2026-04-04 AI创业新闻

China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

A China-aligned threat actor has set its sights on European government and diplomatic organizations since mid-2025, following a two-year period of minimal targeting in the region. The campaign has been attributed to TA416 , a cluster of activity that overlaps with DarkPeony, RedDelta, Red Lich, SmugX, UNC6384, and Vertigo Panda. “This TA416 activity included multiple waves of web bug and malware delivery campaigns against diplomatic missions to the European Union and NATO across a range of European countries,” Proofpoint researchers Mark Kelly and Georgi Mladenov said . “Throughout this period, TA416 regularly altered its infection chain, including abusing Cloudflare Turnstile challenge pages, abusing OAuth redirects, and using C# project files, as well as frequently updating its custom PlugX payload.” TA416 has also been observed orchestrating multiple campaigns aimed at diplomatic and government entities in the Middle East following the outbreak of the U.S.-Israel-Iran conflict in late February 2026.

The effort is likely an attempt to gather regional intelligence pertaining to the conflict, the enterprise security company added. It’s worth mentioning here that TA416 also shares historical technical overlaps with another cluster known as Mustang Panda (aka CerenaKeeper, Red Ishtar, and UNK_SteadySplit). The two activity groups are collectively tracked under the monikers Earth Preta, Hive0154, HoneyMyte, Stately Taurus, Temp.HEX, and Twill Typhoon. While TA416’s attacks are characterized by the use of bespoke PlugX variants, the Mustang Panda cluster has repeatedly deployed tools like TONESHELL, PUBLOAD, and COOLCLIENT in recent attacks.

What’s common to both of them is the use of DLL side-loading to launch the malware. TA416’s renewed focus on European entities is driven a mix of web bug and malware delivery campaigns, with the threat actors using freemail sender accounts to conduct reconnaissance and deploy the PlugX backdoor via malicious archives hosted on Microsoft Azure Blob Storage, Google Drive, domains under their control, and compromised SharePoint instances. The PlugX malware campaigns were previously documented by StrikeReady and Arctic Wolf in October 2025. “A web bug (or tracking pixel) is a tiny invisible object embedded in an email that triggers an HTTP request to a remote server when opened, revealing the recipient’s IP address, user agent, and time of access, allowing the threat actor to assess whether the email was opened by the intended target,” Proofpoint said.

Attacks carried out by TA416 in December 2025 have been found to leverage third-party Microsoft Entra ID cloud applications to initiate redirects that lead to the download of malicious archives. Phishing emails used as part of this attack wave contain a link to Microsoft’s legitimate OAuth authorization endpoint that, when clicked, redirects the user to the attacker-controlled domain and ultimately deploys PlugX. The use of this technique has not escaped Microsoft’s notice, which last month warned of phishing campaigns targeting government and public-sector organizations that employ OAuth URL redirection mechanisms to bypass conventional phishing defenses implemented in email and browsers. Further refinements to the attack chain were observed in February 2026, when TA416 began linking to archives hosted on Google Drive or a compromised SharePoint instance.

The downloaded archives, in this case, include a legitimate Microsoft MSBuild executable and a malicious C# project file. “When the MSBuild executable is run, it searches the current directory for a project file and automatically builds it,” the researchers said. “In the observed TA416 activity, the CSPROJ file acts as a downloader, decoding three Base64-encoded URLs to fetch a DLL side-loading triad from a TA416-controlled domain, saving them to the user’s temp directory, and executing a legitimate executable to load PlugX via the group’s typical DLL side-loading chain.” The PlugX malware remains a consistent presence throughout TA416’s intrusions, although the legitimate, signed executables abused for DLL side-loading have varied over time. The backdoor is also known to establish an encrypted communication channel with its command-and-control (C2) server, but not before performing anti-analysis checks to sidestep detection.

PlugX accepts five different commands - 0x00000002 , to capture system information 0x00001005 , to uninstall the malware 0x00001007 , to adjust beaconing interval and timeout parameter 0x00003004 , to download a new payload (EXE, DLL, or DAT) and execute it 0x00007002 , to open a reverse command shell “TA416’s shift back to European government targeting in mid-2025, following two years of focus on Southeast Asia and Mongolia, is consistent with a renewed intelligence-collection focus against EU and NATO-affiliated diplomacy entities,” Proofpoint said. “In addition, TA416’s expansion to Middle Eastern government targeting in March 2026 further highlights how the group’s tasking prioritization is likely influenced by geopolitical flashpoints and escalations. Throughout this period, the group has shown a willingness to iterate on infection chains, cycling through using fake Cloudflare Turnstile pages, OAuth redirect abuse, and MSBuild-based delivery, while continuing to update its customized PlugX backdoor.” The disclosure comes as Darktrace revealed that Chinese‑nexus cyber operations have evolved from strategically-aligned activity in the 2010s to highly adaptive, identity-centric intrusions with an intent to establish long-term persistence within critical infrastructure networks. Based on a review of attack campaigns between July 2022 and September 2025, U.S.-based organizations accounted for 22.5% of all global events, followed by Italy, Spain, Germany, Thailand, the U.K., Panama, Colombia, the Philippines, and Hong Kong.

A majority of cases (63%) involved the exploitation of internet-facing infrastructure (e.g., CVE-2025-31324 and CVE-2025-0994 ) to obtain initial access. “In one notable case, the actor had fully compromised the environment and established persistence, only to resurface in the environment more than 600 days after,” Darktrace said . “The operational pause underscores both the depth of the intrusion and the actor’s long‑term strategic intent.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Threat actors are increasingly using HTTP cookies as a control channel for PHP-based web shells on Linux servers and to achieve remote code execution, according to findings from the Microsoft Defender Security Research Team. “Instead of exposing command execution through URL parameters or request bodies, these web shells rely on threat actor-supplied cookie values to gate execution, pass instructions, and activate malicious functionality,” the tech giant said . The approach offers added stealth as it allows malicious code to stay dormant during normal application execution and activate the web shell logic only when specific cookie values are present. This behavior, Microsoft noted, extends to web requests, scheduled tasks, and trusted background workers.

The malicious activity takes advantage of the fact that cookie values are available at runtime through the $_COOKIE superglobal variable, allowing attacker-supplied inputs to be consumed without additional parsing. What’s more, the technique is unlikely to raise any red flags as cookies blend into normal web traffic and reduce visibility. The cookie-controlled execution model comes in different implementations - A PHP loader that uses multiple layers of obfuscation and runtime checks before parsing structured cookie input to execute an encoded secondary payload. A PHP script that segments structured cookie data to reconstruct operational components such as file handling and decoding functions, and conditionally writes a secondary payload to disk and executes it.

A PHP script that uses a single cookie value as a marker to trigger threat actor-controlled actions, including execution of supplied input and file upload. In at least one case, threat actors have been found to obtain initial access to a victim’s hosted Linux environment through valid credentials or the exploitation of a known security vulnerability to set up a cron job that invokes a shell routine periodically to execute an obfuscated PHP loader. This ”self-healing” architecture allows the PHP loader to be repeatedly recreated by the scheduled task even if it was removed as part of cleanup and remediation efforts, thereby creating a reliable and persistent remote code execution channel. Once the PHP loader is deployed, it remains inactive during normal traffic and springs into action upon receiving HTTP requests with specific cookie values.

“By shifting execution control into cookies, the web shell can remain hidden in normal traffic, activating only during deliberate interactions,” Microsoft added. “By separating persistence through cron-based re-creation from execution control through cookie-gated activation, the threat actor reduced operational noise and limited observable indicators in routine application logs.” A common aspect that ties together all the aforementioned implementations is the use of obfuscation to conceal sensitive functionality and cookie-based gating to initiate the malicious action, while leaving a minimal interactive footprint. To counter the threat, Microsoft recommends enforcing multi-factor authentication for hosting control panels, SSH access, and administrative interfaces; monitoring for unusual login activity; restricting the execution of shell interpreters; auditing cron jobs and scheduled tasks across web servers; checking for suspicious file creation in web directories; and limiting hosting control panels’ shell capabilities. “The consistent use of cookies as a control mechanism suggests reuse of established web shell tradecraft,” Microsoft said.

“By shifting control logic into cookies, threat actors enable persistent post-compromise access that can evade many traditional inspection and logging controls.” “Rather than relying on complex exploit chains, the threat actor leveraged legitimate execution paths already present in the environment, including web server processes, control panel components, and cron infrastructure, to stage and preserve malicious code.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

The maintainer of the Axios npm package has confirmed that the supply chain compromise was the result of a highly-targeted social engineering campaign orchestrated by North Korean threat actors tracked as UNC1069 . Maintainer Jason Saayman said the attackers tailored their social engineering efforts “specifically to me” by first approaching him under the guise of the founder of a legitimate, well-known company. “They had cloned the company’s founders’ likeness as well as the company itself,” Saayman said in a post-mortem of the incident. “They then invited me to a real Slack workspace.

This workspace was branded to the company’s CI and named in a plausible manner. The Slack [workspace] was thought out very well; they had channels where they were sharing LinkedIn posts.” Subsequently, the threat actors are said to have scheduled a meeting with him on Microsoft Teams. Upon joining the fake call, he was presented with a fake error message that stated “something on my system was out of date.” As soon as the update was triggered, the attack led to the deployment of a remote access trojan. The access afforded by the trojan enabled the attackers to steal the npm account credentials necessary to publish two trojanized versions of the Axios npm package (1.14.1 and 0.30.4) containing an implant named WAVESHAPER.V2.

“Everything was extremely well coordinated, looked legit, and was done in a professional manner,” Saayman added. Source: Kaspersky The attack chain described by the project maintainer shares considerable overlaps with tradecraft associated with UNC1069 and BlueNoroff. Details of the campaign were extensively documented by Huntress and Kaspersky last year, with the latter tracking it under the moniker GhostCall. In these attacks, users are displayed an error message seconds after joining the call, stating that their system is not functioning properly and instructing them to download a malicious Zoom or Teams SDK through a ClickFix -like pop-up message.

Depending on the operating system of the victim, this action leads to the execution of an AppleScript (for macOS) or a PowerShell (for Windows) script. One of the malicious payloads deployed as part of the attack chain is a Nim-based macOS backdoor (or a Go variant written for Windows) called CosmicDoor that delivers a comprehensive stealer suite dubbed SilentSiphon to capture credentials from web browsers and password managers, and secrets associated with GitHub, GitLab, Bitbucket, npm, Yarn, Python pip, RubyGems, Rust argo, and .NET NuGet. “Historically, […] these specific guys have gone after crypto founders, VCs, public people,” security researcher Taylor Monahan said. “They social engineer them and take over their accounts and target the next round of people.

This evolution to targeting [OSS maintainers] is a bit concerning in my opinion.” As preventive steps, Saayman has outlined several changes, including resetting all devices and credentials, setting up immutable releases, adopting OIDC flow for publishing, and updating GitHub Actions to adopt best practices. The findings demonstrate how open-source project maintainers are increasingly becoming the target of sophisticated attacks, effectively allowing threat actors to target downstream users at scale by publishing poisoned versions of highly popular packages. With Axios attracting nearly 100 million weekly downloads and being used heavily across the JavaScript ecosystem, the blast radius of such a supply chain attack can be massive as it propagates swiftly through direct and transitive dependencies. “A package as widely used as Axios being compromised shows how difficult it is to reason about exposure in a modern JavaScript environment,” Socket’s Ahmad Nassri said .

“It is a property of how dependency resolution in the ecosystem works today.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Why Third-Party Risk Is the Biggest Gap in Your Clients’ Security Posture

The next major breach hitting your clients probably won’t come from inside their walls. It’ll come through a vendor they trust, a SaaS tool their finance team signed up for, or a subcontractor nobody in IT knows about. That’s the new attack surface, and most organizations are underprepared for it. Cynomi’s new guide, Securing the Modern Perimeter: The Rise of Third-Party Risk Management , makes the case that TPRM is no longer a compliance formality.

It’s a frontline security challenge and a defining growth opportunity for MSPs and MSSPs who get ahead of it. The Modern Perimeter Has Expanded For decades, cybersecurity strategy revolved around a defined perimeter. Firewalls, endpoint controls, and identity management systems were deployed to protect assets within a known boundary. That boundary has dissolved.

Today, client data lives in third-party SaaS applications, flows through vendor APIs, and is processed by subcontractors that internal IT teams may not even know about. Security no longer stops at owned infrastructure. It extends across an interconnected ecosystem of external providers, and the accountability that comes with it extends there, too. The 2025 Verizon Data Breach Investigations Report found that third parties are involved in 30% of breaches.

IBM’s 2025 Cost of a Data Breach Report puts the average remediation cost of a third-party breach at $4.91 million. Third-party exposure has become a core feature of modern business operations, not an edge case. For proactive service providers, this shift creates a substantial opportunity. Organizations facing mounting third-party threats are looking for strategic partners who can own, streamline, and continuously manage the entire third-party risk lifecycle.

Service providers who step into that role can introduce new service offerings, deliver higher-value consulting, and establish themselves as central to their clients’ security and compliance programs. From Checkbox to Core Risk Function The traditional approach to vendor risk relied on annual questionnaires, spreadsheets, and the occasional follow-up email. It was never adequate, and it’s especially costly now. Regulatory frameworks like CMMC, NIS2, and DORA have raised the bar significantly.

Compliance now requires demonstrable, ongoing oversight of third-party controls, not a point-in-time snapshot from twelve months ago. Boards are asking harder questions about vendor exposure. Cyber insurers are scrutinizing supply chain hygiene before writing policies. And clients who’ve watched competitors absorb the fallout from a vendor’s breach understand that “it wasn’t our system” doesn’t limit their liability.

The market is responding accordingly. Global TPRM spending is projected to grow from $8.3 billion in 2024 to $18.7 billion by 2030. Organizations are treating vendor oversight as a governance function, on par with incident response or identity management, because the cost of ignoring it has become too high. For service providers, that budget allocation is a clear signal.

Clients are actively looking for partners who can own and manage vendor oversight as a defined, ongoing service. Scaling TPRM Is Where Most Providers Get Stuck Most MSPs and MSSPs recognize the opportunity. The hesitation comes down to delivery, and specifically to whether TPRM can be executed profitably at scale. Traditional vendor review relies on fragmented workflows and manual analysis.

Custom assessments must be sent, tracked, and interpreted, and risk must be tiered against each client’s specific obligations. This work often falls to senior consultants, making it expensive and hard to delegate. Multiplying this effort across a client portfolio with different vendor ecosystems, compliance needs, and risk tolerances can be unsustainable. This is why many providers offer TPRM as a one-off project instead of a recurring managed service.

But that’s also where the opportunity lies. Cynomi’s Securing the Modern Perimeter guide outlines how structured, technology-enabled TPRM can shift from a bespoke consulting engagement into a repeatable, high-margin service line that strengthens client retention, drives upsell, and positions service providers as integral partners in their clients’ security programs. Turning TPRM Into a Revenue Engine Third-party risk is a conversation starter that never runs out of material. Every new vendor a client onboards creates a potential risk discussion.

Regulatory updates are natural reasons to revisit vendor programs, and every breach in the news that traces back to a third party reinforces the stakes. TPRM, done well, keeps service providers embedded in client strategy rather than relegated to reactive support, and that positioning changes the nature of the relationship entirely. Providers who build out structured TPRM capabilities find that it opens doors to: Broader security advisory work Higher retainer values Stronger client relationships built on genuine business impact Differentiation in a crowded managed services market Credible third-party risk governance, signaling maturity to prospective clients The Bottom Line Third-party risk isn’t going away. The vendor ecosystems your clients depend on will keep growing more complex, with more SaaS platforms, AI-powered tools, subcontractors, and regulatory scrutiny layered on top.Organizations that manage this exposure well will have a meaningful advantage in resilience and compliance.

Building a structured, scalable TPRM practice that delivers consistent oversight across your portfolio creates far more leverage than adding headcount or assembling bespoke programs from scratch for every client. The infrastructure you build once pays dividends across every account. Cynomi’s Securing the Modern Perimeter: The Rise of Third-Party Risk Management is a practical starting point. It covers the full scope of modern third-party risk, what a governance-grade TPRM program looks like, and how service providers can build and scale this capability without sacrificing margins.

Discover how Cynomi helps MSPs and MSSPs operationalize TPRM at scale , or request a demo to explore how it fits your service model. Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images

Cybersecurity researchers have discovered a new version of the SparkCat malware on the Apple App Store and Google Play Store, more than a year after the trojan was discovered targeting both the mobile operating systems. The malware has been found to conceal itself within seemingly benign apps, such as enterprise messengers and food delivery services, while silently scanning victims’ photo galleries for cryptocurrency wallet recovery phrases. Russian cybersecurity company Kaspersky said it found two infected apps on the App Store and one on the Google Play Store that primarily target cryptocurrency users in Asia. “The iOS variant, however, takes a different approach as it scans for cryptocurrency wallet mnemonic phrases, which are in English,” the company said.

“This makes the iOS variant potentially broader in reach, as it can affect users regardless of their region.” The improved version of SparkCat for Android incorporates several obfuscation layers compared to previous iterations. This includes the use of code virtualization and cross-platform programming languages to sidestep analysis efforts. What’s more, the Android version scans for Japanese, Korean, and Chinese keywords, indicating an Asian focus. SparkCat was first documented by Kaspersky in February 2025, highlighting its ability to leverage an optical character recognition (OCR) model to exfiltrate select images containing wallet recovery phrases from photo libraries to an attacker-controlled server.

The latest improvements to the malware show that it’s an actively evolving threat, not to mention the technical capabilities of the threat actors behind the operation. Kaspersky had previously assessed the malicious activity to be the work of a Chinese-speaking operator. “The updated variant of SparkCat requests access to view photos in a user’s smartphone gallery in certain scenarios — just like the very first version of the Trojan,” Kaspersky researcher Sergey Puzan told The Hacker News. “It analyzes the text in stored images using an optical character recognition module.” “If the stealer finds relevant keywords, it sends the image to the attackers.

Considering the similarities of the current sample and the previous one, we believe that the developers of the new version of malware are the same. This campaign again underscores the importance of using security solutions for smartphones to stay protected against a broad range of cyberthreats.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Solana-based decentralized exchange Drift has confirmed that attackers drained about $285 million from the platform during a security incident that took place on April 1, 2026. “Earlier today, a malicious actor gained unauthorized access to Drift Protocol through a novel attack involving durable nonces, resulting in a rapid takeover of Drift’s Security Council administrative powers,” the company said in a series of posts on X. “This was a highly sophisticated operation that appears to have involved multi-week preparation and staged execution, including the use of durable nonce accounts to pre-sign transactions that delayed execution.” Drift noted that the attack did not exploit a vulnerability in its programs or smart contracts, and that there is no evidence of compromised seed phrases. Rather, the breach is said to have “involved unauthorized or misrepresented transaction approvals obtained prior to execution, likely facilitated through durable nonce mechanisms and sophisticated social engineering,” it explained.

To that end, the threat actors obtained sufficient multi-signature (multisig) approvals and executed a malicious admin transfer within minutes to gain control of protocol-level permissions, ultimately leveraging it to “introduce a malicious asset and remove all pre-set withdrawal limits, attacking existing funds.” According to a timeline of events shared by Drift, preparations for the hack were underway as early as March 23, 2026. The company said it’s coordinating with multiple security firms to determine the cause of the incident, adding it’s working with bridges, exchanges, and law enforcement to trace and freeze the stolen assets. A PIF Research Labs analysis reveals that the assets were drained within 10 seconds. “From first withdrawal (41.72M JLP at 16:06:09) to last primary withdrawal (2,200 wETH at 16:06:19),” it said.

“The major vaults were emptied in the time it takes to send a text.” In separate reports published Thursday, both Elliptic and TRM Labs said there are on-chain indications that North Korean crypto thieves may be behind the cryptocurrency heist. This included the use of Tornado Cash for initial staging, as well as the cross-chain bridging patterns and the speed and scale of post-hack laundering that are consistent with hacks previously attributed to North Korean threat actors, including the massive Bybit exploit of 2025 . “The critical vulnerability was not a smart contract bug but a combination of social engineering multisig signers into pre-signing hidden authorizations and a zero-timelock Security Council migration that eliminated the protocol’s last line of defense,” TRM Labs said . “The attacker manufactured an entirely fictitious asset — CarbonVote Token — with a few thousand dollars in seeded liquidity and wash trading, and Drift’s oracles treated it as legitimate collateral worth hundreds of millions of dollars.” The blockchain intelligence firm also pointed out that the CarbonVote Token was deployed at 09:30 Pyongyang time.

Elliptic, in its own analysis of the security incident, said the on-chain behavior, laundering methodologies, and network-level indicators align with known tradecraft associated with threat actors from the Democratic People’s Republic of Korea (DPRK). The company also noted that, if confirmed, this incident “would represent the eighteenth DPRK act” it has tracked since the start of the year, with more than $300 million stolen to date. “It is a continuation of the DPRK’s sustained campaign of large-scale cryptoasset theft, which the US government has linked to the funding of its weapons programs,” Elliptic said . “DPRK-linked actors are believed to have stolen over $6.5 billion dollars in cryptoassets in recent years.” The North Korean cryptoasset theft operation is estimated to have netted a record $2 billion in 2025, out of which approximately $1.46 billion originated from the hack of Bybit in February 2025.

Social engineering remains the primary initial access pathway through which these attacks are executed, leveraging persuasive personas and decoys to target the cryptocurrency and Web3 sectors through campaigns tracked as DangerousPassword (aka CageyChameleon, CryptoMimic, and CryptoCore) and Contagious Interview . As of late February 2026, the combined gains from the twin campaigns total $37.5 million this year. “The DPRK’s cryptoasset theft operation is not a series of isolated incidents. It is a sustained, well-resourced campaign that is growing in scale and sophistication,” Elliptic said .

“The evolution of the DPRK’s social engineering techniques, combined with the increasing availability of AI to refine and perfect these methods, means the threat extends well beyond exchanges. Individual developers, project contributors and anyone with access to cryptoasset infrastructure is a potential target.” The development coincides with the supply chain compromise of the popular Axios npm package, which multiple security vendors, including Google, Microsoft, CrowdStrike, and Sophos, have attributed to a North Korean hacking group called UNC1069, which overlaps with BlueNoroff, CryptoCore, Nickel Gladstone, Sapphire Sleet, and Stardust Chollima. “This state-sponsored group focuses on generating revenue for the North Korean regime,” Sophos said . “The artifacts include identical forensic metadata and command-and-control (C2) patterns, as well as connections to malware exclusively used by Nickel Gladstone.

Based on these artifacts, it is highly likely that Nickel Gladstone is responsible for the Axios attacks.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

A large-scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as an initial infection vector to steal database credentials, SSH private keys, Amazon Web Services (AWS) secrets, shell command history, Stripe API keys, and GitHub tokens at scale. Cisco Talos has attributed the operation to a threat cluster it tracks as UAT-10608 . At least 766 hosts spanning multiple geographic regions and cloud providers have been compromised as part of the activity. “Post-compromise, UAT-10608 leverages automated scripts for extracting and exfiltrating credentials from a variety of applications, that are then posted to its command-and-control (C2),” security researchers Asheer Malhotra and Brandon White said in a report shared with The Hacker News ahead of publication.

“The C2 hosts a web-based graphical user interface (GUI) titled ‘NEXUS Listener’ that can be used to view stolen information and gain analytical insights using precompiled statistics on credentials harvested and hosts compromised.” The campaign is assessed to be targeting Next.js applications that are vulnerable to CVE-2025-55182 (CVSS score: 10.0), a critical flaw in React Server Components and Next.js App Router that could result in remote code execution, for initial access, and then dropping the NEXUS Listener collection framework. This is accomplished by means of a dropper that proceeds to deploy a multi-phase harvesting script that collects various details from the compromised system - Environment variables JSON-parsed environment from JS runtime SSH private keys and authorized_keys Shell command history Kubernetes service account tokens Docker container configurations (running containers, their images, exposed ports, network configurations, mount points, and environment variables) API keys IAM role-associated temporary credentials by querying the Instance Metadata Service for AWS, Google Cloud, and Microsoft Azure Running processes The cybersecurity company said the breadth of the victim set and the indiscriminate targeting pattern align with automated scanning, likely leveraging services like Shodan, Censys, or custom scanners, to identify publicly reachable Next.js deployments and probe them for the vulnerability. Central to the framework is a password-protected web application that makes all the stolen data available to the operator via a graphical user interface that features search capabilities to sift through the information. “The application contains a listing of several statistics, including the number of hosts compromised and the total number of each credential type that were successfully extracted from those hosts,” Talos said.

“The web application allows a user to browse through all of the compromised hosts. It also lists the uptime of the application itself.” The current version of NEXUS Listener is V3, indicating that the tool has undergone substantial development iterations before reaching the current stage. Talos, which was able to obtain data from an unauthenticated NEXUS Listener instance, said it contained API keys associated with Stripe, artificial intelligence platforms (OpenAI, Anthropic, and NVIDIA NIM), communication services (SendGrid and Brevo), along with Telegram bot tokens, webhook secrets, GitHub and GitLab tokens, database connection strings, and other application secrets. The extensive data gathering operation highlights how bad actors could weaponize access to compromised hosts to stage follow-on attacks.

Organizations are advised to audit their environments to enforce the principle of least privilege, enable secret scanning, avoid reusing SSH key pairs, implement IMDSv2 enforcement on all AWS EC2 instances, and rotate credentials if compromise is suspected. “Beyond the immediate operational value of individual credentials, the aggregate dataset represents a detailed map of the victim organizations’ infrastructure: what services they run, how they’re configured, what cloud providers they use, and what third-party integrations are in place,” the researchers said. “This intelligence has significant value for crafting targeted follow-on attacks, social engineering campaigns, or selling access to other threat actors.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise

Cisco has released updates to address a critical security flaw in the Integrated Management Controller (IMC) that, if successfully exploited, could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system with elevated privileges. The vulnerability, tracked as CVE-2026-20093, carries a CVSS score of 9.8 out of a maximum of 10.0. “This vulnerability is due to incorrect handling of password change requests,” Cisco said in an advisory released Wednesday. “An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device.” “A successful exploit could allow the attacker to bypass authentication, alter the passwords of any user on the system, including an Admin user, and gain access to the system as that user.” Security researcher “jyh” has been credited with discovering and reporting the vulnerability.

The shortcoming affects the following products regardless of the device configuration - 5000 Series Enterprise Network Compute Systems (ENCS) - Fixed in 4.15.5 Catalyst 8300 Series Edge uCPE - Fixed in 4.18.3 UCS C-Series M5 and M6 Rack Servers in standalone mode - Fixed in 4.3(2.260007), 4.3(6.260017), and 6.0(1.250174) UCS E-Series Servers M3 - Fixed in 3.2.17 UCS E-Series Servers M6 - Fixed in 4.15.3 Another critical vulnerability patched by Cisco impacts Smart Software Manager On-Prem (SSM On-Prem), which could enable an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. The vulnerability, CVE-2026-20160 (CVSS score: 9.8), stems from an unintentional exposure of an internal service. “An attacker could exploit this vulnerability by sending a crafted request to the API of the exposed service,” Cisco said . “A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges.” Patches for the flaw have been released in Cisco SSM On-Prem version 9-202601.

Cisco said the vulnerability was discovered internally during the resolution of a Cisco Technical Assistance Center (TAC) support case. While neither of the vulnerabilities has been exploited in the wild, number of recently disclosed security flaws in Cisco products have been weaponized by threat actors. In the absence of a workaround, customers are recommended to update to the fixed version for optimal protection. Found this article interesting?

ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories

The latest ThreatsDay Bulletin is basically a cheat sheet for everything breaking on the internet right now. No corporate fluff or boring lectures here, just a quick and honest look at the messy reality of keeping systems safe this week. Things are moving fast. The list includes researchers chaining small bugs together to create massive backdoors, old software flaws coming back to haunt us, and some very clever new tricks that let attackers bypass security logs entirely without leaving a trace.

We are also seeing sketchier traffic on the underground and the usual supply chain mess, where one bad piece of code threatens thousands of apps. It is definitely worth a quick scan before you log off for the day, if only to make sure none of this is sitting in your own network. Let’s get into it. Pre-auth RCE chain exposed Security Flaws in Progress ShareFile watchTower Labs has disclosed two security flaws in Progress ShareFile (CVE-2026-2699 and CVE-2026-2701) that could be chained to achieve pre-authenticated remote code execution.

While CVE-2026-2699 is an authentication bypass via the “/ConfigService/Admin.aspx” endpoint, CVE-2026-2701 refers to a case of post-authenticated remote code execution. An attacker could combine the two vulnerabilities to sidestep authentication and upload web shells. Progress released fixes for the vulnerabilities with Storage Zone Controller 5.12.4 released on March 10, 2026. There are about 30,000 internet-facing instances, making patching against the flaws crucial.

Rootkit spreads via 50+ apps Operation Novoice Rootkit Campaign Targets Older Android Devices A new Android malware named NoVoice has been distributed via more than 50 apps that were downloaded at least 2.3 million times. While apps masqueraded as utilities, image galleries, and games, and offered the advertised functionality, the malware attempted to obtain root access on the device by exploiting 22 Android vulnerabilities that received patches between 2016 and 2021. “If the exploits succeed, the malware gains full control of the device,” McAfee Labs said . “From that moment onward, every app that the user opens is injected with attacker-controlled code.

This allows the operators to access any app data and exfiltrate it to their servers.” The malware avoids infecting devices in certain regions, like Beijing and Shenzhen in China, and implements more than a dozen checks for emulators, debuggers, and VPNs. It then contacts a remote server to send device information and fetch appropriate exploits to gain root access and disable SELinux. Upon gaining elevated access, the rootkit modifies system libraries to facilitate the execution of malicious code when specific apps are opened, install arbitrary apps, and enable persistence. NoVoice has been found to share some level of overlap with Triada .

One of the targeted apps is WhatsApp, which enabled the malware to harvest data from the app as soon as it was launched. Google has since removed the apps. The highest concentration of infections has been reported in Nigeria, Ethiopia, Algeria, India, and Kenya. FBI flags foreign app risks FBI Warns of Risky Foreign-Developed Mobile Apps The U.S.

Federal Bureau of Investigation (FBI) is warning of the data security risks associated with foreign-developed mobile applications. “As of early 2026, many of the most downloaded and top-grossing apps in the United States are developed and maintained by foreign companies, particularly those based in China,” the FBI said . “The apps that maintain digital infrastructure in China are subject to China’s extensive national security laws, enabling the Chinese government to potentially access mobile app users’ data.” The bureau also warned that these apps may harvest contact information under the pretext of inviting friends to use them, store personal data in Chinese servers, or contain malware that could collect data beyond what is authorized by the user. “This could include malicious code and hard-to-remove malware designed to exploit known vulnerabilities in various operating systems and insert a backdoor for escalated privileges, such as enabling the download and execution of additional malicious packages designed to provide unauthorized access to users’ data,” it added.

The FBI did not name the apps, but TikTok, Shein, Temu, and DeepSeek fit the profile. New bureau targets cyber threats U.S. Activates Bureau of Emerging Threats The U.S. State Department has officially launched the Bureau of Emerging Threats , a new unit tasked with protecting U.S.

national security against cyber attacks against critical infrastructure, threats in the space domain, and misuse of artificial intelligence (AI) and other advanced technology risks from Iran, China, Russia, and North Korea. Cybercrime kingpin extradited HuiOne Group Former Chairman Extradited to China Li Xiong, the former chairman of a Cambodian financial conglomerate, HuiOne , has been extradited to China. He has been accused of operating gambling dens, fraud, unlawful business operations, and money laundering. According to Xinhua , Li is said to be a key member of the transnational cybercrime syndicate masterminded by Chen Zhi , the chairman of Prince Group, who was extradited to China in January 2026 and has been indicted by the U.S.

for operating large-scale, forced-labor “pig butchering” scam compounds in Southeast Asia. In May 2025, the U.S. Treasury’s Financial Crimes Enforcement Network labeled Huione Group “a financial institution of primary money laundering concern.” Gmail username change arrives Google Officially Rolls Out the Ability to Change Email Address Google said it’s rolling out the ability to change a username to Google Account users in the U.S. “Your previous Google Account email ending in gmail.com will become an alternate email address,” Google said in a support document.

“You’ll receive emails to both your old and new addresses. The data saved in your account won’t be affected. This includes things like photos, messages, and emails sent to your previous email address.” While users can change back to their previous email address at any time, it’s not possible to create a new Google Account email ending in gmail.com for the next 12 months. The new email address cannot be deleted either.

Court halts AI risk label U.S. Court Blocks Supply Chain Risk Designation A U.S. federal judge has temporarily blocked the Trump administration’s designation of Anthropic as a supply chain risk . The AI company had argued that the designation was causing immediate and irreparable harm.

“Nothing in the governing statute supports the Orwellian notion that an American company may be branded a potential adversary and saboteur of the U.S. for expressing disagreement with the government,” District Judge Rita Lin wrote in the ruling. Phishing apps target mobile users Threat Actors Target Android and iOS Users in Phishing Campaign Cybercriminals have set their sights on Android users through a new phishing scheme that disguises malicious applications as beta-testing opportunities for ChatGPT and Meta advertising tools. In these attacks, what appears to be an invitation to advertising apps turns out to be a carefully planned attempt to steal Facebook credentials and hijack control of user accounts.

“These messages push malicious apps delivered through ‘firebase-noreply@google.com’ via Firebase App Distribution, a legitimate Google service for distributing pre-release apps to testers,” LevelBlue said . “Once installed, these apps request Facebook credentials, leading to phishing and account takeover.” A similar campaign has leveraged phishing emails impersonating ChatGPT and Gemini to push users into downloading malicious iOS apps from the Apple App Store. “Disguised as business or ad management tools, these apps prompt for Facebook credentials, leading to credential harvesting,” the company added . Drive adds ransomware defense Google Makes Drive Ransomware Detection and File Restoration Generally Available Google has made ransomware detection and file restoration in Drive generally available after launching the feature in beta in September 2025 to help organizations minimize the impact of malware attacks on personal computers.

Ransomware detection pauses file syncing, and file restoration allows users to bulk restore their files to a previous version in Drive. “Compared to when the feature was in beta, we are now able to detect even more types of ransomware encryption and are able to do it faster,” Google said . “Our latest AI model is detecting 14x more infections, leading to even more comprehensive protection.” GhostSocks activity intensifies Surge in GhostSocks Activity Cybersecurity company Darktrace said it has observed a steady increase in GhostSocks activity across its customer base since late 2025. “In one notable case from December 2025, Darktrace detected GhostSocks operating alongside Lumma Stealer, reinforcing that the partnership between Lumma and GhostSocks remains active despite recent attempts to disrupt Lumma’s infrastructure,” it said.

Originally marketed on the Russian underground forum xss[.]is as a malware-as-a-service (MaaS), GhostSocks enables threat actors to turn compromised devices into residential proxies, leveraging the victim’s internet bandwidth to route malicious traffic through it. It utilizes the SOCKS5 proxy protocol, creating a SOCKS5 connection on infected devices. It began to be widely adopted following its partnership with Lumma Stealer in 2024. Open-source malware spikes 14x Malware in Open-Source Ecosystems Increases 14x The number of malware advisories across open-source ecosystems has increased 13.6x since January 2024, as threat actors take control of trusted packages to poison the software supply chain.

“Of the 1,011 npm ATO [Account takeover] advisories recorded in the OSV database over all time, 930 were filed in 2025, a roughly 12x year-over-year increase representing 92% of all ATOs reported on npm,” Endor Labs said . Among the 2025 npm ATO cases, 38.4% of affected packages had more than 1,000 monthly downloads, 18.5% exceeded 10,000, and 11.1% had more than 100,000. Attackers are deliberately targeting packages that are deeply embedded in production systems and automated CI/CD pipelines, maximizing the blast radius of each compromise.” XLoader boosts stealth tactics XLoader Continues to Evolve An updated version of the XLoader information-stealing malware (version 8.7) has been found to incorporate several changes to the code obfuscation to make automation and analysis more difficult. These include the use of encrypted strings that are decrypted at runtime, encrypted code blocks consisting of functions that are decrypted at runtime, and improved methods to conceal hard-coded values and specific functions, per Zscaler.

XLoader also uses a combination of multiple encryption layers with different keys for encrypting network traffic. “XLoader continues to be a highly active information stealer that constantly receives updates,” the company said . “As a result of the malware’s multiple encryption layers, decoy C2 servers, and robust code obfuscation, XLoader has been able to remain largely under the radar.” ImageMagick zero-days enable RCE Security Flaws in ImageMagick Cybersecurity researchers have found multiple zero-day vulnerabilities in ImageMagick that could be chained to achieve remote code execution through a single image or PDF upload. According to Pwn.ai , the attack works on the default configuration and the most restrictive “secure” configuration.

The issue affects every major Linux distribution, as well as WordPress installations that process image uploads. It remains unpatched as of writing. In the interim, it’s advised to process PDFs in an isolated sandbox with no network access, disable XML-RPC in WordPress, and block GhostScript. Attackers evade CloudTrail logging How to Silently Disable CloudTrail?

Adversaries are bypassing traditional CloudTrail detections, like StopLogging or DeleteTrail, and instead using lesser-known AWS APIs to blind logging systems. This includes creating “invisible activity zones” using PutEventSelectors, using StopEventDataStoreIngestion and DeleteEventDataStore to halt or destroy long-term forensic visibility, disabling anomaly detection via PutInsightSelectors, neutralizing cross-account protections through DeleteResourcePolicy and DeregisterOrganizationDelegatedAdmin. “The real risk is in the sequence: individually, these API calls look like routine maintenance—but chained together, they allow attackers to erase evidence and evade detection entirely,” Abstract Security said. LofyGang deploys dual-payload RAT LofyGang Returns with Improved RAT Malware The threat actor known as LofyGang resurfaced with a fake npm package (“undicy-http”) that delivers a dual-payload attack: a Node.js-based Remote Access Trojan (RAT) with live screen streaming, and a native Windows PE binary that uses direct syscalls to inject into browser processes and steal credentials, cookies, credit cards, IBANs, and session tokens from more than 50 web browsers and 90 cryptocurrency wallet extensions.

The session hijacking module targets Roblox, Instagram, Spotify, TikTok, Steam, Telegram, and Discord. “The Node.js layer independently operates as a full RAT with remote shell, screen capture, webcam/microphone streaming, file upload, and persistence capabilities, all controlled through a WebSocket C2 panel,” JFrog said . The Node.js layer also downloads a native PE binary to facilitate data exfiltration via a Discord webhook and a Telegram bot. Nothing here looks huge on its own.

That’s the point. Small changes, repeated enough times, start to matter. Things that used to be hard are getting easier. Things that were noisy are getting quiet.

You stop seeing the obvious signs and start missing the subtle ones. Read it like a pattern, not a list. Same ideas showing up in slightly different forms. Systems doing what they’re designed to do—just used differently.

That gap is where most problems live now. That’s the recap. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners

A financially motivated operation codenamed REF1695 has been observed leveraging fake installers to deploy remote access trojans (RATs) and cryptocurrency miners since November 2023. “Beyond cryptomining, the threat actor monetizes infections through CPA (Cost Per Action) fraud, directing victims to content locker pages under the guise of software registration,” Elastic Security Labs researchers Jia Yu Chan, Cyril François, and Remco Sprooten said in an analysis published this week. Recent iterations of the campaign have also been found to deliver a previously undocumented .NET implant codenamed CNB Bot. These attacks leverage an ISO file as the infection vector to deliver a .NET Reactor-protected loader and a text file with explicit instructions to the user to bypass Microsoft Defender SmartScreen protections against running unrecognized applications by clicking on “More info” and “Run anyway.” The loader is designed to invoke PowerShell, which is responsible for configuring broad Microsoft Defender Antivirus exclusions to fly under the radar and launch CNB Bot in the background.

At the same time, the user is displayed an error message: “Unable to launch the application. Your system may not meet the required specifications. Please contact support.” CNB Bot functions as a loader with capabilities to download and execute additional payloads, update itself, and uninstall and perform cleanup actions to cover up the tracks. It communicates with a command-and-control (C2) server using HTTP POST requests.

Other campaigns mounted by the threat actor have leveraged similar ISO lures to deploy PureRAT , PureMiner , and a bespoke .NET-based XMRig loader, the last of which reaches out to a hard-coded URL to extract the mining configuration and launch the miner payload. As recently observed in the FAUX#ELEVATE campaign, “WinRing0x64.sys,” a legitimate, signed, and vulnerable Windows kernel driver, is abused to obtain kernel-level hardware access and modify CPU settings to boost hash rates, thereby enabling performance improvement. The use of the driver has been observed in many cryptojacking campaigns over the years. The functionality was added to XMRig miners in December 2019.

Elastic said it also identified another campaign that leads to the deployment of SilentCryptoMiner . The miner, besides using direct system calls to evade detection, takes steps to disable Windows Sleep and Hibernate modes, set up persistence via a scheduled task, and uses the “Winring0.sys” driver to fine-tune the CPU for mining operations. Another notable component of the attack is a watchdog process that ensures the malicious artifacts and persistence mechanisms are restored in the event they are deleted. The campaign is estimated to have accrued 27.88 XMR ($9,392) across four tracked wallets, indicating that the operation is yielding consistent financial returns to the attacker.

“Beyond the C2 infrastructure, the threat actor abuses GitHub as a payload delivery CDN, hosting staged binaries across two identified accounts,” Elastic said. “This technique shifts the download-and-execute step away from operator-controlled infrastructure to a trusted platform, reducing detection friction.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

The State of Trusted Open Source Report

In December 2025 , we shared the first-ever The State of Trusted Open Source report, featuring insights from our product data and customer base on open source consumption across our catalog of container image projects, versions, images, language libraries, and builds. These insights shed light on what teams pull, deploy, and maintain day to day, alongside the vulnerabilities and remediation realities these projects face. Fast forward a few months, and software development is accelerating at a pace that most didn’t see coming. AI is increasingly embedded across the development lifecycle, from code generation to infrastructure automation, as models become more advanced and better at meeting the demands of modern work.

This shift is expanding what teams can build and how quickly they can ship. It is also reshaping the security landscape. Before diving into the numbers, it’s important to explain how we perform this analysis. We examined over 2,200 unique container image projects, 33,931 total vulnerability instances, and 377 unique CVEs from December 1, 2026, through February 28, 2026.

When we use terms like “top 20 projects” and “long tail projects” (as defined by images outside of the top 20), we’re referring to real usage patterns observed across our customer portfolio and in production pulls. In this report, we noticed a few new themes that point to this shift. These themes built on the trends from our last report, ultimately showcasing the impact of increased AI-driven development both in the types of container images being used and in the number of CVEs being discovered and remediated: Python and PostgreSQL growth reflects AI-driven development: Python remains the most popular image (72.1% of all customers use it), and PostgreSQL saw a 73% increase in usage quarter-over-quarter, underscoring the growing adoption of a modern AI stack across various use cases. The modern platform stack is becoming increasingly standardized: Across Chainguard customers, language ecosystem images account for more than half of the top 25 images used in production.

Chainguard Base is becoming a foundation for developer tooling: The chainguard-base image, a minimal distroless base image without any toolchain or apps, was the 5th most-used Chainguard image, as customers use it as a sort of “utility belt” for their specific use cases (over 75% of Chainguard customers customize at least one image). AI is accelerating software development and vulnerability discovery: We applied over 300% more fixes in Chainguard Containers and saw a 145% increase in vulnerabilities from last quarter, signaling the use of AI to push more code and discover more CVEs. The long tail continues to define real-world risk: 96% of the vulnerabilities found and remediated in Chainguard Containers occurred outside of the top 20 most popular projects—this is consistent with the findings from December. Compliance continues to drive adoption of trusted open source: We saw the same themes from December present here, underscored by a FIPS-compliant variant of a Chainguard container image entering the top 10 images by customer count for the first time.

Usage: What teams actually run in production We identified multiple themes centered on the prevalence of AI in code generation across regions and industries. This prevalence leads to greater adoption of the Python language ecosystem and adjacent technologies on the usage side. Most popular images: Python and PostgreSQL growth reflect AI-driven development PostgreSQL usage grew 73% quarter-over-quarter The images that saw the strongest growth this quarter closely align with the technologies driving AI adoption. Python remains the most widely deployed image across Chainguard customers.

When combining FIPS ( Federal Information Processing Standards ) and non-FIPS variants, 72.1% of Chainguard customers are using a Python image . This reflects Python’s role as the default language for machine learning, data pipelines, and automation. What was once concentrated in experimentation environments is now moving into production systems across industries. Node continues to anchor application infrastructure, with 60.7% of Chainguard customers utilizing it in their environments.

Together, Python and Node define the dominant runtime layer for modern applications. The most notable change this quarter is in databases. PostgreSQL usage grew by 73% quarter over quarter , the largest increase among widely deployed images. This growth aligns with broader trends in AI workloads.

PostgreSQL is increasingly used as a foundation for vector search and retrieval-augmented generation, supported by extensions that enable embedding storage and similarity queries. As AI moves into production, databases are evolving alongside application runtimes. The modern platform stack is converging Over 50% of the most popular images are language ecosystems This quarter, the data showed that production environments are converging around a consistent set of foundational components. Language ecosystems account for more than half of the top 25 images used across customers .

Python (72.1% of all customers), Node (60.7%), Java (44.4%), Go (42.8%), and .NET (27%) continue to define the runtime layer, with growth across each ecosystem. Outside of runtimes, teams are standardizing on a familiar set of cloud-native components. Traffic management tools such as nginx and service mesh components remain widely deployed. Monitoring systems built around Prometheus continue to expand.

Deployment workflows are increasingly anchored in GitOps tools such as ArgoCD and kubectl. The result is a layered architecture that is broadly consistent across organizations. A small number of runtimes, a shared set of operational components, and a large and highly variable long tail of supporting dependencies. Standardization is happening at the platform level, even as application-specific variation continues to grow.

Chainguard Base is becoming a foundation for developer tooling Chainguard-base was the 5th most-deployed image by customer count Chainguard Base is a minimal distroless base image without any toolchain or applications. It is designed to provide a secure foundation that teams can extend with only the components they need. This quarter, it was the 5th-most-deployed image by customer count , used by 36.3% of customers across FIPS and non-FIPS variants. Its role becomes clearer when looking at customization patterns.

Across all customized repositories, 95% include added packages, and more than three-quarters of customers customize at least one image . When organizations customize Chainguard Containers, the most frequently added packages are developer and operational utilities such as curl, bash, jq, git, and cloud tooling. These are not full application stacks. They are the tools needed to build, debug, and operate software.

This demonstrates a consistent pattern: teams use Chainguard Base as a secure starting point, then layer in the exact tooling required for their workflows. It is serving as a flexible foundation for CI/CD pipelines, debugging environments, and internal platform tooling. As platform engineering practices mature, the need for secure, customizable base environments is becoming more pronounced. Chainguard Base is emerging as a core building block in that model.

CVEs: AI is accelerating software development and vulnerability discovery Over 300% more fix instances this quarter Just as we observed on the usage side with the increase in Python and PostgreSQL container images, AI is also changing the speed at which vulnerabilities surface. In the previous report, we tracked 154 unique CVEs and 10,100 fix instances across Chainguard Containers. This quarter, that number rose to 377 unique CVEs and 33,931 fix instances ( a 145% increase in unique vulnerabilities and over 300% more fixes applied compared to last quarter ). This increase reflects two parallel forces: 1) development is becoming faster and more distributed, which increases the number of dependencies entering production environments; and 2) vulnerability discovery is accelerating as researchers and attackers use automation and AI-assisted techniques to analyze code at scale.

The result is a tighter feedback loop between development and security. More code is being written, more dependencies are being introduced, and more vulnerabilities are being identified across the ecosystem. What stands out is not only the increase in volume, but the Chainguard Factory’s ability to respond to it. Median remediation time held essentially flat at 2.0 days compared to 1.96 days last quarter, despite the much higher volume .

High-severity vulnerabilities continued to be resolved quickly, with 97.9% fixed within one week. The pace of discovery is increasing. The expectation for response is keeping up. The long tail continues to define real-world risk 96% of CVEs occur outside the most popular images While core infrastructure is becoming more standardized, most of the software supply chain lives outside the most visible components.

Let us explain: the median customer sources about 74% of their images from the long tail of the catalog (images outside the top 20 in popularity). This reflects the reality that production environments extend far beyond a small set of widely used images. Security risk follows the same pattern. This quarter, 96.2% of CVE instances occurred outside the top 20 most widely used images .

This is consistent with the previous report, which found that nearly all vulnerabilities were concentrated in long-tail projects. The implication is straightforward: the images that teams interact with most frequently represent only a small portion of their actual exposure. The majority of vulnerabilities exist in dependencies that are less visible, less frequently updated, and often not directly owned by application teams. Even across severity levels, the distribution holds.

Critical, High, Medium, and Low vulnerabilities all follow the same pattern, with the overwhelming majority (96.18% on average) occurring outside the top 20 images. Attackers know what is popular, so they tend to look for vulnerable areas that are outside most users’ top-of-mind. As development accelerates and dependency graphs expand, managing the long tail becomes the central challenge of software supply chain security. Compliance is reshaping adoption patterns Regulatory requirements are increasingly influencing how organizations build and deploy software.

This quarter marks the first time a FIPS-compliant Chainguard image ( python-fips ) has reached the top 10 by customer count, even when FIPS and non-FIPS variants are combined into a single metric. This milestone reflects a broader shift toward compliance-driven adoption. FIPS adoption is increasing across multiple runtimes. Python FIPS, Node FIPS, and nginx FIPS images all saw growth in customer counts over the quarter.

Overall, 42% of customers now run at least one FIPS image in production . This reflects the growing influence of frameworks such as FedRAMP, PCI DSS, SOC 2, and the EU Cyber Resilience Act. Compliance is no longer limited to a subset of industries. It is becoming a baseline requirement for software that operates in regulated environments.

As a result, secure and compliant images are moving from optional to expected. A secure foundation for the AI era The data from this quarter points to a clear trend. Software ecosystems are expanding. The number of unique images in use grew by 18%, reflecting broader adoption and more diverse workloads.

At the same time, vulnerability discovery increased significantly, with a 145% rise in unique CVEs and a 3x increase in fixes. Despite that growth, Chainguard’s remediation performance remained stable. Median fix times held steady, and high-severity vulnerabilities continued to be resolved quickly. This combination matters.

It shows that it is possible to scale both coverage and responsiveness simultaneously. As AI continues to accelerate development, the volume of code and dependencies will grow. The challenge for security teams is not simply to keep up with that growth, but to manage it in a way that maintains consistency and trust. The organizations that succeed will be those that treat security as part of the development system itself, rather than as a layer applied afterward.

At Chainguard, we recognize the challenges that security and engineering teams face as AI technology becomes increasingly ubiquitous. We recently announced products such as Chainguard Agent Skills and Chainguard Actions to address this problem directly. As development speeds up, organizations must address hidden attack vectors throughout the software development lifecycle. The trusted open source we offer creates a secure-by-default foundation you can build on.

Ready to learn more about how Chainguard can protect your open source artifacts? Get in touch with our team today. Found this article interesting? This article is a contributed piece from one of our valued partners.

WhatsApp Alerts 200 Users After Fake iOS App Installed Spyware; Italian Firm Faces Action

Meta-owned messaging platform WhatsApp said it alerted about 200 users who were tricked into installing a bogus version of its iOS app that was infected with spyware. According to reports from Italian newspaper La Repubblica and news agency ANSA , the vast majority of the targets are located in Italy. It’s assessed that the threat actors behind the activity used social engineering tactics to get users to install malicious software that mimicked WhatsApp. All the affected users have been logged out and have been recommended to uninstall the malware-laced apps and download the official WhatsApp app.

WhatsApp did not reveal who was targeted in these attacks. The tech giant said it’s also taking action against Asigint, an Italian subsidiary of spyware company SIO, for allegedly creating a counterfeit version of WhatsApp. On its website, the company advertises solutions to law enforcement agencies, government organizations, and police and intelligence agencies for monitoring suspect activities, gathering intelligence, or conducting covert operations. In December 2025, TechCrunch reported that SIO was behind a set of malicious Android apps that masqueraded as WhatsApp and other popular apps but stole private data from a target’s device using a spyware family called Spyrtacus.

The apps are believed to have been used by a government customer to target unknown victims in Italy. SIO is one of the many Italian companies selling surveillance tools, including Cy4Gate, eSurv, GR Sistemi, Negg, Raxir, and RCS Lab, turning the country into a ” spyware hub .” Early last year, WhatsApp alerted around 90 users that they were targeted with Paragon Solutions’ spyware known as Graphite. Then, in August 2025, it notified less than 200 users who may have been targeted as part of a sophisticated campaign by chaining together zero-day vulnerabilities in iOS and the messaging app. The development comes a little over a month after a Greek court sentenced Tal Dilian, the founder of the Intellexa Consortium, and three associates, Sara Hamou, Felix Bitzios, and Yiannis Lavranos, to prison for their role in the illegal use of the vendor’s Predator spyware to target politicians, business leaders, and journalists in the country.

The 2022 surveillance scandal, dubbed Predatorgate or Greek Watergate, prompted the European Parliament to launch a formal inquiry into the use of such tools. However, a new law passed that year has since legalized government use under strict conditions. In July 2024, the Greek Supreme Court cleared the state intelligence service and government officials of wrongdoing. “Questions remain about the role of the Greek government, which has consistently denied purchasing or using Predator,” Amnesty International said .

“Transparency is a crucial part of accountability – as is remedy for the many victims of the human rights violations brought about by the unlawful use of this technology.” In a statement shared with Reuters late last month, Dilian said he intends to appeal the decision, adding, “I believe a conviction without evidence is not ⁠justice, it could be part of a cover-up and even a crime.” Italy and Greece are far from the only European countries to be caught in the spyware technology’s crosshairs. Back in January 2026, Spain’s High Court closed its probe into the use of NSO Group’s Pegasus to spy on Spanish politicians, citing a lack of cooperation from Israeli authorities. The case dates to May 2022, when the Spanish government disclosed that the Israeli company’s spyware had been used to eavesdrop on devices belonging to Prime Minister Pedro Sánchez and Defence Minister Margarita Robles. Companies like Intellexa and NSO Group have consistently maintained that their surveillance technology has only been licensed to governments to fight serious crimes and bolster national security.

NSO Group’s Executive Chairman David Friedman said the “world is a far safer place” when the company’s tools ”are in the right hands within the right countries.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.