DAILY WORKFLOW ARCHIVE

2026-05-06 AI创业新闻

候选线索仅供信息发现,请在引用或实践前回到原始来源核验。

2026-05-06 AI创业新闻

Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE

The Apache Software Foundation (ASF) has released security updates to address several security vulnerabilities in the HTTP Server, including a severe vulnerability that could potentially lead to remote code execution (RCE). The vulnerability, tracked as CVE-2026-23918 (CVSS score: 8.8), has been described as a case of “double free and possible RCE” in the HTTP/2 protocol handling. This issue affects Apache HTTP Server 2.4.66 and has been addressed in version 2.4.67. Striga.ai co-founder Bartlomiej Dmitruk and ISEC.pl researcher Stanislaw Strzalkowski have been credited with discovering and reporting the vulnerability.

When reached for comment, Dmitruk told The Hacker News via email that the severity of CVE-2026-23918 is critical, as it can be exploited to achieve denial-of-service (DoS) and RCE. Additional details of the vulnerability are below - CVE-2026-23918 is a double-free in Apache httpd 2.4.66 mod_http2 , specifically in the stream cleanup path of h2_mplx.c. The bug triggers when a client sends an HTTP/2 HEADERS frame immediately followed by RST_STREAM with a non-zero error code on the same stream, before the multiplexer has registered the stream. Two nghttp2 callbacks then fire in sequence, on_frame_recv_cb for the RST and on_stream_close_cb for the close, and both end up calling h2_mplx_c1_client_rst -> m_stream_cleanup, which pushes the same h2_stream pointer onto the spurge cleanup array twice.

When c1_purge_streams later iterates spurge and calls h2_stream_destroy -> apr_pool_destroy on each entry, the second call hits memory that has already been freed. The DoS, Dmitruk added, is trivial and works on any default deployment with mod_http2 and a multi-threaded MPM , whereas the RCE path requires an Apache Portable Runtime ( APR ) with the mmap allocator, which is the default on Debian-derived systems and on the official httpd Docker image. Dmitruk further explained - The first is denial-of-service, which is trivial: one TCP connection, two frames, no authentication, no special headers, no specific URL, and the worker crashes. Apache respawns it, but every request on the crashed worker is dropped, and the pattern can be sustained as long as the attacker keeps sending.

The second outcome is remote code execution, and we built a working proof of concept on x86_64. The chain places a fake h2_stream struct at the freed virtual address via mmap reuse, points its pool cleanup function to system(), and uses Apache’s scoreboard memory as a stable container for the fake structures and the command string. The scoreboard sits at a fixed address for the lifetime of the server, even with ASLR, which is what makes the RCE path practical. The usual caveats apply: practical exploitation requires an info leak for system() and the scoreboard offsets, and the heap spray is probabilistic, but in lab conditions execution lands in minutes.

Dmitruk also pointed out that the MPM prefork is not affected by the flaw. However, the researcher cautioned that the attack surface is large as mod_http2 ships in default builds and HTTP/2 is widely enabled in production deployments. In light of the severity of the flaw, users are advised to apply the latest fixes for optimal protection. Found this article interesting?

Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware

A newly identified supply chain attack targeting DAEMON Tools software has compromised its installers to serve a malicious payload, according to findings from Kaspersky. “These installers are distributed from the legitimate website of DAEMON Tools and are signed with digital certificates belonging to DAEMON Tools developers,” Kaspersky researchers  Igor Kuznetsov, Georgy Kucherin, Leonid Bezvershenko, and Anton Kargin said . The installers have been trojanized since April 8, 2026, with versions ranging from 12.5.0.2421 to 12.5.0.2434 identified as compromised as part of the incident. While DAEMON Tools is also available for Mac, Kaspersky told The Hacker News that only the Windows version was compromised.

The supply chain attack is active as of writing. AVB Disc Soft, the developer of the software, has been notified of the breach. Specifically, three different components of DAEMON Tools have been tampered with - DTHelper.exe DiscSoftBusServiceLite.exe DTShellHlp.exe Any time one of these binaries is launched, which typically happens during system startup, an implant is activated on the compromised host. It’s designed to send an HTTP GET request to an external server (“env-check.daemontools[.]cc”) – a domain registered on March 27, 2026 – in order to receive a shell command that’s run using the “cmd.exe” process.

The shell command, for its part, is used to download and run a series of executable payloads. These include - envchk.exe, a .NET executable to collect extensive system information. cdg.exe and cdg.tmp, the former of which is a shellcode loader responsible for decrypting the contents of the second file and launching a minimalist backdoor that contacts a remote server to download files, run shell commands, and execute shellcode payloads in memory. The Russian cybersecurity company said it observed several thousand infection attempts involving DAEMON Tools in its telemetry, impacting individuals and organizations in more than 100 countries, such as Russia, Brazil, Turkey, Spain, Germany, France, Italy, and China.

However, the next-stage backdoor has been delivered only to a dozen hosts, indicating a targeted approach. The systems that received the follow-on malware have been flagged as belonging to retail, scientific, government, and manufacturing organizations in Russia, Belarus, and Thailand. What’s more, one of the payloads delivered via the backdoor is a remote access trojan dubbed QUIC RAT. The use of the C++ implant has been recorded against a lone victim: an educational institution located in Russia.

“This manner of deploying the backdoor to a small subset of infected machines clearly indicates that the attacker had intentions to conduct the infection in a targeted manner,” Kaspersky said. “However, their intent – whether it is cyberespionage or ‘big game hunting’ – is currently unclear.” The malware supports a variety of command-and-control (C2) protocols, including HTTP, UDP, TCP, WSS, QUIC, DNS, and HTTP/3, and comes equipped with capabilities to inject payloads into legitimate “notepad.exe” and “conhost.exe” processes. The activity has not been attributed to any known threat actor or group. But evidence points to it being the work of a Chinese-speaking adversary based on an analysis of the artifacts observed.

The DAEMON Tools compromise is the latest in a growing list of software supply chain incidents in the first half of 2026, and follows similar high-profile breaches involving eScan in January, Notepad++ in February, and CPUID in April. “A compromise of this nature bypasses traditional perimeter defenses because users implicitly trust digitally signed software downloaded directly from an official vendor,” Kucherin, senior security researcher at Kaspersky GReAT, said in a statement shared with The Hacker News. “Because of that, the DAEMON Tools attack has gone unnoticed for about a month. This period of time, in turn, indicates that the threat actor behind this attack is sophisticated and has advanced offensive capabilities.

Given the high complexity of the compromise, it is thus of paramount importance for organizations to isolate machines having DAEMON Tools software installed, as well as to conduct security sweeps to prevent further spreading of malicious activities inside corporate networks.” When contacted for comment, a representative for the Latvian developer said they are “aware of the report and are currently investigating the situation.” “Our team is treating this matter with the highest priority and is actively working to assess and address the issue,” the spokesperson added. “At this stage, we are not in a position to confirm specific details referenced in the report. However, we are taking all necessary steps to remediate any potential risks and to ensure the security of our users. We will provide an update as soon as we have more verified information to share.” (The story was updated after publication to include a response from Kaspersky and AVB Disc Soft.) Found this article interesting?

Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions

A sophisticated China-nexus advanced persistent threat (APT) group has been attributed to attacks targeting government entities in South America since at least late 2024 and government agencies in southeastern Europe in 2025. The activity is being tracked by Cisco Talos under the moniker UAT-8302 , with post-exploitation involving the deployment of custom-made malware families that have been put to use by other China-aligned hacking groups. Notable among the malware families is a .NET-based backdoor dubbed NetDraft (aka NosyDoor), a C# variant of FINALDRAFT (aka Squidoor) that has been previously linked to threat clusters known as Ink Dragon , CL-STA-0049, Earth Alux , Jewelbug , and REF7707 . ESET is tracking the use of NosyDoor to a group it calls LongNosedGoblin .

Interestingly, the same malware has also been deployed against Russian IT organizations by a threat actor referred to as Erudite Mogwai (aka Space Pirates and Webworm), per Russian cybersecurity company Solar, which has given it the name LuckyStrike Agent . Some of the other tools utilized by UAT-8302 are as follows - CloudSorcerer , a backdoor observed in attacks targeting Russian entities since May 2024. SNOWLIGHT , a VShell stager used by UNC5174 , UNC6586 , and UAT-6382 . Deed RAT (aka Snappybee), a successor of ShadowPad, and Zingdoor , both of which have been deployed by Earth Estries in late 2024.

Draculoader , a generic shellcode loader that’s used to deliver Crowdoor and HemiGate . “Malware deployed by UAT-8302 connects it to several previously publicly disclosed threat clusters, indicating a close operating relationship between them at the very least,” Talos researchers Jungsoo An, Asheer Malhotra, and Brandon White said in a technical report published today. “Overall, the various malicious artifacts deployed by UAT-8302 indicate that the group has access to tools used by other sophisticated APT actors, all of which have been assessed as China-nexus or Chinese-speaking by various third-party industry reports.” It’s currently not known what initial access methods the adversary employs to break into target networks, but it’s suspected to involve the tried-and-tested approach of weaponizing zero-day and N-day exploits in web applications. Upon gaining a foothold, the attackers are known to conduct extensive reconnaissance to map out the network, run open-source tools like gogo to perform automated scanning, and move laterally across the environment.

The attack chains culminate in the deployment of NetDraft, CloudSorcerer (version 3.0), and VShell. UAT-8302 has also been observed using a Rust-based variant of SNOWLIGHT called SNOWRUST to download the VShell payload from a remote server and execute it. Besides using custom malware, the threat actor sets up alternative means of backdoor access using proxy and VPN tools like Stowaway and SoftEther VPN. The findings underscore the trend of advanced collaboration tactics between multiple China-aligned groups.

In October 2025, Trend Micro shed light on a phenomenon called “Premier Pass-as-a-Service,” where initial access obtained by Earth Estries is passed to Earth Naga for follow-on exploitation, clouding attrition efforts. This partnership is assessed to have existed since at least late 2023. “Premier Pass-as-a-Service provides direct access to critical assets, reducing the time spent on reconnaissance, initial exploitation and lateral movement phases,” Trend Micro said. “Although the full extent of this model is not yet known, the limited number of observed incidents , combined with the substantial risk of exposure such a service entails, suggests that access is likely restricted to a small circle of threat actors.” Found this article interesting?

Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

The Back Door Attackers Know About — and Most Security Teams Still Haven’t Closed

Every AI tool, workflow automation, and productivity app your employees connected to Google or Microsoft this year left something behind: a persistent OAuth token with no expiration date, no automatic cleanup, and in most organizations, no one watching it. Your perimeter controls don’t see it. Your MFA doesn’t stop it. And when an attacker gets hold of one, they don’t need a password.

OAuth grants don’t expire when employees leave. They don’t reset when passwords change. And in most organizations, nobody is watching them. The model made sense when a handful of IT-approved apps needed calendar access.

It doesn’t hold up when every employee is independently wiring AI tools, workflow automations, and productivity apps directly into their Google or Microsoft environment — each one receiving a persistent, scoped token with no automatic expiration and no centralized visibility. That’s not a misconfiguration. It’s how OAuth is designed to work. The gap is that most security programs weren’t built to account for it at scale.

CISOs know it’s a problem. Most aren’t solving it. New research from Material Security quantifies the gap between awareness and action. 80% of security leaders consider unmanaged OAuth grants a critical or significant risk.

Most have said as much for years. But awareness doesn’t translate directly into capability. A substantial portion of organizations (45%) are doing nothing to monitor OAuth grants at scale. Many of the rest (33%) are running manual processes — tracking grants in spreadsheets, reviewing permissions on an ad hoc basis, relying on employees to flag unusual app behavior.

Spreadsheets are not a threat response capability. They’re a record of how much exposure an organization doesn’t know it has. It’s not theoreticalrisk The argument for OAuth visibility often gets framed as employees piping sensitive information into third-party tools without IT visibility. That’s a real problem, but it’s the smaller one.

The more pressing issue is that OAuth grants are an active attack vector. The Drift incident makes that concrete. Drift, a sales engagement platform acquired by Salesloft, maintained OAuth integrations with Salesforce instances across hundreds of customer organizations. A threat actor tracked by Palo Alto Unit 42 as UNC6395 obtained valid OAuth refresh tokens — likely through prior phishing campaigns — and used them to access Salesforce environments belonging to more than 700 organizations.

The attack’s structure is a warning: the tokens were legitimate, the integration was legitimate. From the perspective of any perimeter control, nothing was wrong. MFA was bypassed entirely because the attacker wasn’t logging in — they were presenting a token that Drift had already been granted permission to use. Once inside, UNC6395 systematically exported data and combed through it for credentials: AWS access keys, Snowflake tokens, passwords.

Cloudflare, PagerDuty, and dozens of others were affected. The full scope is still being assessed. The Drift incident wasn’t an attack from a suspicious, unknown app. It was an attack through a trusted one.

The lesson isn’t that organizations should restrict OAuth integrations — it’s that trusting an app at the time of installation doesn’t mean it stays trustworthy, and that OAuth grants need active, continuous monitoring rather than passive acceptance. What monitoring actually needs to look like The current generation of OAuth security tools addresses OAuth risk at the point of installation. They check whether a requested permission scope is excessive. They may flag apps from vendors with poor reputations.

That’s useful — but it’s not sufficient. For the Drift scenario, a legitimate app whose credentials were later stolen and weaponized — it catches nothing. To begin with, vendor trust levels and app scopes are important, but it only tells part of the story. Monitoring the actual behavior of the app–the API calls it makes, the actions it takes–is critical to understanding what the app is actually doing, not just what it could do.

And even then, without deep visibility into the account(s) the app is linked to, you’re still operating half-blind. A risky app tied to an intern’s account is one thing–the same app being used by a VIP with access to countless sensitive emails, files, and systems is something else entirely. The Drift attack didn’t involve a suspicious app requesting unusual permissions at installation. It involved a legitimate app whose credentials were later compromised and weaponized.

A tool that only evaluates the grant at the point of creation would have seen nothing wrong. The risk materialized later — when the token was stolen and used by a different actor entirely. Effective OAuth security requires: Continuous behavioral monitoring, not point-in-time review. What is the app actually doing after it’s been granted access?

Monitoring the API calls an OAuth-connected app makes over time reveals anomalies that no static permission review can catch — sudden spikes in data access, queries for unusual data types, andaccess at unexpected hours. Blast radius assessment. An OAuth grant connected to an account with read access to thousands of sensitive documents and years of email history is categorically different from the same grant on a freshly provisioned account with limited exposure. The reach of the user’s account determines the potential impact of a compromised or malicious OAuth connection.

Risk scoring should reflect that. Graduated response matched to organizational risk tolerance. An obviously malicious app — unknown vendor, broad permissions, anomalous API behavior from day one — shouldn’t sit in the environment while a ticket works through a queue. It should be revoked immediately.

A mission-critical integration from a major vendor showing mild anomalies warrants human review before any action is taken. The response layer needs to be intelligent enough to tell the difference. Material’s OAuth Threat Remediation Agent Material Security’s OAuth Threat Remediation Agent is built around this more complete model of OAuth risk. The agent runs continuously across an organization’s Google Workspace environment, monitoring every OAuth-connected application — not just new ones at the point of grant.

For each connected app, the agent evaluates three factors together: Vendor trust and scope analysis — the standard baseline that most tools stop at Behavioral monitoring of actual API calls made by the app over time, surfacing anomalies against expected behavior Blast radius assessment based on the access levels and data exposure of the accounts the app is connected to These inputs combine into a risk signal that reflects both the probability of a problem and its potential impact. When the agent identifies a high-risk grant, it can act immediately — revoking the token before harm is done. For lower-certainty situations involving mission-critical applications, it surfaces the finding to the security team with full context: what the app is, what it’s been doing, what it has access to, and what the risk score is. Organizations configure their own thresholds: how much risk triggers automated remediation, and where the line is for requiring human sign-off.

The agent is designed to keep security teams in the loop for the decisions that matter, and out of the loop for the ones that don’t. Closing the back door OAuth grants are the default way third-party apps and AI tools connect to the enterprise workspace. That’s not changing. The number of grants in most environments will continue to grow as AI adoption accelerates.

Telling employees they can’t use AI tools isn’t a viable security posture for most organizations — and it wouldn’t address the threat posed by apps that are legitimate at installation and malicious later. The answer isn’t fewer OAuth grants. It’s better visibility into the ones that exist, continuous monitoring of their behavior, and the operational capability to respond fast enough to matter and smart enough to avoid disrupting the integrations that keep the business running. For security teams who want visibility into what’s actually connected to their environment — and the ability to respond when something changes, reach out to Material Security for a demo of the OAuth Threat Remediation Agent .

Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks

Threat actors are actively exploiting a critical security flaw impacting an open-source content management system (CMS) known as MetInfo, according to new findings from VulnCheck. The vulnerability in question is CVE-2026-29014 (CVSS score: 9.8), a code injection flaw that could result in arbitrary code execution. “MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to execute arbitrary code by sending crafted requests with malicious PHP code,” the NIST National Vulnerability Database (NVD) states . “Attackers can exploit insufficient input neutralization in the execution path to achieve remote code execution and gain full control over the affected server.” Per security researcher Egidio Romano, who discovered the vulnerability, the problem is rooted in the “/app/system/weixin/include/class/weixinreply.class.php” script, and stems from a lack of adequate sanitization of user-supplied input when issuing Weixin (aka WeChat) API requests.

As a result, remote, unauthenticated attackers could exploit this loophole to inject and execute arbitrary PHP code. One key prerequisite for successful exploitation when MetInfo is running on non-Windows servers is that the “/cache/weixin/” directory has to exist beforehand.The directory is created when installing and configuring the official WeChat plugin. Patches for CVE-2026-29014 were released by MetInfo on April 7, 2026. The vulnerability has since come under exploitation as of April 25, with a “small number of exploits” deployed against susceptible honeypots located in the U.S.

and Singapore. Although these efforts were initially sparse and associated with automated probing, the activity witnessed a surge on May 1, 2026, focusing on China and Hong Kong IP addresses, Caitlin Condon, vice president of security research at VulnCheck, said . As many as 2,000 instances of MetInfo CMS are accessible online, most of which are in China. Found this article interesting?

Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

We Scanned 1 Million Exposed AI Services. Here’s How Bad the Security Actually Is

While the software industry has made genuine strides over the past few decades to deliver products securely, the furious pace of AI adoption is putting that progress at risk. Businesses are moving fast to self-host LLM infrastructure, drawn by the promise of AI as a force multiplier and the pressure to deliver more value faster. But speed is coming at the expense of security. In the wake of the ClawdBot fiasco — the viral self-hosted AI assistant that’s averaging an eye-watering 2.6 CVEs per day — the Intruder team wanted to investigate how bad the security of AI infrastructure actually is.

To scope the attack surface, we used certificate transparency logs to pull just over 2 million hosts with 1 million exposed services. What we found wasn’t pretty. In fact, the AI infrastructure we scanned was more vulnerable, exposed, and misconfigured than any other software we’ve ever investigated. No authentication by default It didn’t take long to spot an alarming pattern: a significant number of hosts had been deployed straight out of the box, with no authentication in place.

Looking into the source code revealed why: authentication simply isn’t enabled by default in many of these projects. Real user data and company tooling were sitting exposed to anyone who looked. In the wrong hands, the consequences range from reputational damage to full compromise. Here are some of the most striking examples of what was exposed.

Freely accessible chatbots A number of instances involved chatbots that left user conversations exposed. One example, based on OpenUI, exposed a user’s full LLM conversation history. It might seem relatively innocent on the surface, but chat histories in enterprise environments can reveal a lot. More concerning were generic chatbots hosting a wide range of models — including multimodal LLMs — freely available to use.

Malicious users can jailbreak most models to bypass safety guardrails for nefarious purposes — like generating illegal imagery, or soliciting advice with intent to commit a crime — and do so without fear of repercussion, since they’re using someone else’s infrastructure. This isn’t hypothetical. People are finding creative ways to abuse company chatbots to access more capable models without paying or having requests logged to their own accounts. There were also some questionable chatbots exposing large volumes of personal NSFW conversations.

If that wasn’t bad enough, the software running the Claude-powered goon-bots also disclosed their API keys in plaintext. Wide open agent management platforms We also discovered exposed instances of agent management platforms, including n8n and Flowise. Some instances that users clearly thought were internal had been exposed to the internet without authentication. One of the most egregious examples was a Flowise instance that exposed the entire business logic of an LLM chatbot service.

Their credential list was exposed too. Flowise was hardened enough not to reveal the stored values to an unauthenticated visitor, which limits the immediate damage, but an attacker could still use the tools connected to those credentials to exfiltrate sensitive information. This is what makes these platforms particularly dangerous. There’s a distinct absence of proper access management controls in AI tooling, meaning access to a bot that’s integrated with a third-party system often means access to everything it touches.

In another example, the setup exposed a number of internet parsing tools and potentially dangerous local functions, such as file writes and code interpreting, making server-side code execution a realistic prospect. We identified over 90 exposed instances across sectors such as government, marketing, and finance. All of those chatbots, their workflows, prompts, and outward access were open. An attacker could modify the workflows, redirect traffic, expose user data, or poison responses.

Saying hello to unsecured Ollama APIs One of the more surprising findings was the sheer number of exposed Ollama APIs accessible without authentication, with a model connected. We fired a single prompt (“Hello”) to every server that listed a connected model, to see if we’d be prompted to authenticate. Of the 5,200+ servers queried, 31% answered. The responses gave a window into what these APIs were being used for.

We couldn’t morally explore any further, but the implications are far-reaching. A few examples: “Greetings, Master. Your command is my law. What is your desire?

Speak freely. I am here to fulfill it, without hesitation or question.” “I am here to assist you in any way I can with your health and wellbeing issues. Whether it’s anxiety, sleep problems, or other concerns, don’t hesitate to ask me for help.” “Welcome! I’m an AI assistant integrated with our cloud management systems.

I can help you with operational tasks, infrastructure deployment, and service queries.” Ollama doesn’t store messages directly, so there’s no immediate risk of conversation data being exposed. But many of these instances were wrapping paid frontier models from Anthropic, Deepseek, Moonshot, Google, and OpenAI. Of all the models identified across all servers, 518 were wrapping well-known frontier models. Insecure by design After triaging the results, it was clear that some of the tech warranted a closer look.

We spent time analyzing a subset of the applications in a lab environment — and found repeated insecure patterns throughout: Poor deployment practices: Insecure defaults, misconfigured Docker setups, hardcoded credentials, applications running as root No authentication on fresh installs: Many projects drop users straight into a high-privilege account with full management access Hardcoded and static credentials: Embedded in setup examples and docker-compose files rather than generated on installation New technical vulnerabilities: Within a couple of days of lab work, we had already found arbitrary code execution in one popular AI project These misconfigurations are made even worse when agents have access to tools like code interpretation. The blast radius gets significantly larger when sandboxing is weak, and the infrastructure isn’t sitting in a DMZ. Speed is winning. Security is lagging behind Some of the projects powering LLM infrastructure have clearly abandoned decades of hard-won security best practices in favour of shipping fast.

That said, it’s not purely a vendor problem. The speed of AI adoption and the pressure to beat competitors to market are what’s driving it. Don’t wait for an attacker to find your exposed AI infrastructure first. Intruder finds misconfigurations and shows you what’s visible from the outside .

Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows

The North Korea-aligned state-sponsored hacking group known as ScarCruft has compromised a video game platform in a supply chain espionage attack, trojanizing its components with a backdoor called BirdCall to likely target ethnic Koreans residing in China. While prior versions of the backdoor have primarily targeted Windows users only, the supply chain attack is assessed to have enabled the threat actors to also target Android devices, essentially turning it into a multi-platform threat. According to ESET, the campaign has singled out sqgame[.]net, a gaming platform used by ethnic Koreans living in the Yanbian region in China bordering North Korea and Russia. It’s also known to act as a primary, high-risk transit point for North Korean defectors crossing the Tumen River.

Filip Jurčacko, senior malware researcher at ESET, told The Hacker News that the campaign was discovered in October 2025, adding the trojanized Android games are still available for download on the sqgame[.]net website. The targeting of this platform is said to be a deliberate strategy given ScarCruft’s storied history of targeting North Korean defectors, human rights activists, and university professors. “In the attack, probably ongoing since late 2024, ScarCruft compromised Windows and Android components of a video game platform dedicated to Yanbian-themed games, trojanizing them with a backdoor,” the Slovakian cybersecurity company said in a report shared with The Hacker News ahead of publication. Windows versions of BirdCall, dubbed an advanced evolution of RokRAT, have been detected in the wild since 2021 .

Over the years, RokRAT has also been adapted to target macOS ( CloudMensis ) and Android ( RambleOn ), indicating that the malware family continues to be actively maintained by the threat actors. BirdCall comes fitted with features typically present in a backdoor, enabling screenshot capture, keystroke logging, clipboard content theft, shell command execution, and data gathering. Like RokRAT, the malware relies on legitimate cloud services like Dropbox and pCloud for command-and-control (C2). “BirdCall is usually deployed in a multistage loading chain, starting with a Ruby or Python script, and containing components encrypted using a computer-specific key,” ESET said.

The Android variant of BirdCall, distributed as part of the sqgame[.]net supply chain attack, incorporates a subset of its Windows counterpart, while collecting contact lists, SMS messages, call logs, media files, documents, screenshots, and ambient audio. An analysis of the malware’s lineage has unearthed seven versions, with the first dating back to October 2024. Despite the fact that BirdCall is built upon the foundations of RokRAT and, by extension, RambleOn, they are fundamentally two disparate malware families. “They both disguise [themselves] as legitimate Android apps and use cloud storage services for data exfiltration, but are different backdoors,” Jurčacko noted.

Interestingly, the supply chain attack has been found to only poison the Android APKs available for download from the platform, leaving the Windows desktop client and the iOS games intact. The download pages for two Android games hosted on sqgame[.]net have been altered to serve the malicious APKs - sqgame.com[.]cn/ybht.apk sqgame.com[.]cn/sqybhs.apk It’s currently not known when the website was breached, and the poisoned APKs began to be distributed. However, it’s believed that the incident occurred sometime in late 2024. What’s more, evidence has emerged that an update package of the Windows desktop client delivered a trojanized DLL since at least November 2024 and for an unspecified period.

The update package is no longer malicious. Specifically, the modified DLL included a downloader that checks the list of running processes for analysis tools and virtual machine environments, before proceeding to download and execute shellcode containing RokRAT. The backdoor is then used to fetch and install BirdCall on the infected hosts. The Android version of BirdCall also relies on legitimate cloud storage services for C2 communications.

This includes pCloud, Yandex Disk, and Zoho WorkDrive, the last of which has become an increasingly common presence across multiple campaigns. “The Android backdoor has seen active development, and provides surveillance capabilities, such as collection of personal data and documents, taking screenshots, and making voice recordings,” ESET said. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Weaver E-cology RCE Flaw CVE-2026-22679 Actively Exploited via Debug API

A critical security vulnerability in Weaver (Fanwei) E-cology , an enterprise office automation (OA) and collaboration platform, has come under active exploitation in the wild. The vulnerability ( CVE-2026-22679 , CVSS score: 9.8) relates to a case of unauthenticated remote code execution affecting Weaver E-cology 10.0 versions prior to 20260312. The issue resides in the “/papi/esearch/data/devops/dubboApi/debug/method” endpoint that allows an attacker to execute arbitrary commands by invoking exposed debug functionality. “Attackers can craft POST requests with attacker-controlled interfaceName and methodName parameters to reach command-execution helpers and achieve arbitrary command execution on the system,” according to a description of the flaw in the NIST National Vulnerability Database (NVD).

The advisory also noted that the Shadowserver Foundation observed the first signs of active exploitation on March 31, 2026. A similar alert published by QiAnXin on March 17, 2026, revealed that the Chinese security vendor was able to successfully reproduce the remote code execution vulnerability without sharing any further details. However, in a report published last week, the Vega Research Team said it identified active exploitation of CVE-2026-22679 much before, with the earliest evidence of abuse dating back to March 17, 2026, five days after patches were shipped for the flaw. “The intrusion unfolded over roughly a week of operator activity: RCE verification, three failed payload drops, an attempted pivot to an MSI implant that did not produce a working install, and a short burst of attempts to retrieve PowerShell payloads from attacker-controlled infrastructure,” security researcher Daniel Messing said .

The MSI installer, per the Israeli cybersecurity company, used the name “fanwei0324.msi,” indicating an attempt to pass off the malicious payload as harmless by using the romanized Chinese name for Weaver. The unknown threat actor has also been observed running discovery commands, such as whoami, ipconfig, and tasklist, throughout the campaign. Security researcher Kerem Oruc has made available a Python-based detection script that identifies vulnerable Weaver E-cology instances by checking if the susceptible API endpoint is accessible. Users are advised to apply the updates, if not already, to stay protected.

Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries

Microsoft has disclosed details of a large-scale credential theft campaign that has leveraged a combination of code of conduct-themed lures and legitimate email services to direct users to attacker-controlled domains and steal authentication tokens. The multi-stage campaign, observed between April 14 and 16, 2026, targeted more than 35,000 users across over 13,000 organizations in 26 countries, with 92% of the targets located in the U.S. The majority of phishing emails were directed against healthcare and life sciences (19%), financial services (18%), professional services (11%), and technology and software (11%) sectors. “The lures in this campaign used polished, enterprise-style HTML templates with structured layouts and preemptive authenticity statements, making them appear more credible than typical phishing emails and increasing their plausibility as legitimate internal communications,” the Microsoft Defender Security Research Team and Microsoft Threat Intelligence said .

“Because the messages contained accusations and repeated time-bound action prompts, the campaign created a sense of urgency and pressure to act.” The email messages used in the campaign employ lures related to code of conduct reviews, using display names like “Internal Regulatory COC,” “Workforce Communications,” and “Team Conduct Report.” Subject lines associated with these emails include “Internal case log issued under conduct policy” and “Reminder: employer opened a non-compliance case log.” “At the top of each message, a notice stated that the message had been ‘issued through an authorized internal channel’ and that links and attachments had been ‘reviewed and approved for secure access,’ reinforcing the email’s purported legitimacy,” Microsoft explained. It’s assessed that the emails are sent from a legitimate email delivery service. The messages also come with a PDF attachment that purportedly gives additional information about the conduct review, luring victims to click on a link within the document to initiate the credential harvesting flow. The attack chain has been found directing victims through multiple rounds of CAPTCHA and intermediate pages that are designed to lend the scheme a veneer of legitimacy, at the same time keeping out automated defenses.

Ultimately, it ends with a sign-in experience that leverages adversary‑in‑the‑middle (AiTM) phishing tactics to harvest Microsoft credentials and tokens in real-time, effectively allowing the threat actors to bypass multi-factor authentication (MFA). The final destination, per Microsoft, depends on whether the malicious flow was triggered from a mobile device or a desktop system. Phishing Trends in 2026 The disclosure comes as Microsoft’s analysis of the email threat landscape between January and March 2026 revealed that QR code phishing emerged as the fastest-growing attack vector, while CAPTCHA-gated phishing evolved “rapidly” across payload types. In all, the tech giant said it detected about 8.3 billion email-based phishing threats.

Of these, nearly 80% were link-based, where large HTML and ZIP files accounted for a huge chunk of the malicious payloads distributed via phishing emails. The end goal of a vast majority of these attacks was credential harvesting, with malware delivery declining to a mere 5-6% by the end of the quarter. Microsoft also said the operators of the Tycoon 2FA phishing-as-a-service (PhaaS) platform have attempted to shift hosting providers and domain registration patterns following a coordinated disruption operation in March 2026. “Toward the end of March, we saw Tycoon 2FA moving away from Cloudflare as a hosting service and now hosts most of its domains across a variety of alternative platforms, suggesting the group is attempting to find replacement services that offer comparable anti-analysis protections,” it added .

In a report published back in February, Palo Alto Networks Unit 42 highlighted how threat actors are abusing QR codes as URL shorteners to disguise malicious destinations, in-app deep links to steal account credentials, and bypass app store security by linking to direct downloads of malicious apps. Data from Microsoft shows a massive surge in QR code phishing during the three-month time period, as attack volumes jumped from 7.6 million in January to 18.7 million in March, representing a 146% increase. One notable development observed in late March was the use of QR codes embedded directly in email bodies. Business email compromise (BEC) scams, on the other hand, exhibited more fluctuations, crossing more than 4 million in attack volume in March 2026, up from over 3.5 million in January and more than 3 million in February.

Collectively, 10.7 million BEC attacks were recorded. Two noteworthy campaigns observed during Q1 2026 are below - A large, sustained campaign between February 23 and February 25, 2026, that sent more than 1.2 million messages to users at more than 53,000 organizations in 23 countries, using 401(k)-, payment-, and invoice-themed lures to serve an SVG attachment. Opening the file directed the victims to a CAPTCHA check, successfully completing which, they were shown a fake sign-in page to compromise their accounts. A massive campaign on March 17, 2026, that involved more than 1.5 million confirmed malicious messages sent to over 179,000 organizations across 43 countries.

The activity accounted for 7% of all malicious HTML attachments observed in the month. When opened, the HTML file redirected victims to an initial phishing page that screened the visitor before routing them to the final destination: a phishing page that presented a CAPTCHA challenge before serving a fraudulent sign‑in page. “Interestingly, although messages in this campaign shared common tooling, structure, and delivery characteristics, the infrastructure hosting the final phishing payload was linked to multiple different PhaaS providers,” Microsoft said. “Most observed phishing endpoints were associated with Tycoon 2FA, while additional activity was linked to Kratos (formerly Sneaky 2FA) and EvilTokens infrastructure.” The findings coincide with the emergence of phishing and BEC campaigns that abuse Amazon Simple Email Service ( SES ) as a delivery vector to bypass SPF, DKIM, and DMARC checks, and facilitate credential theft via phony sign-in pages.

These attacks often work by gaining access to Amazon SES through leaked AWS access keys . “The insidious nature of Amazon SES attacks lies in the fact that attackers aren’t using suspicious or dangerous domains; instead, they are leveraging infrastructure that both users and security systems have grown to trust,” Kaspersky said . “By weaponizing this service, attackers avoid the effort of building dubious domains and mail infrastructure from scratch. Instead, they hijack existing access keys to gain the ability to blast out thousands of phishing emails.

These messages pass email authentication, originate from IP addresses that are unlikely to be blocklisted, and contain links to phishing forms that look entirely legitimate.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools

An active phishing campaign has been observed targeting multiple vectors since at least April 2025 with legitimate Remote Monitoring and Management (RMM) software as a way to establish persistent remote access to compromised hosts. The activity, codenamed VENOMOUS#HELPER , has impacted over 80 organizations, most of which are in the U.S., according to Securonix. It shares overlaps with clusters previously tracked by Red Canary and Sophos, the latter of which has given it the moniker STAC6405 . While it’s not clear who is behind the campaign, the cybersecurity company said it aligns with a financially motivated Initial Access Broker (IAB) or a ransomware precursor operation.

“In this case, a customized SimpleHelp and ScreenConnect RMMs are used to bypass defenses as they are legitimately installed by the unsuspecting victim,” researchers Akshay Gaikwad, Shikha Sangwan, and Aaron Beardslee said in a report shared with The Hacker News. Setting aside the fact that the use of legitimate RMM tools can evade detection, the deployment of both SimpleHelp and ScreenConnect indicates an attempt to create a “redundant dual-channel access architecture” that enables continued operations even when either of them is detected and blocked. It all begins with a phishing email impersonating the U.S. Social Security Administration (SSA), where the recipient is instructed to verify their email address and download a purported SSA statement by clicking on a link embedded in the message.

The link points to a legitimate-but-compromised Mexican business website (“gruta.com[.]mx”), indicating a deliberate strategy to evade email spam filters. The “SSA statement” is then downloaded from a second attacker-controlled domain (“server.cubatiendaalimentos.com[.]mx”), an executable that’s responsible for delivering the SimpleHelp RMM tool. It’s believed that the attacker gained access to a single cPanel user account on the legitimate hosting server to stage the binary. As soon as the victim opens the JWrapper-packaged Windows executable, thinking it’s a document, the malware installs itself as a Windows service with Safe Mode persistence, makes sure it’s running by means of a “self-healing watchdog” that automatically restarts it when killed, and periodically enumerates registered security products using the root\SecurityCenter2 WMI namespace every 67 seconds, and polls user presence every 23 seconds.

To facilitate fully interactive desktop access, the SimpleHelp remote access client acquires SeDebugPrivilege via AdjustTokenPrivileges , while “elev_win.exe” – a legitimate executable file associated with the software – is used to gain SYSTEM-level privileges. This, in turn, allows the operator to read the screen, inject keystrokes, and access user-context resources. This elevated remote access is then abused to download and install ConnectWise ScreenConnect, offering a fallback communication mechanism if the SimpleHelp channel is taken down. “The deployed SimpleHelp version (5.0.1) provides a comprehensive remote administration capability set,” the researchers said.

“The victim organization is left in a state where the attacker can return at any time, execute commands silently in the user’s desktop session, transfer files bidirectionally, and pivot to adjacent systems, while standard antivirus and signature-based controls see nothing but legitimately signed software from a reputable U.K. vendor.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass

Progress Software has released updates to address two security flaws in MOVEit Automation, including a critical bug that could result in an authentication bypass. MOVEit Automation (formerly Central) is a secure, server-based managed file transfer (MFT) solution used to schedule and automate file movement workflows in enterprise environments without requiring any custom scripts. The vulnerabilities in question are CVE-2026-4670 (CVSS score: 9.8), an authentication bypass vulnerability, and CVE-2026-5174 (CVSS score: 7.7), an improper input validation vulnerability that could allow privilege escalation. “Critical and high vulnerabilities in MOVEit Automation may allow authentication bypass and privilege escalation through the service backend command port interfaces,” Progress Software said in an advisory.

“Exploitation may lead to unauthorized access, administrative control, and data exposure.” The shortcomings affect the following versions - MOVEit Automation <= 2025.1.4 (Fixed in MOVEit Automation 2025.1.5) MOVEit Automation <= 2025.0.8 (Fixed in MOVEit Automation 2025.0.9) MOVEit Automation <= 2024.1.7 (Fixed in MOVEit Automation 2024.1.8) Airbus SecLab researchers Anaïs Gantet, Delphine Gourdou, Quentin Liddell, and Matteo Ricordeau have been credited with discovering and reporting the two vulnerabilities. There are no workarounds that resolve the issues. While Progress makes no mention of the flaws being exploited in the wild, it’s essential that users apply the fixes as soon as possible for optimal protection, particularly given that prior flaws in MOVEit Transfer have been exploited by ransomware gangs like Cl0p. Found this article interesting?

Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More

This week, the shadows moved faster than the patches. While most teams were still triaging last month’s alerts, attackers had already turned control panels into kill switches, kernels into open doors, and open-source pipelines into silent delivery systems. The game has shifted from breach to occupation. They’re living inside SaaS sessions, pushing code with trusted commits, and scaling operations like legitimate businesses — except their product is chaos.

And the underground is getting uncomfortably professional. Here’s the full weekly cybersecurity recap: ⚡ Threat of the Week cPanel Flaw Comes Under Attack —A critical flaw in cPanel and WebHost Manager (WHM) has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-41940, could result in an authentication bypass and allow remote attackers to gain elevated control of the control panel. In some cases , the attacks have led to a complete wipe of entire websites and backups.

Other attacks have deployed Mirai botnet variants and a ransomware strain called Sorry. Is Your Security Program Built on Compliance Theater or Measurable Maturity? If you can’t measure your program’s maturity, you can’t improve it or defend its budget. The SANS Security Awareness & Culture Maturity Model™️ maps 5 stages of security culture development with concrete indicators, behavioral targets, and alignment to business risk priorities.

Download Now — Free ➝ 🔔 Top News Cybercrime Groups Use Vishing for Data Theft and Extortion —Two cybercrime groups tracked as Cordial Spider and Snarky Spider are carrying out “rapid, high-impact attacks” operating almost within the confines of SaaS environments, while leaving minimal traces of their actions. The groups employ voice calls, text messages, and emails, directing targeted employees to phishing pages masquerading as their employer’s legitimate single sign-on (SSO) page to capture credentials and provide attackers an entry point into systems, which they exploit for deeper access to victims’ SaaS environments. The attacks also use the initial access hooks to remove and set up multi-factor authentication devices under their control and delete emails that would otherwise alert organizations of potential malicious activity. According to CrowdStrike, “These actors use vishing to bypass MFA and move laterally across entire SaaS ecosystems with a single authenticated session, masking their tracks through residential proxy networks to blend in as legitimate home user traffic.

This is part of a larger trend of English-speaking ransomware crews that share similar playbooks but are branching off into their own distinct groups.” Copy Fail Linux Flaw Exploited —The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-31431, a vulnerability impacting various Linux distributions, to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. It’s described as a logic bug in the Linux kernel’s authentication cryptographic template that allows an attacker to reliably trigger privilege escalation trivially by means of a 732-byte Python-based exploit. According to Theori and Xint, CVE-2026-31431 was the result of a series of unremarkable updates to the Linux kernel over the years, particularly one update from 2017 that was meant to speed up data encryption.

As a result, all major Linux distributions from 2017 are impacted. What complicates matters is that Copy Fail works 100% of the time, unlike most local privilege escalation (LPE) bugs that tend to be probabilistic in nature. More worryingly, it leaves no traces on disk as exploitation occurs in memory and enables container escape from any pod in a Kubernetes cluster. TeamPCP’s Supply Chain Attack Spree Continues —TeamPCP’s extensive supply chain campaign continued last week, as the cybercriminal group compromised several packages across the npm , PyPI , and Packagist ecosystems in a “ Mini Shai-Hulud “ attack.

TeamPCP has in recent months compromised the packages of several open source software projects, including Trivy, a security scanner maintained by Aqua Security, and KICS, a Checkmarx-developed tool for static code analysis. Amit Genkin, threat researcher at Upwind, said the latest string of attacks represents a shift, where they are not only more frequent but harder to detect because they weaponize legitimate CI/CD pipelines to push out poisoned versions under real identities, allowing the activity to blend in with normal development workflows. “Campaigns like Shai-Hulud take that further by using each compromised pipeline to spread to the next, turning credential theft into a scaling problem across environments,” Genkin said . “For teams, the immediate priority is to check for the affected version and rotate any credentials tied to pipelines that may have run it, especially GitHub and cloud tokens.

Longer term, this is a signal to reduce how broadly pipeline credentials are scoped and to add visibility into what’s actually happening during installs and builds – because if you’re relying on traditional scanning or known indicators, this type of activity is easy to miss.” New Python Backdoor Enables Comprehensive Data Theft —A newly identified stealthy Python-based backdoor framework dubbed DEEP#DOOR provides attackers with persistent remote command execution and surveillance capabilities on Windows computers. Once active, the backdoor enables shell command execution, file manipulation, system and network reconnaissance, and surveillance operations such as keylogging, clipboard monitoring, screenshot capture, microphone and webcam access, and credentials and SSH key harvesting. Additionally, the malware can shift from data gathering to disruption and system manipulation, as it can overwrite the Master Boot Record, force system crashes, exhaust system resources by spawning numerous processes, and disable Microsoft Defender services. GitHub Flaw Leads to Remote Code Execution —Cybersecurity researchers from Wiz disclosed details of a critical security vulnerability impacting GitHub.com and GitHub Enterprise Server (CVE-2026-3854, CVSS score: 8.7) that could allow an authenticated user to obtain remote code execution with a single “git push” command.

The vulnerability was severe enough that Microsoft rolled out a patch within six days of responsible disclosure. On GitHub.com, it allowed remote code execution on shared storage nodes, and on GitHub Enterprise Server, it granted full server compromise, enabling unauthorized access to all hosted repositories and internal secrets. “Exploitation could expose the codebases of nearly all of the world’s biggest enterprises, making this one of the most severe SaaS vulnerabilities ever found,” a Wiz spokesperson told The Hacker News. VECT 2.0 Ransomware’s Flawed Encryption Makes Data Recovery Impossible —VECT 2.0 ransomware has been found to wipe large files instead of merely encrypting them, making recovery impossible, even for the attackers.

VECT 2.0 is a ransomware-as-a-service (RaaS) program that first appeared in December 2025. The group quickly grabbed headlines after it announced on BreachForums that it was partnering with TeamPCP, the threat group behind several supply chain attacks, such as Trivy, Checkmarx KICS, LiteLLM, and Telnyx, in March and April 2026. VECT also announced a partnership with BreachForums itself, promising that every registered forum user will become an affiliate and be granted use of the ransomware, negotiation platform, and leak site for operations. Beazley Security, in an analysis of the ransomware, said the VECT 2.0 RaaS panel covers the “full operational lifecycle an affiliate needs from payload generation through to payout.” 🔥 Trending CVEs Bugs drop weekly, and the gap between a patch and an exploit is shrinking fast.

These are the heavy hitters for the week: high-severity, widely used, or already being poked at in the wild. Check the list, patch what you have, and hit the ones marked urgent first — CVE-2026-41940 (cPanel and WebHost Manager), CVE-2026-31431 aka Copy Fail (Linux Kernel), CVE-2026-42208 (LiteLLM), CVE-2026-3854 (GitHub.com and GitHub Enterprise Server), CVE-2026-32202 (Microsoft Windows Shell), CVE-2026-26268 ( Cursor ), CVE-2026-35414 (OpenSSH), CVE-2026-6770 (Mozilla Firefox and Tor Browser ), CVE-2026-42167 (ProFTPD), CVE-2026-24908, CVE-2026-23627, CVE-2026-24487 (OpenEMR), CVE-2026-6807 (GRASSMARLIN), CVE-2026-7363, CVE-2026-7361, CVE-2026-7344, CVE-2026-7343 (Google Chrome), CVE-2026-7322, CVE-2026-7323, CVE-2026-7324 (Mozilla Firefox), CVE-2026-6100 (CPython), CVE-2026-0204 (SonicWall), CVE-2026-35414 (OpenSSH), CVE-2026-42511 (FreeBSD), CVE-2026-40684, CVE-2026-40685, CVE-2026-40686, CVE-2026-40687 (Exim), CVE-2026-5402, CVE-2026-5403, CVE-2026-5405, CVE-2026-5656 (Wireshark), CVE-2026-42520, CVE-2026-42523, CVE-2026-42524 (Jenkins), CVE-2026-3008 (Notepad++), and CVE-2025-41658, CVE-2025-41659, CVE-2025-41660 (CODESYS). 🎥 Cybersecurity Webinars Learn to Spot Attack Paths Your AppSec Tools Completely Miss → Modern attackers chain tiny flaws across code, pipelines, and cloud into major breaches — while your AppSec tools stay blind. Join this free webinar with Wiz and The Hacker News to uncover the top real-world attack paths and learn exactly how to spot, map, and stop them fast.

Practical insights to prioritize real risks and strengthen your entire software lifecycle. How to Match AI Attack Speed with Autonomous Exposure Validation → Struggling with AI attacks moving faster than your team can respond? Join this free webinar from Picus Security & The Hacker News to discover Autonomous Exposure Validation – how to automatically find real risks, test attack paths, and fix them in minutes, not weeks. Practical, no-fluff insights to stay ahead without burnout.

Grab your spot now. Learn Latest AI Threats + Practical Ways to Kill Initial Access → Modern attackers are slipping past traditional defenses with AI-powered phishing, encrypted malware, and stealthy “Patient Zero” tactics. Want to stay ahead? Join this free webinar with Zscaler and The Hacker News to uncover the latest threat trends and practical Zero Trust strategies that actually stop initial compromise — before it becomes a full-blown breach.

No fluff, just real insights to protect your organization. 📰 Around the Cyber World OpenAI Debuts Advanced Account Security —OpenAI launched Advanced Account Security, a set of opt-in protections for ChatGPT users “designed for people at increased risk of digital attacks, as well as for those who want the strongest account protections available.” As part of the new program, the new controls strengthen sign-in protections, tighten account recovery, reduce exposure from compromised sessions, and give users more visibility into account activity. OpenAI has also partnered with Yubico to link two physical security keys, YubiKey C Nano and YubiKey C NFC, to ChatGPT accounts. That said, users can use any other FIDO-compliant security key, or use software-based passkeys for phishing-resistant authentication.

Over 8.8K Ransomware Attacks in 2025 —Fortinet said it recorded 7,831 confirmed ransomware victims globally in 2025, skyrocketing from approximately 1,600 identified victims in 2024. “Availability of crime service kits like WormGPT, FraudGPT, and BruteForceAI contributed to this 389% increase year-over-year (YoY),” Fortinet said . “The top three targeted sectors include manufacturing (1,284), business services (824), and retail (682). Geographic concentration includes the U.S.

(3,381), Canada (374), and Germany (291).” KidsProtect Android Surveillance Tool Marketed on the Web —A new Android surveillance tool called KidsProtect is being openly advertised on the clear web that gives an operator near-total secret control of a victim’s phone. “It can’t be removed without the attacker’s permission,” Certo said . “From a web-based dashboard, an operator can secretly record calls, stream live audio from the device’s microphone, track GPS location in real time, read SMS messages and notifications from apps including WhatsApp and Viber, log keystrokes, access contacts and photos, and remotely trigger the front and rear cameras.” Assessed to be the work of a Greek-speaking developer, it’s available on a subscription basis starting from $60, allowing anyone to buy it, rebrand it, and start selling it as their own. New KYCShadow Android Malware Detected —An Android malware masquerading as a bank KYC verification application is being distributed via WhatsApp and primarily targeting users in India.

“The application operates as a multi-stage dropper that installs a secondary payload and establishes persistent command-and-control (C2) communication,” CYFIRMA said . “It combines native code obfuscation, Firebase-based remote execution, VPN-based traffic manipulation, and WebView-based phishing to systematically harvest sensitive user data.” Phishing Campaign Targets Pakistan Orgs —A highly targeted spear-phishing campaign targeting the Punjab Safe Cities Authority and PPIC3 in Pakistan has been found to use legitimate-sounding government infrastructure projects as lures to deliver malware. “The email carried two malicious attachments: a Word document with a VBA macro dropper and a PDF with a fake Adobe Reader lure, both delivering payloads from a BunnyCDN-hosted malicious infrastructure,” Joe Security said . “The attack chain establishes persistent remote access by abusing Microsoft’s legitimate VS Code tunnel service, with exfiltration notifications sent via a Discord webhook — a sophisticated technique designed to evade network-level detection.” Calendly-Themed Phishing Attacks on the Rise —Multiple threat clusters are leveraging Calendly-themed phishing to fingerprint site visitors and steal credentials and other data.

“Behind the shared Calendly branding sits a diverse set of phishing kits, including API-driven frameworks, real-time Socket.IO applications, fake CAPTCHA chains, and Telegram-based exfiltration,” urlscan said . Fraud Campaigns GovTrapand FEMITBOT Exposed —Threat actors have been observed deploying sophisticated tactics, including fake government portals, SMS phishing, and lookalike domains, to drive financial fraud and credential harvesting as part of an effort called GovTrap . The government impersonation scam mimics official portals with high accuracy, with links to the fake sites distributed via SMS or email. The end goal is to trick users into entering their personal and financial information, or make non-existent payments that are transferred through money mule accounts.

The collected payment card details are abused to facilitate fraudulent transactions. Another threat cluster has leveraged FEMITBOT, a malicious infrastructure that abuses Telegram Mini Apps to scale global fraud campaigns and Android malware delivery. “By leveraging Telegram’s native features, threat actors create highly convincing fake platforms across crypto, financial services, AI, and streaming sectors,” CTM360 said . “Built on a modular, template-driven architecture, FEMITBOT enables rapid deployment, brand impersonation, and campaign optimization using real-time tracking and analytics.” New PowerShell Desktop Stealer Spotted —A Pastebin-hosted PowerShell script disguised as “Windows Telemetry Update” comes with capabilities to steal Telegram Desktop session data via Telegram bot API exfiltration.

“The script collects host metadata, including username, hostname, and public IP via api.ipify[.]org, then checks for Telegram Desktop and Telegram Desktop Beta tdata directories,” Flare said . “If found, it terminates the Telegram process to release file locks, archives session material into ‘TEMP\diag.zip,’ and uploads the archive to the attacker-controlled operator chat via the Telegram Bot API sendDocument endpoint.” Surge in Teams Phishing in 2026 —eSentire said it has observed an increase in Microsoft Teams-based phishing since early 2026, in which threat actors impersonate IT support and help desk personnel to trick users into granting remote access to their devices. “These phishing attacks have often been linked to email bombing, followed by threat actors reaching out to users under the guise of providing assistance to resolve an issue,” eSentire said . “The objective of the attack is to trick the user into granting remote access to their device, and once obtained, threat actors will attempt to exfiltrate data and execute additional payloads to establish persistence or deploy ransomware.” New KarstoRAT Malware Enables Data Theft —First spotted in early 2026, KarstoRAT is capable of system reconnaissance, audio and webcam monitoring, screenshot capture, key logging, and token theft.

It also enables threat actors to download and run additional payloads, which could point to it being used for post-compromise control on infected machines. “KarstoRAT uses a command-and-control (C2) server that has a diverse set of open ports and services, indicating that it has a multi-purpose infrastructure created for C2 communication and payload distribution,” LevelBlue said . “Threat actors use a fake Blox Fruits (a popular Roblox game) virtual marketplace as a lure to trick players into downloading malware that will install KarstoRAT into their machines.” ClickUp Discloses Email Address Exposure —ClickUp said its client-side feature flag configuration exposed personally identifiable information. This included 893 customer email addresses that were embedded in feature flag targeting rules, along with one flag that improperly referenced a customer’s API token.

“The exposure was limited to 893 customer email addresses used in feature flag targeting rules to control which users see specific features during rollouts,” it said . “If your email address was among those included in a feature flag configuration, you have been directly contacted.” The incident did not expose any other data. Finnish Authorities Arrest Alleged Scattered Spider Member —Finnish authorities arrested 19-year-old Peter Stokes (aka Bouquet), a dual U.S.-Estonian citizen, as he tried to board a flight to Japan. U.S.

prosecutors have charged him as a key member of the notorious Scattered Spider hacking group, and he faces multiple counts of wire fraud, conspiracy, and computer intrusion. New Attacks Linked to Versatile Werewolf —The threat actor known as Versatile Werewolf (aka HeartlessSoul) has been linked to campaigns targeting Russian state structures and aviation companies via phishing emails with malicious archive attachments and malvertising campaigns to deliver a JavaScript trojan. The end goal is to obtain confidential data, particularly geospatial information. Alternatively, the threat actor is known to distribute malicious code using the legitimate SourceForge platform through a project called GearUP.

Versatile Werewolf is believed to be active since at least September 2025. Some of the attachments have exploded ZDI-CAN-25373 to trigger the infection chain. The malvertising campaign uses fake domains (“battleflight[.]pro”) to deliver bogus installers for aviation-related software to launch the same trojan. “The initial infection involves executing PowerShell commands or scripts designed to download a JavaScript loader from C2 servers,” Kaspersky said .

“This loader, in turn, loads and executes the main JS-RAT and its modules in memory, among which we found tools for data collection and exfiltration, keyloggers, screen capture tools, UAC bypass tools, and other payloads.” The company noted that the domain “battleflight[.]pro” resolves to an IP address that also hosts fake domains linked to the GOFFEE APT. “Both groups actively use PowerShell payloads to deliver and execute malicious modules,” it added. “GOFFEE also targets the public sector, which suggests the possibility of joint or coordinated campaigns.” Cisco Unveils Model Provenance Kit —Cisco unveiled a new open-source tool, named Model Provenance Kit, to help organizations address potential issues associated with the use of third-party AI models. “Much like a DNA test reveals biological origins, the Model Provenance Kit examines both metadata and the actual learned parameters of a model (like a unique genome that comprises a model), to assess whether models share a common origin and identify signs of modification,” Cisco said .

“This, combined with a constitution that defines provenance linkages, is an important step toward providing evidence-based assurance that the AI you deploy is what it says it is.” Abuse of Hugging Face and ClawHub for Malware Delivery —Threat actors are abusing legitimate AI platforms like Hugging Face and ClawHub for malware delivery, once again demonstrating how trust in AI ecosystems are being exploited. Acronis said it identified more than 575 malicious skills across 13 developer accounts that target both Windows and macOS systems with trojans, cryptocurrency miners, and AMOS stealer, a macOS-focused infostealer. “On Hugging Face, attackers leverage repositories to host payloads and act as staging infrastructure within multistep infection chains, distributing malware disguised as legitimate applications,” Acronis said . European Authorities Bust Cryptocurrency Fraud Ring —Albanian and Austrian authorities dismantled a cryptocurrency investment fraud ring that caused estimated losses of more than €50 million ($58.5 million) to victims worldwide.

The operation, which took place over two years, resulted in the arrest of ten individuals, the search of multiple premises, and the seizure of 891,735 in cash, 443 computers, 238 mobile phones, six laptops, and multiple storage devices. “The criminal network, allegedly operating several call centres in Tirana, Albania, is believed to have caused significant financial damage, totalling at least €50 million,” Europol said . “The call centres were professionally set up and organized, resembling legitimate business structures featuring a clear division of roles and hierarchical management.” The criminal network is estimated to have involved up to 450 employees across various departments. The scheme involved luring victims to seemingly legitimate online investment platforms through deceptive advertisements on social media or web searches, and coaxing them into making investments under the promise of huge returns.

Victims were then assigned retention agents, who masqueraded as investment advisors and used remote access software to gain full control of their devices. “The fraudsters feigned professional expertise and employed psychological pressure to persuade victims to make additional investments, falsely claiming they would be profitable,” Europol said. “In truth, the funds were never invested but were instead channelled into an intricate international money-laundering scheme, ultimately disappearing into the hands of the criminal organisation.” In some cases, the fraudsters reached out to the victims again and offered help with recovering their stolen funds, only to demand a €500 entry fee and defraud them a second time. Flaws in EnOcean’s SmartServer —Two security flaws have been disclosed in EnOcean’s SmartServer IoT platform that affect version 4.60.009 and prior.

According to
Claroty
“CVE-2026-20761 allows remote attackers to send malicious, crafted LON IP-852 messages that result in arbitrary command execution on devices. CVE-2026-22885 allows remote attackers to send malicious, crafted IP-852 messages that bypass ASLR memory protections and leak memory.” Successful exploitation of the flaws results in attackers obtaining control over building management and building automation systems running affected versions of this platform and legacy i.LON devices. Patches have been released for both vulnerabilities. Google Announces Android Credential Manager Update —Google has announced a new update to Android’s Credential Manager that allows apps to automatically verify a user’s personal Gmail address without requiring one-time passwords (OTPs) or email verification links.

“Google now issues a cryptographically verified email credential directly to Android devices,” the company said . “For users, this completely removes the need to manually verify their email through external channels. For developers, the API securely delivers these verified user claims for any scenario, whether you are building an account creation flow, a recovery process, or a high-risk step-up authentication.” Nearly 8.8K Secrets Leaked Online —According to Truffle Security , 8,792 verified, unique secrets have been leaked online through web-based development environments. The tokens were found across 22 million public projects hosted on Cloud Development Environments (CDEs) such as CodePen, CodeSandbox, JSFiddle, and StackBlitz.

Is There More to the Xygeni Compromise? —Multiple connections have been found between the compromise of the Xygeni vulnerability scanner on GitHub and a proxy botnet of hacked ASUS and TP-Link routers. Some of the TP-Link consumer routers have been compromised with Microsocks to unroll them to a residential proxy network. “These routers were also running a custom command-and-control beacon that was named ShadowLink,” Ctrl-Alt-Intel said .

“When we analysed the ShadowLink protocol, we found it was identical, down to a shared authentication secret, to the backdoor planted in the Xygeni GitHub Action used for that supply chain attack.” Brazilian Anti-DDoS Firm Behind DDoS Attacks on ISPs —Huge Networks, a Brazilian tech company that specializes in protecting networks from distributed denial-of-service (DDoS) attacks, has been enabling a botnet responsible for massive DDoS attacks against other internet service providers (ISPs) in the country, according to KrebsOnSecurity . The company has since said the malicious activity resulted from an intrusion first detected in January 2026 and claimed it was likely the work of a competitor. Canonical Target of Sustained DDoS Attack —Canonical disclosed its web infrastructure came under a “sustained, cross-border attack,” knocking Ubuntu servers offline for several hours. A pro-Iranian hacktivist group known as the Islamic Cyber Resistance in Iraq, aka 313 Team , claimed responsibility for the attack on Telegram.

The websites have since become operational . Last month, the group also disrupted access to the decentralized social media platform Bluesky. New Phishing Kit Bluekit Detailed —A new phishing kit named Bluekit is offering more than 40 templates targeting popular services and includes basic artificial intelligence (AI)-powered features for generating campaign drafts. Available templates can be used to target email accounts (Outlook, Hotmail, Gmail, Yahoo, ProtonMail), cloud and enterprise services (iCloud and Zoho), developer platforms (GitHub), and cryptocurrency services (Ledger).

What makes the kit stand out is the presence of an AI Assistant panel that supports multiple models, including Llama, GPT-4.1, Claude, Gemini, and DeepSeek, to help criminals draft phishing emails. It also has support for two-factor authentication, geolocation emulation, antibot cloaking, notifications, spoofing capabilities, voice cloning, and a mail sender. The development once again reinforces the broader trend of crimeware services integrating AI to streamline and scale their operations. Bluekit is the second kit to integrate AI features in as many months.

In April 2026, Abnormal Security shed light on a cybercrime platform called ATHR that uses AI vishing agents, credential harvesting panels, and built-in phishing mailers to execute and scale telephone-oriented attack delivery ( TOAD ) attacks. North Korea Calls U.S. Cyber Threat Claims a Fabrication — North Korea’s foreign ministry rejected U.S. accusations that the country poses a cyber threat, stating the U.S.

was spreading false information about a non-existent cyber threat from North Korea for political purposes, per Reuters . The ministry said it “would actively take all necessary measures for defending the interests of the state and protecting the rights and interests of its citizens in cyberspace.” 🔧 Cybersecurity Tools Model Provenance Kit → It is a free open-source Python tool from Cisco AI Defense that helps identify if a machine learning model is based on a known base model (like Llama, Mistral, GPT, etc.). It analyzes architecture, tokenizer, and weights to quickly compare two models or check against a database of ~150 popular base models. AutoFyn → It is an open-source tool from SignalPilot Labs that runs Claude AI in self-improving loops to optimize measurable goals.

Give it a GitHub repo, a clear task (like security hardening, bug fixing, or performance optimization), and a time budget — it works in sandboxed rounds, tracks progress with real evaluations, learns from failures, and delivers improved code via PRs. Disclaimer: This is strictly for research and learning. It hasn’t been through a formal security audit, so don’t just blindly drop it into production. Read the code, break it in a sandbox first, and make sure whatever you’re doing stays on the right side of the law.

Conclusion Stay sharp out there. The pace of attacks is accelerating, and the margin for delay is shrinking. Patch what you can today, verify your supply chains, tighten SaaS access, and treat every “routine” login or pipeline run as potentially hostile. Small habits now will save major headaches later.

Until next Monday. Keep your defenses tight and your eyes open. The threats won’t wait — neither should we. See you in the next recap.

Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.