2026-03-22 AI创业新闻

FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks

Threat actors affiliated with Russian Intelligence Services are conducting phishing campaigns to compromise commercial messaging applications (CMAs) like WhatsApp and Signal to seize control of accounts belonging to individuals with high intelligence value, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) said Friday. “The campaign targets individuals of high intelligence value, including current and former U.S. government officials, military personnel, political figures, and journalists,” FBI Director Kash Patel said in a post on X.

“Globally, this effort has resulted in unauthorized access to thousands of individual accounts. After gaining access, the actors can view messages and contact lists, send messages as the victim, and conduct additional phishing from a trusted identity.” CISA and the FBI said the activity has resulted in the compromise of thousands of individual CMA accounts. It’s worth noting that the attacks are designed to break into the targeted accounts and do not exploit any security vulnerability or weakness to crack the platforms’ encryption protections. While the agencies did not attribute the activity to a specific threat actor, prior reports from Microsoft and Google Threat Intelligence Group have linked such campaigns to multiple Russia-aligned threat clusters tracked as Star Blizzard , UNC5792 (aka UAC-0195), and UNC4221 (aka UAC-0185) .

In a similar alert, the Cyber Crisis Coordination Center (C4), part of the National Cybersecurity Agency of France (ANSSI), warned of a surge in attack campaigns targeting instant messaging accounts associated with government officials, journalists, and business leaders. “These attacks – when successful – can allow malicious actors to access conversation histories, or even take control of their victims’ messaging accounts and send messages while impersonating them,” C4 said . The end goal of the campaign is to enable the threat actors to gain unauthorized access to victims’ accounts, enabling them to view messages and contact lists, send messages on their behalf, and even conduct secondary phishing against other targets by abusing trusted relationships. As recently alerted by cybersecurity agencies from Germany and the Netherlands , the attack involves the adversary posing as “Signal Support” to approach targets and urge them to click on a link (or alternatively scan a QR code) or provide the PIN or verification code.

In both cases, the social engineering scheme allows the threat actors to gain access to the victim’s CMA account. However, the campaign has two different outcomes for the victim depending on the method used - If the victim opts to provide the PIN or verification code to the threat actor, they lose access to their account, as the attacker has used it to recover the account on their end. While the threat actor cannot access past messages, the method can be used to monitor fresh messages and send messages to others by impersonating the victim. If the victim ends up clicking the link or scanning the QR code, a device under the control of the threat actor gets linked to the victim’s account, allowing them to access all messages, including those sent in the past.

In this scenario, the victim continues to have access to the CMA account unless they are explicitly removed from the app settings. To better protect against the threat, users are advised to never share their SMS code or verification PIN with anyone , exercise caution when receiving unexpected messages from unknown contacts, check links before clicking them, and periodically review linked devices and remove those that appear suspicious. “These attacks, like all phishing, rely on social engineering. Attackers impersonate trusted contacts or services (such as the non-existent ‘Signal Support Bot’) to trick victims into handing over their login credentials or other information,” Signal said in a post on X earlier this month.

“To help prevent this, remember that your Signal SMS verification code is only ever needed when you are first signing up for the Signal app. We also want to emphasize that Signal Support will never initiate contact via in-app messages, SMS, or social media to ask for your verification code or PIN. If anyone asks for any Signal-related code, it is a scam.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager

Oracle has released security updates to address a critical security flaw impacting Identity Manager and Web Services Manager that could be exploited to achieve remote code execution. The vulnerability, tracked as CVE-2026-21992 , carries a CVSS score of 9.8 out of a maximum of 10.0. “This vulnerability is remotely exploitable without authentication,” Oracle said in an advisory. “If successfully exploited, this vulnerability may result in remote code execution.” CVE-2026-21992 affects the following versions - Oracle Identity Manager versions 12.2.1.4.0 and 14.1.2.1.0 Oracle Web Services Manager versions 12.2.1.4.0 and 14.1.2.1.0 According to a description of the flaw in the NIST National Vulnerability Database (NVD), it’s “easily exploitable” and could allow an unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager and Oracle Web Services Manager.

This, in turn, can result in the successful takeover of susceptible instances. Oracle makes no mention of the vulnerability being exploited in the wild. However, the tech giant has urged customers to apply the update without delay for optimal protection. In November 2025, the U.S.

Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-61757 (CVSS score: 9.8), a pre-authenticated remote code execution flaw impacting Oracle Identity Manager, to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages

The threat actors behind the supply chain attack targeting the popular Trivy scanner are suspected to be conducting follow-on attacks that have led to the compromise of a large number of npm packages with a previously undocumented self-propagating worm dubbed CanisterWorm . The name is a reference to the fact that the malware uses an ICP canister , which refers to tamperproof smart contracts on the Internet Computer blockchain, as a dead drop resolver . The development marks the first publicly documented abuse of an ICP canister for the explicit purpose of fetching the command-and-control (C2) server, Aikido Security researcher Charlie Eriksen said . The list of affected packages is below - 28 packages in the @EmilGroup scope 16 packages in the @opengov scope @teale.io/eslint-config @airtm/uuid-base32 @pypestream/floating-ui-dom The development comes within a day after threat actors leveraged a compromised credential to publish malicious trivy, trivy-action, and setup-trivy releases containing a credential stealer.

A cloud-focused cybercriminal operation known as TeamPCP is suspected to be behind the attacks. The infection chain involving the npm packages involves leveraging a postinstall hook to execute a loader, which then drops a Python backdoor that’s responsible for contacting the ICP canister dead drop to retrieve a URL pointing to the next-stage payload. The fact that the dead drop infrastructure is decentralized makes it resilient and resistant to takedown efforts . “The canister controller can swap the URL at any time, pushing new binaries to all infected hosts without touching the implant,” Eriksen said.

Persistence is established by means of a systemd user service, which is configured to automatically start the Python backdoor after a 5-second delay if it gets terminated for some reason by using the “ Restart=always “ directive. The systemd service masquerades as PostgreSQL tooling (“pgmon”) in an attempt to fly under the radar. The backdoor, as mentioned before, phones the ICP canister with a spoofed browser User-Agent every 50 minutes to fetch the URL in plaintext. The URL is subsequently parsed to fetch and run the executable.

“If the URL contains youtube[.]com, the script skips it,” Eriksen explained. “This is the canister’s dormant state. The attacker arms the implant by pointing the canister at a real binary, and disarms it by switching back to a YouTube link. If the attacker updates the canister to point to a new URL, every infected machine picks up the new binary on its next poll.

The old binary keeps running in the background since the script never kills previous processes.” It’s worth noting that a similar youtube[.]com-based kill switch has also been flagged by Wiz in connection with the trojanized Trivy binary (version 0.69.4), which reaches out to the same ICP canister via another Python dropper (“sysmon.py”). As of writing, the URL returned by the C2 is a rickroll YouTube video . The Hacker News found that the ICP canister supports three methods – get_latest_link, http_request, update_link – the last of which allows the threat actor to modify the behavior at any time to serve an actual payload. In tandem, the packages come with a “deploy.js” file that the attacker runs manually to spread the malicious payload to every package a stolen npm token provides access to in a programmatic fashion.

The worm, assessed to be vibe-coded using an artificial intelligence (AI) tool, makes no attempt to conceal its functionality. “This isn’t triggered by npm install,” Aikido said. “It’s a standalone tool the attacker runs with stolen tokens to maximize blast radius.” To make matters worse, a subsequent iteration of CanisterWorm detected in “@teale.io/eslint-config” versions 1.8.11 and 1.8.12 has been found to self-propagate on its own without the need for manual intervention. Unlike “deploy.js,” which was a self-contained script the attacker had to execute with the pilfered npm tokens to push a malicious version of the npm packages to the registry, the new variant incorporates this functionality in “index.js” within a findNpmTokens() function that’s run during the postinstall phase to collect npm authentication tokens from the victim’s machine.

The main difference here is that the postinstall script, after installing the persistent backdoor, attempts to locate every npm token from the developer’s environment and spawns the worm right away with those tokens by launching “deploy.js” as a fully detached background process. Interestingly, the threat actor is said to have swapped out the ICP backdoor payload for a dummy test string (“hello123”), likely to ensure that the entire attack chain is working as intended before adding the malware. “This is the point where the attack goes from ‘compromised account publishes malware’ to ‘malware compromises more accounts and publishes itself,’” Eriksen said. “Every developer or CI pipeline that installs this package and has an npm token accessible becomes an unwitting propagation vector.

Their packages get infected, their downstream users install those, and if any of them have tokens, the cycle repeats.” (This is a developing story. Please check back for more details.) Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added five security flaws impacting Apple, Craft CMS, and Laravel Livewire to its Known Exploited Vulnerabilities ( KEV ) catalog, urging federal agencies to patch them by April 3, 2026. The vulnerabilities that have come under exploitation are listed below - CVE-2025-31277 (CVSS score: 8.8) - A vulnerability in Apple WebKit that could result in memory corruption when processing maliciously crafted web content. (Fixed in July 2025) CVE-2025-43510 (CVSS score: 7.8) - A memory corruption vulnerability in Apple’s kernel component that could allow a malicious application to cause unexpected changes in memory shared between processes.

(Fixed in December 2025) CVE-2025-43520 (CVSS score: 8.8) - A memory corruption vulnerability in Apple’s kernel component that could allow a malicious application to cause unexpected system termination or write kernel memory. (Fixed in December 2025) CVE-2025-32432 (CVSS score: 10.0) - A code injection vulnerability in Craft CMS that could allow a remote attacker to execute arbitrary code. (Fixed in April 2025) CVE-2025-54068 (CVSS score: 9.8) - A code injection vulnerability in Laravel Livewire that could allow unauthenticated attackers to achieve remote command execution in specific scenarios. (Fixed in July 2025) The addition of the three Apple vulnerabilities to the KEV catalog comes in the wake of reports from Google Threat Intelligence Group (GTIG), iVerify, and Lookout about an iOS exploit kit codenamed DarkSword that leverages these shortcomings, along with three bugs, to deploy various malware families like GHOSTBLADE, GHOSTKNIFE, and GHOSTSABER for data theft.

CVE-2025-32432 is assessed to have been exploited as a zero-day by unknown threat actors since February 2025, per Orange Cyberdefense SensePost. Since then, an intrusion set tracked as Mimo (aka Hezb) has also been observed exploiting the vulnerability to deploy a cryptocurrency miner and residential proxyware. Rounding off the list is CVE-2025-54068 , whose exploitation was recently flagged by the Ctrl-Alt-Intel Threat Research team as part of attacks mounted by the Iranian state-sponsored hacking group, MuddyWater (aka Boggy Serpens). In a report published earlier this week, Palo Alto Networks Unit 42 called out the adversary’s consistent targeting of diplomatic and critical infrastructure, including energy, maritime, and finance, across the Middle East and other strategic targets worldwide.

“While social engineering remains its defining trait, the group is also increasing its technological capabilities,” Unit 42 said . “Its diverse toolset includes AI-enhanced malware implants that incorporate anti-analysis techniques for long-term persistence. This combination of social engineering and rapidly developed tools creates a potent threat profile.” “To support its large-scale social engineering campaigns, Boggy Serpens uses a custom-built, web-based orchestration platform,” Unit 42 said. “This tool enables operators to automate mass email delivery while maintaining granular control over sender identities and target lists.” Attributed to the Iranian Ministry of Intelligence and Security (MOIS), the group is primarily focused on cyber espionage, although it has also been linked to disruptive operations targeting the Technion Israel Institute of Technology by adopting the DarkBit ransomware persona.

One of the defining hallmarks of MuddyWater’s tradecraft has been the use of hijacked accounts belonging to official government and corporate entities in its spear-phishing attacks, and abuse of trusted relationships to evade reputation-based blocking systems and deliver malware. In a sustained campaign targeting an unnamed national marine and energy company in the U.A.E. between August 16, 2025, and February 11, 2026, the threat actor is said to have conducted four distinct waves of attack, leading to the deployment of various malware families, including GhostBackDoor and Nuso (aka HTTP_VIP). Some of the other notable tools in the threat actor’s arsenal include UDPGangster and LampoRAT (aka CHAR).

“Boggy Serpens’ recent activity exemplifies a maturing threat profile, as the group integrates its established methodologies with refined mechanisms for operational persistence,” Unit 42 said. “By diversifying its development pipeline to include modern coding languages like Rust and AI-assisted workflows, the group creates parallel tracks that ensure the redundancy needed to sustain a high operational tempo.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Trivy, a popular open-source vulnerability scanner maintained by Aqua Security, was compromised a second time within the span of a month to deliver malware that stole sensitive CI/CD secrets. The latest incident impacted GitHub Actions “ aquasecurity/trivy-action “ and “ aquasecurity/setup-trivy ,” which are used to scan Docker container images for vulnerabilities and set up GitHub Actions workflow with a specific version of the scanner, respectively. “We identified that an attacker force-pushed 75 out of 76 version tags in the aquasecurity/trivy-action repository, the official GitHub Action for running Trivy vulnerability scans in CI/CD pipelines,” Socket security researcher Philipp Burckhardt said . “These tags were modified to serve a malicious payload, effectively turning trusted version references into a distribution mechanism for an infostealer.” The payload executes within GitHub Actions runners and aims to extract valuable developer secrets from CI/CD environments, such as SSH keys, credentials for cloud service providers, databases, Git, Docker configurations, Kubernetes tokens, and cryptocurrency wallets.

The development marks the second supply chain incident involving Trivy. Towards the end of February and early March 2026, an autonomous bot called hackerbot-claw exploited a “pull_request_target” workflow to steal a Personal Access Token (PAT), which was then weaponized to seize control of the GitHub repository, delete several release versions, and push two malicious versions of its Visual Studio Code (VS Code) extension to Open VSX. The first sign of the compromise was flagged by security researcher Paul McCarty after a new compromised release (version 0.69.4) was published to the “aquasecurity/trivy” GitHub repository. The rogue version has since been removed.

According to Wiz , version 0.69.4 starts both the legitimate Trivy service and the malicious code responsible for a series of tasks - Conduct data theft by scanning the system for environmental variables and credentials, encrypting the data, and exfiltrating it via an HTTP POST request to scan.aquasecurtiy[.]org. Set up persistence by using a systemd service after confirming that it’s running on a developer machine. The systemd service is configured to run a Python script (“sysmon.py”) that polls an external server to retrieve the payload and execute it. In a statement, Itay Shakury, vice president of open source at Aqua Security, said the attackers abused a compromised credential to publish malicious trivy, trivy-action, and setup-trivy releases.

In the case of “aquasecurity/trivy-action,” the adversary force-pushed 75 version tags to point to the malicious commits containing the Python infostealer payload without creating a new release or pushing to a branch, as is standard practice. Seven “aquasecurity/setup-trivy” tags were force-pushed in the same manner. “So in this case, the attacker didn’t need to exploit Git itself,” Burckhardt told The Hacker News. “They had valid credentials with sufficient privileges to push code and rewrite tags, which is what enabled the tag poisoning we observed.

What remains unclear is the exact credential used in this specific step (e.g., a maintainer PAT vs automation token), but the root cause is now understood to be credential compromise carried over from the earlier incident.” The security vendor also acknowledged that the latest attack stemmed from incomplete containment of the hackerbot-claw incident. “We rotated secrets and tokens, but the process wasn’t atomic, and attackers may have been privy to refreshed tokens,” Shakury said. “We are now taking a more restrictive approach and locking down all automated actions and any token in order to thoroughly eliminate the problem.” The stealer operates in three stages: harvesting environment variables from the runner process memory and the file system, encrypting the data, and exfiltrating it to the attacker-controlled server (“scan.aquasecurtiy[.]org”). Should the exfiltration attempt fail, the victim’s own GitHub account is abused to stage the stolen data in a public repository named “tpcp-docs” by making use of the captured INPUT_GITHUB_PAT, an environment variable used in GitHub Actions to pass a GitHub PAT for authentication with the GitHub API.

It’s currently not known who is behind the attack, although there are signs that the threat actor known as TeamPCP may be behind it. This assessment is based on the fact that the credential harvester self-identifies as “TeamPCP Cloud stealer” in the source code. Also known as DeadCatx3, PCPcat, PersyPCP, ShellForce, and CipherForce, the group is known for acting as a cloud-native cybercrime platform designed to breach modern cloud infrastructure to facilitate data theft and extortion. “The credential targets in this payload are consistent with the group’s broader cloud-native theft-and-monetization profile,” Socket said.

“The heavy emphasis on Solana validator key pairs and cryptocurrency wallets is less well-documented as a TeamPCP hallmark, though it aligns with the group’s known financial motivations. The self-labeling could be a false flag, but the technical overlap with prior TeamPCP tooling makes genuine attribution plausible.” Users are advised to ensure that they are using the latest safe releases - trivy 0.69.3 trivy-action 0.35.0 setup-trivy 0.2.6 “If you suspect you were running a compromised version, treat all pipeline secrets as compromised and rotate immediately,” Shakury said. Additional mitigation steps include blocking the exfiltration domain and the associated IP address (45.148.10[.]212) at the network level, and checking GitHub accounts for repositories named “tpcp-docs,” which may indicate successful exfiltration via the fallback mechanism. “Pin GitHub Actions to full SHA hashes, not version tags,” Wiz researcher Rami McCarthy said.

“Version tags can be moved to point at malicious commits, as demonstrated in this attack.” Update The supply chain attack on Trivy appears to have had a cascading impact, with threat actors leveraging the stolen data to compromise several npm packages and push malicious versions containing a self-propagating worm. More details about the activity can be found here . Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure

A critical security flaw impacting Langflow has come under active exploitation within 20 hours of public disclosure, highlighting the speed at which threat actors weaponize newly published vulnerabilities. The security defect, tracked as CVE-2026-33017 (CVSS score: 9.3), is a case of missing authentication combined with code injection that could result in remote code execution. “The POST /api/v1/build_public_tmp/{flow_id}/flow endpoint allows building public flows without requiring authentication,” according to Langflow’s advisory for the flaw. “When the optional data parameter is supplied, the endpoint uses attacker-controlled flow data (containing arbitrary Python code in node definitions) instead of the stored flow data from the database.

This code is passed to exec() with zero sandboxing, resulting in unauthenticated remote code execution.” The vulnerability affects all versions of the open-source artificial intelligence (AI) platform prior to and including 1.8.1. It has been currently addressed in the development version 1.9.0.dev8 . Security researcher Aviral Srivastava, who discovered and reported the flaw on February 26, 2026, said it’s distinct from CVE-2025-3248 (CVSS score: 9.8), another critical bug in Langflow that abused the /api/v1/validate/code endpoint to execute arbitrary Python code without requiring any authentication. It has since come under active exploitation, per the U.S.

Cybersecurity and Infrastructure Security Agency (CISA). “CVE-2026-33017 is in /api/v1/build_public_tmp/{flow_id}/flow,” Srivastava explained , adding that the root cause stems from the use of the same exec() call as CVE-2025-3248 at the end of the chain. “This endpoint is designed to be unauthenticated because it serves public flows. You can’t just add an auth requirement without breaking the entire public flows feature.

The real fix is removing the data parameter from the public endpoint entirely, so public flows can only execute their stored (server-side) flow data and never accept attacker-supplied definitions.” Successful exploitation could allow an attacker to send a single HTTP request and obtain arbitrary code execution with the full privileges of the server process. With this privilege in place, the threat actor can read environment variables, access or modify files to inject backdoors or erase sensitive data, and even obtain a reverse shell. Srivastava told The Hacker News that exploiting CVE-2026-33017 is “extremely easy” and can be triggered by means of a weaponized curl command. One HTTP POST request with malicious Python code in the JSON payload is enough to achieve immediate remote code execution, he added.

Cloud security firm Sysdig said it observed the first exploitation attempts targeting CVE-2026

33017 in the wild within 20 hours of the advisory’s publication on March 17, 2026. “No public proof-of-concept (PoC) code existed at the time,” Sysdig said. “Attackers built working exploits directly from the advisory description and began scanning the internet for vulnerable instances. Exfiltrated information included keys and credentials, which provided access to connected databases and potential software supply chain compromise.” Threat actors have also been observed moving from automated scanning to leveraging custom Python scripts in order to extract data from “/etc/passwd” and deliver an unspecified next-stage payload hosted on “173.212.205[.]251:8443.” Subsequent activity from the same IP address points in a thorough credential harvesting operation that involves gathering environment variables, enumerating configuration files and databases, and extracting the contents of .env files.

This suggests planning on part of the threat actor by staging the malware to be delivered once a vulnerable target is identified. “This is an attacker with a prepared exploitation toolkit moving from vulnerability validation to payload deployment in a single session,” Sysdig noted. It’s currently not known who is behind the attacks. The 20-hour window between advisory publication and first exploitation aligns with an accelerating trend that has seen the median time-to-exploit (TTE) shrinking from 771 days in 2018 to just hours in 2024.

According to Rapid7’s 2026 Global Threat Landscape Report , the median time from publication of a vulnerability to its inclusion in CISA’s Known Exploited Vulnerabilities (KEV) catalog dropped from 8.5 days to five days over the past year. “This timeline compression poses serious challenges for defenders. The median time for organizations to deploy patches is approximately 20 days, meaning defenders are exposed and vulnerable for far too long,” it added. “Threat actors are monitoring the same advisory feeds that defenders use, and they are building exploits faster than most organizations can assess, test, and deploy patches.

Organizations must completely reconsider their vulnerability programs to meet reality.” Users are advised to update to the latest patched version as soon as possible, audit environment variables and secrets on any publicly exposed Langflow instance, rotate keys and database passwords as a precautionary measure, monitor for outbound connections to unusual callback services, and restrict network access to Langflow instances using firewall rules or a reverse proxy with authentication. The exploration activity targeting CVE-2025 - 3248 and CVE-2026-33017 underscores how AI workloads are landing in attackers’ crosshairs owing to their access to valuable data, integration within the software supply chain, and insufficient security safeguards. “CVE-2026-33017 […] demonstrates a pattern that is becoming the norm rather than the exception: critical vulnerabilities in popular open-source tools are weaponized within hours of disclosure, often before public PoC code is even available,” Sysdig concluded. Found this article interesting?

Google Adds 24-Hour Wait for Unverified App Sideloading to Reduce Malware and Scams

Google on Thursday announced a new “advanced flow” for Android sideloading that requires a mandatory 24-hour wait period to install apps from unverified developers in an attempt to balance openness with safety. The new changes come against the backdrop of a developer verification mandate the tech giant announced last year that requires all Android apps to be registered by verified developers to be installed on certified Android devices. The move, it added, was done to flag bad actors faster and prevent them from distributing malware. This also includes potential scenarios where cybercriminals trick unsuspecting users who sideload such apps into granting them elevated privileges that make it possible to turn off Play Protect, the anti-malware feature built into all Google-certified Android devices.

However, the mandatory registration requirements have been met with criticism from over 50 app developers and marketplaces, including F-Droid, Brave, The Electronic Frontier Foundation, Proton, The Tor Project, Vivaldi, who say they risk creating friction and barriers to entry, and raise privacy and surveillance concerns in the absence of clarity about what personal information developers must provide, how this data will be stored, secured, and used, and if it could be subject to government requests or legal processes. As a way of quelling some of these thorny issues, Google has emphasized that the newly developed advanced flow allows power users to maintain the ability to sideload apps from unverified developers with a one-time process that requires them to follow the steps below - Enable developer mode in system settings. Confirm that they are taking this step of their own volition and are not being coached. Restart the phone and re-authenticate so as to prevent a scammer from monitoring what actions a user is taking.

Wait for a 24-hour period and confirm that they are really making this change with biometric authentication or device PIN. Install apps from unverified developers once users understand the risks, either indefinitely or for a period of seven days. “In that 24-hour period, we think it becomes much harder for attackers to persist their attack,” Android Ecosystem President, Sameer Samat, was quoted as saying to Ars Technica. “In that time, you can probably find out that your loved one isn’t really being held in jail or that your bank account isn’t really under attack.” Google also said it plans to offer free “limited distribution accounts” that let hobbyist developers and students share apps with up to 20 devices without having to “provide a government-issued ID or pay a registration fee.” It’s worth noting that the aforementioned process does not apply to installs via the Android Debug Bridge (ADB).

Limited distribution accounts for students and hobbyists, as well as advanced flow for users, will be available in August 2026, before the new developer verification requirements take effect the month after. “We know a ‘one size fits all’ approach doesn’t work for our diverse ecosystem,” Google said. “We want to ensure that identity verification isn’t a barrier to entry, so we’re providing different paths to fit your specific needs.” The development coincides with the emergence of a new Android malware called Perseus that’s actively targeting users in Turkey and Italy with an aim to conduct device takeover (DTO) and financial fraud. Over the four months, at least 17 Android malware families have been detected in the wild.

They include FvncBot, SeedSnatcher, ClayRat , Wonderland, Cellik, Frogblight, NexusRoute , ZeroDayRAT, Arsink (and its improved variant SURXRAT), deVixor, Phantom , Massiv , PixRevolution, TaxiSpy RAT, BeatBanker, Mirax, and Oblivion RAT . Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

The Importance of Behavioral Analytics in AI-Enabled Cyber Attacks

Artificial Intelligence (AI) is changing how individuals and organizations conduct many activities, including how cybercriminals carry out phishing attacks and iterate on malware. Now, cybercriminals are using AI to generate personalized phishing emails, deepfakes and malware that evade traditional detection by impersonating normal user activity and bypassing legacy security models. As a result, rule-based models alone are often insufficient for identity security against AI-enabled threats. Behavioral analytics must evolve beyond monitoring suspicious activity patterns over time into dynamic, identity-based risk modeling capable of identifying inconsistencies in real time.

Common risks introduced by AI-enabled attacks AI-enabled cyber attacks introduce very different security risks compared to traditional cyber threats. By relying on automation and mimicking legitimate behavior, AI allows cybercriminals to scale their attacks while reducing obvious signals to remain undetected. AI-powered phishing and social engineering Unlike traditional phishing attacks that use generic messaging, AI enables personalized phishing messages at scale using public data, impersonating the writing styles of executives or creating context-aware messages referencing real events. These AI-powered attacks can reduce obvious red flags, slip past some filtering approaches and rely on psychological manipulation instead of malware delivery, significantly increasing the risk of credential theft and financial fraud.

Automated credential abuse and account takeovers AI-enhanced credential abuse can optimize login attempts while avoiding triggering lockout thresholds, mimicking human-like timing between authentication attempts and targeting privileged accounts based on context. Since these attacks use compromised credentials, they often appear valid and blend into normal login activity, making identity security a crucial component of modern security strategies. AI-assisted malware Before cybercriminals could use AI to accelerate malware development and deployment, they had to manually modify code signatures and spend copious time creating new variants. AI can further speed up variation, scripting and adaptation.

With modern adaptive malware, cybercriminals can automatically modify code to avoid detection, change behavior based on the environment and generate new exploit variants with little to no manual effort. Since traditional signature-based detection models struggle against continuously evolving code, organizations must start relying on behavioral patterns rather than static indicators. How traditional behavioral monitoring can fail against AI-based attacks Traditional monitoring was designed to detect cyber threats driven by malware, known security vulnerabilities and visible behavioral anomalies. Here are some of the ways traditional behavioral monitoring falls short against AI-enabled attacks: Signature-based detection can’t identify modern threats: Signature-based tools rely on known signs of compromise.

AI-assisted malware constantly rewrites its own code and automatically generates new variants, making static code signatures obsolete. Rule-based systems rely on predefined thresholds: Many behavioral monitoring systems depend on rules, such as login frequency or geographic location. AI-assisted cybercriminals adjust their behavior to remain within set limits, conducting malicious activity over a longer period of time and mimicking human behavior to avoid detection. Perimeter-based models fail when compromised credentials are involved: Traditional perimeter-based security models assume trust once a user or device is authenticated.

When cybercriminals authenticate with legitimate credentials, these outdated models treat them as valid users, allowing them to carry out malicious actions. AI-based attacks are designed to appear normal: AI-based cyber threats intentionally blend in by operating within assigned permissions, following anticipated workflows and executing their activities gradually. While isolated activity may seem legitimate, the main risk is when activity is regarded in tandem with behavioral context over time. Why behavioral analytics must shift for AI-based attacks The shift to modern behavioral analytics requires an evolution from simple threat detection into dynamic, context-aware risk modeling capable of identifying subtle privilege misuse.

Identity-based attacks require context To appear normal, AI-driven cybercriminals often use credentials compromised through phishing or credential abuse, work from known devices or networks and conduct malicious activity over time to avoid detection. Modern behavioral analytics must evaluate whether even the slightest change in behavior is consistent with a user’s typical behavioral patterns. Advanced behavioral models establish baselines, assess real-time activity and combine identity, device and session context. Monitoring must extend across the entire stack Once cybercriminals gain access to systems through compromised, weak or reused credentials, they focus on gradually expanding their access.

Behavioral visibility needs to cover the full security stack, including privileged access, cloud infrastructure, endpoints, applications and administrative accounts. For behavioral analytics to be more effective against AI-based cyber attacks, organizations must enforce zero-trust security and assume that no user or device should have implicit trust or automatic authentication based on network location. Malicious insiders may use AI tools AI tools not only empower external cybercriminals but also make it easier for malicious insiders to act within an organization’s network. Malicious insiders can use AI to automate credential harvesting, identify sensitive information or generate believable phishing content.

Since insiders often operate with legitimate permissions, detecting privilege misuse requires identifying behavioral anomalies like access beyond defined responsibilities, activity outside normal business hours and repeated activity within critical systems. Eliminating standing access by enforcing Just-in-Time (JIT) access, session monitoring and session recording helps organizations limit exposure and reduce the impact of compromised accounts and insider misuse. Secure identities against autonomous AI-based cyber attacks At a time when AI agents can create convincing social engineering campaigns, test credentials at scale and reduce the hands-on effort required to run attacks, AI-enabled cyber attacks are becoming increasingly automated. Protecting both human and Non-Human Identities (NHIs) now requires more than authentication; organizations must implement continuous, context-aware behavioral analysis and granular access controls.

Modern Privileged Access Management (PAM) solutions like Keeper consolidate behavioral analytics, real-time session monitoring and JIT access to secure identities across hybrid and multi-cloud environments. Note : This article was thoughtfully written and contributed for our audience by Ashley D’Andrea, Content Writer at Keeper Security. Found this article interesting? This article is a contributed piece from one of our valued partners.

Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover

Sansec is warning of a critical security flaw in Magento’s REST API that could allow unauthenticated attackers to upload arbitrary executables and achieve code execution and account takeover. The vulnerability has been codenamed PolyShell by Sansec owing to the fact that the attack hinges on disguising malicious code as an image. There is no evidence that the shortcoming has been exploited in the wild. The unrestricted file upload flaw affects all Magento Open Source and Adobe Commerce versions up to 2.4.9-alpha2.

The Dutch security firm said the problem stems from the fact that Magento’s REST API accepts file uploads as part of the custom options for the cart item. “When a product option has type ‘file,’ Magento processes an embedded file_info object containing base64-encoded file data, a MIME type, and a filename,” it said . “The file is written to pub/media/custom_options/quote/ on the server.” Depending on the web server configuration, the flaw can enable remote code execution via PHP upload or account takeover via stored XSS. Sansec also noted that Adobe fixed the issue in the 2.4.9 pre-release branch as part of APSB25-94 , but leaves current production versions without an isolated patch.

“While Adobe provides a sample web server configuration that would largely limit the fallout, the majority of stores use a custom configuration from their hosting provider,” it added. To mitigate any potential risk, e-commerce storefronts are advised to perform the following steps - Restrict access to the upload directory (“pub/media/custom_options/”). Verify that nginx or Apache rules prevent access to the directory. Scan the stores for web shells, backdoors, and other malware.

“Blocking access does not block uploads, so people will still be able to upload malicious code if you aren’t using a specialized WAF [Web Application Firewall],” Sansec said. The development comes as Netcraft flagged an ongoing campaign involving the compromise and defacement of thousands of Magento e-commerce sites across multiple sectors and geographies. The activity, which commenced on February 27, 2026, involves the threat actor uploading plaintext files to publicly accessible web directories. “Attackers have deployed defacement txt files across approximately 15,000 hostnames spanning 7,500 domains, including infrastructure associated with prominent global brands, e-commerce platforms, and government services,” security researcher Gina Chow said .

It’s currently not clear if the attacks are exploiting a specific Magento vulnerability or misconfiguration, and they are the work of a single threat actor. The campaign has impacted infrastructure belonging to several globally recognized brands, including Asus, FedEx, Fiat, Lindt, Toyota, and Yamaha, among others. When reached for comment, Netcraft researcher Harry Everett told The Hacker News that “We haven’t seen exploitation relating to the custom_options directory described by Sansec, but have observed at least one case of a malicious PHP file uploaded to /media/customer_address, which may relate to SessionReaper exploitation. We are continuing to monitor.” (The story was updated after publication to include a response from Netcraft.) Found this article interesting?

DoJ Disrupts 3 Million-Device IoT Botnets Behind Record 31.4 Tbps Global DDoS Attacks

The U.S. Department of Justice (DoJ) on Thursday announced the disruption of command-and-control (C2) infrastructure used by several Internet of Things (IoT) botnets like AISURU, Kimwolf , JackSkid , and Mossad as part of a court-authorized law enforcement operation. The effort also saw authorities from Canada and Germany targeting the operators behind these botnets, with a number of private sector firms, including Akamai, Amazon Web Services, Cloudflare, DigitalOcean, Google, Lumen, Nokia, Okta, Oracle, PayPal, SpyCloud, Synthient, Team Cymru, Unit 221B, and QiAnXin XLab assisting in the investigation efforts. “The four botnets launched distributed denial-of-service (DDoS) attacks targeting victims around the world,” the DoJ said .

“Some of these attacks measured approximately 30 Terabits per second, which were record-breaking attacks.” In a report last month, Cloudflare attributed AISURU/Kimwolf to a massive 31.4 Tbps DDoS attack that occurred in November 2025 and lasted only 35 seconds. Towards the end of last year, the botnet was also responsible for a series of hyper-volumetric DDoS attacks that had an average size of 3 billion packets per second (Bpps), 4 Tbps, and 54 million requests per second (Mrps). Independent security journalist Brian Krebs also traced the administrator of Kimwolf to a 23-year-old Jacob Butler (aka Dort) from Ottawa, Canada. Butler told Krebs he has not used the Dort persona since 2021 and claimed someone is impersonating him after compromising his old account.

Butler also said, “he mostly stays home and helps his mom around the house because he struggles with autism and social interaction.” According to Krebs , the other prime suspect is a 15-year-old residing in Germany. No arrests have been announced. First documented by XLab in December 2025, Kimwolf has conscripted more than 2 million Android devices into its network, most of which are compromised, off-brand Android smart TVs and set-top boxes. It’s an Android-focused version of another botnet known as AISURU, which is known to be active since at least August 2024 .

In all, the four botnets are estimated to have infected no less than 3 million devices worldwide, such as digital video recorders, web cameras, or Wi-Fi routers, of which hundreds of thousands are located in the U.S. Cloudflare described the maximum attack traffic of the combined AISURU and Kimwolf botnets as equivalent to “the combined populations of the U.K., Germany, and Spain all simultaneously typing a website address and then hitting ‘enter’ at the same second.” “The Kimwolf and JackSkid botnets are accused of targeting and infecting devices which are traditionally ‘firewalled’ from the rest of the internet. The infected devices were enslaved by the botnet operators,” the DoJ said. “The operators then used a ‘cybercrime as a service’ model to sell access to the infected devices to other cyber criminals.” These infected devices were then used to conduct DDoS attacks against targets of interest across the world.

Court documents allege that the four Mirai botnet variants have issued hundreds of thousands of DDoS attack commands - AISURU - >200,000 DDoS attack commands Kimwolf - >25,000 DDoS attack commands JackSkid - >90,000 DDoS attack commands Mossad - >1,000 DDoS attack commands “Kimwolf represented a fundamental shift in how botnets operate and scale. Unlike traditional botnets that scan the open internet for vulnerable devices, Kimwolf exploited a novel attack vector: residential proxy networks,” Tom Scholl, VP/Distinguished Engineer at AWS, said in a post shared on LinkedIn. “By infiltrating home networks through compromised devices — including streaming TV boxes and other IoT devices — the botnet gained access to local networks that are typically protected from external threats by home routers.” Lumen Black Lotus Labs, in a statement shared with The Hacker News, said it has null-routed nearly 1,000 of the C2 servers used by AISURU and then Kimwolf. According to data gathered by the cybersecurity company, JackSkid averaged over 150,000 daily victims in the first two weeks of March 2026, hitting 250,000 on March 8.

Mossad averaged over 100,000 daily victims during the same period. “The problem is, there are just so many devices out there that are vulnerable that two things happened – first, Kimwolf proved to be incredibly resilient,” Ryan English, security researcher at Lumen’s Black Lotus Labs, said. “The second problem was that multiple new botnets started to emulate the technique of using the vulnerability to grow very large, very fast.” Black Lotus Labs also confirmed that the vulnerability – which affected proxy providers like IPIDEA and granted threat actors access to local network devices with Android Debug Bridge (ADB) exposed – has been exploited by JackSkid and Mossad as well to achieve the same goals as Kimwolf. This allowed them to leverage the residential proxy networks and “sweep up those bots for their own use.” XLab told the publication that it provided sample hashes, decrypted C2 configurations, and screenshots of DDoS attacks as evidence.

Akamai said the hyper-volumetric botnets generated attacks exceeding 30 Tbps, 14 billion packets per second, and 300 Mrps, adding that cybercriminals leveraged these botnets to launch hundreds of thousands of attacks and demand extortion payments from victims in some cases. “These attacks can cripple core internet infrastructure, cause significant service degradation for ISPs and their downstream customers, and even overwhelm high-capacity cloud-based mitigation services,” the web infrastructure company said . Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Apple Warns Older iPhones Vulnerable to Coruna, DarkSword Exploit Kit Attacks

Apple is urging users who are still running an outdated version of iOS to update their iPhones to secure against web-based attacks carried out via powerful exploit kits like Coruna and DarkSword . These attacks employ malicious web content to target out-of-date versions of iOS, triggering an infection chain that leads to the theft of sensitive data. “For example, if you’re using an older version of iOS and were to click a malicious link or visit a compromised website, the data on your iPhone might be at risk of being stolen,” Apple said in a support document. “We thoroughly investigated these issues as they were found and released software updates as quickly as possible for the most recent operating system versions to address vulnerabilities and disrupt such attacks.” Users who are already on the latest version of the iPhone software do not need to take any action.

This includes iOS versions 15 through 26, which come with fixes for the various security flaws weaponized by the exploit kits. For others, Apple is recommending the following course of action - Update to iOS 15.8.7, iPadOS 15.8.7, iOS 16.7.15, and iPadOS 16.7.15 for older devices that cannot update to the latest version of iOS or iPadOS. Update to iOS 15 for devices with iOS 13 or iOS 14 to receive the latest protections along with a Critical Security Update that’s expected to be pushed in the “next few days.” Consider enabling Lockdown Mode , if available, in scenarios where updating the device is not an option to reduce the attack surface and protect against malicious web content and other threats. “Keeping your software up to date is the single most important thing you can do to maintain the security of your Apple products, and devices with updated software were not at risk from these reported attacks,” Cupertino noted.

Apple’s advisory comes in the wake of recent reports about two iOS exploits that have been put to use by multiple threat actors of varied motivations to steal sensitive data from compromised devices. These kits are delivered through a watering hole attack via compromised websites. iVerify said the discoveries show that iOS vulnerabilities, which were once being abused to selectively target individuals in state-sponsored mobile spyware attacks, are being exploited on a mass-scale by other threat actors. “The exploit’s relative simplicity to deploy, along with its quick adoption by multiple threat actors in multiple countries, signals that these powerful tools are now readily available on the secondary market for less-sophisticated actors,” Spencer Parker, chief product officer at iVerify, said , adding, “nation-state-grade mobile exploitation is now available for mass attack.” “This represents a new level of scale, making widespread mobile attacks a critical and unavoidable concern for all enterprises.

The evidence confirms that these exploits are easy to repurpose and redeploy, making it highly likely that modified deployments are actively infecting unpatched users.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Speagle Malware Hijacks Cobra DocGuard to Steal Data via Compromised Servers

Cybersecurity researchers have flagged a new malware dubbed Speagle that hijacks the functionality and infrastructure of a legitimate program called Cobra DocGuard. “Speagle is designed to surreptitiously harvest sensitive information from infected computers and transmit it to a Cobra DocGuard server that has been compromised by the attackers, masking the data exfiltration process as legitimate communications between client and server,” Symantec and Carbon Black researchers said in a report published today. Cobra DocGuard is a document security and encryption platform developed by EsafeNet. The abuse of this software in real-world attacks has been publicly recorded twice to date.

In January 2023, ESET documented an intrusion where a gambling company in Hong Kong was compromised in September 2022 via a malicious update pushed by the software. Later that August, Symantec highlighted the activity of a new threat cluster codenamed Carderbee, which was found using a trojanized version of the program to deploy PlugX, a backdoor widely used by Chinese hacking groups like Mustang Panda. The attacks targeted multiple organizations in Hong Kong and other Asian countries. Speagle remains unattributed to date.

But what makes the malware noteworthy is that it’s designed to gather and exfiltrate data from only those systems that have the Cobra DocGuard data protection software installed. The activity is being tracked under the moniker Runningcrab. “This indicates deliberate targeting, possibly to facilitate intelligence collection or industrial espionage,” the Broadcom-owned threat hunting teams said. “At present, we believe the most likely hypotheses are that it is either the work of a state-sponsored actor or the work of a private contractor available for hire.” Exactly how the malware is delivered to victims is unknown, although it’s suspected that it may have been done via a supply chain attack, as evidenced by the two aforementioned cases.

In addition, the central role played by the security software and its infrastructure deserves a mention. Not only does Speagle use a legitimate Cobra DocGuard server for command-and-control (C2) and as a data exfiltration point, it also invokes a driver associated with the program to delete itself from the compromised host. The 32-bit .NET executable, once launched, first checks the installation folder of Cobra DocGuard and then proceeds to harvest and transmit data from the infected machine in phases. This includes details about the system and files located in specific folders, such as those that contain web browser history and autofill data.

What’s more, one variant of Speagle has been found to incorporate additional functionality to turn on/off certain types of data collection, as well as search for files related to Chinese ballistic missiles like Dongfeng-27 (aka DF-27). “Speagle is a novel, parasitic threat that cleverly makes use of Cobra DocGuard’s client to mask its malicious activity and its infrastructure to hide exfiltration traffic,” researchers said. “Its developer no doubt took notice of previous supply chain attacks using the software and may have selected it both for its perceived vulnerability and its high rate of use among targeted organizations.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.