2026-04-16 AI创业新闻

n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails

Threat actors have been observed weaponizing n8n , a popular artificial intelligence (AI) workflow automation platform, to facilitate sophisticated phishing campaigns and deliver malicious payloads or fingerprint devices by sending automated emails. “By leveraging trusted infrastructure, these attackers bypass traditional security filters, turning productivity tools into delivery vehicles for persistent remote access,” Cisco Talos researchers Sean Gallagher and Omid Mirzaei said in an analysis published today. N8n is a workflow automation platform that allows users to connect various web applications, APIs, and AI model services to sync data, build agentic systems, and run repetitive rule-based tasks. Users can register for a developer account at no extra cost to avail a managed cloud-hosted service and run automation workflows without having to set up their own infrastructure.Doing so, however, creates a unique custom domain that goes by the format – .app.n8n.cloud – from where a user can access their applications.

The platform also supports the ability to create webhooks to receive data from apps and services when certain events are triggered.Thismakes it possible to initiate a workflow after receiving certain data.The data, in this case, is sent via a unique webhook URL. According to Cisco Talos, it’s these URL-exposed webhooks – which make use of the same *.app.n8n[.]cloud subdomain – that has been abused in phishing attacks as far back as October 2025. “A webhook, often referred to as a ’reverse API,’ allows one application to provide real-time information to another. These URLs register an application as a ’listener’ to receive data, which can include programmatically pulled HTML content,” Talos explained.

“When the URL receives a request, the subsequent workflow steps are triggered, returning results as an HTTP data stream to the requesting application. If the URL is accessed via email, the recipient’s browser acts as the receiving application, processing the output as a web page.” What makes this significant is that it opens a new door for threat actors to propagate malware while maintaining a veneer of legitimacy by giving the impression that they are originating from a trusted domain. Threat actors have wasted no time taking advantage of the behavior to set up n8n webhook URLs for malware delivery and device fingerprinting. The volume of email messages containing these URLs in March 2026 is said to have been about 686% higher than in January 2025.

In one campaign observed by Talos, threat actors have been found to embed an n8n-hosted webhook link in emails that claimed to be a shared document. Clicking the link takes the user to a web page that displays a CAPTCHA, which, upon completion, activates the download of a malicious payload from an external host. “Because the entire process is encapsulated within the JavaScript of the HTML document, the download appears to the browser to have come from the n8n domain,” the researchers noted. The end goal of the attack is to deliver an executable or an MSI installer that serves as a conduit for modified versions of legitimate Remote Monitoring and Management (RMM) tools like Datto and ITarian Endpoint Management, and use them to establish persistence by establishing a connection to a command-and-control (C2) server.

A second prevalent case concerns the abuse of n8n for fingerprinting. Specifically, this entails embedding in emails an invisible image or tracking pixel that’s hosted on an n8n webhook URL. As soon as the digital missive is opened via an email client, it automatically sends an HTTP GET request to the n8n URL along with tracking parameters, like the victim’s email address, thereby enabling the attackers to identify them. “The same workflows designed to save developers hours of manual labor are now being repurposed to automate the delivery of malware and fingerprinting devices due to their flexibility, ease of integration, and seamless automation,” Talos said.

“As we continue to leverage the power of low-code automation, it’s the responsibility of security teams to ensure these platforms and tools remain assets rather than liabilities.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover

A recently disclosed critical security flaw impacting nginx-ui, an open-source, web-based Nginx management tool, has come under active exploitation in the wild. The vulnerability in question is CVE-2026-33032 (CVSS score: 9.8), an authentication bypass vulnerability that enables threat actors to seize control of the Nginx service. It has been codenamed MCPwn by Pluto Security. “The nginx-ui MCP (Model Context Protocol) integration exposes two HTTP endpoints: /mcp and /mcp_message,” according to an advisory released by nginx-ui maintainers last month.

“While /mcp requires both IP whitelisting and authentication (AuthRequired() middleware), the /mcp_message endpoint only applies IP whitelisting – and the default IP whitelist is empty, which the middleware treats as ‘allow all.’” “This means any network attacker can invoke all MCP tools without authentication, including restarting nginx, creating/modifying/deleting nginx configuration files, and triggering automatic config reloads - achieving complete nginx service takeover.” According to Pluto Security researcher Yotam Perkal, who identified and reported the flaw, the attack can facilitate a full takeover in seconds via two requests - An HTTP GET request to the /mcp endpoint to establish a session and obtain a session ID. An HTTP POST request to the /mcp_message endpoint using the session ID to invoke any MCP tool sans authentication In other words, attackers can exploit this vulnerability by sending specially crafted HTTP requests directly to the “/mcp_message” endpoint without any authentication headers or tokens. Successful exploitation of the flaw could enable them to invoke MCP tools and modify Nginx configuration files and reload the server. Furthermore, an attacker could exploit this loophole to intercept all traffic and harvest administrator credentials.

Following responsible disclosure, the vulnerability was addressed in version 2.3.4 , released on March 15, 2026. As workarounds, users are advised to add “middleware.AuthRequired()” to the “/mcp_message” endpoint to force authentication. Alternatively, it’s advised to change the IP allowlisting default behavior from “allow-all” to “deny-all.” The disclosure comes as Recorded Future, in a report published this week, listed CVE-2026-33032 as one of the 31 vulnerabilities that have been actively exploited by threat actors in March 2026. There are currently no insights on the exploitation activity associated with the security flaw.

“When you bolt MCP onto an existing application, the MCP endpoints inherit the application’s full capabilities but not necessarily its security controls. The result is a backdoor that bypasses every authentication mechanism the application was carefully built with,” Perkal said. Data from Shodan shows that there are about 2,689 exposed instances on the internet, with most of them located in China, the U.S., Indonesia, Germany, and Hong Kong. “Given the approximately 2,600 publicly reachable nginx-ui instances our researchers identified, the risk to unpatched deployments is immediate and real,” Pluto told The Hacker News.

“Organizations running nginx-ui should treat this as an emergency: update to version 2.3.4 immediately, or disable MCP functionality and restrict network access as an interim measure.” News of CVE-2026-33032 follows the discovery of two security flaws in the Atlassian MCP server (“mcp-atlassian”) that could be chained to achieve remote code execution. The flaws – tracked as CVE-2026-27825 (CVSS 9.1) and CVE-2026-27826 (CVSS 8.2) and dubbed MCPwnfluence – enable any attacker on the same local network to run arbitrary code on a vulnerable machine without requiring any authentication. “When chaining both vulnerabilities – we are able to send requests to the MCP from the LAN [local area network], redirect the server to the attacker machine, upload an attachment, and then receive a full unauthenticated RCE from the LAN,” Pluto Security said . Found this article interesting?

April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More

A number of critical vulnerabilities impacting products from Adobe, Fortinet, Microsoft, and SAP have taken center stage in April’s Patch Tuesday releases. Topping the list is an SQL injection vulnerability impacting SAP Business Planning and Consolidation and SAP Business Warehouse ( CVE-2026-27681 , CVSS score: 9.9) that could result in the execution of arbitrary database commands. “The vulnerable ABAP program allows a low-privileged user to upload a file with arbitrary SQL statements that will then be executed,” Onapsis said in an advisory. In a potential attack scenario, a bad actor could abuse the affected upload-related functionality to run malicious SQL against BW/BPC data stores, extract sensitive data, and delete or corrupt database content.

“Manipulated planning figures, broken reports, or deleted consolidation data can undermine close processes, executive reporting, and operational planning,” Pathlock said . “In the wrong hands, this issue also creates a credible path to both stealthy data theft and overt business disruption.” Another security vulnerability that deserves a mention is a critical-severity remote code execution in Adobe Acrobat Reader ( CVE-2026-34621 , CVSS score: 8.6) that has come under active exploitation in the wild. That said, there are many unknowns at this stage. It is not clear how many people have been affected by the hacking campaign.

Nor is there any information about who is behind the activity, who is being targeted, and what their motives could be. Also patched by Adobe are five critical flaws in ColdFusion versions 2025 and 2023 that, if successfully exploited, could lead to arbitrary code execution, application denial-of-service, arbitrary file system read, and security feature bypass. The vulnerabilities are listed below - CVE-2026-34619 (CVSS score: 7.7) - A path traversal vulnerability leading to security feature bypass CVE-2026-27304 (CVSS score: 9.3) - An improper input validation vulnerability leading to arbitrary code execution CVE-2026-27305 (CVSS score: 8.6) - A path traversal vulnerability leading to arbitrary file system read CVE-2026-27282 (CVSS score: 7.5) - An improper input validation vulnerability leading to security feature bypass CVE-2026-27306 (CVSS score: 8.4) - An improper input validation vulnerability leading to arbitrary code execution Fixes have also been released for two critical FortiSandbox vulnerabilities that could result in authentication bypass and code execution - CVE-2026-39813 (CVSS score: 9.1) - A path traversal vulnerability in FortiSandbox JRPC API that could allow an unauthenticated attacker to bypass authentication via specially crafted HTTP requests. (Fixed in versions 4.4.9 and 5.0.6) CVE-2026-39808 (CVSS score: 9.1) - An operating system command injection vulnerability in FortiSandbox that could allow an unauthenticated attacker to execute unauthorized code or commands via crafted HTTP requests.

(Fixed in version 4.4.9) The development comes as Microsoft addressed a staggering 169 security defects, including a spoofing vulnerability impacting Microsoft SharePoint Server (CVE-2026-32201, CVSS score: 6.5) that could allow an attacker to view sensitive information. The company said it’s being actively exploited, although there are no insights into the in-the-wild exploitation associated with the bug. “SharePoint services, especially those used as internal document stores, can be a treasure trove for threat actors looking to steal data, especially data that may be leveraged to force ransom payments using double extortion techniques by threatening to release the stolen data if payment is not made,” Kev Breen, senior director of threat research at Immersive, said. “A secondary concern is that threat actors with access to SharePoint services could deploy weaponised documents or replace legitimate documents with infected versions that would allow them to spread to other hosts or victims moving laterally across the organization.” Software Patches from Other Vendors In addition to Microsoft, security updates have also been released by other vendors over the past several weeks to rectify several vulnerabilities, including — ABB Amazon Web Services AMD Apple ASUS AVEVA Broadcom (including VMware) Canon Cisco Citrix CODESYS D-Link Dassault Systèmes Dell Devolutions dormakaba Drupal Elastic F5 Fortinet Foxit Software FUJIFILM Gigabyte GitLab Google Android and Pixel Google Chrome Google Cloud Grafana Hitachi Energy HP HP Enterprise (including Aruba Networking and Juniper Networks ) Huawei IBM Ivanti Jenkins Lenovo Linux distributions AlmaLinux , Alpine Linux , Amazon Linux , Arch Linux , Debian , Gentoo , Oracle Linux , Mageia , Red Hat , Rocky Linux , SUSE , and Ubuntu MediaTek Mitel Mitsubishi Electric MongoDB Moxa Mozilla Firefox, Firefox ESR, and Thunderbird NETGEAR Node.js NVIDIA ownCloud Palo Alto Networks Phoenix Contact Progress Software QNAP Qualcomm Rockwell Automation Ruckus Wireless Samsung Schneider Electric Siemens SonicWall Splunk Spring Framework Supermicro Synology TP-Link WatchGuard , and Xiaomi Found this article interesting?

Deterministic + Agentic AI: The Architecture Exposure Validation Requires

Few technologies have moved from experimentation to boardroom mandate as quickly as AI. Across industries, leadership teams have embraced its broader potential, and boards, investors, and executives are already pushing organizations to adopt it across operational and security functions. Pentera’s AI Security and Exposure Report 2026 reflects that momentum: every CISO surveyed reported that AI is already in use across their organizations. Security testing is inevitably part of that shift.

Modern environments are too dynamic, and attack techniques too variable, for purely static testing logic to remain sufficient on its own. Adaptive payload generation, contextual interpretation of controls, and real-time execution adjustments are necessary to get closer to how attackers, and increasingly their own AI agents, operate. For experienced security teams, the need to incorporate AI into testing is no longer in question. You have to fight fire with fire.

What is less obvious is how AI should be integrated into a validation platform. A growing number of tools are being built as fully agentic systems, where AI reasoning governs execution from end to end. The appeal is clear. Greater autonomy can expand exploration depth, reduce reliance on predefined attack logic, and allow a system to adapt fluidly to complex environments.

The question is not whether that capability is impressive. It is whether that model is the right fit for structured security programs that depend on repeatability, controlled retesting, and measurable outcomes. Intelligence Needs Guardrails In many AI-driven applications, variability is not a problem; it’s a feature. A coding assistant might generate several valid solutions to the same problem, each taking a slightly different approach.

A research model may explore multiple lines of reasoning before arriving at an answer. That probabilistic behavior expands creativity and discovery and in many use cases adds value. When the goal is to benchmark performance and measure change over time, consistency matters. The same variability that can be useful for exploration, introduces risk when it comes to testing security controls.

If the methodology behind the testing shifts between each run, it becomes impossible to validate whether your security actually improved, or whether the system simply approached the problem differently. AI should still reason dynamically. Context-aware payload generation, adaptive sequencing, and environmental interpretation bring validation closer to how modern attacks actually unfold. But in a fully agentic model, that reasoning governs execution from start to finish, meaning the techniques used during a test can change between runs as the system makes different decisions along the way.

Human-in-the-loop models attempt to address this by introducing oversight. Analysts can review decisions, approve actions, and guide execution, improving safety and control of the testing process. But this does not resolve the underlying issue of repeatability. The system remains probabilistic.

Given the same starting conditions, AI can still generate different sequences of actions depending on how it reasons through the problem at that moment. As a result, ensuring consistency shifts to the human, increasing manual effort and reducing the value of the offering. A hybrid approach handles this differently. Deterministic logic defines how attack chains are executed, creating a stable structure for testing.

AI then enhances that process by adapting payloads, interpreting environmental signals, and adjusting techniques based on what it encounters. That distinction matters in practice. When a privilege escalation technique is identified, it can be replayed under the same conditions. After remediation is completed, the same sequence can be run again to validate whether the exposure remains.

If the exploitable gap is gone, it means the issue was fixed, not that the testing engine simply approached it differently. This is not about constraining intelligence. It is about anchoring it. AI strengthens validation when it enhances a stable execution model rather than redefining it on every run.

From Testing Events to Continuous Validation The methodology behind security testing matters most when validation becomes continuous. Instead of running isolated tests once or twice a year, teams are now testing weekly, and often daily, to retest remediation, benchmark security controls, and track exposure across environments over time. In practice, teams cannot audit the reasoning behind every test to verify that the methodology was the same. They need to trust that the platform applies a consistent testing model so that the change they see in the results reflects real changes in the environment.

That process depends on both consistency and adaptability. Attack methodology must be structured enough to replay under controlled conditions, while still adapting to changes in the environment. A hybrid model enables both. Deterministic orchestration preserves stable baselines for measurement, while AI adapts execution to reflect the realities of the environment being tested.

This hybrid model serves as the foundation of Pentera’s exposure validation platform . At its core is a deterministic attack engine that structures and executes attack chains with consistent logic, enabling stable baselines and controlled retesting. Developed over years of research by Pentera Labs , it powers the broadest and deepest attack library in the industry. This foundation allows Pentera to reliably audit and repeat adversarial techniques while providing the guardrails and decision-making framework that keep AI-driven execution controlled and measurable.

AI then enhances that deterministic foundation by adapting techniques in response to environmental signals and real-world conditions, allowing validation to remain realistic without sacrificing consistency. For exposure validation, the answer is not deterministic or agentic. It is both. Note: This article was written by Noam Hirsch, Product Marketing Manager, Pentera.

Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities

Microsoft on Tuesday released updates to address a record 169 security flaws across its product portfolio, including one vulnerability that has been actively exploited in the wild. Of these 169 vulnerabilities, 157 are rated Important, eight are rated Critical, three are rated Moderate, and one is rated Low in severity. Ninety-three of the flaws are classified as privilege escalation, followed by 21 information disclosure, 21 remote code execution, 14 security feature bypass, 10 spoofing, and nine denial-of-service vulnerabilities. Also included among the 169 flaws are four non-Microsoft issued CVEs impacting AMD (CVE-2023-20585), Node.js (CVE-2026-21637), Windows Secure Boot (CVE-2026-25250), and Git for Windows (CVE-2026-32631).

The updates are in addition to 78 vulnerabilities that have been addressed in its Chromium-based Edge browser since the update that was released last month . The release makes it the second biggest Patch Tuesday ever, a little below the record set in October 2025, when Microsoft addressed a massive 183 security flaws . “At this pace, 2026 is on track to affirm that 1,000+ Patch Tuesday CVEs annually is the norm,” Satnam Narang, senior staff research engineer at Tenable, said. “Not only that, but elevation of privilege bugs continue to dominate the Patch Tuesday cycle over the last eight months, accounting for a record 57% of all CVEs patched in April, while remote code execution (RCE) vulnerabilities have dropped to just 12%, tied with information disclosure vulnerabilities this month.” The vulnerability that has come under active exploitation is CVE-2026-32201 (CVSS score: 6.5), a spoofing vulnerability impacting Microsoft SharePoint Server.

“Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network,” Microsoft said in an advisory. “An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability).” Although the vulnerability was internally discovered, it’s currently not known how it’sbeing exploited, and who may be behind the activity, and the scale of such efforts. “This zero-day vulnerability in Microsoft SharePoint Server is caused by improper input validation, allowing attackers to spoof trusted content or interfaces over a network,” Mike Walters, president and co-founder of Action1, said. “By exploiting this flaw, an attacker can manipulate how information is presented to users, potentially tricking them into trusting malicious content.

While the direct impact on data is limited, the ability to deceive users makes this a powerful tool for broader attacks.” The active exploitation of CVE-2026-32201 has prompted the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to add it to the Known Exploited Vulnerabilities ( KEV ) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to remediate the shortcoming by April 28, 2026. Another vulnerability of note is a privilege escalation flaw in Microsoft Defender ( CVE-2026-33825 , CVSS score: 7.8), which has been flagged as publicly known at the time of release. According to Redmond, the vulnerability could allow an authorized attacker to elevate privileges locally by taking advantage ofDefender’slack of adequate granular access controls.

Microsoft noted that no user action is required to install the update for CVE-2026-33825, as the platform updates itself frequently by default. Systems that have disabled Microsoft Defender are not in an exploitable state. While Microsoft’s advisory makes no mention of public exploit code, the patch is said to resolve a zero-day known as BlueHammer that was shared on GitHub on April 3, 2026, by a disgruntled security researcher using the alias ” Chaotic Eclipse “ after a breakdown in communication with the tech giant over its handling of the vulnerability disclosure process. As of writing, access to the public exploit repository requires a user to sign in to GitHub.

Per Cyderes, the vulnerability exploits the Microsoft Defender update process through Volume Shadow Copy abuse to escalate a low-privileged user to NT AUTHORITY\SYSTEM by chaining together legitimate Windows features. “During certain Defender update and remediation workflows, Defender creates a temporary Volume Shadow Copy snapshot,” security researchers Rahul Ramesh and Reegun Jayapaul explained earlier this month. “BlueHammer uses Cloud Files callbacks and oplocks to pause Defender at precisely the right moment, leaving the snapshot mounted and the SAM, SYSTEM, and SECURITY registry hives accessible – files that are normally locked at runtime.” “Successful exploitation allows an attacker to read the SAM database, decrypt NTLM password hashes, take over a local administrator account, and spawn a SYSTEM-level shell, all while restoring the original password hash to avoid detection.” Security researcher Will Dormann, in a post on Mastodon , confirmed the BlueHammer exploit no longer works and “seems fixed as of CVE-2026-33825,” although “some of the suspicious parts of the exploit still seem to work.” One of the most severe vulnerabilities is a case of remote code execution impacting the Windows Internet Key Exchange (IKE) Service Extensions.Tracked as CVE-2026-33824 , the security defect has a CVSS score of 9.8 out of 10.0. “Exploitation requires an attacker to send specially crafted packets to a Windows machine with IKE v2 enabled, which could enable remote code execution,” Adam Barnett, lead software engineer at Rapid7, said in a statement.

“Vulnerabilities leading to unauthenticated RCE against modern Windows assets are relatively rare, or we’d see more wormable vulnerabilities self-propagating across the internet. However, since IKE provides secure tunnel negotiation services, for instance, for VPNs, it is necessarily exposed to untrusted networks and reachable in a pre-authorization context.” Walters noted that the security flaw poses a serious threat to enterprise environments, particularly those relying on VPN or IPsec for secure communications. Successful exploitation of the vulnerability could result in complete system compromise, allowing bad actors to steal sensitive data, disrupt operations, or move laterally across the network. “The lack of required user interaction makes this especially dangerous for internet-facing systems.

Its low attack complexity and full system impact make it a prime candidate for rapid weaponization,” Walters added. “Internet-facing systems running IKEv2 services are particularly at risk, and delaying patch deployment increases exposure to potential widespread attacks.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

OpenAI Launches GPT-5.4-Cyber with Expanded Access for Security Teams

OpenAI on Tuesday unveiled GPT-5.4-Cyber , a variant of its latest flagship model, GPT‑5.4 , that’s specifically optimized for defensive cybersecurity use cases, days after rival Anthropic unveiled its own frontier model, Mythos . “The progressive use of AI accelerates defenders – those responsible for keeping systems, data, and users safe – enabling them to find and fix problems faster in the digital infrastructure everyone relies on,” OpenAI said . In conjunction with the announcement, the artificial intelligence (AI) company said it’s ramping up its Trusted Access for Cyber ( TAC ) program to thousands of authenticated individual defenders and hundreds of teams responsible for securing critical software. AI systems are inherently dual-use, as bad actors can repurpose technologies developed for legitimate applications to their own advantage and achieve malicious goals.

One core area of concern is that adversaries could invert the models fine-tuned for software defense to detect and exploit vulnerabilities in widely-used software before they can be patched, exposing users to significant risks. OpenAI said the goal is to democratize access to its models while minimizing such misuse, as well as strengthening its safeguards through a deliberate, iterative rollout. The idea is to enable responsible use at scale, give defenders a head start, and simultaneously shore up guardrails against jailbreaks and adversarial prompt injections as model capabilities become more advanced. “As model capabilities advance, our approach is to scale cyber defense in lockstep: broadening access for legitimate defenders while continuing to strengthen safeguards,” the company added.

The ChatGPT maker, which launched Codex Security as a way to find, validate, and propose fixes for vulnerabilities, revealed that the AI-powered application security agent has contributed to over 3,000 critical and high fixed vulnerabilities. OpenAI’s limited release follows the preview of Anthropic’s Mythos, a frontier model that’s being deployed in a controlled manner as part of Project Glasswing . The model, the company said, found “thousands” of vulnerabilities in operating systems, web browsers, and other software. “The strongest ecosystem is one that continuously identifies, validates, and fixes security issues as software is written,” OpenAI said.

“By integrating advanced coding models and agentic capabilities into developer workflows, we can give developers immediate, actionable feedback while they are building, shifting security from episodic audits and static bug inventories to ongoing, tangible risk reduction.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

New PHP Composer Flaws Enable Arbitrary Command Execution — Patches Released

Two high-severity security vulnerabilities have been disclosed in Composer, a package manager for PHP, that, if successfully exploited, could result in arbitrary command execution. The vulnerabilities have been described as command injection flaws affecting the Perforce VCS (version control software) driver. Details of the two flaws are below - CVE-2026-40176 (CVSS score: 7.8) - An improper input validation vulnerability that could allow an attacker controlling a repository configuration in a malicious composer.json declaring a Perforce VCS repository to inject arbitrary commands, resulting in command execution in the context of the user running Composer. CVE-2026-40261 (CVSS score: 8.8) - An improper input validation vulnerability stemming from inadequate escaping that could allow an attacker to inject arbitrary commands through a crafted source reference containing shell metacharacters.

In both cases, Composer would execute these injected commands even if Perforce VCS is not installed, the maintainers noted in an advisory. The vulnerabilities affect the following versions -

= 2.3, < 2.9.6 (Fixed in version 2.9.6) = 2.0, < 2.2.27 (Fixed in version 2.2.27) If immediate patching is not an option, it’s advised to inspect composer.json files before running Composer and verify that Perforce-related fields contain valid values. It’s also recommended to only use trusted Composer repositories, run Composer commands on projects from trusted sources, and avoid installing dependencies using the “–prefer-dist” or the “preferred-install: dist” configuration setting. Composer said it scanned Packagist.org and did not find any evidence of the aforementioned vulnerabilities being exploited by threat actors by publishing packages with malicious Perforce information.

A new release is expected to be shipped for Private Packagist Self-Hosted customers. “As a precaution, publication of Perforce source metadata has been disabled on Packagist.org since Friday, April 10th, 2026,” it said. “Composer installations should be updated immediately regardless.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Google Adds Rust-Based DNS Parser into Pixel 10 Modem to Enhance Security

Google has announced the integration of a Rust-based Domain Name System (DNS) parser into the modem firmware as part of its ongoing efforts to beef up the security of Pixel devices and push memory-safe code at a more foundational level. “The new Rust-based DNS parser significantly reduces our security risk by mitigating an entire class of vulnerabilities in a risky area, while also laying the foundation for broader adoption of memory-safe code in other areas,” Jiacheng Lu, a software engineer part of the Google Pixel Team, said . The security boost via Rust integration is available for Pixel 10 devices, making it the first Pixel device to integrate a memory-safe language into its modem. The move builds upon a series of initiatives the tech giant has taken to harden the cellular baseband modem against exploitation.

In late 2023, it highlighted the role played by Clang sanitizers like Overflow Sanitizer (IntSan) and BoundsSanitizer (BoundSan) to catch undefined behavior during program execution. A year later, it also detailed the various security measures built into the modem firmware to combat 2G exploits and baseband attacks that exploit memory-safety vulnerabilities like buffer overflows to achieve remote code execution. These security advances have been complemented by Google’s steady adoption of Rust into Android and low-level firmware . In November 2025, the company revealed that the number of memory safety vulnerabilities fell below 20% of total vulnerabilities discovered in the mobile operating system last year.

Google said it opted for the DNS protocol for its Rust implementation owing to the fact that it underpins modern cellular communications and that vulnerabilities in the system can expose users to malicious attacks when designed in a memory-unsafe language, resulting in out-of-bound memory accesses, as in the case of CVE-2024-27227 . “With the evolution of cellular technology, modern cellular communications have migrated to digital data networks; consequently, even basic operations such as call forwarding rely on DNS services,” it added. “Implementing the DNS parser in Rust offers value by decreasing the attack surfaces associated with memory unsafety.” To that end, Google has chosen the ” hickory-proto “ crate, a Rust-based DNS client, server, and resolver , to implement the protocol, while modifying it to support bare metal and embedded environments. Another important component of this change is the use of a custom tool called ” cargo-gnaw “ to easily resolve and maintain more than 30 dependencies introduced by the crate.

The internet company also noted that the DNS Rust crate is not optimized for use in memory-constrained systems, and that one possible code size optimization could be achieved by adding extra feature flags to ensure modularity and selectively compile only required functionality. “For the DNS parser, we declared the DNS response parsing API in C and then implemented the same API in Rust,” Google said. “The Rust function returns an integer standing for the error code. The received DNS answers in the DNS response are required tobe updated to in-memory data structures that are coupled with the original C implementation;therefore, we use existing C functions to do it.

The existing C functions are dispatched from the Rust implementation.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

AI-Driven Pushpaganda Scam Exploits Google Discover to Spread Scareware and Ad Fraud

Cybersecurity researchers have unmasked a novel ad fraud scheme that has been found to leverage search engine poisoning (SEO) techniques and artificial intelligence (AI)-generated content to push deceptive news stories into Google’s Discover feed and trick users into enabling persistent browser notifications that lead to scareware and financial scams. The campaign, which has been found to target the personalized content feeds of Android and Chrome users, has been codenamed Pushpaganda by HUMAN’s Satori Threat Intelligence and Research Team. “This operation, named for push notifications central to the scheme, generates invalid organic traffic from real mobile devices by tricking users into subscribing to enabling notifications that presented alarming messages,” researchers Louisa Abel, Vikas Parthasarathy, João Santos, and Adam Sell said in a report shared with The Hacker News. At its peak, about 240 million bid requests have been associated with 113 domains linked to the campaign over a seven-day period.

The threat, although observed targeting India, has since expanded to other regions like the U.S., Australia, Canada, South Africa, and the U.K. The findings demonstrate how threat actors abuse AI to hijack trusted discovery surfaces and turn them into delivery vehicles for scareware, deepfakes, and financial fraud, Gavin Reid, chief information security officer at HUMAN, said. Google has since rolled out a fix to address the spam issue. The entire scheme hinges on the scammers luring unsuspecting users through Google Discover to trick them into visiting misleading news stories filled with AI-generated content.

Once a user lands on one of the actor-controlled domains, they are coerced into enabling push notifications that deliver fake legal threats and scams. Specifically, the scareware notifications, once clicked, redirect users to additional sites operated by the threat actors, generating organic traffic to ads embedded in those sites and enabling them to generate illicit revenue. This is not the first time threat actors have weaponized push notifications to redirect to sketchy websites. In September 2025, Infoblox shed light on a threat actor known as Vane Viper that has engaged in systematic push notification abuse to serve ads and facilitate ClickFix-style social engineering campaigns.

“Malware-based threats involving push notifications, both for web and mobile platforms, aren’t a novel threat, especially when you consider the way in which they create a sense or urgency,” Lindsay Kaye, vice president of threat intelligence at HUMAN Security, told The Hacker News. “In many cases, users are quick to click, either to make them go away or to get more information, making them an effective tool in a malware author’s arsenal.” When reached for comment on the story, a Google spokesperson said, “We keep the vast majority of spam out of Discover through robust spam-fighting systems and policies against emerging forms of low quality, manipulative content. Prior to learning of this report, we launched a fix for the spam issue in question, maintaining our high bar for quality content on Discover.” The company also said it has instituted robust spam policies and spam-fighting systems to tackle abusive practices that surface unoriginal, low-quality content in Search and Discover, and that it rolls out regular algorithmic updates to flag policy-violating content that seek to manipulate Search and News rankings. According to its guidance about AI-generated content in Search, any use of AI to generate content primarily to manipulate search rankings is against its spam policies.

Instances of scaled content abuse include using generative AI tools or similar offerings to produce pages that do not offer any value for users; scraping feeds, search results, or other content; and creating multiple sites with the intent of hiding the scaled nature of the content. The disclosure also comes a little over a month after HUMAN identified a collection of more than 3,000 domains and 63 Android apps that it said constituted one of the largest ad fraud laundering marketplaces ever uncovered. Dubbed Low5 for its use of HTML5-based game and news sites, the operation has been found to monetize the domains as cashout sites for sophisticated fraud schemes, including BADBOX 2.0 . “The operation peaked at roughly 2 billion bid requests a day and may have operated on as many as 40 million devices worldwide,” the company said .

“Apps associated with Low5 include code that instructs user devices to visit one of the domains connected with the scheme and click on ads found there.” Cashout sites, also called ghost sites, are used to conduct content-driven fraud, where the attackers use bogus sites and apps to sell space to advertisers who may assume their ads will be viewed by humans. The Android apps in question have been removed from the Google Play Store. “A shared monetization layer spanning more than 3,000 domains allows multiple threat actors to plug into the same infrastructure, creating a distributed laundering system that increases threat resilience, complicates attribution, and enables rapid replication,” HUMAN added. “A key takeaway from this research is that monetization infrastructure can survive even after a specific fraud campaign is shut down.

If one malicious app or device network is removed, the same cashout domains can still be reused by other actors. Low5 reinforces the need for continuous, aggressive threat intelligence and detection expertise to hunt down cashout domains and flag them pre-bid.” (The story was updated after publication on April 15, 2026, with a response from Google.) Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Mirax Android RAT Turns Devices into SOCKS5 Proxies, Reaching 220,000 via Meta Ads

A nascent Android remote access trojan called Mirax has been observed actively targeting Spanish-speaking countries, with campaigns reaching more than 220,000 accounts on Facebook, Instagram, Messenger, and Threads through advertisements on Meta. “Mirax integrates advanced Remote Access Trojan (RAT) capabilities, allowing threat actors to fully interact with compromised devices in real time,” Italian online fraud prevention firm Cleafy said . “Beyond traditional RAT behavior, Mirax enhances its operational value by turning infected devices into residential proxy nodes . Leveraging SOCKS5 protocol support and Yamux multiplexing, it establishes persistent proxy channels that allow attackers to route their traffic through the victim’s real IP address.” Details of Mirax first emerged last month when Outpost24’s KrakenLabs revealed that a threat actor going by the name “Mirax Bot” has been advertising a private malware-as-a-service (MaaS) offering on underground forums for $2,500 for a three-month subscription.

Also available for $1,750 per month is a lightweight variant that removes certain features like the proxy and the ability to bypass Google Play Protect using a crypter . Like other Android malware, Mirax supports the ability to capture keystrokes, steal photos, gather lock screen details, run commands, navigate the user interface, and monitor user activity on the compromised device. It can also dynamically fetch HTML overlay pages from a command-and-control (C2) server to be rendered over legitimate applications for credential theft. The incorporation of a SOCKS proxy, on the other hand, is a relatively lesser-known feature that sets it apart from conventional RAT behavior.

The proxy botnet offers several advantages in that it allows threat actors to get around geolocation-based restrictions, evade fraud detection systems, and conduct account takeovers or transaction fraud under the guise of increased anonymity and legitimacy. “Unlike typical MaaS offerings, Mirax is distributed through a highly controlled and exclusive model, limited to a small number of affiliates,” researchers Alberto Giust, Alessandro Strino, and Federico Valentini said. “Access appears to be prioritized for Russian-speaking actors with established reputations in underground communities, indicating a deliberate effort to maintain operational security and campaign effectiveness.” Attack chains distributing the malware use Meta ads to promote dropper app web pages, tricking unsuspecting users into downloading them. As many as six ads have been observed actively advertising a streaming service with free access to live sports and movies.

Of these, five ads are directed against users in Spain. One of the ads, which started running on April 6, 2026, has a reach of 190,987 accounts. The dropper app URLs implement a number of checks to ensure that they are accessed from mobile devices and to prevent automated scans from revealing their true color. The names of the malicious apps are listed below - StreamTV (org.lgvvfj.pluscqpuj or org.dawme.secure5ny) - Dropper app Reproductor de video (org.yjeiwd.plusdc71 or org.azgaw.managergst1d) - Mirax A notable aspect of the campaign is the use of GitHub to host the malicious dropper APK files.

In addition, the builder panel offers the ability to choose between two crypters – Virbox and Golden Crypt (aka Golden Encryption) – for enhanced APK protection. Once installed, the dropper instructs users to allow installation from unknown sources to deploy the malware. The process of extracting the final payload is a “sophisticated, multi-stage operation” that’s designed to sidestep security analysis and automated sandboxing tools. The malware, after getting installed on the device, masquerades as a video playback utility and prompts the victim to enable accessibility services, thereby allowing it to run in the background, display a fake error message stating the installation was unsuccessful, and serve bogus overlays to conceal malicious activities.

It also establishes multiple bidirectional C2 channels for tasking and data exfiltration - WebSocket on port 8443, to manage remote access and execute remote commands. WebSocket on port 8444, to manage remote streaming and data exfiltration. WebSocket on port 8445 (or a custom port), to set up the residential proxy using SOCKS5. “This convergence of RAT and proxy capabilities reflects a broader shift in the threat landscape,” Cleafy said.

“While residential proxy abuse has historically been associated with compromised IoT devices and low-cost Android hardware such as smart TVs, Mirax marks a new phase by embedding this functionality within a full-featured banking trojan.” “This approach not only increases the monetization potential of each infection but also expands the operational scope of attackers, who can now leverage compromised devices for both direct financial fraud and as infrastructure for wider cybercriminal activities.” The disclosure comes as Breakglass Intelligence detailed an Arabic-language Android RAT called ASO RAT that’s distributed via apps disguised as PDF readers and Syrian government applications. “The platform provides full device compromise capabilities – SMS interception, camera access, GPS tracking, call logging, file exfiltration, and DDoS launching from victim devices,” the company said . “A multi-user panel with role-based access control suggests this operates as a RAT-as-a-Service or supports a multi-operator team.” It’s currently not known what the exact end goals of the campaign are, but Syria-themed lures for the apps (e.g., SyriaDefenseMap and GovLens) suggest that it may be targeting individuals with an interest in Syrian military or governance matters as part of what’s suspected to be a surveillance operation. Found this article interesting?

Analysis of 216M Security Findings Shows a 4x Increase In Critical Risk (2026 Report)

OX Security recently analyzed 216 million security findings across 250 organizations over a 90-day period. The primary takeaway: while raw alert volume grew by 52% year-over-year, prioritized critical risk grew by nearly 400%. The surge in AI-assisted development is creating a “velocity gap” where the density of high-impact vulnerabilities is scaling faster than remediation workflows. The ratio of critical findings to raw alerts nearly tripled, moving from 0.035% to 0.092%.

Key Findings from the 2026 Analysis: CVSS vs. Business Context: Technical severity scores are no longer the primary driver of risk. The most common elevation factors were High Business Priority (27.76%) and PII Processing (22.08%) . In modern environments, where a vulnerability lives is now more important than what the vulnerability is.

The AI Fingerprint: We observed a direct correlation between the adoption of AI coding tools and the quadrupling of critical findings (averaging 795 per org, up from 202). Increased code velocity is yielding more complex, context-dependent flaws that bypass basic linting and legacy scanners. Sector Variance: Risk profiles are not uniform. Insurance firms showed the highest density of critical findings (1.76%), while the Automotive sector generated the highest raw volume of alerts—likely due to the massive scale of codebase expansion in software-defined vehicles.

This is the second year OX has conducted this analysis to benchmark the state of Application Security. Full report, including methodology and industry-specific benchmarks, is available here . Found this article interesting? This article is a contributed piece from one of our valued partners.

108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users

Cybersecurity researchers have discovered a new campaign in which a cluster of 108 Google Chrome extensions has been found to communicate with the same command-and-control (C2) infrastructure with the goal of collecting user data and enabling browser-level abuse by injecting ads and arbitrary JavaScript code into every web page visited. According to Socket, the extensions (complete list here ) are published under five distinct publisher identities – Yana Project, GameGen, SideGames, Rodeo Games, and InterAlt – and have collectively amassed about 20,000 installs in the Chrome Web Store. “All 108 route stolen credentials, user identities, and browsing data to servers controlled by the same operator,” security researcher Kush Pandya said in an analysis. Of these, 54 add-ons steal Google account identity via OAuth2, 45 extensions contain a universal backdoor that opens arbitrary URLs as soon as the browser is started, and the remaining ones engage in a variety of malicious behaviors - Exfiltrate Telegram Web sessions every 15 seconds Strip YouTube and TikTok security headers (i.e., Content Security Policy, X-Frame-Options, and CORS) and inject gambling overlays and ads Inject content scripts into every page the user visits Proxy all translation requests through the threat actor’s server In an attempt to lend a veneer of legitimacy, the identified extensions masquerade as Telegram sidebar clients, slot machine and Keno games, YouTube and TikTok enhancers, text translation tools, and page utilities.

The advertised functionality is diverse, aiming to cast a wide net, while sharing the same backend. Unbeknownst to the users, however, malicious code running in the background captures session information, injects arbitrary scripts, and opens URLs of the attacker’s choosing. Some of the identified extensions are listed below - Telegram Multi-account (ID: obifanppcpchlehkjipahhphbcbjekfa), which extracts the user_auth token used by Telegram Web and exfiltrates the data to a remote server. It can also overwrite localStorage with threat actor-supplied session data and force-load the messaging application, effectively replacing the victim’s active Telegram session with the threat actor’s chosen session.

Web Client for Telegram - Teleside (ID: mdcfennpfgkngnibjbpnpaafcjnhcjno), which strips Telegram’s security headers and injects scripts to steal Telegram sessions. Formula Rush Racing Game (ID: akebbllmckjphjiojeioooidhnddnplj), which steals the user’s Google account identity the first time the victim clicks the sign-in button. This includes details like email, full name, profile picture URL, and Google account identifier. “Five extensions use Chrome’s declarativeNetRequest API to strip security headers from target sites before the page loads,” Socket said.

“All 108 malicious extensions share the same backend, hosted at 144.126.135[.]238.” It’s currently not known who is behind the policy-violating extensions. However, an analysis of source code has uncovered Russian language comments across several add-ons. Users who have installed any of the extensions are advised to remove them with immediate effect and log out of all Telegram Web sessions from the Telegram mobile app. Found this article interesting?