2026-04-12 AI创业新闻

Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621

Adobe has released emergency updates to fix a critical security flaw in Acrobat Reader that has come under active exploitation in the wild. The vulnerability, assigned the CVE identifier CVE-2026-34621 , carries a CVSS score of 9.6 out of 10.0. Successful exploitation of the flaw could allow an attacker to run malicious code on affected installations. It has been described as a case of prototype pollution that could result in arbitrary code execution.

Prototype pollution refers to a JavaScript security vulnerability that permits an attacker to manipulate an application’sobjects and properties. The issue impacts the following products and versions for both Windows and macOS - Acrobat DC versions 26.001.21367 and earlier (Fixed in 26.001.21411) Acrobat Reader DC versions 26.001.21367 and earlier (Fixed in 26.001.21411) Acrobat 2024 versions 24.001.30356 and earlier (Fixed in 24.001.30362 for Windows and 24.001.30360 for macOS) Adobe acknowledged that it’s “aware of CVE-2026-34621 being exploited in the wild.” The development comes days after security researcher and EXPMON founder Haifei Li disclosed details of zero-day exploitation of the flaw to run malicious JavaScript code when opening specially crafted PDF documents through Adobe Reader. There is evidence suggesting that the vulnerability may have been under exploitation since December 2025. “It appears that Adobe has determined the bug can lead to arbitrary code execution — not just an information leak,” EXPMON said in a post on X.

“This aligns with our findings and those of other security researchers over the last few days.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Citizen Lab: Law Enforcement Used Webloc to Track 500 Million Devices via Ad Data

Hungarian domestic intelligence, the national police in El Salvador, and several U.S. law enforcement and police departments have been attributed to the use of an advertising-based global geolocation surveillance system called Webloc . The tool was developed by Israeli company Cobwebs Technologies and is now sold by its successor Penlink after the two firms merged in July 2023 , according to a report published by the Citizen Lab. Penlink, founded in 1986, is a provider of “mission-critical communications and digital evidence collection and analysis software” to law enforcement agencies in the U.S.

and across the world. U.S. customers of the Webloc include Immigration and Customs Enforcement (ICE), the U.S. military, Texas Department of Public Safety, DHS West Virginia, NYC district attorneys, and various police departments in Los Angeles, Dallas, Baltimore, Tucson, Durham, and in smaller cities and counties like the City of Elk Grove and Pinal County.

“Webloc is sold as an add-on product to the social media and web intelligence system Tangles ,” Citizen Lab researchers Wolfie Christl, Astrid Perry, Luis Fernando Garcia, Siena Anstis, and Ron Deibert said. “Webloc provides access to a constantly updated stream of records from up to 500 million mobile devices across the globe that contain device identifiers, location coordinates, and profile data harvested from mobile apps and digital advertising.” The ad-based surveillance system, in a nutshell, makes use of data purchased from mobile apps and digital advertising to analyze the behaviours and movements of hundreds of millions of people. It was officially announced by Cobwebs Technologies in October 2020, describing it as a ” cutting-edge location intelligence platform that gathers and analyzes web data fused with geospatial data points, using interactive layered maps to connect the digital world with physical data.” Customers of the tool can use it to monitor the location, movements, and personal characteristics of entire populations up to three years in the past. According to information available on Penlink’s website, Webloc can be used for “investigating and interpreting location-based data to support your cases.” Webloc also has the capability to infer location from IP addresses and identify the persons behind the devices by gathering their home addresses and workplaces.

Interestingly, Cobwebs Technologies was among the seven cyber mercenaries that were deplatformed by Meta in December 2021 for operating about 200 accounts to conduct reconnaissance on targets and even engage in social engineering to join closed communities and forums and trick people into revealing personal information. The social media giant revealed at the time that it had identified Cobwebs Technologies customers in Bangladesh, Hong Kong, the United States, New Zealand, Mexico, Saudi Arabia, and Poland. “In addition to targeting related to law enforcement activities, we also observed frequent targeting of activists, opposition politicians, and government officials in Hong Kong and Mexico,” Meta noted. Reports from 404 Media , Forbes , and Texas Observer have revealed that Webloc can be used to track phones without a warrant, with one procurement notice highlighting the tool’s “ability to automate and continuously monitor unique mobile advertising IDs, geolocated IP addresses, and connected devices analysis.” An analysis of corporate records and other public information has revealed that Cobwebs Technologies shares links to Israeli spyware vendor Quadream through Omri Timianker, the founder and former president of Cobwebs Technologies, who now oversees Penlink’s international operations.

The company is suspected to have shuttered its operations in 2023. As many as 219 active servers associated with Cobwebs product deployments have been identified, most of which are located in the U.S. (126), Netherlands (32), Singapore (17), Germany (8), Hong Kong (8), and the U.K. (7).

Potential product servers have also been detected in various countries across Africa, Asia, and Europe. Responding to the report, Penlink said the findings “appear to rely on either inaccurate information or a misunderstanding about how we operate, including practices that Penlink does not engage in following our acquisition of Cobwebs Technologies in 2023.” It also said it complies with U.S. state privacy laws. “Our research shows that intrusive and legally questionable ad-based surveillance (i.e., without a warrant or adequate oversight) is being used by military, intelligence, and law enforcement agencies down to local police units in several countries across the globe,” the Citizen Lab said.

Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs

Cybersecurity researchers have flagged yet another evolution of the ongoing GlassWorm campaign, which employs a new Zig dropper that’s designed to stealthily infect all integrated development environments (IDEs) on a developer’s machine. The technique has been discovered in an Open VSX extension named ” specstudio.code-wakatime-activity-tracker ,” which masquerades as WakaTime, a popular tool that measures the time programmers spend inside their IDE. The extension is no longer available for download. “The extension […] ships a Zig-compiled native binary alongside its JavaScript code,” Aikido Security researcher Ilyas Makari said in an analysis published this week.

“This is not the first time GlassWorm has resorted to using native compiled code in extensions. However, rather than using the binary as the payload directly, it is used as a stealthy indirection for the known GlassWorm dropper, which now secretly infects all other IDEs it can find on your system.” The newly identified Microsoft Visual Studio Code (VS Code) extension is a near replica of WakaTime, save for a change introduced in a function named “activate().” The extension installs a binary named “win.node” on Windows systems and “mac.node,” a universal Mach-O binary if the system is running Apple macOS. These Node.js native addons are compiled shared libraries that are written in Zig and load directly into Node’s runtime and execute outside the JavaScript sandbox with full operating system-level access. Once loaded, the primary goal of the binary is to find every IDE on the system that supports VS Code extensions.

This includes Microsoft VS Code and VS Code Insiders, as well as forks like VSCodium, Positron, and a number of artificial intelligence (AI)-powered coding tools like Cursor and Windsurf. The binary then downloads a malicious VS Code extension (.VSIX) from an attacker-controlled GitHub account . The extension – called “floktokbok.autoimport” – impersonates ” steoates.autoimport ,” a legitimate extension with more than 5 million installs on the official Visual Studio Marketplace. In the final step, the downloaded .VSIX file is written to a temporary path and silently installed into every IDE using each editor’s CLI installer.

The second-stage VS Code extension acts as a dropper that avoids execution on Russian systems, talks to the Solana blockchain to fetch the command-and-control (C2) server, exfiltrates sensitive data, and installs a remote access trojan (RAT), which ultimately deploys an information-stealing Google Chrome extension. Users who have installed “specstudio.code-wakatime-activity-tracker” or “floktokbok.autoimport” are advised to assume compromise and rotate all secrets. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Browser Extensions Are the New AI Consumption Channel That No One Is Talking About

While much of the discussion on AI security centers around protecting ‘shadow’ AI and GenAI consumption, there’s a wide-open window nobody’s guarding: AI browser extensions. A new report from LayerX exposes just how deep this blind spot goes, and why AI extensions may be the most dangerous AI threat surface in your network that isn’t on anyone’s radar. AI browser extensions don’t trigger your DLP and don’t show up in your SaaS logs. They live inside the browser itself, with direct access to everything your employees see, type, and stay logged into.

AI extensions are 60% more likely to have a vulnerability than extensions on average, are 3 times more likely to have access to cookies, 2.5 times more likely to be able to execute remote scripts in the browser, and 6 times more likely to have increased their permissions in the past year. These extensions install in seconds and can remain in your environment indefinitely. The Browser Extension Threat Surface Is Everybody, Yet Nobody Is Watching The first misconception is that extensions are a niche risk. Something limited to a subset of users or edge cases.

That assumption is completely wrong. According to the report, 99% of enterprise users run at least one browser extension, and more than a quarter have over 10 installed. This is not a long tail problem; it is universal. Yet most organizations cannot answer basic questions.

Which extensions are in use? Who installed them? What permissions do they have? What data can they access?

Security teams have spent years building visibility into networks, endpoints, and identities. Ironically, browser extensions remain a major blind spot. AI Extensions Are The AI Consumption Channel That Nobody Talks About While much of the current conversation around AI security focuses on SaaS platforms and APIs, this report highlights a different and largely ignored channel: AI browser extensions. These tools are spreading quickly.

About 1-in-6 enterprise users already use at least one AI extension, and that number is only growing. Organizations may block or monitor direct access to AI applications. But extensions operate differently. They sit inside the browser.

They can access page content, user inputs, and session data without triggering traditional controls. In effect, they create an ungoverned layer of AI usage, one that bypasses visibility and policy enforcement. AI Extensions Are Not Just Popular. They Are Riskier It would be easy to assume that AI extensions carry a similar risk to other extensions.

The data shows otherwise. AI extensions are significantly more dangerous. They are 60% more likely to have a CVE than average, 3x more likely to have access to cookies, 2.5x more likely to have scripting permissions, and 2x more likely to be able to manipulate browser tabs. Each of these permissions carries real implications.

Cookie access can expose session tokens. Scripting enables data extraction and manipulation. Tab control can facilitate phishing or silent redirection. This combination of fast adoption, elevated access, and weak governance makes AI extensions an urgent emerging threat vector.

Extensions Are Not Static. They Change Over Time Security teams often treat extensions as static. Something that can be approved once and forgotten. But that’s not how it works.

Extensions evolve. They receive updates. They change ownership. They expand permissions.

The report shows that AI extensions are nearly six times more likely to change their permissions over time, and that more than 60% of users have at least one AI extension that has changed its permissions in the past year. This creates a moving target that traditional allowlists cannot keep up with. An extension that was safe yesterday may not be safe today. The Trust Gap in Browser Extensions Is Wider Than Expected Security teams rely on a range of trust signals to evaluate extensions, including publisher transparency, install counts, update frequency, and the presence of a privacy policy.

While these do not directly indicate malicious behavior, they are key to assessing overall risk. A significant portion of extensions have very low user bases. More than 10% of all extensions have fewer than 1,000 users, a quarter have fewer than 5,000 users, and a third have fewer than 10,000 installations. This is particularly a challenge with AI extensions, where 33% of AI extensions have fewer than 5,000 users, and nearly 50% of AI extensions have less than 10,000 users.A large user base is essential for establishing ongoing trust, but once again, AI extensions are showing substantially higher risk.

Moreover, around 40% of extensions haven’t received an update in over a year, suggesting that they are no longer actively maintained. Extensions that are not regularly updated may contain unresolved vulnerabilities or outdated code that attackers exploit. As a result, most extensions used in enterprise environments show weak or missing signals across these areas. This raises serious questions about data handling and compliance.

It also highlights how little scrutiny extensions receive compared to other software components. Turning Insight into Action: The Path Forward for CISOs The report outlines a clear direction for security teams: Continuously Audit The Organization’s Extension Threat Surface: With 99% of enterprise users running at least one extension, a full inventory is a mandatory first step toward risk reduction. CISOs should do an organization-wide extension audit covering all browsers, managed and unmanaged endpoints, across all users. Apply Targeted Security Controls to AI Extensions: AI extensions represent an outsized risk due to their elevated permissions that can expose SaaS sessions, identities, and sensitive in-browser data.

Organizations should apply stricter governance policies to control how these extensions interact with enterprise environments. Analyze Extension Behavior, Not Just Static Parameters: Static approvals are not sufficient. Risk needs to be continuously assessed based on permissions, behavior, and changes over time. Enforce Trust and Transparency Requirements: Extensions that have very low install counts, lack privacy policies, or show poor maintenance history should be treated as higher risk.

Establishing minimum trust criteria helps reduce exposure to unverified or abandoned extensions. A New Lens On An Old Problem For years, browser extensions have been treated as a convenience feature. Something to enable productivity and customization. However, they are no longer a peripheral risk.

They are a core part of the enterprise attack surface. Widely used, highly privileged, and largely unmonitored, they create direct exposure to sensitive data and user sessions. Download the full Extension Security report from LayerX to understand the full scope of these findings, identify where your exposure truly lies, and get a clear path to controlling this growing attack surface without disrupting productivity. Found this article interesting?

This article is a contributed piece from one of our valued partners. Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Google Rolls Out DBSC in Chrome 146 to Block Session Theft on Windows

Google has made Device Bound Session Credentials ( DBSC ) generally available to all Windows users of its Chrome web browser, months after it began testing the security feature in open beta. The public availability is currently limited to Windows users on Chrome 146, with macOS expansion planned in an upcoming Chrome release. “This project represents a significant step forward in our ongoing efforts to combat session theft, which remains a prevalent threat in the modern security landscape,” Google’s Chrome and Account Security teams said in a Thursday post. Session theft involves the covert exfiltration of session cookies from the web browser, either by gathering existing ones or waiting for a victim to log in to an account, to an attacker-controlled server.

Typically, this happens when users inadvertently download information-stealing malware into their systems. These stealer malware families – of which there are many, such as Atomic, Lumma, and Vidar Stealer – come with capabilities to harvest a wide range of information from compromised systems, including cookies. Because session cookies often have extended lifespans, attackers can leverage them to gain unauthorized access to victims’ online accounts without having to know their passwords. Once collected, these tokens are packaged and sold to other threat actors for financial gain.

Cybercriminals who acquire them can follow up with their attacks of their own. DBSC, first announced by Google in April 2024, aims to counter this abuse by cryptographically tying the authentication session to a specific device. In doing so, the idea is to render cookies worthless even if they get stolen by malware. “It does this using hardware-backed security modules, such as the Trusted Platform Module (TPM) on Windows and the Secure Enclave on macOS, to generate a unique public/private key pair that cannot be exported from the machine,” Google explained.

“The issuance of new short-lived session cookies is contingent upon Chrome proving possession of the corresponding private key to the server. Because attackers cannot steal this key, any exfiltrated cookies quickly expire and become useless to those attackers.” In the event a user’s device does not support secure key storage, DBSC gracefully falls back to standard behavior without breaking the authentication flow, Google said in its developer documentation. The tech giant said it has observed a significant reduction in session theft since its launch, an early indication of the success of the countermeasure. The official launch is just the start, as the company plans to bring DBSC to a broader range of devices and introduce advanced capabilities to better integrate with enterprise environments.

Google, which worked with Microsoft to design the standard with an aim to make it an open web standard, also emphasized that the DBSC architecture is private by design and that the distinct key approach ensures that websites cannot use the session credentials to correlate a user’s activity across different sessions or sites on the same device. “Furthermore, the protocol is designed to be lean: it does not leak device identifiers or attestation data to the server beyond the per-session public key required to certify proof of possession,” it added. “This minimal information exchange ensures DBSC helps secure sessions without enabling cross-site tracking or acting as a device fingerprinting mechanism.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Inside the 2026 Cyber Workforce: Skills, Shortages, and Shifts in the Age of AI

Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure

A critical security vulnerability in Marimo , an open-source Python notebook for data science and analysis, has been exploited within 10 hours of public disclosure, according to findings from Sysdig. The vulnerability in question is CVE-2026-39987 (CVSS score: 9.3), a pre-authenticated remote code execution vulnerability impacting all versions of Marimo prior to and including 0.20.4. The issue has been addressed in version 0.23.0 . “The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands,” Marimo maintainers said in an advisory earlier this week.

“Unlike other WebSocket endpoints (e.g., /ws) that correctly call validate_auth() for authentication, the /terminal/ws endpoint only checks the running mode and platform support before accepting connections, completely skipping authentication verification.” In other words, attackers can obtain a full interactive shell on any exposed Marimo instance through a single WebSocket connection without requiring any credentials. Sysdig said it observed the first exploitation attempt targeting the vulnerability within 9 hours and 41 minutes of it being publicly disclosed, with a credential theft operation executed in minutes, despite there being no proof-of-concept (PoC) code available at the time. The unknown threat actor behind the activity is said to have connected to the /terminal/ws WebSocket endpoint on a honeypot system and initiated manual reconnaissance to explore the file system and, minutes later, systematically attempted to harvest data from the .env file, as well as search for SSH keys and read various files. The attacker returned to the honeypot an hour later to access the contents of the .env file and check if other threat actors were active during the time window.

No other payloads, like cryptocurrency miners or backdoors, were installed. “The attacker built a working exploit directly from the advisory description, connected to the unauthenticated terminal endpoint, and began manually exploring the compromised environment,” the cloud security company said. “The attacker connected four times over 90 minutes, with pauses between sessions. This is consistent with a human operator working through a list of targets, returning to confirm findings.” The speed at which newly disclosed flaws are being weaponized indicates that threat actors are closely keeping an eye on vulnerability disclosures and quickly exploiting them during the time between disclosure and patch adoption.This, in turn, has shrunk the time defenders must respond once a vulnerability is publicly announced.

“The assumption that attackers only target widely deployed platforms is wrong. Any internet-facing application with a critical advisory is a target, regardless of its popularity.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers

Unknown threat actors have hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla to push a poisoned version containing a backdoor. The incident impacts Smart Slider 3 Pro version 3.5.1.35 for WordPress, per WordPress security company Patchstack. Smart Slider 3 is a popular WordPress slider plugin with more than 800,000 active installations across its free and Pro editions. “An unauthorized party gained access to Nextend’s update infrastructure and distributed a fully attacker-authored build through the official update channel,” the company said .

“Any site that updated to 3.5.1.35 between its release on April 7, 2026, and its detection approximately 6 hours later received a fully weaponized remote access toolkit.” Nextend, which maintains the plugin, said an unauthorized party gained unauthorized access to its update system and pushed a malicious version (3.5.1.35 Pro) that remained accessible for approximately six hours, before it was detected and pulled. The trojanized update includes the ability to create rogue administrator accounts, as well as drop backdoors that execute system commands remotely via HTTP headers and run arbitrary PHP code via hidden request parameters. According to Patchstack, the malware comes with the following capabilities - Achieve pre-authenticated remote code execution via custom HTTP headers like X-Cache-Status and X-Cache-Key, the latter of which contains the code that’s passed to “shell_exec().” A backdoor that supports dual execution modes, enabling the attacker to execute arbitrary PHP code and operating system commands on the server. Create a hidden administrator account (e.g., “wpsvc_a3f1”) for persistent access and make it invisible to legitimate administrators by tampering with the “pre_user_query” and “views_users” filters.

Use three custom WordPress options that are set with the “autoload” setting disabled to reduce their visibility in option dumps: _wpc_ak (a secret authentication key), _wpc_uid (user ID of the hidden administrator account), and _wpc_uinfo (Base64-encoded JSON containing the plaintext username, password, and email of the rogue account). Install persistence in three locations for redundancy: create a must-use plugin with the filename “object-cache-helper.php” to make it look like a legitimate caching component, append the backdoor component to the active theme’s “functions.php” file, and drop a file named “class-wp-locale-helper.php” in the WordPress “wp-includes” directory. Exfiltrate data containing site URL, secret backdoor key, hostname, Smart Slider 3 version, WordPress version, and PHP version, WordPress admin email address, WordPress database name, plaintext username and password of the administrator account, and a list of all installed persistence methods to the command-and-control (C2) domain “wpjs1[.]com.” “The malware operates in several stages, each designed to ensure deep, persistent, and redundant access to the compromised site,” Patchstack said. “The sophistication of the payload is notable: rather than a simple webshell, the attacker deployed a multi-layered persistence toolkit with several independent, redundant re-entry points, user concealment, resilient command execution with fallback chains, and automatic C2 registration with full credential exfiltration.

It’s worth noting that the free version of the WordPress plugin is not affected. To contain the issue, Nextend shut down its update servers, removed the malicious version, and launched a full investigation into the incident. Users who have the trojanized version installed are advised to update to version 3.5.1.36. In addition, users who have installed the rogue version are recommended to perform the following cleanup steps - Check for any suspicious or unknown admin accounts and remove them.

Remove Smart Slider 3 Pro version 3.5.1.35 if installed. Reinstall a clean version of the plugin. Remove all persistence files that allow the backdoor to persist on the site. Delete malicious WordPress options from the “wp_options” table: _wpc_ak, _wpc_uid, _wpc_uinfo, _perf_toolkit_source, and wp_page_for_privacy_policy_cache.

Clean up the “wp-config.php” file, including removing “define(‘WP_CACHE_SALT’, ‘');" if it exists. Remove the line "# WPCacheSalt " from the ".htaccess" file located in the WordPress root folder. Reset the administrator and WordPress database user passwords. Change FTP/SSH and hosting account credentials.

Review the website and logs for any unauthorized changes and unusual POST requests. Enable two-factor authentication (2FA) for admins and disable PHP execution in the uploads folder. “This incident is a textbook supply chain compromise, the kind that renders traditional perimeter defenses irrelevant,” Patchstack said. “Generic firewall rules, nonce verification,role-based access controls,none of them apply when the malicious code is delivered through the trusted update channel.

The plugin is the malware.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallet Installs

Details have emerged about a now-patched security vulnerability in a widely used third-party Android software development kit (SDK) called EngageLab SDK that could have put millions of cryptocurrency wallet users at risk. “This flaw allows apps on the same device to bypass Android security sandbox and gain unauthorized access to private data,” the Microsoft Defender Security Research Team said in a report published today. EngageLab SDK offers a push notification service , which, according to its website, is designed to deliver ”timely notifications” based on user behavior already tracked by developers. Once integrated into an app, the SDK offers a way to send personalized notifications and drive real-time engagement.

The tech giant said a significant number of apps using the SDK are part of the cryptocurrency and digital wallet ecosystem, and that the affected wallet apps accounted for more than 30 million installations. When non‑wallet apps built on the same SDK are included, the installation count surpasses 50 million. Microsoft did not reveal the names of the apps, but noted that all those detected apps using vulnerable versions of the SDK have been removed from the Google Play Store. Following responsible disclosure in April 2025, EngageLab released version 5.2.1 in November 2025 to address the vulnerability.

The issue, identified in version 4.5.4, has been described as an intent redirection vulnerability. Intents in Android refer to messaging objects that are used to request an action from another app component. Intent redirection occurs when the contents of an intent that a vulnerable app sends are manipulated by taking advantage of its trusted context (i.e., permissions) to gain unauthorized access to protected components, expose sensitive data, or escalate privileges within the Android environment. An attacker could exploit this vulnerability by means of a malicious app installed on the device through some other means to access internal directories associated with an app that has the SDK integrated, resulting in unauthorized access to sensitive data.

There is no evidence that the vulnerability was ever exploited in a malicious context. That said, developers who integrate the SDK are recommended to update to the latest version as soon as possible, especially given that even trivial flaws in upstream libraries can have cascading impacts and impact millions of devices. “This case shows how weaknesses in third‑party SDKs can have large‑scale security implications, especially in high‑value sectors like digital asset management,” Microsoft said. “Apps increasingly rely on third‑party SDKs, creating large and often opaque supply‑chain dependencies.

These risks increase when integrations expose exported components or rely on trust assumptions that aren’t validated across app boundaries.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

UAT-10362 Targets Taiwanese NGOs with LucidRook Malware in Spear-Phishing Campaigns

A previously undocumented threat cluster dubbed UAT-10362 has been attributed to spear-phishing campaigns targeting Taiwanese non-governmental organizations (NGOs) and suspected universities to deploy a new Lua-based malware called LucidRook. “LucidRook is a sophisticated stager that embeds a Lua interpreter and Rust-compiled libraries within a dynamic-link library (DLL) to download and execute staged Lua bytecode payloads,” Cisco Talos researcher Ashley Shen said . The cybersecurity company said it discovered the activity in October 2025, with the attack using RAR or 7-Zip archives lures to deliver a dropper called LucidPawn, which then opens a decoy file and launches LucidRook. A notable characteristic of the intrusion set is the use of DLL side-loading to execute both LucidPawn and LucidRook.

There are two distinct infection chains that lead to LucidRook, one using a Windows Shortcut (LNK) file with a PDF icon and another involving an executable that masquerades as an antivirus program from Trend Micro. The entire sequence is listed below - LNK-based infection chain

• When the user clicks the LNK file, assuming it’s a PDF document, it executes a PowerShell script to run a legitimate Windows binary (“index.exe”) present in the archive, which then sideloads a malicious DLL (i.e., LucidPawn). The dropper, for its part, once again employs DLL side-loading to run LucidRook. EXE-based infection chain
• When the purported Trend Micro program (“Cleanup.exe”) within the 7-Zip archive is launched, it acts as a simple .NET dropper that employs DLL side-loading to run LucidRook.

Upon execution, the binary displays a message stating the cleanup process has completed. A 64-bit Windows DLL, LucidRook, is heavily obfuscated to deter analysis and detection. Its functionality is two-pronged: it collects system information and exfiltrates it to an external server, and then receives an encrypted Lua bytecode payload for subsequent decryption and execution on the compromised machine using the embedded Lua 5.4.8 interpreter. “In both cases, the actor abused an Out-of-band Application Security Testing (OAST) service and compromised FTP servers for command-and-control (C2) infrastructure,” Talos said.

LucidPawn also implements a geofencing technique that specifically queries the system UI language and continues execution only if it matches Traditional Chinese environments associated with Taiwan (“zh-TW”). This offers two-fold advantages, as it limits execution to the intended victim geography and avoids getting flagged in common analysis sandboxes. Furthermore, at least one variant of the dropper has been found to deploy a 64-bit Windows DLL named LucidKnight that’s capable of exfiltrating system information via Gmail to a temporary email address. The presence of the reconnaissance tool alongside LucidRook suggests the adversary operates a tiered toolkit, potentially using LucidKnight to profile targets before delivering the LucidRook stager.

Not much is known about UAT-10362 at this stage other than the fact that it’s likely a sophisticated threat actor whose campaigns are targeted rather than opportunistic, while prioritizing flexibility, stealth, and victim-specific tasking. “The multi-language modular design, layered anti-analysis features, stealth-focused payload handling of the malware, and reliance on compromised or public infrastructure indicate UAT-10362 is a capable threat actor with mature operational tradecraft,” Talos said. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories

Thursday. Another week, another batch of things that probably should’ve been caught sooner but weren’t. This one’s got some range — old vulnerabilities getting new life, a few “why was that even possible” moments, attackers leaning on platforms and tools you’d normally trust without thinking twice. Quiet escalations more than loud zero-days, but the kind that matter more in practice anyway.

Mix of malware, infrastructure exposure, AI-adjacent weirdness, and some supply chain stuff that’s… not great. Let’s get into it. Resilient hybrid botnet surge Phorpiex Botnet Detailed A new variant of the botnet known as Phorpiex (aka Trik) has been observed, using a hybrid communication model that combines traditional C2 HTTP polling with a peer-to-peer (P2P) protocol over both TCP and UDP to ensure operational continuity in the face of server takedowns.

The malware acts as a conduit for encrypted payloads, making it challenging for external parties to inject or modify commands. The primary goal of Phorpiex’s Twizt variant is to drop a clipper that re-routes cryptocurrency transactions, as well as distribute high-volume sextortion email spam and facilitate ransomware deployment (e.g., LockBit Black, Global). It also exhibits worm-like behavior by propagating through removable and remote drives, and drop modules responsible for exfiltrating mnemonic phrases and scanning for Local File Inclusion (LFI) vulnerabilities. “Phorpiex has consistently demonstrated its capability to evolve, shifting from a pure spam operation to a sophisticated platform,” Bitsight said .

“The Phorpiex botnet remains a highly adaptive and resilient threat.” There are about 125,000 infections daily on average, with the most affected countries being Iran, Uzbekistan, China, Kazakhstan, and Pakistan. Chained flaws enable stealth RCE 13-Year-Old Flaw in Apache ActiveMQ Classic A remote code execution (RCE) vulnerability that lurked in Apache ActiveMQ Classic for 13 years could be chained with an older flaw (CVE-2024-32114) to bypass authentication. Tracked as CVE-2026-34197 (CVSS score: 8.8), the newly identified bug allows attackers to invoke management operations through the Jolokia API and trick the message broker into retrieving a remote configuration file and executing operating system commands. According to Horizon3.ai, the security defect is a bypass for CVE-2022-41678, a bug that allows authenticated attackers to trigger arbitrary code execution and write web shells to disk.

“The vulnerability requires credentials, but default credentials (admin:admin) are common in many environments,” Horizon3.ai researcher Naveen Sunkavally said . “On some versions (6.0.0 - 6.1.1), no credentials are required at all due to another vulnerability, CVE-2024-32114, which inadvertently exposes the Jolokia API without authentication. In those versions, CVE-2026-34197 is effectively an unauthenticated RCE.” The newly discovered security defect was addressed in ActiveMQ Classic versions 5.19.4 and 6.2.3. Cyber fraud losses hit record highs Cybercrime Costs Victims $17.7B in 2025 Cyber-enabled fraud cost victims over $17.7 billion during 2025, as financial losses to internet-enabled fraud continue to grow.

The total loss exceeds $20.87 billion, up 26% from 2024. “Cyber-enabled fraud is responsible for almost 85% of all losses reported to IC3 [Internet Crime Complaint Center] in 2025,” the U.S. Federal Bureau of Investigation (FBI) said . “Cryptocurrency investment fraud was the highest source of financial losses to Americans in 2025, with $7.2 billion reported in losses.” In all investment scams led the pack with $8.6 billion in reported losses, followed by business email compromise ($3 billion) and tech support scams ($2.1 billion).

Sixty-three new ransomware variants were identified last year, leading to more than $32 million in losses. Akira, Qilin, INC./Lynx/Sinobi, BianLian, Play, Ransomhub, Lockbit, Dragonforce, Safepay, and Medusa emerged as the top ten variants to hit critical manufacturing, healthcare, public health, and government entities. AI-driven DDoS tactics escalate 8M DDoS Attacks in H2 2025 According to data from NETSCOUT, more than 8 million DDoS attacks were recorded across 203 countries and territories between July and December 2025. “The attack count remained stable compared to the first half of the year, but the nature and sophistication of attacks changed dramatically,” the company said .

“The TurboMirai class of IoT botnets, including AISURU and Eleven11 (RapperBot), emerged as a major force. DDoS-for-hire platforms are now integrating dark-web LLMs and conversational AI, lowering the technical barrier for launching complex, multi-vector attacks. Even unskilled threat actors can now orchestrate sophisticated campaigns using natural-language prompts, increasing risk for all industries.” Insider breach exposes private photos Former Meta Employee Probed for Downloading 30K Facebook Photos A former Meta employee in the U.K. is under investigation over allegations that he illegally downloaded about 30,000 private photos from Facebook.

According to The Guardian , the accused developed a software program to evade Facebook’s internal security systems and access users’ private images. Meta uncovered the breach more than a year ago, terminated the employee, and referred the case to law enforcement. The company said it also notified affected users, although it’s not clear how many were impacted. Help desk attacks enable enterprise breaches UNC6783 Compromises BPOs to Target High-Value Firms Google said it’s tracking a financially motivated threat cluster called UNC6783 that’s tied to the “Raccoon” persona and is targeting dozens of high-profile organizations across multiple sectors by compromising business process outsourcing (BPO) providers and help desk staff for later data extortion.

“The campaign relies on live chat social engineering to direct employees to spoofed Okta logins using [org].zendesk-support[##].com domains,” Austin Larsen, Google Threat Intelligence Group (GITG) principal threat analyst, said . “Their phishing kit steals clipboard contents to bypass MFA and enroll their own devices for persistent access. We also observed them using fake security updates (ClickFix) to drop remote access malware.” Organizations are advised to prioritize FIDO2 hardware keys for high-risk roles, monitor live chat for suspicious links, and regularly audit newly enrolled MFA devices. Magecart skimmer hides in SVG PolyShell Flaw Behind New Magecart Campaign A large-scale Magecart campaign is using invisible 1x1 pixel SVG elements to inject a fake checkout overlay on 99 Magento e-commerce stores, exfiltrating payment data to six attacker-controlled domains.

“In the early hours of April 7th, nearly 100 Magento stores got mass-infected with a ‘double-tap’ skimmer: a credit card stealer hidden inside an invisible SVG element,” Sansec said . “The likely entry vector is the PolyShell vulnerability that continues to affect unprotected Magento stores.” Like other attacks of this kind, the skimmer shows victims a convincing “Secure Checkout” overlay, complete with card validation and billing fields. Once the payment details are captured, it silently redirects the shopper to the real checkout page. Adobe has yet to release a security update to address the PolyShell flaw in production versions of Magento.

Emoji-coded signals evade detection Criminals’ Use of Emojis Dissected Cybercriminals are using emojis across illicit communities to signal financial activity, access and account compromise, tooling and service offerings, represent targets or regions, and communicate momentum or importance. Using emojis allows bad actors to bypass security controls. “Emojis provide a shared visual layer that allows actors to communicate core concepts without relying entirely on text,” Flashpoint said . “This is particularly valuable in: large Telegram channels with international membership, cross-border fraud operations, [and] decentralized marketplaces.

This ability to compress meaning into visual shorthand helps scale operations and coordination across diverse actor networks.” Stealth RAT delivered via MSI ClickFix Delivers Node.js Stealer A ClickFix campaign targeting Windows users is leveraging malicious MSI installers to deliver a Node.js-based information stealer. “This Windows payload is a highly adaptable remote access Trojan (RAT) that minimizes its forensic footprint by using dynamic capability loading,” Netskope said . “The core stealing modules and communication protocols are never stored on the victim’s disk. Instead, they are delivered in-memory only after a successful C2 connection is established.

To further obfuscate the attacker’s infrastructure, the malware routes gRPC streaming traffic over the Tor network, providing a persistent and masked bidirectional channel.” macOS attack bypasses Terminal safeguards ClickFix Variant Targets macOS More ClickFix, this time targeting macOS. According to Jamf, a ClickFix-style macOS attack is abusing the “applescript://” URL scheme to launch Script Editor and deliver an Atomic Stealer infostealer payload, thereby bypassing Terminal entirely. The attack leverages fake Apple-themed web pages that include instructions to “reclaim disk space on your Mac” by clicking on an “Execute” button that triggers the “applescript://” URL scheme. The new approach is likely a response to a new security feature introduced by Apple in macOS 26.4 that scans commands pasted into Terminal before they’re executed.

“It’s a meaningful friction point, but as this campaign illustrates, when one door closes, attackers find another,” security researcher Thijs Xhaflaire said . PyPI package exfiltrates AI prompts Malicious Python Package Steals AI Prompts A malicious PyPI package named hermes-px has been advertised as a “Secure AI Inference Proxy” but contains functionality to steal users’ prompts. “The package actually hijacks a Tunisian university’s private AI endpoint, bundles a stolen and rebranded Anthropic Claude Code system prompt, launders all responses to hide the true upstream source, and exfiltrates every user message directly to the attacker’s Supabase database, bypassing the very Tor anonymity it promises,” JFrog said . Exposed PLCs targeted by state actors More than 5K Rockwell Automation/Allen-Bradley Exposed PLCs Data from Censys has revealed that there are 5,219 internet-exposed hosts that self-identify as Rockwell Automation/Allen-Bradley devices.

“The United States accounts for 74.6% of global exposure (3,891 hosts), with a disproportionate share on cellular carrier ASNs indicative of field-deployed devices on cellular modems,” it said . “Spain (110), Taiwan (78), and Italy (73) represent the largest non-Anglosphere concentrations. Iceland’s presence (36 hosts) is disproportionate to its population and warrants attention, given its geothermal energy infrastructure.” The disclosure follows a joint advisory from U.S. agencies that warned of ongoing exploitation of internet-facing Rockwell Automation/Allen-Bradley programmable logic controllers (PLCs) by Iranian-affiliated nation-state actors since March 2026 to breach U.S.

critical infrastructure sectors, causing operational disruption and financial loss in some cases. The agencies said the attacks are reminiscent of similar attacks on PLCs by Cyber Av3ngers in late 2023. Code leak weaponized for malware spread Claude Code Leak Fuels Stealer Campaigns In late March 2026, Anthropic inadvertently exposed internal Claude Code source material via a misconfigured npm package, which included approximately 512,000 lines of internal TypeScript. While the exposure lasted only about three hours, it triggered rapid mirroring of the source code across GitHub, prompting Anthropic to issue takedown notices (and later a partial retraction ).

Needless to say, threat actors wasted no time and took advantage of the topical nature of the leak to distribute Vidar Stealer, PureLogs Stealer, and GhostSocks proxy malware through fake leaked Claude Code GitHub repositories. “The campaign abuses GitHub Releases as a trusted malware delivery channel, using large trojanized archives and disposable accounts to repeatedly evade takedowns,” Trend Micro said . “The combined functionality of the malware payloads enables credential theft, cryptocurrency wallet exfiltration, session hijacking, and residential proxy abuse across Windows, giving the operators multiple monetization paths from a single infection.” Lumma successor adopts evasive tactics Meet Remus, 64-Bit Version of Lumma Stealer A new 64-bit version of Lumma Stealer called Remus (historically called Tenzor) has emerged in the wild following Lumma’s takedown and the doxxing of its alleged core members. “The first Remus campaigns date back to February 2026, with the malware switching from Steam/Telegram dead drop resolvers to EtherHiding and employing new anti-analysis checks,” Gen researchers said .

Besides using identical code, direct syscalls/sysenters, and the same string obfuscation technique, another detail linking the two is the use of an application-bound encryption method, only observed in Lumma Stealer to date. Court rulings split on AI risk label Anthropic Faces Legal Setback In a setback for Anthropic, a Washington, D.C., federal appeals court declined to block the U.S. Department of Defense’s national security designation of the AI company as a supply chain risk . The development comes after another appeals court in San Francisco came to the opposite conclusion in a separate legal challenge by Anthropic, granting it a preliminary injunction that bars the Trump administration from enforcing a ban on the use of AI chatbot Claude.The company has said the designation could cost the company billions of ⁠dollars in lost business and reputational harm.

As Reuters notes , the lawsuit is one of two that Anthropic filed over the Trump administration’s unprecedented move to classify it as a supply chain risk after it refused to allow the military to use Claude for domestic mass surveillance or autonomous weapons. Trojanized tools deliver crypto clipper Fake Proxifiers Hosted on GitHub Lead to Clipper Malware In a new campaign observed by Kaspersky, unwitting users searching for proxy clients like Proxifier on search engines like Google and Yandex are being directed to malicious GitHub repositories that host an executable, which acts as a wrapper around the legitimate Proxifier installer.Once launched, it configures Microsoft Defender Antivirus exclusions, launches the real Proxifier installer, sets up persistence, and runs a PowerShell script that reaches out to Pastebin to retrieve a next-stage payload. The downloaded PowerShell script is responsible for retrieving another script containing the Clipper malware from GitHub. The malware substitutes cryptocurrency wallet addresses copied to the clipboard with an attacker-controlled wallet with the intention of rerouting financial transactions.

Since the start of 2025, more than 2,000 Kaspersky users – most of them in India and Vietnam – have encountered the threat. SaaS platforms abused for phishing delivery Phishing Campaigns Weaponize Trust Threat actors are leveraging notification pipelines in popular collaboration platforms to deliver spam and phishing emails. Because these emails are dispatched from the platform’s own infrastructure (e.g., Jira’s Invite Customers feature), they are unlikely to be blocked by email security tools. “These emails are transmitted using the legitimate mail delivery infrastructure associated with GitHub and Jira, minimizing the likelihood that they will be blocked in transit to potential victims,” Cisco Talos said .

“By taking advantage of the built-in notification functionality available within these platforms, adversaries can more effectively circumvent email security and monitoring solutions and facilitate more effective delivery to potential victims.” The development coincides with a phishing campaign targeting multiple organizations with invitation lures sent from compromised email accounts that lead to the deployment of legitimate remote monitoring and management (RMM) tools like LogMeIn Resolve. The campaign, tracked as STAC6405 , has been ongoing since April 2025. In one case, the threat actor has been found to leverage a pre-existing installation of ScreenConnect to download a HeartCrypt-protected ZIP file that ultimately leads to the installation of malware that’s consistent with ValleyRAT . Other campaigns have leveraged procurement-themed emails to direct users to cloud-hosted PDFs containing embedded links that, when clicked, take victims to Dropbox credential harvesting pages.

Threat actors have also distributed executable files disguised as copyright violation notices to trick them into installing PureLogs Stealer as part of a multi-stage campaign. What’s more, Reddit posts advertising the premium version of TradingView have acted as a conduit for Vidar and Atomic Stealer to steal valuable data from both Windows and macOS systems. “The threat actor actively comments on their own posts with different accounts, creating the illusion of a busy and helpful community,” Hexastrike said . “More concerning, any comments from real users pointing out that the downloads are malware get deleted within minutes.

The operation is hands-on and closely monitored.” Linux SMB flaw leaks crypto keys Security Flaw in Linux Kernel’s ksmbd SMB3 Server A high-severity security flaw has been disclosed in the Linux kernel’s ksmbd SMB3 server. Tracked as CVE-2026-23226 (CVSS score: 8.8), it falls under the same bug class as CVE-2025-40039 , which was patched in October 2025. “When two connections share a session over SMB3 multichannel, the kernel can read a freed channel struct – exposing the per-channel AES-128-CMAC signing key and causing a kernel panic,” Orca said . “An attacker needs valid SMB credentials and network access to port 445.” Alternatively, the vulnerability can be exploited by an attacker to leak the per-channel AES-128-CMAC key used to sign all SMB3 traffic, enabling them to forge signatures, impersonate the server, or bypass signature verification.

It has been fixed in the commit “e4a8a96a93d.” Prompt injection turns AI into attack tool Turning Claude Code into an Attack Tool New research has demonstrated it’s possible to trick Anthropic’s vibe coding tool Claude Code into performing a full-scope penetration attack and credential theft by modifying a project’s “CLAUDE.md” file to bypass the coding agent’s safety guardrails. The instructions explicitly tell Claude Code to help the developer complete a penetration testing assessment against their own website and assist them in their tasks. “Claude Code should scan CLAUDE.md before every session, flagging instructions that would otherwise trigger a refusal if attempted directly within a prompt,” LayerX said . “When Claude detects instructions that appear to violate its safety guardrails, it should present a warning and allow the developer to review the file before taking any actions.” AI exploit silently leaks enterprise data GrafanaGhost Exfiltrates Data from Grafana Instances Grafana has patched a security vulnerability that could have enabled attackers to trick its artificial intelligence (AI) capabilities into leaking sensitive data by means of an indirect prompt injection and without requiring any user interaction.

The attack has been codenamed GrafanaGhost by Noma Security. “By bypassing the client-side protections and security guardrails that restrict external data requests, GrafanaGhost allows an attacker to bridge the gap between your private data environment and an external server,” the cybersecurity company said . “Because the exploit ignores model restrictions and operates autonomously, sensitive enterprise data can be leaked silently in the background.” GrafanaGhost is stealthy, as it requires no login credentials and does not depend on a user clicking a malicious link. The attack is another example of how AI-assisted features integrated into enterprise environments can be abused to access and extract critical data assets while remaining entirely invisible to defenders.

Android framework abused for payment fraud Threat Actors Exploit LSPosed for Large-Scale Payment Fraud in India LSPosed is a powerful framework for rooted Android devices that allows users to modify the behavior of the system and apps in real-time without actually making any modifications to APK files. According to CloudSEK, threat actors are now weaponizing the tool to remotely inject fraudulent SMS messages and spoof user identities in modern payment ecosystems via a malicious module called “Digital Lutera.” The attack effectively undermines SIM-binding restrictions applied to banking and instant payment apps in India. However, for this approach to work, the threat actor requires a victim to install a Trojan that can intercept SMS messages sent to/from the device. While the attack previously combined a trojanized mobile device (the victim) and a modified mobile payment APK (on the attacker’s device) to trick bank servers into believing the victim’s SIM card is physically present in the attacker’s phone, the latest iteration leans on LSPosed to achieve the same goals.

A key requisite to this attack is that the attacker must have a rooted Android device with the LSPosed module and the legitimate, unmodified payment app installed. “This new attack vector allows threat actors to hijack legitimate, unmodified payment applications by ‘gaslighting’ the underlying Android operating system,” CloudSEK said . “By using LSPosed, the threat actor ensures the payment app’s signature remains valid, making it invisible to many standard integrity checks.” That’s the week. A lot of ground covered — old problems with new angles, platforms being abused in ways they weren’t designed for, and a few things that are just going to keep getting worse before anyone seriously addresses them.

Patch what you can. Audit what you’ve trusted by default. And maybe double-check anything that touches AI right now — that space is getting messy fast. Same time next Thursday.

Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

The Hidden Security Risks of Shadow AI in Enterprises

As AI tools become more accessible, employees are adopting them without formal approval from IT and security teams. While these tools may boost productivity, automate tasks, or fill gaps in existing workflows, they also operate outside the visibility of security teams, bypassing controls and creating new blind spots in what is known as shadow AI. While similar to the phenomenon of shadow IT, shadow AI goes beyond unapproved software by involving systems that process, generate, and potentially retain sensitive data. The result is a category of risk that most organizations are not yet equipped to govern: uncontrolled data exposure, expanded attack surfaces, and weakened identity security.

Why shadow AI is spreading so quickly Shadow AI is expanding rapidly across organizations because it is easy to adopt and instantly useful, yet largely unregulated. Unlike traditional enterprise software, most AI tools require little to no setup, allowing employees to start using them immediately. According to a 2024 Salesforce survey, 55% of employees reported using AI tools that had not been approved by their organization. Since many organizations lack clear AI usage policies, employees must decide which tools to use and how to use them on their own, often without understanding the security implications.

Employees may use generative AI tools like ChatGPT or Claude in everyday workflows, and while this can improve productivity, it can result in sensitive data being shared externally without oversight. Whether or not the AI vendor uses that data for model training depends on the platform and account type, but in either case, the data has left the organization’s security boundary. At the department level, shadow AI may appear when teams integrate AI APIs or third-party models into applications without a formal security review. These integrations can expose internal data and introduce new attack vectors that security teams cannot see or control.

Rather than trying to eliminate shadow AI entirely, organizations must actively manage the risks it creates. How shadow AI is a security problem Shadow AI is often framed as a governance issue, but it is a security problem at its core. Unlike traditional shadow IT, where employees adopt unapproved software, shadow AI involves systems that actively process and store data beyond the scope of security teams, turning unsanctioned AI usage into a broader risk of data exposure and access misuse. Shadow AI can lead to untraceable data leaks Employees may share customer data, financial information, or internal business documents with AI tools to complete tasks more efficiently.

Developers who troubleshoot code may inadvertently paste scripts containing hardcoded API keys, database credentials, or access tokens, exposing sensitive credentials without realizing it. Once the data reaches a third-party AI platform, organizations lose visibility into how it is stored or used. As a result, data can leave an organization without an audit trail, making it difficult, if not impossible, to trace or contain a breach. Under GDPR and HIPAA, this type of uncontrolled data transfer can constitute a reportable violation.

Shadow AI rapidly expands the attack surface Every AI tool creates a new potential attack vector for cybercriminals. When unapproved tools are adopted without oversight, they may include unvetted APIs or plugins that are insecure or malicious. Employees accessing AI platforms through personal accounts or devices place that activity entirely outside the organization’s security controls, and traditional network monitoring cannot see it. As organizations begin deploying AI agents that operate autonomously within workflows, the risk grows even more severe.

These systems interact with multiple applications and platforms, creating complex and largely hidden pathways that cybercriminals can exploit. Shadow AI bypasses traditional security controls Traditional security controls were not built to handle today’s AI usage. Most AI platforms operate over HTTPS, meaning standard firewall rules and network monitoring cannot inspect the content of those interactions without SSL inspection in place — a control many organizations have not deployed. Conversational AI interfaces also don’t behave like traditional applications, making it harder for security tools to monitor or log activity.

Because of this, data can be shared with external AI systems without triggering any alerts. Shadow AI impacts identity security Shadow AI introduces serious Identity and Access Management (IAM) challenges. For example, employees might create several accounts across AI platforms, leading to fragmented and unmanaged identities. Developers may even connect AI tools to systems using service accounts, creating Non-Human Identities (NHIs) without proper oversight.

If organizations lack centralized governance, these identities can become poorly monitored and difficult to manage throughout their lifecycle, increasing the risk of unauthorized access and long-term exposure. How organizations can reduce shadow AI risk As AI becomes more integrated into daily workflows, organizations must aim to reduce risk while enabling safe, productive usage. This requires security teams to shift from blocking AI tools altogether to managing how they are used in the workplace, emphasizing visibility and user behavior. Organizations can reduce shadow AI risk by following these steps: Establish clear AI usage policies: Define which AI tools are allowed and what data can be shared.

Security policies should be easy to follow and intuitive, since overly restrictive rules will only push employees toward using unsanctioned tools. Provide approved AI alternatives: When employees don’t have access to useful tools, they are more likely to find their own. Offering approved, secure AI solutions that meet organizational standards reduces the need for shadow AI. Improve visibility into AI usage patterns: While full visibility may not always be possible, organizations should monitor network traffic, privileged access and API activity to better understand how employees are using AI.

Educate employees on AI security risks: Many employees focus only on the productivity advantages of AI tools rather than the security risks. Providing training on safe AI usage and data handling can dramatically reduce unintentional exposure. Benefits of effectively managing shadow AI Organizations that proactively manage shadow AI will gain greater control over how AI is used across their environments. Effectively managing shadow AI provides several benefits, including: Full visibility into which AI tools are in use and what data they are accessing Reduced regulatory exposure under frameworks like GDPR, HIPAA, and the EU AI Act Faster and safer AI adoption with vetted tools and thorough guidelines Higher adoption of approved AI tools, reducing reliance on insecure alternatives Security must account for shadow AI AI adoption is becoming normalized in the workplace, and employees will continue seeking tools that help them work faster.

Given how easy AI tools are to access and how rarely usage policies keep pace with adoption, some degree of shadow AI in any large organization is inevitable. Instead of trying to block AI tools entirely, organizations should focus on enabling their safe use by enhancing visibility into AI activity and ensuring that both human and machine identities are properly governed. Keeper® supports this approach directly, helping organizations control privileged access to the systems AI tools interact with, enforce least-privilege access for all identities, including human users and AI agents, and maintain a full audit trail of activity across critical infrastructure. As AI agents become more prevalent in enterprise workflows, governing the identities and access paths they rely on becomes as important as governing the tools themselves.

Note : This article was thoughtfully written and contributed for our audience by Ashley D’Andrea, Content Writer at Keeper Security. Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025

Threat actors have been exploiting a previously unknown zero-day vulnerability in Adobe Reader using maliciously crafted PDF documents since at least December 2025. The finding, detailed by EXPMON’s Haifei Li, has been described as a highly-sophisticated PDF exploit. The artifact (“Invoice540.pdf”) first appeared on the VirusTotal platform on November 28, 2025. A second sample was uploaded to VirusTotal on March 23, 2026.

Given the name of the PDF document, it’s likely that there is an element of social engineering involved, with the attackers luring unsuspecting users into opening the files on Adobe Reader. Once launched, it automatically triggers the execution of obfuscated JavaScript to harvest sensitive data and receive additional payloads. Security researcher Gi7w0rm, in an X post , said the PDF documents observed contain Russian language lures and refer to issues regarding current events related to the oil and gas industry in Russia. “The sample acts as an initial exploit with the capability to collect and leak various types of information, potentially followed by remote code execution (RCE) and sandbox escape (SBX) exploits,” Li said.

“It abuses zero-day/unpatched vulnerability in Adobe Reader that allows it to execute privileged Acrobat APIs, and it is confirmed to work on the latest version of Adobe Reader.” It also comes with capabilities to exfiltrate the collected information to a remote server (“169.40.2[.]68:45191”) and receive additional JavaScript code to be executed. This mechanism, Li argued, could be used to collect local data, perform advanced fingerprinting attacks, and set the stage for follow-on activity, including delivering additional exploits to achieve code execution or sandbox. The exact nature of this next-stage exploit remains unknown as no response was received from the server. This, in turn, could imply the local testing environment from which the request was issued did not meet the necessary criteria to receive the payload.

“Nevertheless, this zero-day/unpatched capability for broad information harvesting and the potential for subsequent RCE/SBX exploitation is enough for the security community to remain on high alert,” Li said. Update Adobe has released security updates for the vulnerability (CVE-2026-34621, CVSS score: 9.6). Please check here for more details . Found this article interesting?

Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.