,600 from their homes. Ireland Proposes New Law Allowing Police to Use Spyware — The Irish government plans to draft legislation that would make it legal for law enforcement to use spyware. The Minister for Justice, Home Affairs and Migration, Jim O’Callaghan, said the government has approved proposals for an “updated and comprehensive legal framework for lawful interception” that will also “include robust legal safeguards to provide continued assurance that the use of such powers is necessary and proportionate.” The ministry also noted there is an urgent need for a new legal framework for lawful interception to counter serious crime and security threats.

Microsoft Emerges as the Most Impersonated Brand in Q4 2025 — Microsoft has emerged as the most commonly impersonated brand in phishing attacks during the fourth quarter of 2025. Microsoft was followed by Facebook, Roblox, McAfee, Steam, AT&T, Amazon, Google, Yahoo, and Coinbase. “Scammers ramped up brand impersonation attacks throughout Q4 2025, timing their campaigns around when people are busiest online, shopping for deals, renewing subscriptions, or looking for jobs,” Guardio said . “Attackers weaponize brand recognition, betting that a Microsoft billing alert or Facebook security notification will bypass skepticism when it arrives during year-end account reviews, holiday coordination chaos, or gift card purchase rushes.” Germany Expels Russian Diplomat Accused of Spying — Germany expelled a Russian diplomat accused of spying, further escalating geopolitical tensions between Berlin and Moscow over intelligence activity linked to the war in Ukraine.

“We do not accept espionage in Germany – and particularly not under the cover of diplomatic status. We summoned the Russian Ambassador to the Federal Foreign Office today and informed him that the individual who spied on behalf of Russia is to be expelled,” the German Foreign Office said . German outlet Der Spiegel and Russian independent media organization The Insider identified the expelled diplomat as Andrei Mayorov, Russia’s deputy military attache in Germany. Mayorov reportedly holds the rank of colonel in Russia’s military intelligence agency, the GRU.

He is alleged to have acted as the handler for Ilona Kopylova, a dual Ukrainian-German citizen who was arrested in Berlin on suspicion of spying for Russia. Bad Actors Hijack Snap Publisher Domains for Malware Delivery — Scammers are hijacking legitimate Canonical Snap Store publisher accounts by registering expired domains associated with those accounts to trigger password resets. Once in control, these attackers push malicious updates to established, trustworthy applications to deploy cryptocurrency wallet-draining malware. The domain resurrection attack has hijacked accounts associated with two Linux packages storewise.tech and vagueentertainment.com.

The threat actors behind this campaign are believed to be located in Croatia. Handala Group Uses Starlink For Attacks — The Iranian hacktivist group known as Handala has been observed carrying out attacks via Starlink connections. According to Check Point, activity from the group ceased when the Iranian regime cut off the internet across the country, but has since resumed as of January 17, 2026, from Starlink IP ranges and hitting targets across the Middle East. 884 Flaw Exploited for the First Time in 2025 — As many as 884 vulnerabilities were exploited for the first time in 2025, up from 768 CVEs in 2024 .

According to vulnerability management company VulnCheck, 28.96% of Known Exploited Vulnerabilities (KEVs) were weaponized on or before the day their CVE was published, an increase from the 23.6% observed in 2024. Network edge devices, including firewalls, VPNs, and proxies, were the most frequently targeted technologies, followed by content management systems and open source software. “This reinforces the urgency for organizations to act quickly on newly disclosed vulnerabilities while continuing to reduce long-standing vulnerability backlogs,” VulnCheck said. 2 Venezuelans Convicted in U.S.

for Using Malware to Hack ATMs — Two Venezuelan nationals, Luz Granados, 34, and Johan Gonzalez-Jimenez, 40, are set to be deported after being convicted of conspiracy and computer crimes in an ATM jackpotting scheme . “Jimenez and Granados targeted older model Automated Teller Machines (ATM) throughout the southeastern United States to steal money after business hours,” the U.S. Justice Department said . “The defendants would approach an ATM at nighttime and remove the outer casing of the machine and then connect a laptop computer to install malware that overcame the ATM’s security protocols.

Once installed, the ATMs dispersed cash to the perpetrators until the ATM’s funds are exhausted.” Granados has been sentenced to time served and has been ordered to pay $126,340 in restitution. Gonzalez-Jimenez was sentenced to 18 months in federal prison and was ordered to pay $285,100 in restitution. Russian National Pleads Guilty to Ransomware Spree — A Russian national has pleaded guilty to leading the Zeppelin ransomware group that targeted at least 50 victims during a four-year period ending between May 2018 and August 2022. Ianis Aleksandrovich Antropenko faces up to 25 years in jail and fines up to $750,000, CyberScoop reported .

He has also been ordered to pay restitution to his victims and forfeit property, CyberScoop reported. In August 2025, the U.S. Justice Department unsealed six warrants authorizing the seizure of over $2.8 million in cryptocurrency, $70,000 in cash, and a luxury vehicle. The cryptocurrency was seized from a wallet controlled by Antropenko.

Critical Security Flaws in OpenKM — Multiple zero-day vulnerabilities have been disclosed in OpenKM that could result in remote code execution, unrestricted SQL execution, and file disclosure. The flaws remain unpatched, according to Terra System Labs. “The discovered issues allow a single authenticated administrator to fully compromise the OpenKM server, backend database, and sensitive stored documents,” the Indian cybersecurity company said . “The findings highlight systemic security design weaknesses in trusted administrative interfaces and demonstrate how these flaws can be chained to achieve complete system takeover.” Command Injection Flaw in Vivotek Legacy Firmware — Akamai has disclosed details of a new vulnerability within Vivotek legacy firmware that allows remote users to inject arbitrary code into the filename supplied to upload_map.cgi.

The security issue has been assigned the CVE identifier CVE-2026-22755 (CVSS score: 9.3). “This exploit affects a wide range of legacy older camera models, allowing attackers to execute malicious commands as the root user without requiring authentication,” security researcher Larry Cashdollar said . “It enables attackers to upload files with filenames that, when processed by the server, execute system commands and result in root access.” Mamba PhaaS Kit Detailed — Cybersecurity researchers have shed light on a phishing-as-a-service (PhaaS) kit named Mamba that first emerged in 2023 coinciding with the emergency of adversary-in-the-middle (AiTM) phishing. “Campaigns associated with Mamba phishing operations are most commonly delivered through email-based lures designed to drive the victim directly to the phishing URL,” CYFIRMA said .

“These lures typically impersonate routine business or security-related communications to create urgency and legitimacy. Mamba’s design reflects a growing reliance on service-based phishing tooling, where operational efficiency and repeatability are prioritized over bespoke attack development.” New Stanley Kit Guarantees Chrome Web Store Approval — A threat actor is selling access to a toolkit dubbed Stanley that can build malicious Chrome extensions that pass the Web Store verification process. “For $2,000 to $6,000, Stanley provides a turnkey website-spoofing operation disguised as a Chrome extension, with its premium tier promising guaranteed publication on the Chrome Web Store,” Varonis researcher Daniel Kelley said . The toolkit is being sold on a Russian-speaking hacking forum for prices ranging from $2,000 to $6,000.

It comes with a C2 panel that allows customers to target individual infections for specific actions. “Once a target is selected, attackers configure URL hijacking rules specific to that user,” Varonis said. “Beyond passive hijacking, operators can actively lure users to targeted pages through real-time notification delivery. The notifications come from Chrome itself, not a website, so they carry more implicit trust.” More importantly, the URL hijacking rules ensure that the browser’s address bar continues to display a legitimate domain, while the victim actually sees and interacts with the attacker’s phishing page.

Thus when a victim navigates to a targeted website, the extension intercepts the navigation and overlays a fullscreen iframe containing the phishing page. It’s designed to steal login credentials and financial information by deceiving people into thinking they’re visiting real websites. EmEditor Supply Chain Compromise Analyzed — The December 2025 supply chain attack targeting EmEditor allowed unknown threat actors to distribute a multi-stage malware capable of credential theft, data exfiltration, and follow-on intrusion through lateral movement, while also taking steps to evade detection by disabling event tracing for Windows. “EmEditor has longstanding recognition within Japanese developer communities as a recommended Windows-based editor,” Trend Micro said .

“This suggests that the attackers are targeting this specific user base, or that they have a particular target among EmEditor users and used the compromised download page as a delivery mechanism.” The malware has been found to exclude systems located in Armenia, Belarus, Georgia, Kazakhstan, and Kyrgyzstan, suggesting that they could be of Russian origin or from the Commonwealth of Independent States (CIS). Abusing Azure Private Link to Access Azure Resources — New research has found that certain configurations of Microsoft Azure’s Private Endpoint architecture could be exploited to stage denial-of-service (DoS) attacks against Azure resources. Palo Alto Networks Unit 42 said over 5% of Azure storage accounts currently operate with configurations that are subject to this DoS issue. “For example, denying service to storage accounts could cause Azure Functions within FunctionApps and subsequent updates to these apps to fail,” the cybersecurity company said .

“In another scenario, the risk could lead to DoS to Key Vaults, resulting in a ripple effect on processes that depend on secrets within the vault.” To counter the attacks, it’s advised to enable fallback to public DNS resolution and manually add DNS records for affected resources. 🎥 Cybersecurity Webinars Cloud Forensics Is Broken. This Is What Works Now → Cloud attacks move fast and often leave little evidence behind. This webinar explains how modern cloud forensics uses host-level data and AI to help security teams understand what happened, how it happened, and respond faster in today’s cloud environments.

How to Build a Smarter SOC Without Adding More Tools → Security teams are stretched thin, with too many tools and too little clarity. This webinar breaks down how modern SOCs really work, focusing on practical choices around what to build, buy, and automate—without hype. It’s for teams looking to make smarter decisions with the tools and resources they already have. When Today’s Encryption Won’t Be Enough Tomorrow → Quantum computing is moving from theory to reality, and it will change how data security works.

Information that is encrypted today may be broken in the future using more powerful systems. This webinar helps security leaders understand what that risk means in practical terms and how to start preparing now, using clear, real-world approaches that protect data without disrupting existing systems. 🔧 Cybersecurity Tools NetAlertX

• It is a simple tool that helps you see what devices are connected to your network. It keeps a live list of computers, phones, servers, and other hardware, and shows when something new appears or changes.

This makes it useful for spotting unknown devices, tracking assets, and staying aware of what’s happening across your network without using heavy or complex security tools. RzWeb

• It is a simple way to look inside software files without installing any tools. It runs fully in your web browser, so you can open a file and start examining how it works right away. Everything happens on your own machine, which makes it useful for quick checks, learning, or analysis when you don’t want to set up a full reverse-engineering environment.

Disclaimer: These tools are for learning and research only and have not been fully security-tested. Review the code carefully, use it only in safe environments, and follow all applicable rules and laws. Conclusion This edition makes one thing clear: risk now sits in everyday tools and normal choices. Small gaps are all it takes.

None of these stories stands alone. They point to a wider pattern where speed matters and delays cost real damage. Treat this list as a snapshot. The details will change.

The pressure will not. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Winning Against AI-Based Attacks Requires a Combined Defensive Approach

If there’s a constant in cybersecurity, it’s that adversaries are always innovating. The rise of offensive AI is transforming attack strategies and making them harder to detect. Google’s Threat Intelligence Group , recently reported on adversaries using Large Language Models (LLMs) to both conceal code and generate malicious scripts on the fly, letting malware shape-shift in real-time to evade conventional defenses. A deeper look at these novel attacks reveals both unprecedented sophistication and deception.

In November 2025, Anthropic reported on what it described as the first known “AI-orchestrated cyber espionage campaign.” This operation featured AI integrated throughout the stages of attack, from initial access to exfiltration, which was executed largely autonomously by the AI itself. Another recent trend concerns ClickFix-related attacks using steganography techniques (hiding malware within image files) that slipped past signature-based scans. Skillfully disguised as legitimate software update screens or CAPTCHAs, these attacks deceived users into deploying remote access trojans (RATs), info-stealers, and other malware payloads on their own devices. Adversaries are also exploiting ways to trigger and then compromise anti-virus (AV) exclusion rules by using a combination of social engineering, attack-in-the-middle, and SIM swapping techniques.

Based on research from Microsoft’s threat team from October 2025 , the threat actor they call Octo Tempest convinced its victims to disable various security products and automatically delete email notifications. These steps allowed their malware to spread across an enterprise network without tripping endpoint alerts. Actors are also easily deploying dynamic and adaptive tools that specialize in detecting and disabling AV software on endpoints . All these techniques share a common thread: the ability to evade legacy defenses such as endpoint detection and response (EDR), exposing the limitations of relying solely on EDR .

Their success illustrates where EDR, acting alone and without additional defensive measures, can be vulnerable. These are new attacks in every sense of the word, using AI automation and intelligence to subvert digital defenses. This moment signals a fundamental shift in the cyber threat landscape, and it’s rapidly driving a change in defensive strategy. NDR and EDR, working together Network detection and response (NDR) and EDR both bring different protective benefits .

EDR, by its nature, is focused on what is happening inside each specific endpoint, whereas NDR continuously monitors the network environment, detecting threats as they traverse the organization. It excels at picking up what EDR does not, identifying behavioral anomalies and deviations from typical network patterns. In the age of AI-based threats, there is a need for both kinds of systems to work together, especially as these attacks can operate at higher speeds and greater scale. Some EDR systems weren’t designed for the speed and scale of AI-fueled attacks.

NDR can pick up these network anomalies and strengthen defenses and gain deeper insights from this network data, leveraging the additional protection this complementary technology can provide. Compounding the challenge is that today’s attack surface is expanding and growing more complex. Sophisticated threat actors now combine threats that move across a variety of domains , compromising identity, endpoint, cloud and on-premises infrastructure in a lethal mix. This means the corresponding security systems in each of these focus areas need to work together, sharing metadata and other signals, to find and stop these threats.

The bad actors hide behind this complexity so as to maximize their reach, increase their blast radius, and provide cover while they use different hacking tools to assume various roles and focus on different intermediate targets. Blockade Spider , a group active since April 2024, uses these mixed domains for ransomware attacks. After gaining access through finding unmanaged systems, they move laterally across a network, searching for a file collection to encrypt to try to extract a ransom. The full breadth of their approach was discovered by using NDR to obtain visibility into the virtual systems and cloud properties, and then using EDR as soon as the attack moved across the network into managed endpoints.

One of the more infamous variants is what was used in the Volt Typhoon attack observed by Microsoft in 2023. It’s attributed to Chinese state-sponsored actors using living off the land (LoTL) techniques that helped them avoid endpoint detection. Its targets were unmanaged network edge devices, such as SOHO routers and other Internet of Things (IoT) hardware. The actors were able to alter the originating packets to appear to be coming from a cable modem in Texas, rather than a direct link to a Chinese IP address.

What gave the game away was the network traffic. While they were successful in avoiding EDR, variations in network traffic volume detected by NDR indicated the originating cable modem traffic was actually hiding something far more nefarious. In this case, NDR served as a security safety net by detecting malicious activity that slipped past EDR systems. Rising remote work also adds vulnerability.

As VPNs have become more widely used to support remote workforces, they pose new opportunities for exploitation. A lack of visibility on remote networks means a compromised endpoint on a trusted connection can introduce damage to the organization’s environment. If an EDR doesn’t detect that a local machine running the VPN is already infected with malware, it can easily spread across an enterprise once the machine connects to the corporate network. Compromised VPNs can also hide lateral network movement that disguises itself amongst typical network operations and management tools.

For example, two recent breaches of Salesforce supply chains were accomplished by using AI to harvest OAuth credentials to gain unauthorized access to various customer accounts. NDR can identify weak entry and transit points, helping identify the riskiest areas to fix first, and EDR can share the evidence of a compromised account being used as a pivot point. These and other exploits highlight the benefits of continuous monitoring with EDR and NDR working in tandem, enabling defenders to spot innovative adversary techniques and respond quickly and decisively to emerging threats. Adversaries will grow more capable as AI evolves, making this combined approach essential for reducing risk and improving your organization’s ability to respond quickly and decisively.

Corelight’s Open NDR Platform enables SOCs to detect novel attack types, including those leveraging AI techniques. Its multi-layered detection approach includes behavioral and anomaly detections that can identify a range of unique and unusual network activity. As adversaries develop new methods of evading EDR systems, security teams that deploy NDR can strengthen their enterprise’s defensive game. Visit corelight.com/elitedefense to learn more.

Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Konni Hackers Deploy AI-Generated PowerShell Backdoor Against Blockchain Developers

The North Korean threat actor known as Konni has been observed using PowerShell malware generated using artificial intelligence (AI) tools to target developers and engineering teams in the blockchain sector. The phishing campaign has targeted Japan, Australia, and India, highlighting the adversary’s expansion of the targeting scope beyond South Korea , Russia , Ukraine , and European nations , Check Point Research said in a technical report published last week. Active since at least 2014, Konni is primarily known for its targeting of organizations and individuals in South Korea. It’s also tracked as Earth Imp, Opal Sleet, Osmium, TA406, and Vedalia.

In November 2025, the Genians Security Center (GSC) detailed the hacking group’s targeting of Android devices by exploiting Google’s asset tracking service, Find Hub, to remotely reset victim devices and erase personal data from them, signaling a new escalation of their tradecraft. As recently as this month, Konni has been observed distributing spear-phishing emails containing malicious links that are disguised as harmless advertising URLs associated with Google and Naver’s advertising platforms to bypass security filters and deliver a remote access trojan codenamed EndRAT. The campaign has been codenamed Operation Poseidon by the GSC, with the attacks impersonating North Korean human rights organizations and financial institutions in South Korea. The attacks are also characterized by the use of improperly secured WordPress websites to distribute malware and for command-and-control (C2) infrastructure.

The email messages have been found to masquerade as financial notices, such as transaction confirmations or wire transfer requests, to trick recipients into downloading ZIP archives hosted on WordPress sites. The ZIP file comes with a Windows shortcut (LNK) that’s designed to execute an AutoIt script disguised as a PDF document. The AutoIt script is a known Konni malware called EndRAT (aka EndClient RAT). “This attack is analyzed as a case that effectively bypassed email security filtering and user vigilance through a spear-phishing attack vector that exploited the ad click redirection mechanism used within the Google advertising ecosystem,” the South Korean security outfit said .

“It was confirmed that the attacker utilized the redirection URL structure of a domain used for legitimate ad click tracking (ad.doubleclick[.]net) to incrementally direct users to external infrastructure where actual malicious files were hosted.” The latest campaign documented by Check Point leverages ZIP files mimicking project requirements-themed documents and hosted on Discord’s content delivery network (CDN) to unleash a multi-stage attack chain that performs the following sequence of actions. The exact initial access vector used in the attacks is unknown. The ZIP archive contains a PDF decoy and an LNK file The shortcut file launches an embedded PowerShell loader which extracts two additional files, a Microsoft Word lure document and a CAB archive, and displays as the Word document as a distraction mechanism The shortcut file extracts the contents of the CAB archive, which contains a PowerShell Backdoor, two batch scripts, and an executable used for User Account Control (UAC) bypass The first batch script is used to prepare the environment, establish persistence using a scheduled task, stage the backdoor and execute it, following which it deletes itself from disk to reduce forensic visibility The PowerShell backdoor carries out a string of anti-analysis and sandbox-evasion checks, and then proceeds to profile the system and attempts to elevate privileges using the FodHelper UAC bypass technique The backdoor performs cleanup of the previously dropped UAC bypass executable, configures Microsoft Defender exclusion for “C:\ProgramData,” and runs the second batch script to replace the previously created scheduled task with a new one that’s capable of running with elevated privileges The backdoor proceeds to drop SimpleHelp, a legitimate Remote Monitoring and Management (RMM) tool for persistent remote access, and communicates with a C2 server that’s safeguarded by an encryption gate intended to block non-browser traffic to periodically send host metadata and execute PowerShell code returned by the server The cybersecurity company said there are indications that the PowerShell backdoor was created with the assistance of an AI tool, citing its modular structure, human-readable documentation, and the presence of source code comments like “# <– your permanent project UUID.” “Instead of focusing on individual end-users, the campaign goal seems to be to establish a foothold in development environments, where compromise can provide broader downstream access across multiple projects and services,” Check Point said. “The introduction of AI-assisted tooling suggests an effort to accelerate development and standardize code while continuing to rely on proven delivery methods and social engineering.” The findings coincide with the discovery of multiple North Korea-led campaigns that facilitate remote control and data theft - A spear-phishing campaign that uses JavaScript Encoded (JSE) scripts mimicking Hangul Word Processor (HWPX) documents and government-themed decoy files to deploy a Visual Studio Code (VS Code) tunnel to establish remote access A phishing campaign that distributes LNK files masquerading as PDF documents to launch a PowerShell script that detects virtual and malware analysis environments and delivers a remote access trojan called MoonPeak A set of two cyber attacks, assessed to be conducted by Andariel in 2025, that targeted an unnamed European entity belonging to the legal sector to deliver TigerRAT , as well as compromised a South Korean Enterprise Resource Planning (ERP) software vendor’s update mechanism to distribute three new trojans to downstream victims, including StarshellRAT, JelusRAT, and GopherRAT According to Finnish cybersecurity company WithSecure, the ERP vendor’s software has been the target of similar supply chain compromises twice in the past – in 2017 and again in 2024 – to deploy malware families like HotCroissant and Xctdoor.

While JelusRAT is written in C++ and supports capabilities to retrieve plugins from the C2 server, StarshellRAT is developed in C# and supports command execution, file upload/download, and screenshot capture. GopherRAT, on the other hand, is based on Golang and features the ability to run commands or binaries, exfiltrate files, and enumerate the file system. “Their targeting and objectives have varied over time; some campaigns have pursued financial gain, while others have focused on stealing information aligned with the regime’s priority intelligence needs,” WithSecure researcher Mohammad Kazem Hassan Nejad said. “This variability underscores the group’s flexibility and its ability to support broader strategic goals as those priorities change over time.” Found this article interesting?

Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

7 Key Metrics for Choosing the Right AI SOC Partner And Cutting Through Hype

Multi-Stage Phishing Campaign Targets Russia with Amnesia RAT and Ransomware

A new multi-stage phishing campaign has been observed targeting users in Russia with ransomware and a remote access trojan called Amnesia RAT. “The attack begins with social engineering lures delivered via business-themed documents crafted to appear routine and benign,” Fortinet FortiGuard Labs researcher Cara Lin said in a technical breakdown published this week. “These documents and accompanying scripts serve as visual distractions, diverting victims to fake tasks or status messages while malicious activity runs silently in the background.” The campaign stands out for a couple of reasons. First, it uses multiple public cloud services to distribute different kinds of payloads.

While GitHub is mainly used to distribute scripts, binary payloads are staged on Dropbox. This separation complicates takedown efforts, effectively improving resilience. Another “defining characteristic” of the campaign, per Fortinet, is the operational abuse of defendnot to disable Microsoft Defender. Defendnot was released last year by a security researcher who goes by the online alias es3n1n as a way to trick the security program into believing another antivirus product has already installed on the Windows host.

The campaign leverages social engineering to distribute compressed archives, which contain multiple decoy documents and a malicious Windows shortcut (LNK) with Russian-language filenames. The LNK file uses a double extension (“Задание_для_бухгалтера_02отдела.txt.lnk”) to give the impression that it’s a text file. When executed, it runs a PowerShell command to retrieve the next-stage PowerShell script hosted on a GitHub repository (“github[.]com/Mafin111/MafinREP111”), which then serves as a first-stage loader to establish a foothold, readies the system to hide evidence of malicious activity, and hands off control flow to subsequent stages. “The script first suppresses visible execution by programmatically hiding the PowerShell console window,” Fortinet said.

“This removes any immediate visual indicators that a script is running. It then generates a decoy text document in the user’s local application data directory. Once written to disk, the decoy document is automatically opened.” Once the document is displayed to the victim to keep up the ruse, the script sends a message to the attacker using the Telegram Bot API , informing the operator that the first stage has been successfully executed. A deliberately-introduced 444 second delay later, the PowerShell script runs a Visual Basic Script (“SCRRC4ryuk.vbe”) hosted at the same repository location.

This offers two crucial advantages in that it keeps the loader lightweight and allows the threat actors to update or replace the payload’s functionality on the fly without having to introduce any changes to the attack chain itself. The Visual Basic Script is highly obfuscated and acts as the controller that assembles the next-stage payload directly in memory, thereby avoiding leaving any artifacts on disk. The final-stage script checks if it’s running with elevated privileges, and, if not, repeatedly displays a User Account Control ( UAC ) prompt to force the victim to grant it the necessary permissions. The script pauses for 3,000 milliseconds between attempts.

In the next phase, the malware initiates a series of actions to suppress visibility, neutralize endpoint protection mechanisms, conduct reconnaissance, inhibit recovery, and ultimately deploy the main payloads - Configure Microsoft Defender exclusions to prevent the program from scanning ProgramData, Program Files, Desktop, Downloads, and the system temporary directory Use PowerShell to turn off additional Defender protection components Deploy defendnot to register a fake antivirus product with the Windows Security Center interface and cause Microsoft Defender to disable itself to avoid potential conflicts Conduct environment reconnaissance and surveillance via screenshot capture by means of a dedicated .NET module downloaded from the GitHub repository that takes a screengrab every 30 seconds, save it as a PNG image, and exfiltrates the data using a Telegram bot Disable Windows administrative and diagnostic tools by tampering with the Registry-based policy controls Implement a file association hijacking mechanism such that opening files with certain predefined extensions causes a message to be displayed to the victim, instructing them to contact the threat actor via Telegram One of the final payloads deployed after successfully disarming security controls and recovery mechanisms is Amnesia RAT (“svchost.scr”), which is retrieved from Dropbox and is capable of broad data theft and remote control. It’s designed to pilfer information stored in web browsers, cryptocurrency wallets, Discord, Steam, and Telegram, along with system metadata, screenshots, webcam images, microphone audio, clipboard, and active window title. “The RAT enables full remote interaction, including process enumeration and termination, shell command execution, arbitrary payload deployment, and execution of additional malware,” Fortinet said. “Exfiltration is primarily performed over HTTPS using Telegram Bot APIs.

Larger datasets may be uploaded to third-party file-hosting services such as GoFile, with download links relayed to the attacker via Telegram.” In all, Amnesia RAT facilitates credential theft, session hijacking, financial fraud, and real-time data gathering, turning it into a comprehensive tool for account takeover and follow-on attacks. The second payload delivered by the script is a ransomware that’s derived from the Hakuna Matata ransomware family and is configured to encrypt documents, archives, images, media, source code, and application assets on the infected endpoint, but not before terminating any process that could interfere with its functioning. In addition, the ransomware keeps tabs on clipboard contents and silently modifies cryptocurrency wallet addresses with attacker-controlled wallets to reroute transactions. The infection sequence ends with the script deploying WinLocker to restrict user interaction.

“This attack chain demonstrates how modern malware campaigns can achieve full system compromise without exploiting software vulnerabilities,” Lin concluded. “By systematically abusing native Windows features, administrative tools, and policy enforcement mechanisms, the attacker disables endpoint defenses before deploying persistent surveillance tooling and destructive payloads.” To counter defendnot’s abuse of the Windows Security Center API, Microsoft recommends that users enable Tamper Protection to prevent unauthorized changes to Defender settings and monitor for suspicious API calls or Defender service changes. The development comes as human resources, payroll, and internal administrative departments belonging to Russian corporate entities have been targeted by a threat actor UNG0902 to deliver an unknown implant dubbed DUPERUNNER that’s responsible for loading AdaptixC2 , a command-and-control (C2) framework. The spear-phishing campaign, codenamed Operation DupeHike, has been ongoing since November 2025.

Seqrite Labs said the attacks involve the use of decoy documents centered around themes related to employee bonuses and internal financial policies to convince recipients into opening a malicious LNK file within ZIP archives that leads to the execution of DUPERUNNER. The implant reaches out to an external server to fetch and display a decoy PDF document, while system profiling and the download of the AdaptixC2 beacon are carried out in the background. In recent months, Russian organizations have also been likely targeted by another threat actor tracked as Paper Werewolf (aka GOFFEE), which has employed artificial intelligence (AI)-generated decoys and DLL files compiled as Excel XLL add-ins to deliver a backdoor referred to as EchoGather. “Once launched, the backdoor collects system information, communicates with a hardcoded command-and-control (C2) server, and supports command execution and file transfer operations,” Intezer security researcher Nicole Fishbein said .

It “communicates with the C2 over HTTP(S) using the WinHTTP API.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

New DynoWiper Malware Used in Attempted Sandworm Attack on Polish Power Sector

The Russian nation-state hacking group known as Sandworm has been attributed to what has been described as the “largest cyber attack” targeting Poland’s power system in the last week of December 2025. The attack was unsuccessful, the country’s energy minister, Milosz Motyka, said last week. “The command of the cyberspace forces has diagnosed in the last days of the year the strongest attack on the energy infrastructure in years,” Motyka was quoted as saying. According to a new report by ESET, the attack was the work of Sandworm, which deployed a previously undocumented wiper malware codenamed DynoWiper (aka Win32/KillFiles.NMO).

The links to Sandworm are based on overlaps with prior wiper activity associated with the adversary, particularly in the aftermath of Russia’s military invasion of Ukraine in February 2022. The Slovakian cybersecurity company, which identified the use of the wiper as part of the attempted disruptive attack aimed at the Polish energy sector on December 29, 2025, said there is no evidence of successful disruption. The December 29 and 30, 2025, attacks targeted two combined heat and power (CHP) plants, as well as a system enabling the management of electricity generated from renewable energy sources such as wind turbines and photovoltaic farms, the Polish government said. “Everything indicates that these attacks were prepared by groups directly linked to the Russian services,” Prime Minister Donald Tusk said , adding the government is readying extra safeguards, including a key cybersecurity legislation that will impose strict requirements on risk management, protection of information technology (IT) and operational technology (OT) systems, and incident response.

It’s worth noting that the activity occurred on the tenth anniversary of the Sandworm’s attack against the Ukrainian power grid in December 2015, which led to the deployment of the BlackEnergy malware, plunging parts of the Ivano-Frankivsk region of Ukraine into darkness. The trojan, which was used to plant a wiper malware dubbed KillDisk, caused a 4–6 hour power outage for approximately 230,000 people. “Sandworm has a long history of disruptive cyber attacks, especially on Ukraine’s critical infrastructure,” ESET said. “Fast forward a decade and Sandworm continues to target entities operating in various critical infrastructure sectors.” In June 2025, Cisco Talos said a critical infrastructure entity within Ukraine was targeted by a previously unseen data wiper malware named PathWiper that shares some level of functional overlap with Sandworm’s HermeticWiper .

The Russian hacking group has also been observed deploying data-wiping malware, such as ZEROLOT and Sting, in a Ukrainian university network, followed by serving multiple data-wiping malware variants against Ukrainian entities active in the governmental, energy, logistics, and grain sectors between June and September 2025. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Who Approved This Agent? Rethinking Access, Accountability, and Risk in the Age of AI Agents

AI agents are accelerating how work gets done. They schedule meetings, access data, trigger workflows, write code, and take action in real time, pushing productivity beyond human speed across the enterprise. Then comes the moment every security team eventually hits: “Wait… who approved this?” Unlike users or applications, AI agents are often deployed quickly, shared broadly, and granted wide access permissions, making ownership, approval, and accountability difficult to trace. What was once a straightforward question is now surprisingly hard to answer.

AI Agents Break Traditional Access Models AI agents are not just another type of user. They fundamentally differ from both humans and traditional service accounts, and those differences are what break existing access and approval models. Human access is built around clear intent. Permissions are tied to a role, reviewed periodically, and constrained by time and context.

Service accounts, while non-human, are typically purpose-built, narrowly scoped, and tied to a specific application or function. AI agents are different. They operate with delegated authority and can act on behalf of multiple users or teams without requiring ongoing human involvement. Once authorized, they are autonomous, persistent, and often act across systems, moving between various systems and data sources to complete tasks end-to-end.

In this model, delegated access doesn’t just automate user actions, it expands them. Human users are constrained by the permissions they are explicitly granted, but AI agents are often given broader, more powerful access to operate effectively. As a result, the agent can perform actions that the user themselves was never authorized to take. Once that access exists, the agent can act - even if the user never meant to perform the action, or wasn’t aware it was possible, the agent can still execute it.

As a result, the agent can create exposure - sometimes accidentally, sometimes implicitly, but always legitimately from a technical standpoint. This is how access drift occurs. Agents quietly accumulate permissions as their scope expands. Integrations are added, roles change, teams come and go, but the agent’s access remains.

They become a powerful intermediary with broad, long-lived permissions and often with no clear owner. It’s no wonder existing IAM assumptions break down. IAM assumes a clear identity, a defined owner, static roles, and periodic reviews that map to human behavior. AI agents don’t follow those patterns.

They don’t fit neatly into user or service account categories, they operate continuously, and their effective access is defined by how they are used, not how they were originally approved. Without rethinking these assumptions, IAM becomes blind to the real risk AI agents introduce. The Three Types of AI Agents in the Enterprise Not all AI agents carry the same risk in enterprise environments. Risk varies based on who owns the agent, how broadly it’s used, and what access it has, resulting in distinct categories with very different security, accountability, and blast-radius implications: Personal Agents (User-Owned) Personal agents are AI assistants used by individual employees to help with day-to-day tasks.

They draft content, summarize information, schedule meetings, or assist with coding, always in the context of a single user. These agents typically operate within the permissions of the user who owns them. Their access is inherited, not expanded. If the user loses access, the agent does too.

Because ownership is clear and scope is limited, the blast radius is relatively small. Risk is tied directly to the individual user, making personal agents the easiest to understand, govern, and remediate. Third-Party Agents (Vendor-Owned) Third-party agents are embedded into SaaS and AI platforms, provided by vendors as part of their product. Examples include AI features embedded into CRM systems, collaboration tools, or security platforms.

These agents are governed through vendor controls, contracts, and shared responsibility models. While customers may have limited visibility into how they work internally, accountability is clearly defined: the vendor owns the agent. The primary concern here is the

AI supply-chain risk

trusting that the vendor secures its agents appropriately. But from an enterprise perspective, ownership, approval paths, and responsibility are usually well understood.

Organizational Agents (Shared and Often Ownerless) Organizational agents are deployed internally and shared across teams, workflows, and use cases. They automate processes, integrate systems, and act on behalf of multiple users. To be effective, these agents are often granted broad, persistent permissions that exceed any single user’s access. This is where risk concentrates.

Organizational agents frequently have no clear owner, no single approver, and no defined lifecycle. When something goes wrong, it’s unclear who is responsible or even who fully understands what the agent can do. As a result, organizational agents represent the highest risk and the largest blast radius, not because they are malicious, but because they operate at scale without clear accountability. The Agentic Authorization Bypass Problem As we explained in our article, agents creating authorization bypass paths , AI agents don’t just execute tasks, they act as access intermediaries.

Instead of users interacting directly with systems, agents operate on their behalf, using their own credentials, tokens, and integrations. This shifts where authorization decisions actually happen. When agents operate on behalf of individual users, they can provide the user access and capabilities beyond the user’s approved permissions. A user who cannot directly access certain data or perform specific actions may still trigger an agent that can.

The agent becomes a proxy, enabling actions the user could never execute on their own. These actions are technically authorized - the agent has valid access. However, they are contextually unsafe. Traditional access controls don’t trigger any alert because the credentials are legitimate.

This is the core of the agentic authorization bypass: access is granted correctly, but used in ways security models were never designed to handle. Rethinking Risk: What Needs to Change Securing AI agents requires a fundamental shift in how risk is defined and managed. Agents can no longer be treated as extensions of users or as background automation processes. They must be treated as sensitive, potentially high-risk entities with their own identities, permissions, and risk profiles.

This starts with clear ownership and accountability . Every agent must have a defined owner responsible for its purpose, scope of access, and ongoing review. Without ownership, approval is meaningless and risk remains unmanaged. Critically, organizations must also map how users interact with agents.

It is not enough to understand what an agent can access; security teams need visibility into which users can invoke an agent, under what conditions, and with what effective permissions. Without this user–agent connection map, agents can silently become authorization bypass paths, enabling users to indirectly perform actions they are not permitted to execute directly. Finally, organizations must map agent access, integrations, and data paths across systems. Only by correlating user → agent → system → action can teams accurately assess blast radius, detect misuse, and reliably investigate suspicious activity when something goes wrong.

The Cost of Uncontrolled Organizational AI Agents Uncontrolled organizational AI agents turn productivity gains into systemic risk. Shared across teams and granted broad, persistent access, these agents operate without clear ownership or accountability. Over time, they can be used for new tasks, create new execution paths, and their actions become harder to trace or contain. When something goes wrong, there is no clear owner to respond, remediate, or even understand the full blast radius.

Without visibility, ownership, and access controls, organizational AI agents become one of the most dangerous, and least governed elements in the enterprise security landscape. To learn more visit https://wing.security/ Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

CISA Adds Actively Exploited VMware vCenter Flaw CVE-2024-37079 to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw affecting Broadcom VMware vCenter Server that was patched in June 2024 to its Known Exploited Vulnerabilities ( KEV ) catalog, citing evidence of active exploitation in the wild. The vulnerability in question is CVE-2024-37079 (CVSS score: 9.8), which refers to a heap overflow in the implementation of the DCE/RPC protocol that could allow a bad actor with network access to vCenter Server to achieve remote code execution by sending a specially crafted network packet. It was resolved by Broadcom in June 2024, along with CVE-2024-37080, another heap overflow in the implementation of the DCE/RPC protocol that could lead to remote code execution.

Chinese cybersecurity company QiAnXin LegendSec researchers Hao Zheng and Zibo Li were credited with discovering and reporting the issues. In a presentation at the Black Hat Asia security conference in April 2025, the researchers said the two flaws are part of a set of four vulnerabilities – three heap overflows and one privilege escalation – that were discovered in the DCE/RPC service. The two other flaws, CVE-2024-38812 and CVE-2024-38813 , were patched by Broadcom in September 2024. In particular, they found that one of the heap overflow vulnerabilities could be chained with the privilege escalation vulnerability (CVE-2024-38813) to achieve unauthorized remote root access and ultimately gain control over ESXi.

It’s currently not known how CVE-2024-37079 is being exploited, if it’s the work of any known threat actor or group, or the scale of such attacks. However, Broadcom has since updated its advisory to officially confirm in-the-wild abuse of the vulnerability. “Broadcom has information to suggest that exploitation of CVE-2024-37079 has occurred in the wild,” the company said in its update. In light of active exploitation, Federal Civilian Executive Branch (FCEB) agencies are required to update to the latest version by February 13, 2026, for optimal protection.

Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

CISA Updates KEV Catalog with Four Actively Exploited Software Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added four security flaws to its Known Exploited Vulnerabilities ( KEV ) catalog, citing evidence of active exploitation in the wild. The list of vulnerabilities is as follows - CVE-2025-68645 (CVSS score: 8.8) - A PHP remote file inclusion vulnerability in Synacor Zimbra Collaboration Suite (ZCS) that could allow a remote attacker to craft requests to the “/h/rest” endpoint and allow inclusion of arbitrary files from the WebRoot directory without any authentication (Fixed in November 2025 with version 10.1.13 ) CVE-2025-34026 (CVSS score: 9.2) - An authentication bypass in the Versa Concerto SD-WAN orchestration platform that could allow an attacker to access administrative endpoints (Fixed in April 2025 with version 12.2.1 GA ) CVE-2025-31125 (CVSS score: 5.3) - An improper access control vulnerability in Vite Vitejs that could allow contents of arbitrary files to be returned to the browser using ?inline&import or ?raw?import (Fixed in March 2025 with versions 6.2.4, 6.1.3, 6.0.13, 5.4.16, and 4.5.11 ) CVE-2025-54313 (CVSS score: 7.5) - An embedded malicious code vulnerability in eslint-config-prettier that could allow for execution of a malicious DLL dubbed Scavenger Loader that’s designed to deliver an information stealer It’s worth noting that CVE-2025-54313 refers to a supply chain attack targeting eslint-config-prettier and six other npm packages, eslint-plugin-prettier, synckit, @pkgr/core, napi-postinstall, got-fetch, and is, that came to light in July 2025. The phishing campaign targeted the package maintainers with bogus links that harvested their credentials under the pretext of verifying their email address as part of regular account maintenance, allowing the threat actors to publish trojanized versions.

According to CrowdSec , exploitation efforts targeting CVE-2025-68645 have been ongoing since January 14, 2026. There are currently no details on how the other vulnerabilities are being exploited in the wild. Pursuant to Binding Operational Directive (BOD) 22-01, Federal Civilian Executive Branch (FCEB) agencies are required to apply the necessary fixes by February 12, 2026, to secure their networks against active threats. Found this article interesting?

Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Fortinet Confirms Active FortiCloud SSO Bypass on Fully Patched FortiGate Firewalls

Fortinet has officially confirmed that it’s working to completely plug a FortiCloud SSO authentication bypass vulnerability following reports of fresh exploitation activity on fully-patched firewalls. “In the last 24 hours, we have identified a number of cases where the exploit was to a device that had been fully upgraded to the latest release at the time of the attack, which suggested a new attack path,” Fortinet Chief Information Security Officer (CISO) Carl Windsor said in a Thursday post. The activity essentially mounts to a bypass for patches put in place by the network security vendor to address CVE-2025-59718 and CVE-2025-59719 , which could allow unauthenticated bypass of SSO login authentication via crafted SAML messages if the FortiCloud SSO feature is enabled on affected devices. The issues were originally addressed by Fortinet last month.

However, earlier this week, reports emerged of renewed activity in which malicious SSO logins on FortiGate appliances were recorded against the admin account on devices that had been patched against the twin vulnerabilities. The activity is similar to incidents observed in December, shortly after the disclosure of the CVE-2025-59718 and CVE-2025-59719. The activity involves the creation of generic accounts for persistence, making configuration changes granting VPN access to those accounts, and the exfiltration of firewall configurations to different IP addresses. The threat actor has been observed logging in with accounts named “cloud-noc@mail.io” and “cloud-init@mail.io.” As mitigations, the company is urging the following actions - Restrict administrative access of edge network device via the internet by applying a local-in policy Disable FortiCloud SSO logins by disabling “admin-forticloud-sso-login” “It is important to note that while, at this time, only exploitation of FortiCloud SSO has been observed, this issue is applicable to all SAML SSO implementations,” Fortinet said.

Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

TikTok Forms U.S. Joint Venture to Continue Operations Under 2025 Executive Order

TikTok on Friday officially announced that it formed a joint venture that will allow the hugely popular video-sharing application to continue operating in the U.S. The new venture, named TikTok USDS Joint Venture LLC, has been established in compliance with the Executive Order signed by U.S. President Donald Trump in September 2025, the platform said. The new deal will see TikTok’s Chinese parent company, ByteDance, selling the majority of its stake to a group of majority-American investors, while it will retain a 19.9% stake in the business.

The Chinese government hasn’t commented publicly on the agreement. “The majority American owned Joint Venture will operate under defined safeguards that protect national security through comprehensive data protections, algorithm security, content moderation, and software assurances for U.S. users,” it added. “It will safeguard the U.S.

content ecosystem through robust trust and safety policies and content moderation while ensuring continuous accountability through transparency reporting and third-party certifications.” To that end, U.S. users’ data will be protected with Oracle’s secure U.S. cloud environment, while also retraining and updating TikTok’s content recommendation algorithm specifically based on users in the country. The recommendation algorithm will be secured using Oracle’s cloud infrastructure as well.

In addition, the independent entity is expected to operate a comprehensive data privacy and cybersecurity program that it said will be audited and certified by third-party cybersecurity experts. “The program will adhere to major industry standards, including the National Institute of Standards and Technology (NIST) CSF and 800-53 and ISO 27001, as well as the Cybersecurity and Infrastructure Security Agency (CISA) Security Requirements for Restricted Transactions, the company said. The safeguards rolled out by the joint venture will also extend to CapCut, Lemon8, and TikTok’s other apps and websites in the U.S. TikTok is used by over 200 million Americans and 7.5 million businesses.

President Trump hailed the deal in a Truth Social post , stating that the company would now be owned by a “group of Great American Patriots and Investors, the Biggest in the World.” He also thanked Chinese President Xi Jinping for working with his administration, and “ultimately, approving the Deal.” The development comes a month after reports emerged that TikTok had signed an agreement to create a new U.S. joint venture. Under President Trump’s September 2025 executive order, the attorney general was blocked from enforcing the national security law for a 120-day period in order to “permit the contemplated divestiture to be completed,” allowing the deal to be finalized by January 23, 2026. TikTok was briefly banned a year ago after a federal law, signed by former President Joe Biden, went into effect.

The legislation, passed in April 2024, mandated that the service be made available either under American ownership or another entity, citing national security concerns over its Chinese owner, ByteDance. Lawmakers have argued that Beijing could force the firm to hand over U.S. users’ data, a claim that both TikTok and ByteDance have consistently denied. These fears have also led to an outright ban of TikTok in India in June 2020.

In late 2024, the Canadian government ordered TikTok to dissolve its operations in the country. Update TikTok’s new U.S. joint venture has made changes to its privacy policy that will allow it to collect users’ precise geolocation as opposed to just the approximate location, depending on the device permissions. The updated terms also include a clause for collecting information from interacting with its artificial intelligence (AI) tools, “including prompts, questions, files, and other types of information that you submit to our AI-powered interfaces, as well as the responses they generate.” Found this article interesting?

Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.