2026-03-05 AI创业新闻

149 Hacktivist DDoS Attacks Hit 110 Organizations in 16 Countries After Middle East Conflict

Cybersecurity researchers have warned of a surge in retaliatory hacktivist activity following the U.S.-Israel coordinated military campaign against Iran , codenamed Epic Fury and Roaring Lion. “The hacktivist threat in the Middle East is highly lopsided, with two groups, Keymous+ and DieNet, driving nearly 70% of all attack activity between February 28 and March 2,” Radware said in a Tuesday report. The first distributed denial-of-service (DDoS) attack was launched by Hider Nex (aka Tunisian Maskers Cyber Force) on February 28, 2026. According to details shared by Orange Cyberdefense, Hider Nex is a shadowy Tunisian hacktivist group that supports pro-Palestinian causes.

It leverages a hack-and-leak strategy combining DDoS attacks with data breaches to leak sensitive data and advance its geopolitical agenda. The group emerged in mid-2025. In all, a total of 149 hacktivist DDoS claims were recorded targeting 110 distinct organizations across 16 countries. The attacks were carried out by 12 different groups, including Keymous+ , DieNet , and NoName057(16) , which accounted for 74.6% of all activity.

Of these attacks, the vast majority, 107, were concentrated in the Middle East, disproportionately targeting public infrastructure and state-level targets. Europe was the target of 22.8% of the total global activity during the time period. Nearly 47.8% of all targeted organizations globally belonged to the government sector, followed by finance (11.9%) and telecommunications (6.7%) sectors. “The digital front is expanding alongside the physical one in the region, with hacktivist groups simultaneously targeting more nations in the Middle East than ever before,” Radware said.

“The distribution of attacks within the region was heavily concentrated in three specific nations: Kuwait, Israel, and Jordan, with Kuwait accounting for 28%, Israel for 27.1%, and Jordan for 21.5% of the total attack claims.” Besides Keymous+, DieNet, and NoName057(16), some of the other groups that have engaged in disruptive operations include Nation of Saviors (NOS), the Conquerors Electronic Army (CEA), Sylhet Gang, 313 Team, Handala Hack, APT Iran, the Cyber Islamic Resistance, Dark Storm Team, the FAD Team, Evil Markhors, and PalachPro, per data from Flashpoint, Palo Alto Networks Unit 42, and Radware. The current scope of cyber attacks is listed below - Pro-Russian hacktivist groups like Cardinal and Russian Legion claimed to have breached Israeli military networks, including its Iron Dome missile defense system. An active SMS phishing campaign has been observed using a rogue replica of the Israeli Home Front Command RedAlert application to deliver mobile surveillance and data-exfiltrating malware. “By manipulating victims into sideloading this malicious APK under the guise of an urgent wartime update, the adversaries successfully deploy a fully functional alert interface that masks an invasive surveillance engine designed to prey on a hyper-vigilant population,” CloudSEK said .

Iran’s Islamic Revolutionary Guard Corps (IRGC) targeted the energy and digital infrastructure sectors in the Middle East, striking Saudi Aramco and an Amazon Web Services data center in the U.A.E. with an intent to “inflict maximum global economic pain as a counter-pressure to military losses,” Flashpoint said. Cotton Sandstorm (aka Haywire Kitten) revived its old cyber persona, Altoufan Team , claiming to have hacked websites in Bahrain. “This reflects the reactive nature of the actor’s campaigns and a high probability of their further involvement in intrusions across the Middle East amid the conflict,” Check Point said.

Data gathered by Nozomi Networks shows that the Iranian state-sponsored hacking group known as UNC1549 (aka GalaxyGato, Nimbus Manticore, or Subtle Snail) was the fourth most active actor in the second half of 2025, focusing its attacks on defense, aerospace, telecommunications, and regional government entities to advance the nation’s geopolitical priorities. Major Iranian cryptocurrency exchanges have remained operational but announced operational adjustments , either suspending or batching withdrawals, and issuing risk guidance urging users to prepare for possible connectivity disruption. “What we’re seeing in Iran is not clear evidence of mass capital flight, but rather a market managing volatility under constrained connectivity and regulatory intervention,” said Ari Redbord, Global Head of Policy at TRM Labs. “For years, Iran has operated a shadow economy that, in part, has used crypto to evade sanctions, including through sophisticated offshore infrastructure.

What we’re seeing now – under the strain of war, connectivity shutdowns, and volatile markets – is a real-time stress test of that infrastructure and the regime’s ability to leverage it.” Sophos said it “observed a surge in hacktivist activity, but not an escalation in risk,” primarily from pro-Iran personas, including Handala Hack team and APT Iran in the form of DDoS attacks, website defacements, and unverified claims of compromises involving Israeli infrastructure. The U.K. National Cyber Security Centre (NCSC) alerted organizations to a heightened risk of Iranian cyber attacks, urging them to strengthen their cybersecurity posture to better respond to DDoS attacks , phishing activity , and ICS Targeting . In a post shared on LinkedIn, Cynthia Kaiser, ransomware research center SVP at Halcyon and former Deputy Assistant Director with the Federal Bureau of Investigation’s Cyber Division, said Iran has a track record of using cyber operations to retaliate against “perceived political slights,” adding these activities have increasingly incorporated ransomware.

“Tehran has long preferred to turn a blind, or at least indifferent, eye to private cyber operations against targets in the US, Israel, and other allied countries,” Kaiser added . “That’s because having access to cyber criminals gives the government options. As Iran considers its response to US and Israeli military actions, it is likely to activate any of these cyber actors if it believes their operations can deliver a meaningful retaliatory impact.” Cybersecurity company SentinelOne has also assessed with high confidence that organizations in Israel, the U.S., and allied nations are likely to face direct or indirect targeting, particularly within government, critical infrastructure, defense, financial services, academic, and media sectors. “Iranian threat actors have historically demonstrated a willingness to blend espionage, disruption, and psychological impact operations to advance strategic objectives,” Nozomi Networks said .

“In periods of instability, these operations often intensify, targeting critical infrastructure, energy networks, government entities, and private industry far beyond the immediate conflict zone.” To counter the risk posed by the kinetic conflict, organizations are advised to activate continuous monitoring to reflect escalated threat activity, update threat intelligence signatures, reduce external attack surface, conduct comprehensive exposure reviews of connected assets, validate proper segmentation between information technology and operational technology networks, and ensure proper isolation of IoT devices. “In past conflicts, Tehran’s cyber actors have aligned their activity with broader strategic objectives that increase pressure and visibility at targets, including energy, critical infrastructure, finance, telecommunications, and healthcare,” Adam Meyers, head of Counter Adversary Operations at CrowdStrike, said in a statement shared with The Hacker News. “Iranian adversaries have continued to evolve their tradecraft, expanding beyond traditional intrusions into cloud and identity-focused operations, which positions them to act rapidly across hybrid enterprise environments with increased scale and impact.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1

Google said it identified a “new and powerful” exploit kit dubbed Coruna (aka CryptoWaters) targeting Apple iPhone models running iOS versions between 13.0 and 17.2.1. The exploit kit featured five full iOS exploit chains and a total of 23 exploits, Google Threat Intelligence Group (GTIG) said. It’s not effective against the latest version of iOS. The findings were first reported by WIRED.

“The core technical value of this exploit kit lies in its comprehensive collection of iOS exploits, with the most advanced ones using non-public exploitation techniques and mitigation bypasses,” according to GTIG. “The framework surrounding the exploit kit is extremely well engineered; the exploit pieces are all connected naturally and combined together using common utility and exploitation frameworks.” The kit is said to have circulated among multiple threat actors since February 2025, moving from a commercial surveillance operation to a government-backed attacker, and finally, to a financially motivated threat actor operating from China by December. It’s currently not known how the exploit kit changed hands, but the findings point to an active market for second-hand zero-day exploits, allowing other threat actors to reuse them for their own objectives. In a related report, iVerify said the exploit kit has similarities to previous frameworks developed by threat actors affiliated with the U.S.

government. “Coruna is one of the most significant examples we’ve observed of sophisticated spyware-grade capabilities proliferating from commercial surveillance vendors into the hands of nation-state actors and ultimately mass-scale criminal operations,” iVerify said . The mobile security vendor said the use of the sophisticated exploit framework marks the first observed mass exploitation against iOS devices, indicating that spyware attacks are shifting from being highly targeted to broad deployment. Google said it first captured parts of an iOS exploit chain used by a customer of an unnamed surveillance company early last year, with the exploits integrated into a never-before-seen JavaScript framework.

The framework is designed to fingerprint the device to determine if it’s real and gather details, including the specific iPhone model and iOS software version it is running. The framework then loads the appropriate WebKit remote code execution (RCE) exploit based on the fingerprint data, followed by executing a pointer authentication code (PAC) bypass. The exploit in question relates to CVE-2024-23222 , a type confusion bug in WebKit that was patched by Apple in January 2024 with iOS 17.3 and iPadOS 17.3 and iOS 16.7.5 and iPadOS 16.7.5. Fast forward to July 2025, the same JavaScript framework was detected on the domain “cdn.uacounter[.]com,” which was loaded as a hidden iFrame on compromised Ukrainian websites.

This included websites catering to industrial equipment, retail tools, local services, and e-commerce. A suspected Russian espionage group named UNC6353 is assessed to be behind the campaign. What’s interesting about the activity was that the framework was delivered only to certain iPhone users from a specific geolocation. The exploits deployed as part of the framework consisted of CVE-2024-23222, CVE-2022-48503 , and CVE-2023-43000 , the last of which is a use-after-free flaw in WebKit.

It’s worth noting that CVE-2023-43000 was addressed by Apple in iOS 16.6 and iPadOS 16.6, released in July 2023. However, the security release notes were updated to include an entry for the vulnerability only on November 11, 2025. The third time the JavaScript framework was detected in the wild was in December 2025. A cluster of fake Chinese websites, most of them related to finance, were found to drop the iOS exploit kit after instructing users to visit them from an iPhone or iPad for a better user experience.

The activity is attributed to a threat cluster tracked as UNC6691. Once these websites are accessed via an iOS device, a hidden iFrame is injected to deliver the Coruna exploit kit containing CVE-2024-23222. The exploit delivery, in this case, was not constrained by any geolocation criteria. Further analysis of the threat actor’s infrastructure led to the discovery of a debug version of the exploit kit, along with various samples covering five full iOS exploit chains.

A total of 23 exploits spanning versions from iOS 13 to iOS 17.2.1 have been identified. Some of the CVEs exploited by the kit and the corresponding iOS versions they targeted are listed below - Neutron - CVE-2020-27932 (versions 13.x) Dynamo - CVE-2020-27950 (versions 13.x) buffout - CVE-2021-30952 (versions 13 → 15.1.1) jacurutu - CVE-2022-48503 (versions 15.2 → 15.5) IronLoader - CVE-2023-32409 (versions 16.0 → 16.3.116.4.0) Photon - CVE-2023-32434 (versions 14.5 → 15.7.6) Gallium - CVE-2023-38606 (versions 14.x) Parallax - CVE-2023-41974 (versions 16.4 → 16.7) terrorbird - CVE-2023-43000 (versions 16.2 → 16.5.1) cassowary - CVE-2024-23222 (versions 16.6 → 17.2.1) Sparrow - CVE-2024-23225 (versions 17.0 → 17.3) Rocket - CVE-2024-23296 (versions 17.1 → 17.4) “Photon and Gallium are exploiting vulnerabilities that were also used as zero-days as part of Operation Triangulation ,” Google said. “The Coruna exploit kit also embeds reusable modules to ease the exploitation of the aforementioned vulnerabilities.” In June 2023, the Russian government claimed the campaign was the work of the U.S. National Security Agency, accusing it of hacking “several thousand” Apple devices belonging to domestic subscribers and foreign diplomats as part of a “reconnaissance operation.” UNC6691 has been observed weaponizing the exploit to deliver a stager binary codenamed PlasmaLoader (aka PLASMAGRID) that’s designed to decode QR codes from images and run additional modules retrieved from an external server, allowing it to exfiltrate cryptocurrency wallets or sensitive information from various apps like Base, Bitget Wallet, Exodus, and MetaMask, among others.

“The implant contains a list of hard-coded C2s but has a fallback mechanism in case the servers do not respond,” GTIG added. “The implant embeds a custom domain generation algorithm (DGA) using the string ‘lazarus’ as a seed to generate a list of predictable domains. The domains will have 15 characters and use .xyz as a TLD. The attackers use Google’s public DNS resolver to validate if the domains are active.” A notable aspect of Coruna is that it skips execution on devices in Lockdown Mode , or if the user is in private browsing.

To counter the threat, iPhone users are advised to keep their devices up to date, and enable Lockdown Mode for enhanced security. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

New RFP Template for AI Usage Control and AI Governance

As AI becomes the central engine for enterprise productivity, security leaders are finally getting the green light — and the budget — to secure it. But there’s a quiet crisis unfolding in the boardroom: many organizations know they need “AI Governance,” but they have no idea what they are actually looking for. The CISO’s Dilemma: You Have the AI Budget, but Do You Have the Requirements? As AI becomes the central engine for enterprise productivity, security leaders are finally getting the green light—and the budget—to secure it.

But there’s a quiet crisis unfolding in the boardroom: many organizations know they need “AI Governance,” but they have no idea what they are actually looking for. Without a structured way to evaluate the exploding market of AI Usage Control (AUC) solutions, teams risk “investing” in legacy tools that were never built for the age of agentic workflows and shadow browser extensions. A new RFP Guide for Evaluating AI Usage Control and AI Governance Solutions has been released to solve this exact problem. It’s not just a checklist; it’s a technical framework designed to help security architects and CISOs move from vague “AI security” goals to specific, measurable project criteria.

Stop Fighting App Proliferation; Start Governing Interactions The conventional wisdom says that to secure AI, you need to catalog every application your employees touch. This is a losing battle. The RFP Guide argues for a counterintuitive shift: AI security isn’t an “app” problem; it’s an interaction problem. If you focus on the app, you’re always playing catch-up with the 500+ new GPT-based tools launched every week.

If you focus on the interaction (i.e., the moment a prompt is typed or a file is uploaded) you gain control that is tool-agnostic. The benefit for you: By using this RFP to demand “interaction-level inspection,” you stop being a bottleneck for innovation and start being a guardian of data, regardless of which “Shadow AI” tool your marketing team just discovered. Why Your Current Security Stack is Failing the AI Test Many vendors claim they “do AI security” as a checkbox feature within their CASB or SSE. The RFP Guide helps you see through this marketing.

Most legacy tools rely on network-layer visibility, which is blind to what happens inside a browser-side panel or an encrypted IDE plugin. The Guide forces vendors to answer the hard questions: Can you detect AI usage in Incognito mode? Do you support “AI-native” browsers like Atlas, Dia, or Comet? Can you distinguish between a corporate identity and a personal one in the same session?

The benefit for you: This structured approach prevents “feature-wash” by forcing vendors to prove they can operate at the point of interaction without requiring heavy endpoint agents or disruptive network changes. The 8 Pillars of a Mature AI Governance Project The RFP Template provides a technical grading system across eight critical domains to ensure your chosen solution is future-proof: Section What You’re Actually Testing

AI Discovery & Coverage Visibility across browsers, SaaS, extensions, and IDEs. 2.

Contextual Awareness Does the tool understand who is asking and why ? 3. Policy Governance Can you block PII but allow benign summaries? 4.

Real-Time Enforcement Stopping a leak before the “Enter” key is hit. 5. Auditability Providing “compliance-ready” reports for the board. 6.

Architecture Fit Can it be deployed in hours without breaking the network? 7. Deployment & Management Ensuring the tool isn’t a burden on your IT staff. 8.

Vendor Futureproofing Readiness for autonomous, agent-driven workflows. Governance Isn’t a Policy Document. It’s Enforceable, Measurable Controls. The goal of this RFP isn’t just to gather data; it’s to grade it.

The Guide includes a response format that requires vendors to provide more than just a “Yes/No.” Rather, they must describe the how and provide references. This level of structure takes the guesswork out of procurement. Instead of a subjective “feeling” about a vendor, you get a score-based comparison of how they handle real-world risks like prompt injections and unmanaged BYOD environments. Your Next Step: Define Your Requirements Before the Market Defines Them for You Use the RFP Guide for Evaluating AI Usage Control Solutions to take the lead.

It will help you standardize your evaluation, accelerate your research, and ultimately enable safe AI adoption that scales with the business. Download the RFP Guide and Template Here to start building your AI governance framework today. Found this article interesting? This article is a contributed piece from one of our valued partners.

Fake Laravel Packages on Packagist Deploy RAT on Windows, macOS, and Linux

Cybersecurity researchers have flagged malicious Packagist PHP packages masquerading as Laravel utilities that act as a conduit for a cross-platform remote access trojan (RAT) that’s functional on Windows, macOS, and Linux systems. The names of the packages are listed below - nhattuanbl/lara-helper (37 Downloads) nhattuanbl/simple-queue (29 Downloads) nhattuanbl/lara-swagger (49 Downloads) According to Socket, the package “nhattuanbl/lara-swagger” does not directly embed malicious code, lists “nhattuanbl/lara-helper” as a Composer dependency , causing it to install the RAT. The packages are still available for download from the PHP package registry. Both lara-helper and simple-queue have been found to contain a PHP file named “src/helper.php,” which employs a number of tricks to complicate static analysis by making use of techniques like control flow obfuscation, encoding domain names, command names, and file paths, and randomized identifiers for variable and function names.

“Once loaded, the payload connects to a C2 server at helper.leuleu[.]net:2096, sends system reconnaissance data, and waits for commands – giving the operator full remote access to the host,” security researcher Kush Pandya said. This includes sending system information and parsing commands received from the C2 server for subsequent execution on the compromised host. The communication occurs over TCP using PHP’s stream_socket_client() . The list of supported commands is below - ping , to send a heartbeat automatically every 60 seconds info , to send system reconnaissance data to the C2 server cmd , to run a shell command powershell , to run a PowerShell command run , to run a shell command in the background screenshot , to capture the screen using imagegrabscreen() download , to read a file from disk upload , to a file on disk and grant it read, write, and execute permissions to all users stop , to the socket, and exit “For shell execution, the RAT probes disable_functions and picks the first available method from: popen, proc_open, exec, shell_exec, system, passthru,” Pandya said.

‘This makes it resilient to common PHP hardening configurations.” While the C2 server is currently non-responsive, the RAT is configured such that it retries the connection every 15 seconds in a persistent loop, making it a security risk. Users who have installed the packages are advised to assume compromise, remove them, rotate all secrets accessible from the application environment, and audit outbound traffic to the C2 server. Besides the aforementioned three packages, the threat actor behind the operation has published three other libraries (“nhattuanbl/lara-media,” “nhattuanbl/snooze,” and “nhattuanbl/syslog”) that are clean, likely in an effort to build credibility and trick users into installing the malicious ones. “Any Laravel application that installed lara-helper or simple-queue is running a persistent RAT.

The threat actor has full remote shell access, can read and write arbitrary files, and receives an ongoing system profile for each connected host,” Socket said. “Because activation happens at application boot (via service provider) or class autoloads (via simple-queue), the RAT runs in the same process as the web application with the same filesystem permissions and environment variables, including database credentials, API keys, and .env contents.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

APT41-Linked Silver Dragon Targets Governments Using Cobalt Strike and Google Drive C2

Cybersecurity researchers have disclosed details of an advanced persistent threat (APT) group dubbed Silver Dragon that has been linked to cyber attacks targeting entities in Europe and Southeast Asia since at least mid-2024. “Silver Dragon gains its initial access by exploiting public-facing internet servers and by delivering phishing emails that contain malicious attachments,” Check Point said in a technical report. “To maintain persistence, the group hijacks legitimate Windows services, which allows the malware processes to blend into normal system activity.” Silver Dragon is assessed to be operating within the APT41 umbrella . APT41 is the cryptonym assigned to a prolific Chinese hacking group known for its targeting of healthcare, telecoms, high-tech, education, travel services, and media sectors for cyber espionage as early as 2012.

It’s also believed to engage in financially motivated activity potentially outside of state control. Attacks mounted by Silver Dragon have been found to primarily single out government entities, with the adversary using Cobalt Strike beacons for persistence on compromised hosts. It’s also known to employ techniques like DNS tunneling for command-and-control (C2) communication to bypass detection. Check Point said it identified three different infection chains to deliver Cobalt Strike: AppDomain hijacking , service DLL, and email-based phishing.

“The first two infection chains, AppDomain hijacking and Service DLL, show clear operational overlap,” the cybersecurity company said. “They are both delivered via compressed archives, suggesting their use in post‑exploitation scenarios. In several cases, these chains were deployed following the compromise of publicly exposed vulnerable servers.” The two chains make use of a RAR archive containing a batch script, with the first chain using it to drop MonikerLoader, a .NET-based loader responsible for decrypting and executing a second-stage directly in memory. The second stage, for its part, mimics MonikerLoader’s behavior, acting as a conduit for loading the final Cobalt Strike beacon payload.

On the other hand, the service DLL chain uses a batch script to deliver a shellcode DLL loader dubbed BamboLoader, which is registered as a Windows service. A heavily obfuscated C++ malware, it’s used to decrypt and decompress shellcode staged on disk, and inject it into a legitimate Windows process, such as “taskhost.exe.” The binary targeted for injection is configurable within BamboLoader. The third infection chain involves a phishing campaign that has primarily targeted Uzbekistan with malicious Windows shortcuts (LNK) as attachments. The weaponized LNK file is designed to launch PowerShell code by means of “cmd.exe,” leading to the extraction and execution of next-stage payloads.

This includes four different files - Decoy document Legitimate executable vulnerable to DLL side-loading (“GameHook.exe”) Malicious DLL aka BamboLoader (“graphics-hook-filter64.dll”) Encrypted Cobalt Strike payload (“simhei.dat”) As part of this campaign, the decoy document is displayed to the victim, while, in the background, the rogue DLL is sideloaded via “GameHook.exe” to ultimately launch Cobalt Strike. The attacks are also characterized by the deployment of various post-exploitation tools - SilverScreen , a .NET screen-monitoring tool used to capture periodic screenshots of user activity, including precise cursor positioning. SSHcmd , a .NET command-line SSH utility that provides remote command execution and file transfer capabilities over SSH. GearDoor , a .NET backdoor that shares similarities with MonikerLoader and communicates with its C2 infrastructure via Google Drive.

Once executed, the backdoor authenticates to the attacker-controlled Google Drive account and uploads a heartbeat file containing basic system information. Interestingly, the backdoor utilizes different file extensions to indicate the nature of the task to be performed on the infected host. The results of the task execution are captured and uploaded to Drive. *.png , to send heartbeat files.

*.pdf , to receive and execute commands, list the contents of a directory, make a new directory, and remove all files within a specified directory. The results of the operation are sent to the server in the form of a *.db file. *.cab , to receive and execute commands to gather host information and a list of running processes, enumerate files and directories, run commands via “cmd.exe” or scheduled tasks, upload files to Google Drive, and terminate the implant. The execution status is uploaded as a .bak file.

*.rar , to receive and execute payloads. If the RAR file is named “wiatrace.bak,” the backdoor treats it as a self-update package. The results are uploaded as .bak files. *.7z , to receive and execute plugins in memory.

The results are uploaded as .bak files. Silver Dragon’s links to APT41 stem from tradecraft overlaps with post-exploitation installation scripts previously attributed to the latter and the fact that the decryption mechanism used by BamboLoader has been observed in shellcode loaders linked to China-nexus APT activity. “The group continuously evolves its tooling and techniques, actively testing and deploying new capabilities across different campaigns,” Check Point said. “The use of diverse vulnerability exploits, custom loaders, and sophisticated file-based C2 communication reflects a well-resourced and adaptable threat group.” Found this article interesting?

Accelerate your AI Initiatives

CISA Adds Actively Exploited VMware Aria Operations Flaw CVE-2026-22719 to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed security flaw impacting Broadcom VMware Aria Operations to its Known Exploited Vulnerabilities ( KEV ) catalog, citing active exploitation in the wild. The high-severity vulnerability, CVE-2026-22719 (CVSS score: 8.1), has been described as a case of command injection that could allow an unauthenticated attacker to execute arbitrary commands. “A malicious unauthenticated actor may exploit this issue to execute arbitrary commands, which may lead to remote code execution in VMware Aria Operations while support-assisted product migration is in progress,” the company said in an advisory released late last month.

The shortcoming was addressed, along withCVE-2026-22720, a stored cross-site scripting vulnerability, and CVE-2026-22721, a privilege escalation vulnerability that could result in administrative access. It impacts the following products - VMware Cloud Foundation and VMware vSphere Foundation 9.x.x.x - Fixed in 9.0.2.0 VMware Aria Operations 8.x - Fixed in 8.18.6 Customers who cannot apply the patch immediately can download and run a shell script (“aria-ops-rce-workaround.sh”) as root from each Aria Operations Virtual Appliance node. There are currently no details on how the vulnerability is being exploited in the wild, who is behind it, and the scale of such efforts. “Broadcom is aware of reports of potential exploitation of CVE-2026-22719 in the wild, but we cannot independently confirm their validity,” the company noted in an update to its bulletin.

In light of active exploitation, Federal Civilian Executive Branch (FCEB) agencies are required to apply the fixes by March 24, 2026. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Fake Tech Support Spam Deploys Customized Havoc C2 Across Organizations

Threat hunters have called attention to a new campaign as part of which bad actors masqueraded as fake IT support to deliver the Havoc command-and-control (C2) framework as a precursor to data exfiltration or ransomware attack. The intrusions, identified by Huntress last month across five partner organizations, involved the threat actors using email spam as lures, followed by a phone call from an IT desk that activates a layered malware delivery pipeline. “In one organization, the adversary moved from initial access to nine additional endpoints over the course of eleven hours, deploying a mix of custom Havoc Demon payloads and legitimate RMM tools for persistence, with the speed of lateral movement strongly suggesting the end goal was data exfiltration, ransomware, or both,” researchers Michael Tigges, Anna Pham, and Bryan Masters said. It’s worth noting that the modus operandi is consistent with email bombing and Microsoft Teams phishing attacks orchestrated by threat actors associated with the Black Basta ransomware operation in the past.

While the cybercrime group appears to have gone silent following a public leak of its internal chat logs last year, the continued presence of the group’s playbook suggests two possible scenarios. One possibility is that former Black Basta affiliates have moved on to other ransomware operations and are using them to mount fresh attacks, or two, rival threat actors have adopted the same strategy to conduct social engineering and obtain initial access. The attack chain begins with a spam campaign aiming to overwhelm a target’s inboxes with junk emails. In the next step, the threat actors, masquerading as IT support, contact the recipients and trick them into granting remote access to their machines either via a Quick Assist session or by installing tools like AnyDesk to help remediate the problem.

With the access in place, the adversary wastes no time launching the web browser and navigating to a fake landing page hosted on Amazon Web Services (AWS) that impersonates Microsoft and instructs the victim to enter their email address to access Outlook’s anti-spam rules update system and update the spam rules. Clicking a button to “Update rules configuration” on the counterfeit page triggers the execution of a script that displays an overlay asking the user to enter their password. “This mechanism serves two purposes: it allows the threat actor (TA) to harvest credentials, which, when combined with the required email address, provides access to the control panel; concurrently, it adds a layer of authenticity to the interaction, convincing the user the process is genuine,” Huntress said. The attack also hinges on downloading the supposed anti-spam patch, which, in turn, leads to the execution of a legitimate binary named “ADNotificationManager.exe” (or “DLPUserAgent.exe” and “Werfault.exe”) to sideload a malicious DLL.

The DLL payload implements defense evasion and executes the Havoc shellcode payload by spawning a thread containing the Demon agent. At least one of the identified DLLs (“vcruntime140_1.dll”) incorporates additional tricks to sidestep detection by security software using control flow obfuscation, timing-based delay loops, and techniques like Hell’s Gate and Halo’s Gate to hook ntdll.dll functions and bypass endpoint detection and response (EDR) solutions. “Following the successful deployment of the Havoc Demon on the beachhead host, the threat actors began lateral movement across the victim environment,” the researchers said. “While the initial social engineering and malware delivery demonstrated some interesting techniques, the hands-on-keyboard activity that followed was comparatively straightforward.” This includes creating scheduled tasks to launch the Havoc Demon payload every time the infected endpoints are rebooted, providing the threat actors with persistent remote access.

That said, the threat actor has been found to deploy legitimate remote monitoring and management (RMM) tools like Level RMM and XEOX on some compromised hosts instead of Havoc, thus diversifying their persistence mechanisms. Some important takeaways from these attacks are that threat actors are more than happy to impersonate IT staff and call personal phone numbers if it improves the success rate, techniques like defense evasion that were once limited to attacks on large firms or state-sponsored campaigns are becoming increasingly common, and commodity malware is customized to bypass pattern-based signatures. Also of note is the speed at which attacks progress swiftly and aggressively from initial compromise to lateral movement, as well as the numerous methods used to maintain persistence. “What begins as a phone call from ‘IT support’ ends with a fully instrumented network compromise – modified Havoc Demons deployed across endpoints, legitimate RMM tools repurposed as backup persistence,” Huntress concluded.

“This campaign is a case study in how modern adversaries layer sophistication at every stage: social engineering to get in the door, DLL sideloading to stay invisible, and diversified persistence to survive remediation.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Building a High-Impact Tier 1: The 3 Steps CISOs Must Follow

Every CISO knows the uncomfortable truth about their Security Operations Center: the people most responsible for catching threats in real time are the people with the least experience. Tier 1 analysts sit at the front line of detection, and yet they are also the most vulnerable to the cognitive and organizational pressures that quietly erode SOC performance over time. The Paradox at the Gate: Why Tier 1 Carries the Weight but Lacks the Armor Tier 1 is the layer that processes the highest volume of alerts, performs initial triage, and determines what gets escalated. But it is built on a foundation that is structurally fragile.

Entry-level analysts, high turnover rates, and relentless alert queues create conditions where even well-designed detection rules fail to translate into timely, accurate responses. The paradox is here: Tier 1 performance defines SOC performance; But Tier 1 is often the least supported, least empowered, and most cognitively overloaded layer Tier 1 analysts face a daily avalanche of alerts. Over time, this leads to: Alert fatigue: constant exposure to high volumes reduces sensitivity to real danger. Decision fatigue: repeated micro-decisions degrade judgment quality.

Cognitive overload: too many dashboards, too little context. False-positive conditioning: when 90% of alerts are benign, skepticism becomes automatic. Burnout and turnover: institutional memory evaporates For CISOs, these are not HR problems. It’s a business risk.

When Tier 1 hesitates, misses, or delays escalation: Dwell time increases, Incident costs rise, Detection quality degrades, Executive confidence in security drops. If Tier 1 is weak, the entire SOC becomes reactive rather than predictive. The Core Engine Room: Monitoring and Triage as Business-Critical Workflows Tier 1 owns two foundational SOC processes: monitoring and alert triage. Monitoring is the continuous process of ingesting signals from across the environment — endpoints, networks, cloud infrastructure, identity systems — and applying detection logic to surface events of potential concern.

Triage is what happens next: the structured, human-driven process of evaluating those events, assigning severity, ruling out false positives, and determining whether escalation is warranted. Basically, these are routine tasks. Watch telemetry. Sort alerts into true positive/false positive/needs escalation.

But these also are revenue protection mechanisms since they determine MTTR, MTTD, and resource allocation efficiency. When these workflows are inefficient: Tier 2 and Tier 3 drown in noise, Incident response begins late, Business disruption expands, Operational costs increase, Regulatory exposure grows. Intelligence as Oxygen: The Foundation of Tier 1 Effectiveness Tier 1 cannot operate effectively in a vacuum, and raw alerts without context are just digital shadows. Actionable threat intelligence turns data into decisions.

For a Tier 1 analyst asking, “Is this connected to an active campaign targeting our sector?”, it provides: IOC validation, Campaign context, TTP mapping, Infrastructure associations, Malware family attribution. Tier 1 analysts need threat intelligence more urgently than anyone else in the SOC, precisely because they make the most time-sensitive decisions with the least contextual background. Integrate actionable feeds and lookup enrichment into your SOC workflows to speed detection and improve operational resilience Reduce Dwell Time. Increase Confidence Step 1: Detect What Others Miss.

Powering Monitoring with Live Threat Intelligence Feeds The first step toward a high-impact Tier 1 is upgrading the intelligence foundation of monitoring itself. Most SOC environments rely on detection rules built from static signatures or behavioral heuristics — logic that was accurate when written but degrades as adversaries adapt. Actionable threat intelligence feeds continuously inject fresh, verified indicators of compromise directly into the detection infrastructure. Rather than flagging anomalies and waiting for an analyst to research them, a feed-enriched monitoring layer flags activity that has already been confirmed as malicious through real-world analysis.

Detections become based on behavioral ground truth, not statistical deviation. The operational effect on early detection is substantial. It compresses the window of exposure and dramatically reduces the cost of eventual containment. ANY.RUN’s Threat Intelligence Feeds aggregate indicators (malicious IPs, URLs, domains) drawn from a continuously operating malware analysis sandbox that processes real-world threats in real time.

This means the data reflects active threat activity observed through dynamic execution analysis, not historical reporting or third-party aggregation alone. Adversaries who modify their malware to evade static signatures cannot easily evade behavioral observation. TI Feeds: data, benefits, integrations Delivered in STIX and MISP formats, TI Feeds integrate directly with SIEMs, firewalls, DNS resolvers, and endpoint detection systems. Each indicator carries contextual metadata like malware families and behavioral tags, so that a detection is not just a flag but an explanation.

For the business, intelligence-powered monitoring reduces MTTD, improves detection precision, and generates a measurable return on the broader security stack investment by ensuring that what gets detected is what actually matters. Step 2: From Flag to Finding. Enriching Every Alert with the Context Analysts Actually Need Before an analyst can enrich an alert, they often face a more immediate problem: a suspicious file or link has surfaced, and its nature is genuinely unknown. This is where the ANY.RUN Interactive Sandbox becomes a direct triage asset.

Rather than relying on static reputation checks alone, analysts can submit the artifact to the sandbox and observe its actual behavior in a live execution environment — watching in real time as the file makes network connections, modifies the registry, drops additional payloads, or attempts to evade detection. Within minutes, the sandbox produces a verdict grounded in what the sample actually does, not just what it looks like. View sandbox analysis of a suspicious .exe file Sandbox detonation detects ScreenConnect malware But detection is only the beginning of a T1 analyst’s job. Once an alert surfaces, the analyst must determine whether it represents a genuine threat, understand what it means, and decide what to do with it — all under time pressure and against a queue of competing alerts.

Without enrichment, this determination relies on analyst experience and manual research, both of which are in short supply at Tier 1. The quality and speed of enrichment determine the quality and speed of triage. Deep enrichment, grounded in behavioral analysis, allows analysts to reason about the actual risk of a detection rather than guessing at it. ANY.RUN’s Threat Intelligence Lookup delivers this depth on demand.

Analysts can query any indicator — domain, IP, file hash, URL — and receive immediate context drawn from the sandbox’s analysis repository: full behavioral reports showing how the artifact executed, associated malware families and threat categories, network indicators observed during analysis, and connections to broader malicious infrastructure. A lookup is fast enough to fit into the triage workflow rather than interrupting it. domainName:”priutt-title.com” TI Lookup domain search with “Malicious” verdict and additional IOCs A single lookup allows us to understand that a doubtful domain spotted in the network traffic is most probably malicious, engaged in campaigns targeting IT, finance, and educational businesses all over the world right now, and linked to more indicators that can be used for further detection tuning. This changes how T1 operates across several dimensions: Analysts make faster, more confident decisions because they have evidence rather than inference.

Escalation notes improve because analysts can articulate what they found and why it matters, reducing back-and-forth with Tier 2 and accelerating the handoff. False positives are closed with greater certainty, improving the precision of the escalation pipeline. For business objectives, enriched triage supports several priorities simultaneously: It accelerates MTTD and MTTR, which are key metrics for both security program effectiveness and regulatory compliance. It improves the quality of incident documentation for post-incident review, insurance claims, and regulatory reporting.

It reduces analyst burnout by replacing frustrating ambiguity with actionable clarity. Finally, it ensures that the SOC’s output reflects genuine analysis rather than overwhelmed guesswork. Step 3: Security That Compounds. Integrating ANY.RUN into Your Existing Stack Individual capabilities — however strong — deliver limited value when they operate in isolation.

The third and most strategically significant step is
integration: connecting ANY.RUN’s Threat Intelligence Feeds, Lookup, and Sandbox into the existing security infrastructure so that intelligence flows automatically across every layer of the environment. This is where investment in T1 intelligence capabilities translates into organization-wide risk reduction. SIEMs that ingest TI Feeds generate higher-precision alerts, because the detection layer is operating from verified behavioral indicators rather than generic rules. Firewalls and DNS resolvers that consume the same feeds block malicious infrastructure at the perimeter, reducing the volume of threats that reach endpoints and analysts in the first place.

EDR systems enriched with sandbox-derived behavioral signatures detect malware that evades signature-based approaches. The entire stack becomes more coherent because it shares a common intelligence foundation. ANY.RUN supports this integration architecture through standard formats and APIs designed for compatibility with the security products already in deployment. STIX and MISP feed delivery integrates with leading SIEM and SOAR solutions.

The TI Lookup API enables direct enrichment from within analyst workflows(ticketing systems, investigation dashboards, custom scripts) without requiring analysts to leave their primary interface. The sandbox itself can receive samples programmatically, enabling automated analysis pipelines that feed results back into detection and response systems. ANY.RUN integration capabilities For T1 teams, the day-to-day effect of integration is a reduction in the manual effort that currently consumes analyst time. Indicators enriched automatically before triage, feeds that update detection logic without human intervention, escalation data that populates from sandbox analysis rather than manual documentation — these changes shift analyst effort from information gathering to genuine investigation.

T1 becomes faster without becoming larger. For CISOs, the business case for integration centers on compounding returns. Each point of integration multiplies the value of the intelligence investment: a feed consumed by five security controls delivers five times the coverage of a feed consumed by one. This coherence also strengthens the organization’s posture in conversations with the board, insurers, and regulators.

An integrated, intelligence-driven security architecture demonstrates not just that controls exist, but that they are actively informed by current threat activity, a substantively different claim than checkbox compliance. Integrate dynamic malware analysis, fresh intelligence feeds, and contextual search to improve detection quality and business outcomes Transform Your SOC Into an Early Warning System Three Steps, One Outcome: A Tier 1 That Actually Protects the Business The path to a high-impact Tier 1 is not hiring more analysts or writing more detection rules. It lies in addressing the structural shortcomings that make T1 fragile: monitoring that cannot reflect current threats, triage that lacks the context to be decisive, and intelligence capabilities that remain disconnected from the stack they should be informing. ANY.RUN’s Threat Intelligence Feeds, Lookup, and Interactive Sandbox form a closed loop — from behavioral analysis to detection to investigation — that addresses each of the steps to top performance without adding operational complexity.

The Sandbox generates ground truth. The Feeds operationalize it across the detection layer. The Lookup makes the same analytical depth available on demand for every analyst, regardless of experience. CISOs who prioritize this investment are not just improving SOC metrics.

They are changing the equation for every threat actor who targets their organization. A Tier 1 team that detects early, triages with confidence, and escalates accurately is one of the highest-leverage risk reduction assets a security program can build. Combine live TI Feeds with indicator enrichment to transform monitoring into high-confidence detection. Build a Smarter SOC Frontline Found this article interesting?

This article is a contributed piece from one of our valued partners. Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Open-Source CyberStrikeAI Deployed in AI-Driven FortiGate Attacks Across 55 Countries

The threat actor behind the recently disclosed artificial intelligence (AI)-assisted campaign targeting Fortinet FortiGate appliances leveraged an open-source, AI-native security testing platform called CyberStrikeAI to execute the attacks. The new findings come from Team Cymru, which detected its use following an analysis of the IP address (“212.11.64[.]250”) that was used by the suspected Russian-speaking threat actor to conduct automated mass scanning for vulnerable appliances. CyberStrikeAI is an “open-source artificial intelligence (AI) offensive security tool (OST) developed by a China-based developer who we assess has some ties to the Chinese government,” security researcher Will Thomas (aka @BushidoToken ) said . Details of the AI-powered activity came to light last month when Amazon Threat Intelligence said it detected the unknown attacker systematically targeting FortiGate devices using generative artificial intelligence (AI) services like Anthropic Claude and DeepSeek, compromising over 600 appliances in 55 countries.

According to the description in its GitHub repository, CyberStrikeAI is built in Go and integrates more than 100 security tools to enable vulnerability discovery, attack-chain analysis, knowledge retrieval, and result visualization. It’s maintained by a Chinese developer who goes by the online alias Ed1s0nZ. Team Cymru said it observed 21 unique IP addresses running CyberStrikeAI between January 20 and February 26, 2026, with servers primarily hosted in China, Singapore, and Hong Kong. Additional servers related to the tool have been detected in the U.S., Japan, and Switzerland.

The Ed1s0nZ account, besides hosting CyberStrikeAI, has published several other tools that demonstrate their interest in exploitation and jailbreaking AI models - watermark-tool, to add invisible digital watermarks to documents. banana_blackmail, a Golang-based ransomware, PrivHunterAI, a Golang-based tool that uses Kimi, DeepSeek, and GPT models to detect privilege escalation vulnerabilities. ChatGPTJailbreak, which contains a README.md file with prompts to jailbreak OpenAI ChatGPT by tricking it into entering a Do Anything Now (DAN) mode or asking it to act as ChatGPT with Developer Mode enabled. InfiltrateX, a Golang-based scanner for detecting privilege escalation vulnerabilities.

VigilantEye, a Golang-based tool that monitors the disclosure of sensitive information, such as phone numbers and ID card numbers, in databases. It’s configured to send an alert via a WeChat Work bot if a potential data breach is detected. “Further, Ed1s0nZ’s GitHub activities indicate they interact with organisations that support potentially Chinese government state-sponsored cyber operations,” Thomas said. “This includes Chinese private sector firms that have known ties to the Chinese Ministry of State Security (MSS).” One such company the developer has interacted with is Knownsec 404 , a Chinese security vendor that suffered a major leak of more than 12,000 internal documents late last year, exposing the firm’s employee data, government clientele, hacking tools, large volumes of stolen data such as South Korean call logs and information related to Taiwan’s critical infrastructure organizations, and the inner workings of ongoing cyber operations targeting other countries.

“Ostensibly, KnownSec appeared to be just another security company, but this is only a half truth,” DomainTools noted in an analysis published this January, describing it as a “state-aligned cyber contractor” capable of supporting Chinese national security, intelligence, and military objectives. “In reality, […] it has a shadow organization that works for the PLA, MSS, and the organs of the Chinese security state. This leak exposes a company that operates far beyond the role of a typical cybersecurity vendor. Tools like ZoomEye and the Critical Infrastructure Target Library give China a global reconnaissance system that catalogs millions of foreign IPs, domains, and organizations mapped by sector, geography, and strategic value.” Ed1s0nZ has also been observed making active modifications to a README.md file located in an eponymous repository, removing references to them having been honored with the Level 2 Contribution Award to the China National Vulnerability Database of Information Security (CNNVD).

The developer has also claimed that “everything shared here is purely for research and learning.” According to research published by Bitsight last month, China maintains two different vulnerability databases: CNNVD and the Chinese National Vulnerability Database (CNVD). While CNNVD is overseen by the Ministry of State Security, CNVD is controlled by CNCERT. Previous findings from Recorded Future have revealed that CNNVD takes longer to publish vulnerabilities with higher CVSS scores than vulnerabilities with lower ones. “The developer’s recent attempt to scrub references to the CNNVD from their GitHub profile points to an active effort to obscure these state ties, likely to protect the tool’s operational viability as its popularity grows,” Thomas said.

“The adoption of CyberStrikeAI is poised to accelerate, representing a concerning evolution in the proliferation of AI-augmented offensive security tools.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

AI Agents: The Next Wave Identity Dark Matter - Powerful, Invisible, and Unmanaged

The Rise of MCPs in the Enterprise The Model Context Protocol (MCP) is quickly becoming a practical way to push LLMs from “chat” into real work. By providing structured access to applications, APIs, and data, MCP enables prompt-driven AI agents that can retrieve information, take action, and automate end-to-end business workflows across the enterprise. This is already showing up in production through horizontal assistants and custom vertical agents. like Microsoft Copilot, ServiceNow, Zendesk bots, and Salesforce Agentforce, with custom and vertical agents moving fast behind them.

This echoes the recent Gartner “Market Guide for Guardian Agents” report , where analysts note that the rapid enterprise adoption of these AI agents is significantly outpacing the maturity of the governance and policy controls required to manage them. We believe the primary disconnect is that these AI “colleagues” don’t look like humans. They don’t join or leave through HR They don’t submit access requests They don’t retire accounts when projects end They’re often invisible to traditional IAM, and that’s how they become identity dark matter: real identity risk outside the governance fabric. And agentic systems don’t just use access, they hunt for the path of least resistance.

They’re optimized to finish the job with minimal friction: fewer approvals, fewer prompts, fewer blockers. In identity terms, that means they’ll gravitate toward whatever already works, in-app-local accounts, stale service identities, long-lived tokens, API keys, bypass auth paths, and if it works, it gets reused. Team8’s 2025 CISO Village Survey found: Nearly 70% of enterprises already run AI agents (any system that can answer and act) in production . Another 23% are planning deployments in 2026 .

Two-thirds are building them in-house. MCP adoption isn’t a question of if; it’s a question of how fast and wisely. It’s already here, and it’s only accelerating. Complicating this further is the reality of hybrid environments.

Based on the Gartner research, it seems that organizations face significant hurdles in managing these non-human identities because native platform controls and vendor safeguards generally do not extend beyond their own cloud or platform borders. Without an independent oversight mechanism, cross-cloud agent interactions remain entirely ungoverned. The real question is whether your AI agents become trusted teammates or unmanaged identity dark matter ? How Identity Dark Matter Gets Abused by Agent-AI As autonomous AI agents that can plan and execute multi-step tasks with minimal human input, Agent AI is a powerful assistant but also a major cyber risk.

Interestingly, leading industry analysts seem to expect that the vast majority of unauthorized agent actions will stem from internal enterprise policy violations, such as misguided AI behavior or information oversharing, rather than malicious external attacks. The typical abuse pattern we see is similar, driven by agent automation and shortcut-seeking: Enumerate what exists: Agent crawls apps and integrations, lists users/tokens, discovers “alternate” auth paths. Try what’s easy first: Local accounts, legacy creds, long-lived tokens, anything that avoids a fresh approval. Lock onto “good enough” access: Even low privilege is enough to pivot: read configuration files, pull logs, discover secrets, map organization structure.

Upgrade quietly: Find over-scoped tokens, stale entitlements, or dormant-but-privileged identities and escalate with minimal noise. Operate at machine speed: Thousands of small actions occur across many systems, too fast and too wide for humans to spot early. The real risk here is the scale of impact: one neglected identity becomes a reusable shortcut across the estate. The Dark Matter Risks In addition to abusing identity dark matter, left unchecked, MCP agents (AI Agents that use the MCP protocol to connect to apps, A2A, APIs, and data sources) introduce their own hidden exposures.

Orchid uncovers these exposures every day: Over-permissioned access: Agents get “god mode” so they don’t fail, and then that privilege becomes the default operating state. Untracked usage: Agents can execute sensitive workflows through tools where logs are partial, inconsistent, or not correlated back to a sponsor. Static credentials: Hardcoded tokens don’t just “live forever”, they become shared infrastructure across agents, pipelines, and environments. Regulatory blind spots: Auditors ask, “who approved access, who used it, and what data was touched?” Dark matter makes those answers slow, or impossible.

Privilege drift: Agents accumulate access over time because removing permissions is scarier than granting them, until an attacker inherits the drift. We believe addressing these blind spots aligns with Gartner’s observation that modern AI governance requires identity and access management to tightly converge with information governance. This ensures organizations can dynamically classify data sensitivity and monitor real-time agent behavior instead of relying solely on static credentials. AI agents aren’t just users without badges.

They’re dark matter identities: powerful, invisible, and outside the reach of today’s IAM. And the uncomfortable part: even well-intentioned agents will exploit dark matter. They don’t understand your org chart or your governance intent; they understand what works. If an orphaned account or over-scoped token is the fastest path to completion, it becomes the “efficient” choice.

Principles for Safe MCP Adoption To avoid repeating the mistakes of the past (with orphaned or overprivileged accounts, shadow IT, unmanaged keys, and invisible activity), organizations need to adapt and apply core identity principles to AI agents. Gartner introduced the concept of specialized “guardian” systems, supervisory AI solutions that continuously evaluate, monitor, and enforce boundaries on working agents. We recommend organizations follow 5 core principles as they deploy MCP-based agentic solutions. Pair AI Agents with Human Sponsors: Every agent should be tied to an accountable human operator.

If the human changes roles or leaves, the agent’s access should change with them. We agree with Gartner on the necessity of ownership mapping, ensuring full lineage from creation to deployment is tracked to both the machine and its human owner. Dynamic, Context-Aware Access: AI agents should not hold standing, permanent privileges. Their entitlements should be time-bound, session-aware, and limited to least privilege.

Visibility and Auditability: Gartner has been increasingly calling for organizations to maintain a centralized AI agent catalog that inventories all official, shadow, and third-party agents, alongside comprehensive posture management and tamper-evident audit trails. In our view, every action an AI agent takes should be logged, correlated back to its human sponsor, and made available for review. This ensures accountability and prepares organizations for future compliance scrutiny. Visibility isn’t just “we logged it.” You need to tie actions to data reach: what the agent accessed, what it changed, what it exported, and whether that action touched regulated or sensitive datasets.

Otherwise, you can’t distinguish “useful automation” from “silent data movement”. Governance at Enterprise Scale: MCP adoption should extend across both new and legacy systems within a single, consistent governance fabric, so that security, compliance, and infrastructure teams are not working in silos. This is also where Gartner emphasizes the importance of an enterprise-owned supervisory layer, one that ensures consistent controls and reduces the risk of vendor lock-in as MCP adoption expands. Commitment to Good IAM Hygiene: As with all identities, authentication flows, authorization permissions and implemented controls, strong hygiene- on the application server as well as the MCP server- is critical to keep every user within the proper bounds.

The Bigger Picture AI agents pose a unique challenge beyond mere integration. They represent a shift in how work is delegated and executed inside enterprises. Left unmanaged, they will follow the same trajectory as other hidden identities: in-app-local accounts, stale service identities, long-lived tokens, API keys, and bypass auth paths that have become identity dark matter over time. And because LLM-driven agents are optimized for efficiency, least friction and fewest steps, they will naturally gravitate to those ungoverned identities as the fastest path to success.

If an orphaned local admin or an over-scoped token “just works,” the agent will use it, and reuse it. The opportunity is to get ahead of this curve. By treating AI agents as first-class identities from day one (discoverable, governable, and auditable), organizations can harness their potential without creating blind spots. Enterprises that do this will not only reduce their immediate attack surface but also position themselves for the regulatory and operational expectations that are sure to follow.

In practice, most Agent-AI incidents won’t start with a zero-day. They’ll start with an identity shortcut that someone forgot to clean up, then get amplified by automation until it appears to be a systemic breach. The Bottom Line AI agents are here. They are already changing how enterprises operate.

The challenge is not whether to use them, but how to govern them. Safe MCP adoption requires applying the same principles that identity practitioners know well, least privilege, lifecycle management, and auditability, to a new class of non-human identities that follow this protocol. If identity dark matter is the sum of what we can’t see or control, then unmanaged AI agents may become its fastest-growing source. The organizations that act now to bring them into the light will be the ones who can move quickly with AI without sacrificing trust, compliance, or security.

That’s why Orchid Security is building identity infrastructure to eliminate dark matter, and make Agent AI adoption safe to deploy at enterprise scale. Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Starkiller Phishing Suite Uses AitM Reverse Proxy to Bypass Multi-Factor Authentication

Cybersecurity researchers have disclosed details of a new phishing suite called Starkiller that proxies legitimate login pages to bypass multi-factor authentication (MFA) protections. It’s advertised as a cybercrime platform by a threat group calling itself Jinkusu, granting customers access to a dashboard that lets them select a brand to impersonate or enter a brand’s real URL. It also lets users choose custom keywords like “login,” “verify,” “security,” or “account,” and integrates URL shorteners such as TinyURL to obscure the destination URL. “It launches a headless Chrome instance – a browser that operates without a visible window – inside a Docker container , loads the brand’s real website, and acts as a reverse proxy between the target and the legitimate site,” Abnormal researchers Callie Baron and Piotr Wojtyla said .

“Recipients are served genuine page content directly through the attacker’s infrastructure, ensuring the phishing page is never out of date. And because Starkiller proxies the real site live, there are no template files for security vendors to fingerprint or blocklist.” This login page proxying technique obviates the need for attackers to update their phishing page templates periodically as the real pages they’re impersonating get updated. Put differently, the container acts as an AitM reverse proxy, forwarding the end user’s inputs entered on the spoofed live page to the legitimate site and returning the site’s responses. Under the hood, every keystroke, form submission, and session token is routed through attacker-controlled infrastructure and is captured for account takeover.

“The platform streamlines phishing operations by centralizing infrastructure management, phishing page deployment, and session monitoring within a single control panel,” Abnormal said. “Combined with URL masking, session hijacking, and MFA bypass, it gives low-skill cybercriminals access to attack capabilities that were previously out of reach.” The development comes as Datadog revealed that the 1Phish kit had evolved from a basic credential harvester in September 2025 into a multi-stage phishing kit targeting 1Password users. The updated version of the kit incorporates a pre-phishing fingerprint and validation layer, support for capturing one-time passcodes (OTPs) and recovery codes, and browser fingerprinting logic to filter out bots. “This progression reflects deliberate iteration rather than simple template reuse,” security researcher Martin McCloskey said .

“Each version builds upon the previous one, introducing controls designed to increase conversion rates, reduce automated analysis, and support secondary authentication harvesting.” The findings show that turkey solutions like Starkiller and 1Phish are increasingly turning phishing into SaaS-style workflows, further lowering the skill barrier necessary to pull off such attacks at scale. They also coincide with a sophisticated phishing campaign targeting North American businesses and professionals by abusing the OAuth 2.0 device authorization grant flow to sidestep multi-factor authentication (MFA) and compromise Microsoft 365 accounts. To achieve this, the attacker registers on the Microsoft OAuth application and generates a unique device code , which is then delivered to the victim via a targeted phishing email. “The victim is directed to the legitimate Microsoft domain (microsoft.com/devicelogin) portal to enter an attacker-supplied device code ,” researchers Jeewan Singh Jalal, Prabhakaran Ravichandhiran, and Anand Bodke said .

“This action authenticates the victim and issues a valid OAuth access token to the attacker’s application. The real-time theft of these tokens grants the attacker persistent access to the victim’s Microsoft 365 accounts and corporate data.” In recent months, phishing campaigns have also targeted financial institutions, specifically U.S.-based banks and credit unions, to harvest credentials. The campaign is said to have taken place over two distinct phases, an initial wave beginning in late June 2025 and a more sophisticated set of attacks beginning in mid-November 2025. “The actors began registering [.]co[.]com domains spoofing financial institution websites, presenting credible impersonations of real financial institutions,” BlueVoyant researchers Shira Reuveny and Joshua Green said .

“These [.]co[.]com domains serve as the initial entry point in a refined multi-stage chain.” The domain, when visited from a clickable link in a phishing email, is designed to load a fraudulent Cloudflare CAPTCHA page that mimics the targeted institution. The CAPTCHA is non-functional and creates a deliberate delay before a Base64-encoded script redirects users to the credential harvesting page. In an effort to evade detection and prevent automated scanners from flagging the malicious content, directly accessing the [.]co[.]com domains trigger a redirect to a malformed “www[.]www” URL. “The adversary’s deployment of a more advanced multi-layered evasion chain – incorporating referrer validation, cookie-based access controls, intentional delays, and code obfuscation – effectively creates a more resilient infrastructure that presents barriers for automated security tools and manual analysis,” BlueVoyant said.

Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Microsoft Warns OAuth Redirect Abuse Delivers Malware to Government Targets

Microsoft on Monday warned of phishing campaigns that employ phishing emails and OAuth URL redirection mechanisms to bypass conventional phishing defenses implemented in email and browsers. The activity, the company said, targets government and public-sector organizations with the end goal of redirecting victims to attacker-controlled infrastructure without stealing their tokens. It described the phishing attacks as an identity-based threat that takes advantage of OAuth’s standard, by-design behavior rather than exploiting software vulnerabilities or stealing credentials. “OAuth includes a legitimate feature that allows identity providers to redirect users to a specific landing page under certain conditions, typically in error scenarios or other defined flows,” the Microsoft Defender Security Research Team said .

“Attackers can abuse this native functionality by crafting URLs with popular identity providers, such as Entra ID or Google Workspace, that use manipulated parameters or associated malicious applications to redirect users to attacker-controlled landing pages. This technique enables the creation of URLs that appear benign but ultimately lead to malicious destinations.” The starting point of the attack is a malicious application created by the threat actor in a tenant under their control. The application is configured with a redirect URL pointing to a rogue domain that hosts malware. The attackers then distribute an OAuth phishing link that instructs the recipients to authenticate to the malicious application by using an intentionally invalid scope.

The result of this redirection is that users inadvertently download and infect their own devices with malware. The malicious payloads are distributed in the form of ZIP archives, which, when unpacked, result in PowerShell execution, DLL side-loading, and pre-ransom or hands-on-keyboard activity, Microsoft said. The ZIP file contains a Windows shortcut (LNK) that executes a PowerShell command as soon as it’s opened. The PowerShell payload is used to conduct host reconnaissance by running discovery commands.

The LNK file extracts from the ZIP archive an MSI installer, which then drops a decoy document to mislead the victim, while a malicious DLL (“crashhandler.dll”) is sideloaded using the legitimate “steam_monitor.exe” binary. The DLL proceeds to decrypt another file named “crashlog.dat” and executes the final payload in memory, allowing it to establish an outbound connection to an external command-and-control (C2) server. Microsoft said the emails use e-signature requests, Teams recordings, social security, financial, and political themes as lures to trick users into clicking the link. The emails are said to have been sent via mass-sending tools and custom solutions developed in Python and Node.js.

The links are either directly included in the email body or placed within a PDF document. “To increase credibility, actors passed the target email address through the state parameter using various encoding techniques, allowing it to be automatically populated on the phishing page,” Microsoft said. “The state parameter is intended to be randomly generated and used to correlate request and response values, but in these cases it was repurposed to carry encoded email addresses.” While some of the campaigns have been found to leverage the technique to deliver malware, others send users to pages hosted on phishing frameworks such as EvilProxy, which act as an adversary-in-the-middle (AitM) kit to intercept credentials and session cookies. Microsoft has since removed several malicious OAuth applications that were identified as part of the investigation.

Organizations are advised to limit user consent, periodically review application permissions, and remove unused or overprivileged apps. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.