2026-02-12 AI创业新闻

First Malicious Outlook Add-In Found Stealing 4,000+ Microsoft Credentials

Cybersecurity researchers have discovered what they said is the first known malicious Microsoft Outlook add-in detected in the wild. In this unusual supply chain attack detailed by Koi Security, an unknown attacker claimed the domain associated with a now-abandoned legitimate add-in to serve a fake Microsoft login page, stealing over 4,000 credentials in the process. The activity has been codenamed AgreeToSteal by the cybersecurity company. The Outlook add-in in question is AgreeTo , which is advertised by its developer as a way for users to connect different calendars in a single place and share their availability through email.

The add-in was last updated in December 2022. Idan Dardikman, co-founder and CTO of Koi, told The Hacker News that the incident represents a broadening of supply chain attack vectors. “This is the same class of attack we’ve seen in browser extensions, npm packages, and IDE plugins: a trusted distribution channel where the content can change after approval,” Dardikman said. “What makes Office add-ins particularly concerning is the combination of factors: they run inside Outlook, where users handle their most sensitive communications, they can request permissions to read and modify emails, and they’re distributed through Microsoft’s own store , which carries implicit trust.” “The AgreeTo case adds another dimension: the original developer did nothing wrong.

They built a legitimate product and moved on. The attack exploited the gap between when a developer abandons a project and when the platform notices. Every marketplace that hosts remote dynamic dependencies is susceptible to this.” At its core, the attack exploits how Office add-ins work and the lack of periodic content monitoring of add-ins published to the Marketplace. According to Microsoft’s documentation, add-in developers are required to create an account and submit their solution to the Partner Center, following which it is subjected to an approval process.

What’s more, Office add-ins make use of a manifest file that declares a URL, the contents of which are fetched and served in real-time from the developer’s server every time it’s opened within an iframe element inside the application. However, there is nothing stopping a bad actor from taking control of an expired domain. In the case of AgreeTo, the manifest file pointed to a URL hosted on Vercel (“outlook-one.vercel[.]app”), which became claimable after the developer’s Vercel deployment was deleted due to it essentially becoming abandonware sometime around 2023. The infrastructure is still live as of writing.

The attacker took advantage of this behavior to stage a phishing kit on that URL that displayed a fake Microsoft sign-in page, capturing entered passwords, exfiltrating the details via the Telegram Bot API, and eventually redirecting the victim to the actual Microsoft login page. But Koi warns that the incident could have been worse. Given that the add-in is configured with “ ReadWriteItem “ permissions – which allows it to read and modify the user’s emails – a threat actor could have abused this blind spot to deploy JavaScript that can covertly siphon a victim’s mailbox contents. The findings once again bring to fore the need for rescanning packaged and tools uploaded to marketplaces and repositories to flag malicious/suspicious activity.

Dardikman said while Microsoft reviews the manifest during the initial submission phase, there is no control over the actual content that is retrieved live from the developer’s server every time the add-in is opened, once it’s signed and approved. As a result, the absence of continued monitoring of what the URL serves opens the door to unintended security risks. “Office add-ins are fundamentally different from traditional software,” Dardikman added. “They don’t ship a static code bundle.

The manifest simply declares a URL, and whatever that URL serves at any given moment is what runs inside Outlook. In AgreeTo’s case, Microsoft signed the manifest in December 2022, pointing to outlook-one.vercel.app. That same URL is now serving a phishing kit, and the add-in is still listed in the store.” To counter the security issues posed by the threat, Koi recommends a number of steps that Microsoft can take - Trigger a re-review when an add-in’s URL starts returning different content from what it was during review. Verify ownership of the domain to ensure that it’s managed by the add-in developer, and flag add-ins where the domain infrastructure has changed hands.

Implement a mechanism for delisting or flagging add-ins that have not been updated beyond a certain time period. Display installation counts as a way to assess impact. The Hacker News has reached out to Microsoft for comment, and we will update the story if we hear back. It bears noting that the problem is not limited to Microsoft Marketplace or the Office Store alone.

Last month, Open VSX announced plans to enforce security checks before Microsoft Visual Studio Code (VS Code) extensions are published to the open-source repository. Microsoft’s VS Code Marketplace, similarly, does periodic bulk rescanning of all packages in the registry. “The structural problem is the same across all marketplaces that host remote dynamic dependencies: approve once, trust forever,” Dardikman said. “The specifics vary by platform, but the fundamental gap that enabled AgreeTo exists anywhere a marketplace reviews a manifest at submission without monitoring what the referenced URLs actually serve afterward.” Found this article interesting?

APT36 and SideCopy Launch Cross-Platform RAT Campaigns Against Indian Entities

Indian defense sector and government-aligned organizations have been targeted by multiple campaigns that are designed to compromise Windows and Linux environments with remote access trojans capable of stealing sensitive data and ensuring continued access to infected machines. The campaigns are characterized by the use of malware families like Geta RAT , Ares RAT , and DeskRAT , which are often attributed to Pakistan-aligned threat clusters tracked as SideCopy and APT36 (aka Transparent Tribe). SideCopy, active since at least 2019, is assessed to operate as a subdivision of Transparent Tribe. “Taken together, these campaigns reinforce a familiar but evolving narrative,” Aditya K.

Sood, vice president of Security Engineering and AI Strategy at Aryaka, said . “Transparent Tribe and SideCopy are not reinventing espionage – they are refining it.” “By expanding cross-platform coverage, leaning into memory-resident techniques, and experimenting with new delivery vectors, this ecosystem continues to operate below the noise floor while maintaining strategic focus.” Common to all the campaigns is the use of phishing emails containing malicious attachments or embedded download links that lead prospective targets to attacker-controlled infrastructure. These initial access mechanisms serve as a conduit for Windows shortcuts (LNK), ELF binaries, and PowerPoint Add-In files that, when opened, launch a multi-stage process to drop the trojans. The malware families are designed to provide persistent remote access, enable system reconnaissance, collect data, execute commands, and facilitate long-term post-compromise operations across both Windows and Linux environments.

One of the attack chains is as follows: a malicious LNK file invokes “mshta.exe” to execute an HTML Application (HTA) file hosted on compromised legitimate domains. The HTA payload contains JavaScript to decrypt an embedded DLL payload, which, in turn, processes an embedded data blob to write a decoy PDF to disk, connects to a hard-coded command-and-control (C2) server, and displays the saved decoy file. After the lure document is displayed, the malware checks for installed security products and adapts its persistence method accordingly prior to deploying Geta RAT on the compromised host. It’s worth noting this attack chain was detailed by CYFIRMA and Seqrite Labs researcher Sathwik Ram Prakki in late December 2025.

Geta RAT supports various commands to collect system information, enumerate running processes, terminate a specified process, list installed apps, gather credentials, retrieve and replace clipboard contents with attacker-supplied data, capture screenshots, perform file operations, run arbitrary shell commands, and harvest data from connected USB devices. Running parallel to this Windows-focused campaign is a Linux variant that employs a Go binary as a starting point to drop a Python-based Ares RAT by means of a shell script downloaded from an external server. Like Geta RAT, Ares RAT can also run a wide range of commands to harvest sensitive data and run Python scripts or commands issued by the threat actor. Aryaka said it also observed another campaign where the Golang malware, DeskRAT, is delivered via a rogue PowerPoint Add-In file that runs embedded macro to establish outbound communication with a remote server to fetch the malware.

APT36’s use of DeskRAT was documented by Sekoia and QiAnXin XLab in October 2025. “These campaigns demonstrate a well-resourced, espionage-focused threat actor deliberately targeting Indian defense, government, and strategic sectors through defense-themed lures, impersonated official documents, and regionally trusted infrastructure,” the company said. “The activity extends beyond defense to policy, research, critical infrastructure, and defense-adjacent organizations operating within the same trusted ecosystem.” “The deployment of DeskRAT, alongside Geta RAT and Ares RAT, underscores an evolving toolkit optimized for stealth, persistence, and long-term access.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Over 60 Software Vendors Issue Security Fixes Across OS, Cloud, and Network Platforms

It’s Patch Tuesday, which means a number of software vendors have released patches for various security vulnerabilities impacting their products and services. Microsoft issued fixes for 59 flaws, including six actively exploited zero-days in various Windows components that could be abused to bypass security features, escalate privileges, and trigger a denial-of-service (DoS) condition. Elsewhere, Adobe released updates for Audition, After Effects, InDesign Desktop, Substance 3D, Bridge, Lightroom Classic, and DNG SDK. The company said it’s not aware of in-the-wild exploitation of any of the shortcomings.

SAP shipped fixes for two critical-severity vulnerabilities, including a code injection bug in SAP CRM and SAP S/4HANA (CVE-2026-0488, CVSS score: 9.9) that an authenticated attacker could use to run an arbitrary SQL statement and lead to a full database compromise. The second critical vulnerability is a case of a missing authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform (CVE-2026-0509, CVSS score: 9.6) that could permit an authenticated, low-privileged user to perform certain background Remote Function Calls without the required S_RFC authorization. “To patch the vulnerability, customers must implement a kernel update and set a profile parameter,” Onapsis said . “Adjustments in user roles and UCON settings might be required to not interrupt business processes.” Rounding off the list, Intel and Google said they teamed up to examine the security of Intel Trust Domain Extensions ( TDX ) 1.5, uncovering five vulnerabilities in the module ( CVE-2025-32007, CVE-2025-27940, CVE-2025-30513, CVE-2025-27572, and CVE-2025-32467 ), and nearly three dozen weaknesses, bugs, and improvement suggestions.

“Intel TDX 1.5 introduces new features and functionality that bring confidential computing significantly closer to feature parity with traditional virtualization solutions,” Google said. “At the same time, these features have increased the complexity of a highly privileged software component in the TCB [Trusted Computing Base].” Software Patches from Other Vendors Security updates have also been released by other vendors in recent weeks to rectify several vulnerabilities, including — ABB Amazon Web Services AMD AMI Apple ASUS AutomationDirect AVEVA Broadcom (including VMware) Canon Check Point Cisco Citrix Commvault ConnectWise D-Link Dassault Systèmes Dell Devolutions dormakaba Drupal F5 Fortinet Foxit Software FUJIFILM Fujitsu Gigabyte GitLab Google Android and Pixel Google Chrome Google Cloud Grafana Hikvision Hitachi Energy HP HP Enterprise (including Aruba Networking and Juniper Networks ) IBM Intel Ivanti Lenovo Linux distributions AlmaLinux , Alpine Linux , Amazon Linux , Arch Linux , Debian , Gentoo , Oracle Linux , Mageia , Red Hat , Rocky Linux , SUSE , and Ubuntu MediaTek Mitsubishi Electric MongoDB Moxa Mozilla Firefox and Thunderbird n8n NVIDIA Phoenix Contact QNAP Qualcomm Ricoh Rockwell Automation Samsung Schneider Electric ServiceNow Siemens SolarWinds Splunk Spring Framework Supermicro Synology TP-Link WatchGuard Zoho ManageEngine Zoom , and Zyxel Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

AI Security Board Report Template

Exposed Training Open the Door for Crypto-Mining in Fortune 500 Cloud Environments

Intentionally vulnerable training applications are widely used for security education, internal testing, and product demonstrations. Tools such as OWASP Juice Shop, DVWA, Hackazon, and bWAPP are designed to be insecure by default, making them useful for learning how common attack techniques work in controlled environments. The issue is not the applications themselves, but how they are often deployed and maintained in real-world cloud environments. Pentera Labs examined how training and demo applications are being used across cloud infrastructures and identified a recurring pattern: applications intended for isolated lab use were frequently found exposed to the public internet, running inside active cloud accounts, and connected to cloud identities with broader access than required.

Deployment Patterns Observed in the Research Pentera Labs research found that these applications were often deployed with default configurations, minimal isolation, and overly permissive cloud roles. The investigation uncovered that many of these exposed training environments were directly connected to active cloud identities and privileged roles, enabling attackers to move far beyond the vulnerable applications themselves and potentially into the customer’s broader cloud infrastructure. In these scenarios, a single exposed training application can act as an initial foothold. Once attackers are able to leverage connected cloud identities and privileged roles, they are no longer constrained to the original application or host.

Instead, they may gain the ability to interact with other resources within the same cloud environment, significantly increasing the scope and potential impact of the compromise. As part of the investigation, Pentera Labs verified nearly 2,000 live, exposed training application instances , with close to 60% hosted on customer-managed infrastructure running on AWS, Azure, or GCP . Evidence of Active Exploitation The exposed training environments identified during the research were not simply misconfigured. Pentera Labs observed clear evidence that attackers were actively exploiting this exposure in the wild.

Across the broader dataset of exposed training applications, approximately 20% of instances were found to contain artifacts deployed by malicious actors , including crypto-mining activity, webshells, and persistence mechanisms. These artifacts indicated prior compromise and ongoing abuse of exposed systems. The presence of active crypto-mining and persistence tooling demonstrates that exposed training applications are not only discoverable but are already being exploited at scale. Scope of Impact The exposed and exploited environments identified during the research were not limited to small or isolated test systems.

Pentera Labs observed this deployment pattern across cloud environments associated with Fortune 500 organizations and leading cybersecurity vendors, including Palo Alto, F5, and Cloudflare. While individual environments varied, the underlying pattern remained consistent: a training or demo application deployed without sufficient isolation, left publicly accessible, and connected to privileged cloud identities. Why This Matters Training and demo environments are frequently treated as low-risk or temporary assets. As a result, they are often excluded from standard security monitoring, access reviews, and lifecycle management processes.

Over time, these environments may remain exposed long after their original purpose has passed. The research shows that exploitation does not require zero-day vulnerabilities or advanced attack techniques. Default credentials, known weaknesses, and public exposure were sufficient to turn training applications into an entry point for broader cloud access. Labeling an environment as “training” or “test” does not reduce its risk.

When exposed to the internet and connected to privileged cloud identities, these systems become part of the organization’s effective attack surface. Refer to the full Pentera Labs research blog & join a live webinar on Feb 12th to learn more about the methodology, discovery process, and real-world exploitation observed during this research. This article was written by Noam Yaffe, Senior Security Researcher at Pentera Labs. For questions or discussion, contact labs@pentera.io Found this article interesting?

This article is a contributed piece from one of our valued partners. Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Microsoft Patches 59 Vulnerabilities Including Six Actively Exploited Zero-Days

Microsoft on Tuesday released security updates to address a set of 59 flaws across its software, including six vulnerabilities that it said have been exploited in the wild. Of the 59 flaws, five are rated Critical, 52 are rated Important, and two are rated Moderate in severity. Twenty-five of the patched vulnerabilities have been classified as privilege escalation, followed by remote code execution (12), spoofing (7), information disclosure (6), security feature bypass (5), denial-of-service (3), and cross-site scripting (1). It’s worth noting that the patches are in addition to three security flaws that Microsoft has addressed in its Edge browser since the release of the January 2026 Patch Tuesday update , including a Moderate vulnerability impacting the Edge browser for Android ( CVE-2026-0391 , CVSS score: 6.5) that could allow an unauthorized attacker to perform spoofing over a network by taking advantage of a “user interface misrepresentation of critical information.” Topping the list of this month’s updates are six vulnerabilities that have been flagged as actively exploited - CVE-2026-21510 (CVSS score: 8.8) - A protection mechanism failure in Windows Shell that allows an unauthorized attacker to bypass a security feature over a network.

CVE-2026-21513 (CVSS score: 8.8) - A protection mechanism failure in MSHTML Framework that allows an unauthorized attacker to bypass a security feature over a network. CVE-2026-21514 (CVSS score: 7.8) - A reliance on untrusted inputs in a security decision in Microsoft Office Word that allows an unauthorized attacker to bypass a security feature locally. CVE-2026-21519 (CVSS score: 7.8) - An access of resource using incompatible type (‘type confusion’) in the Desktop Window Manager that allows an authorized attacker to elevate privileges locally. CVE-2026-21525 (CVSS score: 6.2) - A null pointer dereference in Windows Remote Access Connection Manager that allows an unauthorized attacker to deny service locally.

CVE-2026-21533 (CVSS score: 7.8) - An improper privilege management in Windows Remote Desktop that allows an authorized attacker to elevate privileges locally. Microsoft’s own security teams and Google Threat Intelligence Group (GTIG) have been credited with discovering and reporting the first three flaws, which have been listed as publicly known at the time of release. There are currently no details on how the vulnerabilities are being exploited, and if they were weaponized as part of the same campaign. “CVE-2026-21513 is a security feature bypass vulnerability in the Microsoft MSHTML Framework, a core component used by Windows and multiple applications to render HTML content,” Jack Bicer, director of vulnerability research at Action1, said .

“It is caused by a protection mechanism failure that allows attackers to bypass execution prompts when users interact with malicious files. A crafted file can silently bypass Windows security prompts and trigger dangerous actions with a single click.” Satnam Narang, senior staff research engineer at Tenable, said CVE-2026-21513 and CVE-2026-21514 bear a “lot of similarities” to CVE-2026-21510, the main difference being that CVE-2026-21513 can also be exploited using an HTML file, while CVE-2026-21514 can only be exploited using a Microsoft Office file. As for CVE-2026-21525, it’s linked to a zero-day that ACROS Security’s 0patch service said it discovered in December 2025 while investigating another related flaw in the same component ( CVE-2025-59230 ). “These [CVE-2026-21519 and CVE-2026-21533] are local privilege escalation vulnerabilities, which means an attacker must have already gained access to a vulnerable host,” Kev Breen, senior director of cyber threat research at Immersive, told The Hacker News via email.

“This could occur through a malicious attachment, a remote code execution vulnerability, or lateral movement from another compromised system.” “Once on the host, the attacker can use these escalation vulnerabilities to elevate privileges to SYSTEM. With this level of access, a threat actor could disable security tooling, deploy additional malware, or, in worst-case scenarios, access secrets or credentials that could lead to full domain compromise.” Cybersecurity vendor CrowdStrike, which has been acknowledged for reporting CVE-2026-21533, said it does not attribute the exploitation activity to a specific adversary, but noted that threat actors in possession of the exploit binaries will likely ramp up their efforts to use or sell them in the near term. “The CVE-2026-21533 exploit binary modifies a service configuration key, replacing it with an attacker-controlled key, which could enable adversaries to escalate privileges to add a new user to the Administrator group,” Adam Meyers, head of Counter Adversary Operations at CrowdStrike, told The Hacker News in an emailed statement. The development has prompted the U.S.

Cybersecurity and Infrastructure Security Agency (CISA) to add all six vulnerabilities to its Known Exploited Vulnerabilities ( KEV ) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by March 3, 2026. The update also coincides with Microsoft rolling out updated Secure Boot certificates to replace the original 2011 certificates that will expire in late June 2026. The new certificates will be installed through the regular monthly Windows update process without any additional action. “If a device does not receive the new Secure Boot certificates before the 2011 certificates expire, the PC will continue to function normally, and existing software will keep running,” the tech giant said .

“However, the device will enter a degraded security state that limits its ability to receive future boot-level protections.” “As new boot‑level vulnerabilities are discovered, affected systems become increasingly exposed because they can no longer install new mitigations. Over time, this may also lead to compatibility issues, as newer operating systems, firmware, hardware, or Secure Boot–dependent software may fail to load.” In tandem, the company said it’s also strengthening default protections in Windows through two security initiatives, Windows Baseline Security Mode and User Transparency and Consent. The updates come under the purview of the Secure Future Initiative and Windows Resiliency Initiative . “With Windows Baseline Security Mode, Windows will move toward operating with runtime integrity safeguards enabled by default,” it noted .

“These safeguards ensure that only properly signed apps, services, and drivers are allowed to run, helping to protect the system from tampering or unauthorized changes.” User Transparency and Consent, analogous to Apple macOS Transparency, Consent, and Control ( TCC ) framework, aims to introduce a consistent approach to handling security decisions. The operating system will prompt users when apps try to access sensitive resources, such as files, the camera, or the microphone, or when they attempt to install other unintended software. “These prompts are designed to be clear and actionable, and you’ll always have the ability to review and change your choices later,” Logan Iyer, Distinguished Engineer at Microsoft, said. “Apps and AI agents will also be expected to meet higher transparency standards, giving both users and IT administrators better visibility into their behaviors.” Found this article interesting?

Can AI Be Secure? Find Out at SANS 2026

SSHStalker Botnet Uses IRC C2 to Control Linux Systems via Legacy Kernel Exploits

Cybersecurity researchers have disclosed details of a new botnet operation called SSHStalker that relies on the Internet Relay Chat ( IRC ) communication protocol for command-and-control (C2) purposes. “The toolset blends stealth helpers with legacy-era Linux exploitation: Alongside log cleaners (utmp/wtmp/lastlog tampering) and rootkit-class artifacts, the actor keeps a large back-catalog of Linux 2.6.x-era exploits (2009–2010 CVEs),” cybersecurity company Flare said . “These are low value against modern stacks, but remain effective against ‘forgotten’ infrastructure and long-tail legacy environments.” SSHStalker combines IRC botnet mechanics with an automated mass-compromise operation that uses an SSH scanner and other readily available scanners to co-opt susceptible systems into a network and enroll them in IRC channels. However, unlike other campaigns that typically leverage such botnets for opportunistic efforts like distributed denial-of-service (DDoS) attacks, proxyjacking, or cryptocurrency mining, SSHStalker has been found to maintain persistent access without any follow-on post-exploitation behavior.

This dormant behavior sets it apart, raising the possibility that the compromised infrastructure is being used for staging, testing, or strategic access retention for future use. A core component of SSHStalker is a Golang scanner that scans for port 22 for servers with open SSH in order to extend its reach in a worm-like fashion. Also dropped are several payloads, including variants of an IRC-controlled bot and a Perl file bot that connects to an UnrealIRCd IRC Server, joins a control channel, and waits for commands that allow it to carry out flood-style traffic attacks and commandeer the bots. The attacks are also characterized by the execution of C program files to clean SSH connection logs and erase traces of malicious activity from logs to reduce forensic visibility.

Furthermore, the malware toolkit contains a “keep-alive” component that ensures the main malware process is relaunched within 60 seconds in the event it’s terminated by a security tool. SSHStalker is notable for blending mass compromise automation with a catalog of 16 distinct vulnerabilities impacting the Linux kernel, some going all the way back to 2009. Some of the flaws used in the exploit module are CVE-2009-2692 , CVE-2009-2698 , CVE-2010-3849 , CVE-2010-1173 , CVE-2009-2267 , CVE-2009-2908 , CVE-2009-3547 , CVE-2010-2959 , and CVE-2010-3437 . Flare’s investigation of the staging infrastructure associated with the threat actor has uncovered an extensive repository of open-source offensive tooling and previously published malware samples.

These include - Rootkits to facilitate stealth and persistence Cryptocurrency miners A Python script that executes a binary called “website grabber” to steal exposed Amazon Web Services (AWS) secrets from targeted websites EnergyMech, an IRC bot that provides C2 and remote command execution capabilities It’s suspected that the threat actor behind the activity could be of Romanian origin, given the presence of “Romanian-style nicknames, slang patterns, and naming conventions inside IRC channels and configuration wordlists.” What’s more, the operational fingerprint exhibits strong overlaps with that of a hacking group known as Outlaw (aka Dota). “SSHStalker does not appear to focus on novel exploit development but instead demonstrates operational control through mature implementation and orchestration, by primarily using C for core bot and low-level components, shell for orchestration and persistence, and limited Python and Perl usage mainly for utility or supporting automation tasks inside the attack chain and running the IRCbot,” Flare said. “The threat actor is not developing zero-days or novel rootkits, but demonstrating strong operational discipline in mass compromise workflows, infrastructure recycling, and long-tail persistence across heterogeneous Linux environments.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

North Korea-Linked UNC1069 Uses AI Lures to Attack Cryptocurrency Organizations

The North Korea-linked threat actor known as UNC1069 has been observed targeting the cryptocurrency sector to steal sensitive data from Windows and macOS systems with the ultimate goal of facilitating financial theft. “The intrusion relied on a social engineering scheme involving a compromised Telegram account, a fake Zoom meeting, a ClickFix infection vector, and reported usage of AI-generated video to deceive the victim,” Google Mandiant researchers Ross Inman and Adrian Hernandez said . UNC1069, assessed to be active since at least April 2018, has a history of conducting social engineering campaigns for financial gain using fake meeting invites and posing as investors from reputable companies on Telegram. It’s also tracked by the broader cybersecurity community under the monikers CryptoCore and MASAN .

In a report published last November, Google Threat Intelligence Group (GTIG) pointed out the threat actor’s use of generative artificial intelligence (AI) tools like Gemini to produce lure material and other messaging related to cryptocurrency as part of efforts to support its social engineering campaigns. The group has also been observed attempting to misuse Gemmini to develop code to steal cryptocurrency, as well as leverage deepfake images and video lures mimicking individuals in the cryptocurrency industry in its campaigns to distribute a backdoor called BIGMACHO to victims by passing it off as a Zoom software development kit (SDK). “Since at least 2023, the group has shifted from spear-phishing techniques and traditional finance (TradFi) targeting towards the Web3 industry, such as centralized exchanges (CEX), software developers at financial institutions, high-technology companies, and individuals at venture capital funds,” Google said. In the latest intrusion documented by the tech giant’s threat intelligence division, UNC1069 is said to have deployed as many as seven unique malware families, including several new malware families, such as SILENCELIFT, DEEPBREATH, and CHROMEPUSH.

It all starts when a victim is approached by the threat actor via Telegram by impersonating venture capitalists and, in a few cases, even using compromised accounts of legitimate entrepreneurs and startup founders. Once contact is established, the threat actor uses Calendly to schedule a 30-minute meeting with them. The meeting link is designed to redirect the victim to a fake website masquerading as Zoom (“zoom.uswe05[.]us”). In certain cases, the meeting links are directly shared via messages on Telegram, often using Telegram’s hyperlink feature to hide the phishing URLs.

Regardless of the method used, as soon as the victim clicks the link, they are presented with a fake video call interface that mirrors Zoom, urging them to enable their camera and enter their name. Once the target joins the meeting, they are displayed a screen that resembles an actual Zoom meeting. However, it’s suspected that videos are either deepfakes or real recordings stealthily captured from other victims who had previously fallen prey to the same scheme. It’s worth noting that Kaspersky is tracking the same campaign under the name GhostCall , which was documented in detail in October 2025.

“Their webcam footage had been unknowingly recorded, then uploaded to attacker-controlled infrastructure, and reused to deceive other victims, making them believe they were participating in a genuine live call,” the Russian security vendor noted at the time. “When the video replay ended, the page smoothly transitioned to showing that user’s profile image, maintaining the illusion of a live call.” The attack proceeds to the next phase when the victim is shown a bogus error message about a purported audio issue, after which they are prompted to download and run a ClickFix-style troubleshooting command to address the problem. In the case of macOS, the commands lead to the delivery of an AppleScript that, in turn, drops a malicious Mach-O binary on the system. Called WAVESHAPER, the malicious C++ executable is designed to gather system information and distribute a Go-based downloader codenamed HYPERCALL, which is then used to serve additional payloads - A follow-on Golang backdoor component known as HIDDENCALL, which provides hands-on keyboard access to the compromised system and deploys a Swift-based data miner called DEEPBREATH.

A second C++ downloader called SUGARLOADER, which is used to deploy CHROMEPUSH. A minimalist C/C++ backdoor referred to as SILENCELIFT, which sends system information to a command-and-control (C2) server. DEEPBREATH is equipped to manipulate macOS’s Transparency, Consent, and Control ( TCC ) database to gain file system access, enabling it to steal iCloud Keychain credentials, and data from Google Chrome, Brave, and Microsoft Edge, Telegram, and the Apple Notes application. Like DEEPBREATH, CHROMEPUSH also acts as a data stealer, only it’s written in C++ and is deployed as a browser extension to Google Chrome and Brave browsers by masquerading as a tool for editing Google Docs offline.

It also comes with the ability to record keystrokes, observe username and password inputs, and extract browser cookies. “The volume of tooling deployed on a single host indicates a highly determined effort to harvest credentials, browser data, and session tokens to facilitate financial theft,” Mandiant said. “While UNC1069 typically targets cryptocurrency startups, software developers, and venture capital firms, the deployment of multiple new malware families alongside the known downloader SUGARLOADER marks a significant expansion in their capabilities.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

DPRK Operatives Impersonate Professionals on LinkedIn to Infiltrate Companies

The information technology (IT) workers associated with the Democratic People’s Republic of Korea (DPRK) are now applying to remote positions using real LinkedIn accounts of individuals they’re impersonating, marking a new escalation of the fraudulent scheme. “These profiles often have verified workplace emails and identity badges, which DPRK operatives hope will make their fraudulent applications appear legitimate,” Security Alliance (SEAL) said in a series of posts on X. The IT worker threat is a long-running operation mounted by North Korea in which operatives from the country pose as remote workers to secure jobs in Western companies and elsewhere under stolen or fabricated identities. The threat is also tracked by the broader cybersecurity community as Jasper Sleet, PurpleDelta, and Wagemole.

The end goal of these efforts is two-pronged: to generate a steady revenue stream to fund the nation’s weapons programs, conduct espionage by stealing sensitive data, and, in some cases, take it further by demanding ransoms to avoid leaking the information. Last month, cybersecurity company Silent Push described the DPRK remote worker program as a “high-volume revenue engine” for the regime, enabling the threat actors to also gain administrative access to sensitive codebases and establish living-off-the-land persistence within corporate infrastructure. “Once their salaries are paid, DPRK IT workers transfer cryptocurrency through a variety of different money laundering techniques,” blockchain analysis firm Chainalysis noted in a report published in October 2025. “One of the ways in which IT workers, as well as their money laundering counterparts, break the link between source and destination of funds on-chain, is through chain-hopping and/or token swapping.

They leverage smart contracts such as decentralized exchanges and bridge protocols to complicate the tracing of funds.” To counter the threat, individuals who suspect their identities are being misappropriated in fraudulent job applications are advised to consider posting a warning on their social media accounts, along with listing their official communication channels and the verification method to contact them (e.g., company email). “Always validate that accounts listed by candidates are controlled by the email they provide,” Security Alliance said. “Simple checks like asking them to connect with you on LinkedIn will verify their ownership and control of the account.” The disclosure comes as the Norwegian Police Security Service (PST) issued an advisory, stating it’s aware of “several cases” over the past year where Norwegian businesses have been impacted by IT worker schemes. “The businesses have been tricked into hiring what likely North Korean IT workers in home office positions,” PST said last week.

“The salary income North Korean employees receive through such positions probably goes to finance the country’s weapons and nuclear weapons program.” Running parallel to the IT worker scheme is another social engineering campaign dubbed Contagious Interview that involves using fake hiring flows to lure prospective targets into interviews after approaching them on LinkedIn with job offers. The malicious phase of the attack kicks in when individuals presenting themselves as recruiters and hiring managers instruct targets to complete a skill assessment that eventually leads to them executing malicious code. In one case of a recruiting impersonation campaign targeting tech workers using a hiring process resembling that of digital asset infrastructure company Fireblocks, the threat actors are said to have asked candidates to clone a GitHub repository and run commands to install an npm package to trigger malware execution. “The campaign also employed EtherHiding, a novel technique that leverages blockchain smart contracts to host and retrieve command-and-control infrastructure, making the malicious payload more resilient to takedowns,” security researcher Ori Hershko said .

“These steps triggered the execution of malicious code hidden within the project. Running the setup process resulted in malware being downloaded and executed on the victim’s system, giving the attackers a foothold in the victim’s machine.” In recent months, new variants of the Contagious Interview campaign have been observed using malicious Microsoft VS Code task files to execute JavaScript malware disguised as web fonts that ultimately lead to the deployment of BeaverTail and InvisibleFerret, allowing persistent access and theft of cryptocurrency wallets and browser credentials, per reports from Abstract Security and OpenSourceMalware . Koalemos RAT campaign Another variant of the intrusion set documented by Panther is suspected to involve the use of malicious npm packages to deploy a modular JavaScript remote access trojan (RAT) framework dubbed Koalemos via a loader. The RAT is designed to enter a beacon loop to retrieve tasks from an external server, execute them, send encrypted responses, and sleep for a random time interval before repeating again.

It supports 12 different commands to conduct filesystem operations, transfer files, run discovery instructions (e.g., whoami), and execute arbitrary code. The names of some of the packages associated with the activity are as follows - env-workflow-test sra-test-test sra-testing-test vg-medallia-digital vg-ccc-client vg-dev-env “The initial loader performs DNS-based execution gating and engagement date validation before downloading and spawning the RAT module as a detached process,” security researcher Alessandra Rizzo said . “Koalemos performs system fingerprinting, establishes encrypted command-and-control communications, and provides full remote access capabilities.” Labyrinth Chollima Segments into Specialized Operational Units The development comes as CrowdStrike revealed that the prolific North Korean hacking crew known as Labyrinth Chollima has evolved into three separate clusters with distinct objectives and tradecraft: the core Labyrinth Chollima group, Golden Chollima (aka AppleJeus, Citrine Sleet, and UNC4736), and Pressure Chollima (aka Jade Sleet, TraderTraitor, and UNC4899). It’s worth noting that Labyrinth Chollima, along with Andariel and BlueNoroff, are considered to be sub-clusters within the Lazarus Group (aka Diamond Sleet and Hidden Cobra), with BlueNoroff splintering into TraderTraitor and CryptoCore (aka Sapphire Sleet), according to an assessment from DTEX.

Despite the tactical evolution, these adversaries continue to share tools and infrastructure, suggesting centralized coordination and resource allocation within the DPRK cyber apparatus. Golden Chollima focuses on consistent, smaller-scale cryptocurrency thefts in economically developed regions, whereas Pressure Chollima pursues high-value heists with advanced implants to single out organizations with significant digital asset holdings. New North Korea Clusters On the other hand, Labyrinth Chollima’s operations are motivated by cyber espionage, using tools like the FudModule rootkit to achieve stealth. The threat actor is also attributed to Operation Dream Job , another job-centred social engineering campaign designed to deliver malware for intelligence gathering.

“Shared infrastructure elements and tool cross-pollination indicate these units maintain close coordination,” CrowdStrike said. “All three adversaries employ remarkably similar tradecraft – including supply chain compromises, HR-themed social engineering campaigns, trojanized legitimate software, and malicious Node.js and Python packages.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Reynolds Ransomware Embeds BYOVD Driver to Disable EDR Security Tools

Cybersecurity researchers have disclosed details of an emergent ransomware family dubbed Reynolds that comes embedded with a built-in bring your own vulnerable driver (BYOVD) component for defense evasion purposes within the ransomware payload itself. BYOVD refers to an adversarial technique that abuses legitimate but flawed driver software to escalate privileges and disable Endpoint Detection and Response (EDR) solutions so that malicious activities go unnoticed. The strategy has been adopted by many ransomware groups over the years. “Normally, the BYOVD defense evasion component of an attack would involve a distinct tool that would be deployed on the system prior to the ransomware payload in order to disable security software,” the Symantec and Carbon Black Threat Hunter Team said in a report shared with The Hacker News.

“However, in this attack, the vulnerable driver (an NsecSoft NSecKrnl driver) was bundled with the ransomware itself.” Broadcom’s cybersecurity teams noted that this tactic of bundling a defense evasion component within the ransomware payload is not novel, and that it has been observed in a Ryuk ransomware attack in 2020 and in an incident involving a lesser-known ransomware family called Obscura in late August 2025. In the Reynolds campaign, the ransomware is designed to drop a vulnerable NsecSoft NSecKrnl driver and terminate processes associated with various security programs from Avast, CrowdStrike Falcon, Palo Alto Networks Cortex XDR, Sophos (along with HitmanPro.Alert), and Symantec Endpoint Protection, among others. It’s worth noting that the NSecKrnl driver is susceptible to a known security flaw ( CVE-2025-68947 , CVSS score: 5.7) that could be exploited to terminate arbitrary processes. Notably, the driver has been put to use by a threat actor known as Silver Fox in attacks designed to kill endpoint security tools prior to delivering ValleyRAT .

Over the past year, the hacking group has previously wielded multiple legitimate but flawed drivers – including truesight.sys and amsdk.sys – as part of BYOVD attacks to disarm security programs. By bringing together defense evasion and ransomware capabilities into one component, it makes it harder for defenders to stop the attack, not to mention obviating the need for an affiliate to separately incorporate this step into their modus operandi. “Also of note in this attack campaign was the presence of a suspicious side-loaded loader on the target’s network several weeks prior to the ransomware being deployed,” Symantec and Carbon Black said. “Also of note in this attack campaign was the presence of a suspicious side-loaded loader on the target’s network several weeks prior to the ransomware being deployed.” Another tool deployed on the target network a day after the ransomware deployment was the GotoHTTP remote access program, indicating that the attackers may be looking to maintain persistent access to the compromised hosts.

“BYOVD is popular with attackers due to its effectiveness and reliance on legitimate, signed files, which are less likely to raise red flags,” the company said. “The advantages of wrapping the defense evasion capability in with the ransomware payload, and the reason ransomware actors might do this, may include the fact that packaging the defense evasion binary and the ransomware payload together is “quieter”, with no separate external file dropped on the victim network.” The finding coincides with various ransomware-related developments in recent weeks - A high-volume phishing campaign has used emails with Windows shortcut (LNK) attachments to run PowerShell code that fetches a Phorpiex dropper, which is then used to deliver the GLOBAL GROUP ransomware. The ransomware is notable for carrying out all activity locally on the compromised system, making it compatible with air‑gapped environments. It also conducts no data exfiltration.

Attacks mounted by WantToCry have abused virtual machines (VMs) provisioned by ISPsystem, a legitimate virtual infrastructure management provider, to host and deliver malicious payloads at scale. Some of the hostnames have been identified in the infrastructure of multiple ransomware operators, including LockBit, Qilin, Conti, BlackCat, and Ursnif, as well as various malware campaigns involving NetSupport RAT, PureRAT, Lampion, Lumma Stealer, and RedLine Stealer. It’s assessed that bulletproof hosting providers are leasing ISPsystem virtual machines to other criminal actors for use in ransomware operations and malware delivery by exploiting a design weakness in VMmanager’s default Windows templates that reuse the same static hostname and system identifiers every time they are deployed. This, in turn, allows threat actors to set up thousands of VMs with the same hostname and complicate takedown efforts.

DragonForce has created a “Company Data Audit” service to support affiliates during extortion campaigns as part of the continued professionalization of ransomware operations. “The audit includes a detailed risk report, prepared communication materials, such as call scripts and executive-level letters, and strategic guidance designed to influence negotiations,” LevelBlue said . DragonForce operates as a cartel that allows affiliates to create their own brands while operating under its umbrella and gaining access to its resources and services. The latest iteration of LockBit, LockBit 5.0 , has been found to use ChaCha20 to encrypt files and data across Windows , Linux , and ESXi environments, a shift from the AES-based encryption approach in LockBit 2.0 and LockBit 3.0.

In addition, the new version features a wiper component, an option to delay execution prior to encryption, track status of encryption using a progress bar, improved anti-analysis techniques to evade detection, and enhanced in-memory execution to minimize disk traces. The Interlock ransomware group has continued its assault on U.K.- and U.S.-based organizations, particularly in the education sector, in one case leveraging a zero-day vulnerability in the “GameDriverx64.sys” gaming anti-cheat driver ( CVE-2025-61155 , CVSS score: 5.5) to disable security tools in a BYOVD attack. The attack is also characterized by the deployment of NodeSnake/Interlock RAT (aka CORNFLAKE ) to steal sensitive data, while initial access is said to have originated from a MintLoader infection. Ransomware operators have been observed increasingly shifting their focus from traditional on-premises targets to cloud storage services, especially misconfigured S3 buckets used by Amazon Web Services (AWS), with the attacks leaning on native cloud features to delete or overwrite data, suspend access, or extract sensitive content, while simultaneously staying under the radar.

According to data from Cyble, GLOBAL GROUP is one of the many ransomware crews that sprang forth in 2025, the others being Devman, DireWolf, NOVA, J group, Warlock, BEAST, Sinobi, NightSpire, and The Gentlemen. In Q4 2025 alone, Sinobi’s data leak site listings increased 306%, making it the third-most active ransomware group after Qilin and Akira, per ReliaQuest. “Meanwhile, the return of LockBit 5.0 was one of Q4’s biggest shifts, driven by a late-quarter spike that saw the group list 110 organizations in December alone,” researcher Gautham Ashok said . “This output signals a group that can scale execution quickly, convert intrusions into impact, and sustain an affiliate pipeline capable of operating at volume.” The emergence of new players, combined with partnerships forged between existing groups, has led to a spike in ransomware activity.

Ransomware actors claimed a total of 4,737 attacks during 2025, up from 4,701 in 2024. The number of attacks that don’t involve encryption and instead rely purely on data theft as a means to exert pressure reached 6,182 during the same period, a 23% increase from 2024. As for the average ransom payment, the figure stood at $591,988 in Q4 2025, a 57% jump from Q3 2025, driven by a small number of “outsized settlements,” Coveware said in its quarterly report last week, adding threat actors may return to their “data encryption roots” for more effective leverage to extract ransoms from victims. Found this article interesting?

From Ransomware to Residency: Inside the Rise of the Digital Parasite

Are ransomware and encryption still the defining signals of modern cyberattacks, or has the industry been too fixated on noise while missing a more dangerous shift happening quietly all around them? According to Picus Labs’ new Red Report 2026, which analyzed over 1.1 million malicious files and mapped 15.5 million adversarial actions observed across 2025, attackers are no longer optimizing for disruption. Instead, their goal is now long-term, invisible access. To be clear, ransomware isn’t going anywhere, and adversaries continue to innovate.

But the data shows a clear strategic pivot away from loud, destructive attacks toward techniques designed to evade detection, persist inside environments, and quietly exploit identity and trusted infrastructure. Rather than breaking in and burning systems down, today’s attackers increasingly behave like Digital Parasites. They live inside the host, feed on credentials and services, and remain undetected for as long as possible. Public attention often gravitates toward dramatic outages and visible impact.

The data in this year’s Red Report tells a quieter story, one that reveals where defenders are actually losing visibility. The Ransomware Signal Is Fading For the past decade, ransomware encryption served as the clearest signal of cyber risk. When your systems locked up and your operations froze, compromise was undeniable. That signal is now losing relevance.

Year over year, Data Encrypted for Impact (T1486) dropped by 38%, declining from 21.00% in 2024 to 12.94% in 2025. This decline doesn’t show reduced attacker capability. It reflects a deliberate shift in strategy instead. Rather than locking data to force payment, threat actors are shifting toward data extortion as their primary monetization model.

By avoiding encryption, attackers keep systems operational while they: Quietly exfiltrate sensitive data Harvest credentials and tokens Remain embedded in environments for extended periods Apply pressure later through extortion rather than disruption The implication is clear: impact is no longer defined by locked systems, but by how long attackers can maintain access within a host’s systems without being detected. “The adversary’s business model has shifted from immediate disruption to long-lived access.” – Picus Red Report 2026 Credential Theft Becomes the Control Plane (A Quarter of Attacks) As attackers shift toward prolonged, stealthy persistence, identity becomes the most reliable path to control. The Red Report 2026 shows that Credentials from Password Stores (T1555) appear in nearly one out of every four attacks (23.49%), making credential theft one of the most prevalent behaviors observed over the last year. Rather than relying on noisy credential dumping or complex exploit chains, attackers are increasingly extracting saved credentials directly from browsers, keychains, and password managers.

Once they have valid credentials, privilege escalation and lateral movement are usually just a little native administrative tooling away. More and more modern malware campaigns are behaving like digital parasites. There are no alarms, no crashes, and no obvious indicators. Just an eerie quiet.

This same logic now shapes attacker tradecraft more broadly. 80% of Top ATT&CK Techniques Now Favor Stealth Despite the breadth of the MITRE ATT&CK® framework , real-world malware activity continues to concentrate around a small set of techniques that are increasingly prioritizing evasion and persistence. The Red Report 2026 reveals a stark imbalance: Eight of the Top Ten MITRE ATT&CK techniques are now primarily dedicated to evasion, persistence, or stealthy command-and-control. This represents the highest concentration of stealth-focused tradecraft Picus Labs has ever recorded, signaling a fundamental shift in attacker success metrics.

Rather than prioritizing immediate impact, modern adversaries are optimizing for maximum dwell time. Techniques that enable attackers to hide, blend in, and remain operational for extended periods now outweigh those designed for disruption. Here are some of the most commonly observed behaviors from this year’s report: T1055 – Process Injection allows malware to run inside trusted system processes, making malicious activity difficult to distinguish from legitimate execution. T1547 – Boot or Logon Autostart Execution ensures persistence by surviving reboots and user logins.

T1071 – Application Layer Protocols provide “whisper channels” for command-and-control, blending attacker traffic into normal web and cloud communications. T1497 – Virtualization and Sandbox Evasion enables malware to detect analysis environments and refuse to execute when it suspects it is being observed. The combined effect is powerful. Legitimate-looking processes use legitimate tools to quietly operate over widely trusted channels.

Signature-based detection struggles in this environment, while behavioral analysis becomes increasingly important for identifying illicit activity deliberately designed to appear normal. Where encryption once defined the attack, stealth now defines its success. Self-Aware Malware Refuses to Be Analyzed When stealth becomes the primary measure of success, evading detection alone is no longer enough. Attackers must also avoid triggering the tools defenders rely on to observe their malicious behavior in the first place.

The Red Report 2026 shows this clearly in the rise of Virtualization and Sandbox Evasion (T1497), which moved into the top tier of attacker tradecraft in 2025. Modern malware increasingly evaluates where it is before deciding whether to act. Instead of relying on simple artifact checks, some samples assess execution context and user interaction to determine if they’re actually operating in a real environment. In one example highlighted in the report, LummaC2 analyzed mouse movement patterns using geometry, calculating Euclidean distance and cursor angles to distinguish human interaction from the linear motion typical of automated sandbox environments.

When conditions appeared artificial, it deliberately suppressed any execution and just sat there, quietly biding its time. This behavior reflects a deeper shift in attacker logic. Malware can no longer be relied on to reveal itself in sandbox environments. It withholds activity by design, remaining dormant until it reaches a real production system.

In an ecosystem dominated by stealth and persistence, inaction itself has become a core evasion technique. AI Hype vs. Reality: Evolution, Not Revolution With attackers demonstrating increasingly adaptive behavior, it’s natural to ask where artificial intelligence fits into this picture . The Red Report 2026 data suggests a measured answer.

Despite widespread speculation, almost anticipation, about AI reshaping the malware landscape, Picus Labs observed no meaningful increase in AI-driven malware techniques across the 2025 dataset. Instead, the most prevalent behaviors remain familiar. Longstanding techniques such as Process Injection and Command and Scripting Interpreter continue to dominate real-world intrusions, reinforcing that attackers do not require advanced AI to bypass modern defenses. Some malware families have begun experimenting with large language model APIs, but so far their use has remained limited in scope.

In observed cases, LLM services were primarily used to retrieve predefined commands or act as a convenient communication layer. These implementations improve efficiency, but they’re not fundamentally altering attacker decision-making or execution logic. So far, the data shows that AI is being absorbed into existing tradecraft rather than redefining it . The mechanics of the Digital Parasite remain unchanged: credential theft, stealthy persistence, abuse of trusted processes, and longer and longer dwell times.

Attackers are not winning by inventing radically new techniques. They’re winning by becoming quieter, more patient, and increasingly hard to distinguish from legitimate activity. Back to Basics for a Different Threat Model Having run these reports annually for some time now, we see a continuing trend with many of the same tactics appearing year after year. What has fundamentally changed is the objective.

Modern attacks prioritize: remaining invisible abusing trusted identities and tools disabling defenses quietly maintaining access over time By doubling down on modern security fundamentals, behavior-based detection, credential hygiene, and continuous Adversarial Exposure Validation , organizations can focus less on dramatic attack scenarios and more on the threats that are actually succeeding today. Ready to Validate Against the Digital Parasite? While ransomware headlines still dominate the news cycle, the Red Report 2026 shows that, more and more, the real risk lies in silent, persistent compromise. Picus Security focuses on validating defenses against the specific techniques attackers are using right now, not just the ones making the most noise.

Ready to see the full data behind the Digital Parasite model? Download the Picus Red Report 2026 to explore this year’s findings and understand how modern adversaries are staying inside networks longer than ever before. Note: This article was written by Sıla Özeren Hacıoğlu , Security Research Engineer at Picus Security. Found this article interesting?

This article is a contributed piece from one of our valued partners. Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Fortinet Patches Critical SQLi Flaw Enabling Unauthenticated Code Execution

Fortinet has released security updates to address a critical flaw impacting FortiClientEMS that could lead to the execution of arbitrary code on susceptible systems. The vulnerability, tracked as CVE-2026-21643 , has a CVSS rating of 9.1 out of a maximum of 10.0. “An improper neutralization of special elements used in an SQL Command (‘SQL Injection’) vulnerability [CWE-89] in FortiClientEMS may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests,” Fortinet said in an advisory. The shortcoming affects the following versions - FortiClientEMS 7.2 (Not affected) FortiClientEMS 7.4.4 (Upgrade to 7.4.5 or above) FortiClientEMS 8.0 (Not affected) Gwendal Guégniaud of the Fortinet Product Security team has been credited with discovering and reporting the flaw.

While Fortinet makes no mention of the vulnerability being exploited in the wild, it’s essential that users move quickly to apply the fixes. The development comes as the company addressed another critical severity flaw in FortiOS, FortiManager, FortiAnalyzer, FortiProxy, FortiWeb ( CVE-2026-24858 , CVSS score: 9.4) that allows an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices. Fortinet has since acknowledged that the issue has been actively exploited by bad actors to create local admin accounts for persistence, make configuration changes granting VPN access to those accounts, and exfiltrate the firewall configurations. Found this article interesting?

ZAST.AI Raises $6M Pre-A to Scale “Zero False Positive” AI-Powered Code Security

January 5, 2026, Seattle, USA — ZAST.AI announced the completion of a $6 million Pre-A funding round. This investment came from the well-known investment firm Hillhouse Capital, bringing ZAST.AI’s total funding close to $10 million. This marks a recognition from leading capital markets of a new solution: ending the era of high false positive rates in security tools and making every alert genuinely actionable. In 2025, ZAST.AI discovered hundreds of zero-day vulnerabilities across dozens of popular open-source projects.

These findings were submitted through authoritative vulnerability platforms like VulDB, successfully resulting in 119 CVE assignments . These are not laboratory targets, but production-grade code supporting global businesses. Affected well-known projects include widely used components and frameworks such as Microsoft Azure SDK, Apache Struts XWork, Alibaba Nacos, Langfuse, Koa, node-formidable, and others. It was precisely within these widely adopted open-source projects that ZAST.AI discovered hundreds of real, exploitable vulnerabilities accompanied by executable Proof-of-Concept (PoC) evidence.

Maintainers of these projects from top technology companies like Microsoft, Apache, and Alibaba have already patched their code based on the PoCs submitted by ZAST.AI. “In the traditional field of code security analysis, high false positive rates have long been a core pain point plaguing enterprise security teams. Security engineers often spend significant time manually verifying alerts generated by tools, resulting in extremely low efficiency,” said Geng Yang, Co-founder of ZAST.AI. “‘Report is cheap, show me the POC!’ This was the original intention behind founding ZAST.AI — we believe only verified vulnerabilities are worth reporting.” ZAST.AI’s core innovation lies in its “Automated POC Generation + Automated Validation” technical architecture.

Unlike traditional static analysis tools, ZAST.AI leverages advanced AI technology to perform deep code analysis on applications. It can not only automatically generate Proof-of-Concept (PoC) code for exploiting vulnerabilities but also automatically execute and verify whether the PoC successfully triggers the vulnerability. The final report only presents real vulnerabilities that have been practically verified, achieving a breakthrough “zero false positive” effect. “This isn’t an optimization—it’s a reconstruction,” said a representative from Hillhouse Capital.

“ZAST.AI has redefined the standard for vulnerability validation, shifting from ‘potential risk’ to ‘confirmed vulnerability, here is the PoC.’ This changes the game.” Regarding vulnerability coverage, ZAST.AI not only supports the detection of “syntax-level” vulnerabilities such as SQL Injection, XSS, Insecure Deserialization, and SSRF but also possesses the capability to identify semantic-level vulnerabilities. This includes complex business logic flaws like IDOR, privilege escalation, and payment logic vulnerabilities—areas long considered difficult for automated tools to reach. Imagine your security tool crying “wolf” every day, with a false positive rate above 60%. By the time the real “wolf” appears, the team might already be desensitized.

This isn’t a people problem; it’s a tool defect—they can only speculate , not prove . Currently, ZAST.AI already serves multiple enterprise clients, including Fortune Global 500 companies. By automatically discovering unknown vulnerabilities and directly providing runnable PoC vulnerability reports, ZAST.AI helps clients significantly shorten vulnerability remediation cycles, markedly reduce security operation costs, and has gained high recognition from customers. This round of funding will primarily be used for core technology R&D, product feature expansion, and global market development.

CEO, Geng Yang stated: “Our vision is to build an end-to-end AI-driven security platform, enabling every development team to obtain the highest quality security assurance at the lowest cost. In the future, ZAST.AI will continue to deepen technological innovation in AI + Security, providing global customers with smarter, more precise, and more efficient code security solutions.” Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.