DAILY WORKFLOW ARCHIVE

2026-04-29 AI创业新闻

候选线索仅供信息发现,请在引用或实践前回到原始来源核验。

2026-04-29 AI创业新闻

Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push

Cybersecurity researchers have disclosed details of a critical security vulnerability impacting GitHub.com and GitHub Enterprise Server that could allow an authenticated user to obtain remote code execution with a single “git push” command. The flaw, tracked as CVE-2026-3854 (CVSS score: 8.7), is a case of command injection that could allow an attacker with push access to a repository to achieve remote code execution on the instance. “During a git push operation, user-supplied push option values were not properly sanitized before being included in internal service headers,” per a GitHub advisory for the vulnerability. “Because the internal header format used a delimiter character that could also appear in user input, an attacker could inject additional metadata fields through crafted push option values.” Google-owned cloud security firm Wiz has been credited with discovering and reporting the issue on March 4, 2026, with GitHub validating and deploying a fix to GitHub.com within two hours.

The vulnerability has also been addressed in GitHub Enterprise Server versions 3.14.25, 3.15.20, 3.16.16, 3.17.13, 3.18.8, 3.19.4, 3.20.0, or later. There is no evidence that the issue was ever exploited in a malicious context. According to GitHub, the issue affects GitHub.com, GitHub Enterprise Cloud, GitHub Enterprise Cloud with Data Residency, GitHub Enterprise Cloud with Enterprise Managed Users, and GitHub Enterprise Server. At its core, the problem stems from the fact that user-supplied git push options are not adequately sanitized before the values were incorporated into the internal X-Stat header.

Because the internal metadata format relies on a semicolon as a delimiter character that could also appear in the user input, a bad actor could exploit this oversight to inject arbitrary commands and have them executed. “By chaining several injected values together, the researchers demonstrated that an attacker could override the environment the push was processed in, bypass sandboxing protections that normally constrain hook execution, and ultimately execute arbitrary commands on the server,” GitHub’s Chief Information Security Officer, Alexis Wales, said . Wiz, in a coordinated announcement, noted that the issue is “remarkably easy” to exploit, adding that it allows remote code execution on shared storage nodes. About 88% of instances are currently vulnerable to the issue at the time of public disclosure.

The remote code execution chain strings together three injections - Inject a non-production rails_env value to bypass the sandbox Inject custom_hooks_dir to control to redirectthe hook directory Inject repo_pre_receive_hooks with a crafted hook entry that triggers path traversal to execute arbitrary commands as the git user “With unsandboxed code execution as the git user, we had full control over the GHES instance, including filesystem read/write access and visibility into internal service configuration,” Wiz security researcher Sagi Tzadik said . As for GitHub.com, an enterprise mode flag – that’s set to “true” for GitHub Enterprise Server – defaults to “false,” rendering the custom hooks path inactive. But since this flag is also passed in the X-Stat header, it’s equally injectable using the same mechanism, thereby resulting in code execution on GitHub.com as well. To make matters worse, given GitHub’s multi-tenant architecture and its shared backend infrastructure, the company pointed out that obtaining code execution on GitHub.com enabled cross-tenant exposure, effectively allowing an attacker to read millions of repositories on the shared storage node, irrespective of the organization or user.

In light of the severity of CVE-2026-3854, users are advised to apply the update immediately for optimal protection. “A single git push command was enough to exploit a flaw in GitHub’s internal protocol and achieve code execution on backend infrastructure,” Wiz said. “When multiple services written in different languages pass data through a shared internal protocol, the assumptions each service makes about that data become a critical attack surface.” “We encourage teams building multi-service architectures to audit how user-controlled input flows through internal protocols – especially where security-critical configuration is derived from shared data formats.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign

A cybercrime group of Brazilian origin has resurfaced after more than three years to orchestrate a campaign that targets Minecraft players with a new stealer called LofyStealer (aka GrabBot). “The malware disguises itself as a Minecraft hack called ‘Slinky,’” Brazil-based cybersecurity company ZenoX said in a technical report. “It uses the official game icon to induce voluntary execution, exploiting the trust of young users in the gaming scene.” The activity has been attributed with high confidence to a threat actor known as LofyGang , which was observed leveraging typosquatted packages on the npm registry to push stealer malware in 2022, specifically with an intent to siphon credit card data and user accounts associated with Discord Nitro, gaming, and streaming services. The group, believed to be active since late 2021, advertises their tools and services on platforms like GitHub and YouTube, while also contributing to an underground hacking community under the alias DyPolarLofy to leak thousands of Disney+ and  Minecraft accounts.

“Minecraft has been a LofyGang target since 2022,” Acassio Silva, co-founder and head of threat intelligence at ZenoX, told The Hacker News. “They leaked thousands of Minecraft accounts under the DyPolarLofy alias on Cracked.io. The current campaign goes after Minecraft players directly through a fake ‘Slinky’ hack.” The attack begins with a Minecraft hack that, when launched, triggers the execution of a JavaScript loader that’s ultimately responsible for the deployment of LofyStealer (“chromelevator.exe”) on compromised hosts and execute it directly in memory with an aim to harvest a wide range of sensitive data spanning multiple web browsers, including Google Chrome, Chrome Beta, Microsoft Edge, Brave, Opera, Opera GX, Mozilla Firefox, and Avast Browser. The captured data, which includes cookies, passwords, tokens, cards, and International Bank Account Numbers (IBANs), is exfiltrated to a command-and-control (C2) server located at 24.152.36[.]241.

“Historically, the group’s primary vector was the JavaScript supply chain: NPM package typosquatting, starjacking (fraudulent references to legitimate GitHub repositories to inflate credibility), and payloads embedded in sub-dependencies to evade detection,” ZenoX said. “The focus was on Discord token theft, Discord client modification for credit card interception, and exfiltration via webhooks abusing legitimate services (Discord, Repl.it, Glitch, GitHub, and Heroku) as C2.” The latest development marks a departure from previously observed tradecraft and a shift towards a malware-as-a-service (MaaS) model with free and premium tiers, along with a bespoke builder called Slinky Cracked that’s used as a delivery vehicle for the stealer malware. The disclosure comes as threat actors are increasingly abusing the trust associated with a platform like GitHub to host bogus repositories that act as lures for malware families like SmartLoader, StealC Stealer , and Vidar Stealer. Unsuspecting users are directed to these repositories through techniques like SEO poisoning.

In some cases, attackers have been found to spread Vidar 2.0 through Reddit posts advertising fake Counter-Strike 2 game cheats, redirecting victims to a malicious website that delivers a ZIP archive containing the malware. “This infostealer campaign highlights an ongoing security challenge where widely trusted platforms are abused to distribute malicious payloads,” Acronis said in an analysis published last month. “By taking advantage of social trust and common download channels, threat actors are often able to bypass traditional security solutions.” The findings add to a growing list of campaigns that have leveraged GitHub in recent months - Targeting developers directly inside GitHub, using fake Microsoft Visual Studio Code (VS Code) security alerts posted through Discussions to trick users into installing malware by clicking on a link. “Because GitHub Discussions trigger email notifications for participants and watchers, these posts are also delivered directly to developers’ inboxes,” Socket said .

“This extends the reach of the campaign beyond GitHub itself and makes the alerts appear more legitimate.” Targeting Argentina’s judicial systems using spear‑phishing emails to distribute a compressed ZIP archive that uses an intermediate batch script to retrieve a remote access trojan (RAT) hosted on GitHub. Creating GitHub accounts and OAuth applications , followed by opening an issue that mentions a target developer, triggering an email notification that, in turn, tricks them into authorizing the OAuth app, effectively allowing the attacker to obtain their access tokens. The issues aim to induce a false sense of urgency, warning users of unusual access attempts. Using fraudulent GitHub repositories to distribute malicious batch script installers masquerading as legitimate IT and security software, leading to the deployment of the TookPS downloader, which then initiates a multi-stage infection chain to establish persistent remote access using SSH reverse tunnels and RATs like MineBridge RAT (aka TeviRAT).

The activity has been attributed to Rift Brigantine (aka FIN11, Graceful Spider, and TA505). Using counterfeit GitHub repositories posing as AI tools, game cheats, Roblox scripts, phone number location trackers, and VPN crackers to distribute LuaJIT payloads that function as a generic trojan as part of a campaign dubbed TroyDen’s Lure Factory. “The breadth of the lure factory – gaming cheats, developer tools, phone trackers, Roblox scripts, VPN crackers – suggests an actor optimizing for volume across audiences rather than precision targeting,” Netskope said. “Defenders should treat any GitHub-hosted download that pairs a renamed interpreter with an opaque data file as a high-priority triage candidate, regardless of how legitimate the surrounding repository looks.” Found this article interesting?

Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

VECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB on Windows, Linux, ESXi

Threat hunters are warning that the cybercriminal operation known as VECT 2.0 acts more like a wiper than a ransomware due to a critical flaw in its encryption implementation across Windows, Linux, and ESXi variants that renders recovery impossible even for the threat actors. The fact that VECT’s locker permanently destroys large files rather than encrypting them means even victims who opt to pay the ransom cannot get their data back, as the decryption keys are discarded by the malware during the time encryption occurs. “VECT is being marketed as ransomware, but for any file over 131KB – which is most of what enterprises actually care about – it functions as a data destruction tool,” Eli Smadja, group manager at Check Point Research, said in a statement shared with The Hacker News. “CISOs need to understand that in a VECT incident, paying is not a recovery strategy.

There is no decrypter that can be handed over, not because the attackers are unwilling, but because the information required to build one was destroyed the moment their software ran. The focus has to be on resilience: offline backups, tested recovery procedures, and rapid containment – not negotiation.” VECT (now rebranded as VECT 2.0) is a ransomware-as-a-service (RaaS) scheme that first launched its affiliate program in December 2025. On its dark website, the group displays the message “Exfiltration / Encryption / Extortion,” highlighting its triple-threat business model. According to an analysis published by the Data Security Council of India (DSCI) last month, a $250 entry fee, payable in Monero (XMR), is required for new affiliates.

The fee is waived for applicants from the Commonwealth of Independent States (CIS) countries, indicating an attempt to recruit individuals from the region. In recent weeks, the group has established a formal partnership with the BreachForums cybercrime marketplace and the TeamPCP hacking group, in a move aimed at further lowering the barrier to entry for ransomware operators and incentivizing affiliates to launch attacks by weaponizing previously stolen data. “The convergence of large-scale supply chain credential theft, a maturing RaaS operation, and mass dark web forum mobilization represents an unprecedented model of industrialized ransomware deployment,” Dataminr noted earlier this month. While the collaboration may be a sign of what’s to come, its data leak site currently lists only two victims, both of which are said to have been compromised via the TeamPCP supply chain attacks.

What’s more, contrary to the group’s initial claims of using ChaCha20-Poly1305 AEAD for encryption, Check Point’s analysis has found that it uses a weaker, unauthenticated cipher with no integrity protection. But it doesn’t end there, for the C++-based lockers for all three platforms suffer from a fundamental design flaw that causes any file larger than 131,072 bytes to be permanently and irrecoverably destroyed, as opposed to being encrypted. “The malware encrypts four independent chunks of each ‘large file’ using four freshly generated random 12-byte nonces, but appends only the final nonce to the specific encrypted file on disk,” Check Point explained. “The first three nonces, each required to decrypt its respective chunk, are generated, used, and silently discarded.

They are never stored on disk, in the registry, or transmitted to the operator.” “Because ChaCha20-IETF requires both the 32-byte key and the exact matching 12-byte nonce to reverse each chunk, the first three quarters of every large file are unrecoverable by anyone, including the ransomware operator, who cannot provide a working decryption tool even after ransom payment. Since the vast majority of operationally critical files exceed this ‘large-size’ threshold, VECT 2.0 functions in practice as a data wiper with a ransomware facade.” The Windows version of the ransomware, besides encrypting files across local, removable, and network-accessible storage, features a comprehensive anti-analysis suite targeting 44 specific security and debugging tools, alongside a safe-mode persistence mechanism and multiple remote-execution script templates for lateral spread. When “–force-safemode” is active, the locker configures the next boot into Windows Safe Mode and writes its own executable path into the Windows Registry so that it’s automatically run on the subsequent Safe Mode boot, where the operating system is launched in a basic state using a limited set of files and drivers. On top of that, although the Windows variant implements environment detection mechanisms to fly under the radar, they are never invoked, allowing security teams running the artifacts to avoid triggering any evasive response.

The ESXi variant, on the other hand, enforces geofencing and anti-debugging checks prior to commencing the encryption step. It also attempts to move laterally using SSH. The Linux version uses the same codebase as the ESXi flavor and implements a subset of its functionality. The geofencing step verifies if it’s running in a CIS country, and if so, exits without encrypting the files.

This behavior, per Check Point, is rather unusual as most RaaS programs removed Ukraine from the CIS countries list following Russia’s military invasion of the country in early 2022. “During recent years these checks have been largely removed from ransomware,” it added. “VECT including such checks and even adding Ukraine to the list of exclusions is rather uncommon. Check Point Research has two theories regarding this observation: either this code was AI generated, where LLMs were trained with Ukraine being part of CIS or VECT used an old code base for their ransomware.” It’s assessed that the operators of VECT are novice actors rather than experienced threat actors, not to mention the possibility that some chunks of code could have been generated with help from an artificial intelligence (AI) tool.

“VECT 2.0 presents an ambitious threat profile with multi-platform coverage, an active affiliate program, supply-chain distribution via the TeamPCP partnership, and a polished operator panel,” Check Point concluded. “In practice, the technical implementation falls significantly short of its presentation.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Why Secure Data Movement Is the Zero Trust Bottleneck Nobody Talks About

Every security program is betting on the same assumption: once a system is connected, the problem is solved. Open a ticket, stand up a gateway, push the data through. Done. That assumption is wrong.

It is also a major reason Zero Trust programs stall. New research my team just published puts numbers on it. The Cyber360: Defending the Digital Battlespace report, based on a survey of 500 security leaders in government, defense, and critical services across the U.S. and UK, found that 84% of government IT security leaders agree that sharing sensitive data across networks heightens their cyber risk.

More than half - 53% - still rely on manual processes to move that data between systems. In 2026. With AI accelerating the pace of operations on both sides. That is the Zero Trust gap nobody talks about.

Not identity. Not endpoints. The movement of data itself. The Threat Volume Is Rising Faster Than the Controls Cyber360 recorded an average of 137 attempted or successful cyberattacks per week against national security organizations in 2025, up from 127 the previous year.

U.S. agencies saw the weekly rate surge 25%. Verizon’s 2025 Data Breach Investigations Report tracks a similar trajectory on the enterprise side: third-party involvement in breaches doubled year over year, reaching 30% of all incidents. IBM’s 2025 Cost of a Data Breach Report put the average cost of a breach spanning multiple environments at $5.05 million, roughly $1 million more than on-premises-only incidents.

The boundaries between IT and OT, between tenants, between partner and internal environments are where the money and the dwell time sit right now. Connectivity Is Not the Same as Secure Data Movement The moment data crosses a boundary, whether between an OT network and the enterprise SOC, between a partner tenant and your cloud, or between classified and unclassified, it stops being a routing problem and becomes a trust problem. It has to be validated, filtered, and policy-controlled before anything downstream can act on it. That is where modern architectures slow down.

The Cyber360 data is blunt about where the pain is concentrated: 78% of respondents cited outdated infrastructure as a primary source of cyber vulnerability, specifically pointing to analog systems and manual processes as weak links. 49% named ensuring data integrity and preventing tampering in transit as their single biggest challenge when transferring information across classified or coalition networks. 45% flagged managing identity and authentication across multiple domains as their biggest access challenge. Integrity in transit, identity across domains, and manual processes are still in the loop.

That is a working description of the attack surface adversaries have been exploiting for three years. The enterprise data tells the same story in a different language. Dragos’ 2025 OT Cybersecurity Report found that 75% of OT attacks now originate as IT breaches, with roughly 70% of OT systems expected to connect to IT networks within the next year. The traditional IT/OT air gap is effectively gone.

The managed file transfer breaches drive the point home. Cl0p’s exploitation of MOVEit compromised more than 2,700 organizations and exposed the personal data of roughly 93 million individuals. The same playbook worked against GoAnywhere and Cleo. Every one of those incidents was, at its core, an attack on the pipes that move data between trust boundaries.

The Speed-vs-Security Trade-off Is a Myth There is a persistent belief that you can either move data fast or move it securely. Pick one. In practice, most teams pick security and accept the delay. That works when decision cycles are measured in minutes.

It does not work when they are measured in seconds, and it collapses completely when they are measured in milliseconds. AI is accelerating on both sides. Detection and response pipelines are moving toward autonomous action. They do not wait for a gateway to finish inspecting a file.

When 53% of national security organizations are still moving data manually, the delta between AI-speed demand and analog-speed supply becomes the attack surface. An AI model, whether it is running fraud detection, threat triage, or targeting analysis, is only as good as the data reaching it. When that data cannot move freely, or cannot be trusted when it arrives, the model runs on stale or partial context. The bottleneck is not the intelligence layer.

It is the plumbing underneath. The Role of Cross Domain Technologies This is where cross-domain technologies earn their place, and not as a compliance checkbox. Done properly, they remove the forced choice between speed and security. They enforce trust at the boundary instead of after it.

They let systems operate as a coordinated whole, instead of as a set of isolated islands stapled together with point-to-point integrations that attackers have now demonstrated they can dismantle at scale. The Cyber360 research points toward a specific architectural answer: a layered model combining Zero Trust, Data Centric Security, and Cross Domain Solutions. No single framework closes the gap alone. Zero Trust governs who and what.

Data-centric security governs the data itself, wherever it goes. Cross-domain solutions govern the movement between environments. Together, they let secure data sharing happen at near-real-time speed across classified, coalition, and operational boundaries. The principle applies well beyond defense: enterprise programs where SOC data crosses OT, IT, and cloud boundaries; critical infrastructure where operational data has to reach decision-makers without dropping integrity; multi-party investigations where partner data has to flow in both directions under policy.

The Bottom Line The assumption that data arrives trusted the moment it crosses a boundary is the assumption that attackers are most reliably exploiting right now. The boundary is the attack surface. Movement is where policy collapses. And when more than half of national security organizations are still moving sensitive data through manual processes, the gap between mission speed and control speed is not just a bottleneck.

It is the vulnerability. That is the space Everfox works in: securing the access, transfer, and movement of data across environments at mission speed. For the architecture patterns, control placements, and operational pitfalls, see our A Guide to Secure Collaboration & Data Movement . Note: This article is written and contributed by Petko Stoyanov, Chief Technology Officer, Everfox.

Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE

Cybersecurity researchers have disclosed details of a critical security flaw impacting LeRobot , Hugging Face’s open-source robotics platform with nearly 24,000 GitHub stars , that could be exploited to achieve remote code execution. The vulnerability in question is CVE-2026-25874 (CVSS score: 9.3), which has been described as a case of untrusted data deserialization stemming from the use of the unsafe pickle format . “LeRobot contains an unsafe deserialization vulnerability in the async inference pipeline, where pickle.loads() is used to deserialize data received over unauthenticated gRPC channels without TLS in the policy server and robot client components,” according to a GitHub advisory for the flaw. “An unauthenticated network-reachable attacker can achieve arbitrary code execution on the server or client by sending a crafted pickle payload through the SendPolicyInstructions, SendObservations, or GetActions gRPC calls.” According to Resecurity, the problem is rooted in the async inference PolicyServer component, allowing an unauthenticated attacker who can reach the PolicyServer network port to send a malicious serialized payload and run arbitrary operating system commands on the host machine running the service.

The cybersecurity company said the vulnerability is “dangerous” as the service is designed for artificial intelligence inference systems, which tend to run with elevated privileges to access internal networks, datasets, and expensive compute resources. Should the flaw be exploited by an attacker, it could enable a wide range of actions, including - Unauthenticated remote code execution Complete compromise of the PolicyServer host Impact connected robots Theft of sensitive data, such as API keys, SSH credentials, and model files Move laterally across the network Crash services, corrupt models, or sabotage operations, leading to physical safety risks VulnCheck security researcher Valentin Lobstein, who discovered and published additional details of the shortcoming last week, said it has been successfully validated against LeRobot version 0.4.3. The issue currently remains unpatched, with a fix planned in version 0.6.0 . Interestingly, the same flaw was independently reported by another researcher who goes by the online alias “chenpinji” sometime in December 2025.

The LeRobot team responded earlier this January, acknowledging the security risk and noting “that part of the codebase needs to be almost entirely refactored as its original implementation was more experimental.” “That said, LeRobot has so far been primarily a research and prototyping tool, which is why deployment security hasn’t been a strong focus until now,” Steven Palma, tech lead of the project, said. “As LeRobot continues to be adopted and deployed in production, we’ll start paying much closer attention to these kinds of issues. Fortunately, being an open-source project, the community can also help by reporting and fixing vulnerabilities.” The findings once again expose the dangers of using the pickle format, as it paves the way for arbitrary code execution attacks simply by loading a specially crafted file. “The irony here is hard to overstate,” Lobstein noted.

“Hugging Face created Safetensors – a serialization format designed specifically because pickle is dangerous for ML data. And yet their own robotics framework deserializes attacker-controlled network input with pickle.loads(), with

nosec comments

to silence the tool that was trying to warn them.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

99% of Mythos Findings Remain Unpatched. Defenders Are Building the Response

After Mythos: New Playbooks For a Zero-Window Era

When patching isn’t fast enough, NDR helps contain the next era of threats. If you’ve been tracking advancements in AI, you know the exploit window, the short buffer that organizations relied on to patch and protect after a vulnerability disclosure, is closing fast. Anthropic’s new model, Claude Mythos , and its Project Glasswing , showed that finding exploitable vulnerabilities and subtle cracks in your defenses in operating systems and browsers — work that once took experts weeks — can now be done in minutes with AI. As a result, the patch window of opportunity is now near-zero .

The situation is so critical that Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell recently convened an urgent meeting with the CEOs of major U.S. financial institutions to discuss the implied risks. The takeaway was straightforward: surging AI capabilities have upended risk profiles, with profound implications for institutional stability and integrity across industries. Mythos also highlights the gap between discovery and remediation.

It easily surpassed human expertise, solving a complex corporate network simulation that would have taken more than 10 hours of expert programming skill. Its discoveries also found problems in decades-old software that had been missed in thousands of security reviews. From Mythos to the assume-breach era Mythos isn’t the only AI model capable of finding vulnerabilities this quickly. Other parties have found them using more basic LLMs.

If your company uses any type of software, you should assume that software probably contains thousands of these unknown vulnerabilities, just waiting to be exploited by AI-assisted discovery. This is not a failure of your security team; rather, it’s the structural consequence of 30 years of accumulated software complexity meeting a leap in offensive AI capability. Now that near-zero exploit windows are the norm,
“patch faster” or “patch better” are no longer enough. Security teams will need new playbooks
, based on an
assume-breach model
breaches will happen, and detecting them as they occur and containing them at scale will be paramount.

These outcomes are decided in real time, on the network. How to bring an assume-breach model into everyday operations The assume-breach model has three operational requirements, each of which uses automated methods designed to collapse time to containment: Detect post-breach behavior before a threat escalates across your enterprise Reconstruct the complete attack chain as soon as possible Contain threats rapidly to limit their blast radius In practice, this method of containment requires: Visualizing containment as the scoreboard Prioritize reducing mean-time-to-contain (MTTC) to limit damage while maintaining your watch over detection and response metrics (MTTD and MTTR). As AI accelerates exploitation and reshapes attack methods, the importance of speed in pinpointing, containing, and resolving threats increases. Compressing MTTC starts with real-time, comprehensive network visibility.

With it, SOCs can detect post-breach behavior, determine the blast radius, and disrupt events before they spread further. Monitoring for AI-favored techniques Autonomous AI attacks increasingly use sophisticated techniques to evade detection, including living-off-the-land (LOTL) methods that conceal malicious activity within legitimate tools and processes. Network Detection and Response ( NDR ) platforms play a crucial role in identifying these subtle indicators of compromise. They do this by continuously monitoring network traffic for unusual behavior.

Signs of such activity might appear as unusual SMB admin shares, NTLM where Kerberos is expected, or new RDP/WMI/DCOM pivots, all of which can signify lateral movement across your network. Advanced NDR platforms can also detect attackers leveraging LOTL techniques to maintain command and control communications and exfiltrate data while trying to avoid generating alarms. Indicators of command and control can manifest as beacon‑like connection patterns, rare JA3/JA4 and SNI pairs, high‑entropy DNS, or unsanctioned DoH or DoT. Anomalies such as off‑hours uploads, upload/download asymmetry, first‑time destinations (e.g., S3, Blob, GCS, or new CDNs), compression before egress, or the presence of tunnels and VPNs to new destinations can indicate exfiltration.

Automating and maintaining your software inventory Many organizations still lack a real-time, accurate inventory of their software, leaving them struggling to understand how assets connect and communicate. This gap creates openings for adversaries. Automating asset inventory and mapping helps organizations understand their exposure, react more quickly to emerging threats, and shrink the available windows for exploiting vulnerabilities. Correlating and reconstructing attack chains Once a breach is detected, quickly understanding the scope is vital, especially as AI-driven threats move too fast for manual analysis.

The once painstaking process of reconstructing events needs to be automated and delivered in real time. Corelight Investigator , part of the company’s Open NDR Platform , automatically correlates alerts and network activity to help reconstruct detailed timelines of attacks. This makes it easier for your own systems to automate the response workflow, and to improve your resilience against these attacks. Automating containment Advances in detection and attack reconstruction should drive decisive, reliable containment.

Limiting the spread of threats, the third leg of the assume-breach model, is what turns data and insight into tangible protection. Embedding automated containment into network defense workflows can reduce the risk that fast-moving threats escalate into widespread incidents. Toward a Mythos-ready security future Claude Mythos and other AI models are rapidly upending long-standing practices in cybersecurity. Preparing for this dynamic landscape means, in part, building adaptive defensive layers that can help you accelerate your defenses against adversarial AI.

Monitor: Maintain continuous network visibility and automate detections to identify threats early. Assume-breach: Operate under the expectation that breaches will occur and focus on rapid response and containment. Protect: Safeguard your trusted ecosystems by strengthening controls where AI-driven attacks can cause the most damage. Builda “Mythos-ready” security program, as suggested by the Cloud Security Alliance .

Sharpen: Continuously refine your playbooks and response strategies to counter evolving threats. Corelight Network Detection and Response Uncover new attack methods with Corelight’s Open NDR Platform . With comprehensive network visibility and deep behavioral analytics, Corelight is designed to help your SOC detect advanced, AI-powered threats faster, so you can act before incidents escalate. Learn more at corelight.com/elitedefense .

Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Chinese Silk Typhoon Hacker Extradited to U.S. Over COVID Research Cyberattacks

A Chinese national accused of being a member of the Silk Typhoon hacking group has been extradited to the U.S. from Italy. Xu Zewei, 34, was arrested in July 2025 by Italian authorities for his alleged links to the Chinese state-sponsored threat group and for orchestrating cyber attacks against American organizations and government agencies between February 2020 and June 2021, including breaking into systems at a Texas university to steal COVID-19 vaccine information. He was charged with nine counts of wire fraud and conspiracy to cause damage to and obtain information by unauthorized access to protected computers, as well as committing aggravated identity theft.

Xu, along with co-defendant and Chinese national Zhang Yu, is said to have undertaken the attacks under directions issued by the Ministry of State Security’s (MSS) Shanghai State Security Bureau (SSSB). Some of these attacks weaponized then zero-days in Microsoft Exchange Server, a threat activity cluster that Microsoft tracked as Hafnium, to breach targets and deploy web shells for remote administration. Xu worked for a company named Shanghai Powerock Network Co. Ltd.

when the attacks were carried out, per the indictment. The U.S. Department of Justice (DoJ) said Powerock was one of many “enabling” companies in China that conducted hacking operations for the government. “In early 2020, Xu and his co-conspirators hacked and otherwise targeted U.S.-based universities, immunologists, and virologists conducting research into COVID‑19 vaccines, treatment, and testing,” the DoJ added.

“The charges further allege that beginning in late 2020, Xu and his co-conspirators exploited certain vulnerabilities in Microsoft Exchange Server, a widely-used Microsoft product for sending, receiving, and storing email messages.” However, the defendant has repeatedly denied any involvement in Chinese government hacking operations, claiming his arrest was a case of mistaken identity. He was in Milan with his wife on vacation when he was apprehended. Speaking to TechCrunch , Xu’s lawyer said he pleaded not guilty to all charges during a court hearing on Monday. Zhang Yu remains at large.

Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Microsoft Patches Entra ID Role Flaw That Enabled Service Principal Takeover

An administrative role meant for artificial intelligence (AI) agents within Microsoft Entra ID could enable privilege escalation and identity takeover attacks, according to new findings from Silverfort . Agent ID Administrator is a privileged built-in role introduced by Microsoft as part of its agent identity platform to handle all aspects of an AI agent’s identity lifecycle operations in a tenant. The platform enables AI agents to authenticate securely and access necessary resources, as well as discover other agents. However, the shortcoming discovered by the identity security platform meant that users assigned the Agent ID Administrator role could take over arbitrary service principals , including those beyond agent-related identities, by becoming an owner and then add their own credentials to authenticate as that principal.

“That’s full service principal takeover,” security researcher Noa Ariel said . “In tenants where high-privileged service principals exist, it becomes a privilege escalation path.” This ownership of a service principal effectively opens the door to an attacker to operate within the scope of its existing permissions. If the targeted service principal holds elevated permissions – particularly privileged directory roles and high-impact Graph app permissions – it can give an attacker broader control over the tenant. Following responsible disclosure on March 1, 2026, Microsoft rolled out a patch across all cloud environments to remediate the scope overreach on April 9.

Following the fix, any attempt to assign ownership over non-agent service principals using the Agent ID Administrator role is now blocked, and leads to a “Forbidden” error message being displayed. Silverfort noted that the architectural issue highlights the need for validating how roles are scoped and permissions are applied, especially when it comes to shared identity components and new identity types are built on top of the foundations of existing primitives. To mitigate the threat posed by this risk, organizations are advised to monitor sensitive role usage, particularly those related to service principal ownership or credential changes, track service principal ownership changes, secure privileged service principals, and audit credential creation on service principals. “Agent identities are part of the broader shift toward non-human identities, built for the age of AI agents,” Ariel noted.

“When role permissions are applied on top of shared foundations without strict scoping, access can extend beyond what was originally intended. In this case, that gap led to broader access, especially when privileged service principals were involved.” “Additionally, the overall risk is influenced by tenant posture, particularly around privileged service principals, where ownership abuse remains a well-known and impactful attack path.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202

Microsoft on Monday revised its advisory for a now-patched, high-severity security flaw impacting Windows Shell to acknowledge that it has been actively exploited in the wild. The vulnerability in question is CVE-2026-32202 (CVSS score: 4.3), a spoofing vulnerability that could allow an attacker to access sensitive information. It was addressed as part of its Patch Tuesday update for this month. “Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network,” Microsoft noted in an alert.

“An attacker would have to send the victim a malicious file that the victim would have to execute.” “An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).” On April 27, 2026, Microsoft said it rectified the “Exploitability Index, Exploited flag, and CVSS vector” as they were incorrect when they were published on April 14. While the tech giant did not share any details about the exploitation activity, Akamai security researcher Maor Dahan, who is credited with discovering and reporting the bug, said the zero-click vulnerability stems from an incomplete patch for CVE-2026-21510. The latter has been weaponized by a Russian nation-state group tracked as APT28 (aka Fancy Bear, Forest Blizzard, GruesomeLarch, and Pawn Storm) along with CVE-2026-21513 as part of an exploit chain - CVE-2026-21510 (CVSS score: 8.8) - A protection mechanism failure in Windows Shell that allows an unauthorized attacker to bypass a security feature over a network.

(Fixed by Microsoft in February 2026 ) CVE-2026-21513 (CVSS score: 8.8) - A protection mechanism failure in MSHTML Framework that allows an unauthorized attacker to bypass a security feature over a network. (Fixed by Microsoft in February 2026 ) It’s worth noting that the abuse of CVE-2026-21513 was also flagged by the web infrastructure and security company early last month, linking it to APT28 after unearthing a malicious artifact in January 2026. CVE-2026-21510 Exploitation The campaign, targeting Ukraine and E.U. nations in December 2025, leverages a malicious Windows Shortcut (LNK) file to exploit the two vulnerabilities, effectively bypassing Microsoft Defender SmartScreen and enabling attacker-controlled code to be executed.

“APT28 leverages the Windows Shell namespace parsing mechanism to load a dynamic-link library (DLL) from a remote server using a UNC path,” Dahan explained . “The DLL is loaded as part of the Control Panel ( CPL ) objects without proper network zone validation. Akamai said the February 2026 patch, while mitigating the remote code execution risk by triggering a SmartScreen check of the CPL file’s digital signature and origin zone, still allowed the victim machine to authenticate to the attacker’s server and automatically fetch the CPL file by resolving the Universal Naming Convention ( UNC ) path and initiating an SMB connection without requiring user interaction. “When that path is a UNC path (like ‘\attacker.com\share\payload.cpl’), Windows initiates an SMB connection to the attacker’s server,” Dahan said.

“This server message block (SMB) connection triggers an automatic NTLM authentication handshake, sending the victim’s Net-NTLMv2 hash to the attacker, which can later be used for NTLM relay attacks and offline cracking.” “While Microsoft fixed the initial RCE (CVE-2026-21510), an authentication coercion flaw (CVE-2026-32202) remained. This gap between path resolution and trust verification left a zero-click credential theft vector via auto-parsed LNK files.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack

Checkmarx has disclosed that its ongoing investigation tied to the supply chain security incident has revealed that a cybercriminal group published data related to the company on the dark web. “Based on current evidence, we believe this data originated from Checkmarx’s GitHub repository, and that access to that repository was facilitated through the initial supply chain attack of March 23, 2026,” the Israeli security company said . It also emphasized that the GitHub repository is maintained separately from its customer production environment, adding that no customer data is stored in the repository. Checkmarx said its forensic probe into the incident is ongoing and that it’s actively working to verify the nature and scope of the posted data.

Furthermore, the company said it has locked down access to the affected GitHub repository as part of its incident response efforts. “If we determine that customer information was involved in this incident, we will notify customers and all relevant parties immediately,” it said. The development comes after the Dark Web Informer shared in an X post that the LAPSUS$ cybercrime group claimed three victims on its data leak site, one of which includes Checkmarx. The data, per the listing, contains source code, employee database, API keys, and MongoDB/MySQL credentials.

Checkmarx suffered a breach late last month following the Trivy supply chain attack, as a result of which two of its GitHub Actions workflows and two plugins distributed via the Open VSX marketplace were tampered with to push a credential stealer capable of harvesting a wide range of developer secrets. The threat actor known as TeamPCP claimed responsibility for the attack. Last week, the financially motivated group is suspected to have compromised Checkmarx’s KICS Docker image, along with the two VS Code extensions and a GitHub Actions workflow with a similar credential-stealing malware. This, in turn, had a cascading impact, leading to a brief compromise of the Bitwarden CLI npm package .

Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

⚡ Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More

Everything is dumb again. This week feels broken in a very familiar way. Old tricks are back. New tools are doing shady crap.

Supply chains got hit. Fake help desks worked. Weird research showed how easy some attacks still are. Most of it feels like stuff we should have fixed years ago.

Bad extensions. Stolen creds. Remote tools are getting abused. Malware hides in places people trust.

Same mess, cleaner packaging. Coffee is cold. The vuln list is ugly. Let’s get into it.

⚡ Threat of the Week New fast16 Malware Was Developed Years Before Stuxnet —A new Lua-based malware called fast16, created years before the notorious Stuxnet worm, is designed to primarily target high-precision calculation software to tamper with results. The framework dates back to 2005. Analysis suggests that fast16 was active at least five years before the emergence of Stuxnet. Widely regarded as a joint U.S.-Israeli project, Stuxnet marked a turning point in cyber warfare as the first disruptive digital weapon and eventually served as the blueprint for the Duqu information-stealing rootkit.

Fast16, however, establishes a much earlier timeline for such sophisticated operations. The development places its origin well before Stuxnet came into being. Although it’s currently not known if it was ever deployed in the wild, the investigation found three potential types of physical simulation software that the malware might have been designed to tamper with. “It focuses on making slight alterations to these calculations so that they lead to failures – very subtle ones, perhaps not immediately apparent,” security researcher Vitaly Kamluk told WIRED.

“Systems might wear out faster, collapse, or crash, and scientific research could yield incorrect conclusions, potentially causing serious harm.” Automated Session Termination & Activity Summaries: Goodbye Manual Log Reviews Threats move fast. KeeperAI moves faster. With real-time, agentic AI threat detection and response, high-risk sessions are instantly terminated, and every action is categorized into risk levels and summarized. Automate insider threat detection and eliminate manual log reviews forever.

Start a Free Trial ➝ 🔔 Top News UNC6692 Resorts to Teams Help Desk Impersonation —A new threat group tracked as UNC6692 uses social engineering to deploy a new, custom malware suite named Snow, which consists of a browser extension, a tunneler, and a backdoor. The end goal is to steal sensitive data after network compromise through credential theft and domain takeover. “This component is where active reconnaissance and mission completion occur,” Google Mandiant noted. “Attacker commands (such as whoami or net user) are sent through the SnowGlaze tunnel, intercepted by the SnowBelt extension, and then proxied to the SnowBasin local server via HTTP POST requests.

SnowBasin executes these commands and relays the results back through the same pipeline to the attacker.” U.S. Federal Agency Targeted by FIRESTARTER Backdoor —The U.S. Cybersecurity and Infrastructure Security Agency (CISA) revealed that an unnamed federal civilian agency’s Cisco Firepower device running Adaptive Security Appliance (ASA) software was compromised in September 2025 with a new malware called FIRESTARTER. FIRESTARTER is assessed to be a backdoor designed for remote access and control.

It’s believed to be deployed as part of a “widespread” campaign orchestrated by an advanced persistent threat (APT) actor to obtain access to Cisco Adaptive Security Appliance (ASA) firmware by exploiting now-patched security flaws such as CVE-2025-20333 and CVE-2025-20362. Given the backdoor’s ability to survive patches and system reboots, Cisco is recommending users reimage and update to the latest fixed versions. Lotus Wiper Malware Targets Venezuelan Energy Systems —A previously undocumented data wiper codenamed Lotus Wiper has been used in attacks targeting the energy and utilities sector in Venezuela at the end of last year and the start of 2026. “Two batch scripts are responsible for initiating the destructive phase of the attack and preparing the environment for executing the final wiper payload,” Kaspersky said.

“These scripts coordinate the start of the operation across the network, weaken system defenses, and disrupt normal operations before retrieving, deobfuscating, and executing a previously unknown wiper.” Once deployed, the wiper erases recovery mechanisms, overwrites the content of physical drives, and systematically deletes files across affected volumes, effectively leaving the system in an inoperable state. The Gentlemen Deploys SystemBC Malware —Threat actors associated with The Gentlemen ransomware‑as‑a‑service (RaaS) operation have been observed attempting to deploy a known proxy malware called SystemBC. The ransomware group has quickly made a name for itself in a matter of months, claiming more than 320 victims on its data leak site since its emergence in July 2025. According to Comparitech , the group claimed 202 attacks last quarter, second only to Qilin’s 353 claims.

NCC Group found The Gentlemen was responsible for 34 attacks in January and 67 in February 2026, making it a prominent player alongside other established groups like Qilin, Akira, and Cl0p. “The emergence of The Gentlemen group among the top three most active threat actors is notable as it demonstrates how a relatively new group can scale operations rapidly,” NCC Group said . The development comes as another nascent ransomware group called Kyber has attracted attention for becoming the first RaaS crew to adopt the Kyber1024 (aka ML-KEM) post-quantum encryption algorithm for its Windows variant of the locker. In related news, the threat actors linked to the Trigona ransomware, dubbed Rhantus , have been observed using a custom data exfiltration tool that’s designed to provide attackers with more control over what files to choose (or ignore) and facilitate rapid data transfer by opening five parallel connections per file.

The attacks were detected in March 2026. It’s not known why the threat actors shifted from readily available tools like Rclone. The use of custom tooling in the ransomware landscape is something of a rarity, even as it’s a double-edged sword for attackers. “While it requires development resources and time, these tools can provide a level of stealth that generic tools cannot match, at least until they’re discovered,” the Symantec and Carbon Black Threat Hunter Team said.

Bitwarden CLI Compromised in Supply Chain Campaign —Bitwarden CLI, the command-line interface for the password manager Bitwarden, was compromised as part of a new supply chain attack that targeted Checkmarx’s Docker images, Visual Studio Code extensions, and GitHub Actions workflow. The affected package, @bitwarden/cli@2026.4.0, contained malicious code to steal sensitive data from developer systems. The malware also features self-propagation capabilities, using stolen npm credentials to identify packages the victim can modify and inject them with malicious code to expand its reach. Bitwarden has since addressed the issue.

The attack appears to be the work of a threat actor known as TeamPCP , although references to the string “Shai-Hulud: The Third Coming” have complicated attribution. 🔥 Trending CVEs Bugs drop weekly, and the gap between a patch and an exploit is shrinking fast. These are the heavy hitters for the week: high-severity, widely used, or already being poked at in the wild. Check the list, patch what you have, and hit the ones marked urgent first — CVE-2026-40372 (Microsoft ASP.NET Core), CVE-2026-33626 (LMDeploy), CVE-2026-5760 (SGLang), CVE-2026-5752 (Cohere AI Terrarium), CVE-2026-3517, CVE-2026-3518, CVE-2026-3519, CVE-2026-4048 (Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager, and MOVEit WAF), CVE-2026-21876 (Progress MOVEit WAF), CVE-2026-32173 (Microsoft Azure SRE Agent), CVE-2026-25262 ( Qualcomm ), CVE-2025-24371 (CometBFT), CVE-2026-5754 (Radware Alteon), CVE-2026-40872 (Mailcow), CVE-2026-27654 (Nginx), CVE-2026-5756 (DRC INSIGHT), CVE-2026-5757 (Ollama), CVE-2026-41651 aka Pack2TheRoot (Linux PackageKit), CVE-2026-33824 (Microsoft Windows IKEv2), CVE-2026-21571, CVE-2026-33871 (Atlassian Bamboo Data Center), CVE-2026-40050 (CrowdStrike LogScale), CVE-2026-32604, CVE-2026-32613 (Spinnaker), CVE-2026-33694 ( Tenable Nessus Agent on Windows ), TRA-2026-30 (Windows-driver-samples), TRA-2026-35 (Yuma AI), and a remote code execution flaw in Slippi (no CVE).

🎥 Cybersecurity Webinars Stop Testing, Start Validating: Outsmart Hackers with Agentic AI → Stop guessing which security gaps matter most while hackers use AI to find them for you. Most tools just follow a static checklist, but “Agentic Exposure Validation” actually thinks like an attacker, uncovering hidden paths into your network that traditional scans miss. Join this webinar to see how autonomous AI agents can test your defenses 24/7 and help you fix the risks that truly matter before they are exploited. Stop the Spread: How to Kill “Patient Zero” Before Your Network Goes Down → It only takes one “Patient Zero” to bring down your entire company.

While traditional tools look for old threats, modern hackers are using AI-powered tricks to slip past your defenses undetected. Join this webinar to see how these new attacks work and learn simple “Zero Trust” steps to stop a breach before it spreads. Don’t wait for a crisis—learn how to lock down your network today. Connect the Dots: Stop Attackers Before They Reach Your Data → Hackers aren’t just looking for one big bug; they are chaining small, hidden gaps in your code and cloud to create a direct path to your data.

Most security tools only see these issues in isolation, leaving you blind to the “big picture” thatan attacker sees. Join this webinar to learn how to map these complex attack paths and fix the real risks before they are exploited. 📰 Around the Cyber World Turning the Web Into a Trap for LLMs —Google has revealed that indirect prompt injections (IPI) are a top security priority, calling it a “primary attack vector for adversaries to target and compromise AI agents.” Unlike regular prompt injection that seeks to manipulate a chatbot into executing malicious instructions, IPI occurs when an AI system processes content, like a website, email, or document, that contains nefarious commands. As this content is processed by the AI, it may end up following the attacker’s commands instead of the user’s original intent.

This is complicated by the fact that attackers use a gaggle of tricks to hide malicious instructions from human eyes while keeping them fully visible to AI. This often involves making the text invisible through CSS, encoding it in various formats, or stashing it in unexpected locations. In at least one malicious scenario, Google flagged a number of websites that attempt to vandalize the machines of anyone using AI assistants. If executed, the commands in this example would try to delete all files on the user’s machine.

Some websites include prompt injections for the purpose of SEO, trying to manipulate AI assistants into promoting their business over others. “Additionally, even though sophistication was low, we observed an uptick in detections over time: We saw a relative increase of 32% in the malicious category between November 2025 and February 2026, repeating the scan on multiple versions of the [CommonCrawl] archive,” Google said . “This upward trend indicates growing interest in IPI attacks.” Meta Debuts Improved Meta Account —Meta has introduced an improved Meta Account as a centralized way to sign in and manage Meta apps and devices like Facebook, Instagram, and AI glasses. Besides adding support for passkeys, Meta also allows users to “optionally set up a single password to log into your apps and devices so you no longer have to remember multiple passwords.” X Launches XChat —X launched XChat as a standalone app for iOS, allowing users on the platform to connect with others for messaging, file sharing, audio and video calls, as well as group chats.

The company claims all messages are end-to-end encrypted and PIN-protected — though security experts have previously disputed the company’s encryption claims when an early version was teased last year. XChat’s app listing page shows that it can collect location, contacts, search history, usage data, identifiers, and device diagnostics, and link that information to a user’s identity directly. Meta Plans to Track Employee Mouse Movements, Keystrokes for AI Model Training —Meta is installing tracking software on the systems of U.S. employees to capture mouse movements, clicks, and keystrokes, per a report from Reuters.

Meta said the data will be used to train its artificial intelligence (AI) models and will not be used for employee reviews. In a similar development, GitHub notified users that the GitHub CLI now collects anonymous usage telemetry by default and that they should disable the feature if they do not want to share such information. Surge in Attacks Involving Compromised Bomgar Instances —Huntress has recorded an uptick in incidents involving compromised Bomgar remote monitoring and management (RMM) instances. “The surge follows intermittent waves of exploitation we have seen over the past two months, after BeyondTrust first disclosed a critical-severity flaw ( CVE-2026-1731 ) in Bomgar in February,” the company said .

“On February 6, 2026, BeyondTrust issued fixes for the flaw in Bomgar (rebranded as BeyondTrust Remote Support), which could be exploited by an unauthenticated attacker to remotely execute code.” The specific root cause behind these attacks is not clear, but the incidents likely stem from the exploitation of CVE-2026-1731. Fortra has also spotted phishing campaigns trying to lure victims into installing Datto’s CentraStage remote monitoring and management tool, which attackers are then using to connect back into the victim’s internal network. The findings demonstrate threat actors’ continued shift toward exploiting RMMs rather than using traditional malware. Over 1.2K C2 Servers Linked to Russian Infrastructure Providers —A large-scale study of the Russian web hosting space has found more than 1,250 malicious command-and-control servers hosted inside Russia this year.

Most of the servers are linked to malware families and IoT botnets, such as Keitaro, Hajime, Cobalt Strike, Sliver, Mozi, and Mirai, according to Hunt.io. Tether Freezes $344M —Tether announced that it supported the U.S. Government in freezing $344 million USD₮ across two addresses. “The freeze was executed after the addresses were identified, preventing further movement of funds,” the company said .

“The freeze follows information shared with Tether by several U.S. authorities about activity tied to unlawful conduct. When wallets are identified as connected to sanctions evasion, criminal networks, or other illicit activity, Tether can move to restrict those assets.” According to TRM Labs , the two wallet addresses are associated with the Central Bank of Iran. The wallets received roughly $370 million across approximately 1,000 transactions since March 2021.

“Over the last few months, OFAC has taken unprecedented action against Iran’s use of crypto infrastructure,” said Ari Redbord, TRM Labs’s Global Head of Policy. “As the regime leans more heavily on cryptocurrency to move funds outside the U.S. financial system, U.S. law enforcement and regulators are working closely with private-sector initiatives like T3 to freeze and seize Iran-associated wallets.

This is exactly the kind of public-private disruption needed to take on rogue nation-state actors like Iran.” Malicious Chrome Extension Masquerades as Google Authenticator —A malicious Chrome extension posing as the official Google Authenticator app was identified in the official extension marketplace as part of an ongoing malicious campaign codenamed AIFrame , active since at least early 2026. “The extension appears to use Chrome’s localization system and skeleton code to bypass security reviews,” DomainTools said . “Despite its functional appearance, it requests broad, unnecessary permissions and contains ‘dormant infrastructure.’ This extension is linked to at least six others through a shared developer front, two of which already carry fully operational malicious payloads. These extensions utilize hidden iframes to inject attacker-controlled content into every webpage, deploy fraudulent paywalls for free services, and maintain bidirectional communication with C2 servers.” Compromised WordPress Sites Push ClickFix Schemes — Multiple websites have been compromised by a ClickFix clipboard hijacker that aims to trick users into pasting malicious commands into the Windows Run dialog or the macOS Terminal app to deliver malware.

The kill chain is assessed to share overlaps with a known traffic distribution system (TDS) named KongTuke . New Phishing Toolkits Discovered —A number of new phishing-as-a-service toolkits have been spotted in the wild: OLUOMO , ATHR , VENOM , p1bot , TMoscow Bot , REFUNDEE , and UPMI . 🔧 Cybersecurity Tools Malfixer → Stop wasting hours manually repairing broken malware just to see how it works. Malfixer does the heavy lifting by automatically rebuilding corrupted or “packed” files so they are ready for analysis in seconds.

It is a simple, effective way to bypass the tricks hackers use to hide their code, letting you get straight to your investigation. SmokedMeat → Most developers have no idea how many “shadow” tools and scripts are hidden inside their software build pipelines. Smokedmeat shines a light on these forgotten GitHub Actions and third-party tools by quickly scanning your environment to show you exactly what is running. It is a simple way to find hidden back doors and security risks before attackers do.

Disclaimer: This is strictly for research and learning. It hasn’t been through a formal security audit, so don’t just blindly drop it into production. Read the code, break it in a sandbox first, and make sure whatever you’re doing stays on the right side of the law. Conclusion Same pattern, new mess.

Patch the obvious stuff first. Check the weird logins. Look hard at browser extensions, remote tools, and anything that touches your build chain. The boring checks are boring until they save prod.

That’s it for this week. Keep backups clean, MFA tight, and your trust budget low. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Mythos Changed the Math on Vulnerability Discovery. Most Teams Aren’t Ready for the Remediation Side

Anthropic’s Claude Mythos Preview has dominated security discussions since its April 7 announcement. Early reporting describes a powerful cybersecurity-focused AI system capable of identifying vulnerabilities at scale and raising serious questions about how quickly organizations can validate, prioritize, and remediate what it finds. The debate that followed has mostly focused on the right questions: Is this a step-change or an incremental advance? Does restricting access to Microsoft, Apple, AWS, and JPMorgan actually reduce risk, or does it just concentrate defensive advantage among the already-well-defended?

What happens when adversaries—state actors, criminal enterprises—build equivalent capability? These are important. But there’s a quieter operational problem that’s getting less airtime, and it’s the one that will actually determine whether most organizations survive this shift. The Discovery-to-Remediation Gap The Mythos announcement, and the broader AI security conversation it kicked off, is largely about finding vulnerabilities faster.

That’s valuable. But finding a vulnerability and fixing it are two entirely different workflows, and the gap between them is where most security programs quietly bleed out. That’s exactly the gap PlexTrac was built to close. Consider what typically happens after a penetration test or a vulnerability scan surfaces a critical finding: it goes into a spreadsheet, or a ticket, or a PDF report that lands in someone’s inbox.

The security team knows about it. The engineering team may or may not know about it. Remediation ownership is ambiguous. There’s no clean way to track whether the patch actually shipped, or whether it was deprioritized, or whether a re-test was ever scheduled.

Meanwhile, the findings are. AI models like Mythos will accelerate the input side of this pipeline dramatically. They can discover vulnerabilities at a pace and depth that human red teams simply can’t match. But if the organizational infrastructure for triaging, prioritizing, communicating, and verifying fixes hasn’t kept pace, faster discovery just means a faster-growing backlog of unresolved critical issues.

This is the problem that a model like Mythos actually makes more acute. If your current pentest process takes three weeks to surface ten high-severity findings, and remediation is already struggling to keep up, what happens when that same surface area is scanned continuously and generates findings at ten times the rate? Schneier’s False Positive Problem Is Real Bruce Schneier raised a sharp point in his writeup: we don’t know Mythos’s false positive rate on unfiltered output. Anthropic reports 89% severity agreement with human contractors on the findings they showcased —but that’s a curated sample, not a full-run distribution.

AI systems that detect nearly every real bug also tend to generate plausible-sounding vulnerabilities in patched or corrected code. This matters operationally. A tool that generates high-confidence-sounding false positives at scale doesn’t reduce security team burden—it increases it. Every spurious critical finding that has to be triaged and dismissed is time a security engineer isn’t spending on a real one.

The value of AI-assisted vulnerability discovery is only realized if the findings that come out of it can be efficiently evaluated, contextualized against actual business risk, and routed to the right people. What the Infrastructure Problem Actually Looks Like The teams best positioned to absorb Mythos-era discovery velocity are the ones that already have three things in place: Centralized findings management. Not a ticket system, not a JIRA board bolted onto a spreadsheet. A purpose-built place where vulnerability findings from multiple sources—scanner output, pentest reports, red team engagements—live in a normalized, queryable format.

Without this, integrating AI-generated findings just adds another data silo. Risk-contextualized prioritization . Raw CVSS scores are a starting point, not a decision. A critical finding in a system that’s air-gapped and internal is not the same risk as the same finding in a customer-facing API.

Organizations that can only sort by severity score will be overwhelmed when AI discovery starts producing findings at volume; organizations that can score against asset criticality, business impact, and exposure context can triage intelligently. Dynamic, Risk-Based Remediation via Configurable Scoring Closed-loop remediation tracking . This is where most programs actually fail. A finding that isn’t verified as fixed is just a liability that has a name.

Continuous re-testing, structured remediation workflows, and clear ownership handoffs aren’t exciting features—they’re the difference between a security program that improves over time and one that just accumulates documented risk. PlexTrac is a pentest reporting and exposure management platform that’s been building in exactly this direction—centralized findings data, contextual risk prioritization, and structured remediation workflows. Mythos (and tools like it) is going to be very good at telling you your house has structural problems. PlexTrac is the operational layer that makes sure those problems actually get fixed, the right contractor gets assigned, and someone verifies the work before closing the job.

Both are necessary. Most organizations have invested in the equivalent of better home inspections while letting the repair tracking system stay in a shared Google Doc. The Access Problem Schneier Identified Is Also a Workflow Problem One critique of Project Glasswing is that concentrating Mythos access among 50 large vendors means the organizations best-equipped to act on findings get them first. Fortune 500 enterprises, as the Fortune piece from the former national cyber director noted, are better positioned to absorb and remediate; it’s SMEs, regional infrastructure operators, and specialized industrial systems that are most exposed and least resourced.

This is a structural access problem that policy will have to address. But embedded in it is also a workflow problem: even if access were democratized, many smaller organizations don’t have the operational infrastructure to turn AI-generated security findings into executed remediations. Tooling that reduces the overhead of that process—faster reporting, clearer findings communication, lower-friction remediation handoffs—is arguably more important for those organizations than it is for the enterprises that can already throw headcount at the problem. The Practical Takeaway The Mythos moment is a useful forcing function.

Not because it means your systems will definitely be compromised tomorrow, but because it makes visible a gap that’s been quietly growing for years: security teams are getting better at finding problems while the organizational machinery for fixing them has evolved much more slowly. The right response isn’t panic, and it isn’t waiting to see whether Glasswing access eventually expands to include you. It’s taking the Mythos announcement as a prompt to audit your own remediation pipeline: How long does it take a critical finding to go from discovery to verified fix? How many open high-severity findings are currently in some ambiguous state of “being worked on”?

Can you actually re-test after remediation, or do you just trust the engineering ticket was closed? Those questions don’t require access to Mythos to answer. And for most teams, the answers will be more uncomfortable than anything in Anthropic’s 245-page technical document. Found this article interesting?

This article is a contributed piece from one of our valued partners. Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.