2026-05-18 AI创业新闻
MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems
Chaotic Eclipse, the security researcher behind the recently disclosed Windows flaws, YellowKey and GreenPlasma , has released a proof-of-concept (PoC) for a Windows privilege escalation zero-day flaw that grants attackers SYSTEM privileges on fully patched Windows systems. Codenamed MiniPlasma , the vulnerability impacts “cldflt.sys,” which refers to the Windows Cloud Files Mini Filter Driver, and resides in a routine named “HsmOsBlockPlaceholderAccess,” adding it was originally reported to Microsoft by Google Project Zero researcher James Forshaw in September 2020. Although it was assumed that the shortcoming was fixed by Microsoft in December 2020 as part of CVE-2020-17103 , Chaotic Eclipse said further investigation has uncovered that the “exact same issue […] is actually still present, unpatched.” “I’m unsure if Microsoft just never patched the issue or the patch was silently rolled back at some point for unknown reasons. The original PoC by Google worked without any changes,” the researcher added.
“To highlight this issue, I weaponized the original PoC to spawn a SYSTEM shell. It seems to work reliably in my machines butsuccess rate may vary since it’s a race condition.” The researcher further pointed out that all Windows versions are likely affected by this vulnerability. In a post shared on Mastodon, security researcher Will Dormann said MiniPlasma works “reliably” to open a “cmd.exe” prompt with SYSTEM privileges on Windows 11 systems running the latest May 2026 updates. “I’ll note that it does not seem to work on the latest Insider Preview Canary Windows 11,” Dormann pointed out .
In December 2025, Microsoft also addressed another privilege escalation flaw in the same component ( CVE-2025-62221 , CVSS score: 7.8), which it identified as exploited by unknown threat actors. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE
A newly disclosed security flaw impacting NGINX Plus and NGINX Open has come under active exploitation in the wild, days after its public disclosure, according to VulnCheck . The vulnerability, tracked as CVE-2026-42945 (CVSS score: 9.2), is a heap buffer overflow in ngx_http_rewrite_module affecting NGINX versions 0.6.27 through 1.30.0. According to AI-native security company depthfirst, the vulnerability was introduced in 2008. Successful exploitation of the flaw can permit an unauthenticated attacker to crash worker processes or execute remote code with crafted HTTP requests.
- However, it bears noting that code execution is possible only on devices where Address Space Layout Randomization (ASLR), a safeguard against memory-based attacks, is turned off. “It relies on a specific NGINX config to be vulnerable, and for an attacker to know or discover the config to exploit it,” security researcher Kevin Beaumont
- said
- . “To reach RCE [remote code execution], also ASLR needs to have been disabled on the box.”
- In a similar assessment, AlmaLinux maintainers
- said
- “Turning the heap overflow into reliable code execution is not trivial in the default configuration, and on systems with ASLR enabled (which is the default on every supported AlmaLinux release), we do not expect a generic, reliable exploit to be easy to produce.” “That said, ‘not easy’ is not ‘impossible,’ and the worker-crash DoS is exploitable enough on its own that we recommend treating this as urgent,” the maintainers added. The latest findings from VulnCheck show that threat actors have begun to weaponize the flaw, with exploitation attempts detected against its honeypot networks.
The nature of the attack activity and the end goals are presently unknown. Users are advised to apply the latest fixes from F5 to secure their networks against active threats. Flaws in openDCIM Also Exploited The development comes as VulnCheck also revealed exploitation efforts targeting two critical flaws in openDCIM, an open-source application used for data center infrastructure management. The vulnerabilities, both rated 9.3 on the CVSS scoring system, are listed below - CVE-2026-28515
- A missing authorization vulnerability that could allow an authenticated user to access LDAP configuration functionality regardless of their assigned privileges.
In Docker deployments where REMOTE_USER is set without authentication enforcement, the endpoint may be reachable without credentials, allowing unauthorized modification of application configuration. CVE-2026-28517
- An operating system command injection vulnerability impacting the “report_network_map.php” component that processes a parameter called “dot” without sanitization and passes it directly to a shell command, resulting in arbitrary code execution. The two vulnerabilities were discovered alongside CVE-2026-28516 (CVSS score: 9.3), an SQL injection vulnerability in openDCIM, by VulnCheck security researcher Valentin Lobstein in February 2026. According to Lobstein, the three flaws can be chained to achieve remote code execution over five HTTP requests and spawn a reverse shell.
“The cluster of attacker activity we’re observing so far originates from a single Chinese IP and uses what appears to be a customized implementation of AI vuln discovery tool Vulnhuntr to automatically check for vulnerable installations before dropping a PHP web shell,” Caitlin Condon, vice president of security research at VulnCheck, said . Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt
Grafana has disclosed that an “unauthorized party” obtained a token that granted them the ability to access the company’s GitHub environment and download its codebase. “Our investigation has determined that no customer data or personal information was accessed during this incident, and we have found no evidence of impact to customer systems or operations,” Grafana said in a series of posts on X. The company also said it immediately launched a forensic analysis upon discovering the activity and that it identified the source of the leak, adding the compromised credentials have since been invalidated, and extra security measures have been implemented to secure against unauthorized access. Furthermore, Grafana revealed the attacker tried to blackmail and extort the company, demanding they make a payment to prevent the stolen database from being published.
Grafana said it has opted not to pay the ransom, citing the U.S. Federal Bureau of Investigation (FBI). The agency has previously warned against negotiating ransoms with perpetrators, as there is no guarantee that doing so will help affected companies get their data back. “It also encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity,” the FBI states on its website.
Grafana did not reveal when the incident took place or since when the threat actor had access to its environment, only revealing that it learned of the attack “recently.” The breach has not been attributed to any known threat actor or group. However, reports from Hackmanac and Ransomware.live indicate that a cybercrime group named CoinbaseCartel has claimed responsibility for the incident. Per details shared by Halcyon and Fortinet FortiGuard Labs , CoinbaseCartel is a data extortion crew that emerged in September 2025. It’s assessed to be an offshoot of the ShinyHunters, Scattered Spider, and LAPSUS$ ecosystems.
The group, which only focuses on data theft and extortion, unlike traditional ransomware groups, has amassed 170 victims across healthcare, technology, transportation, manufacturing, and business services. The company also did not reveal what codebase the attacker downloaded, but Grafana offers various solutions like Grafana Cloud , a fully-managed, cloud-hosted observability platform for applications and infrastructure. The Hacker News has reached out to Grafana for comment, and we will update the story if we hear back. The development comes days after American educational technology company Instructure made the controversial decision to settle with the ShinyHunters extortion group after the latter threatened to leak terabytes of data belonging to thousands of schools and universities across the U.S.
Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
Agentic AI is already in your org. Here’s how to secure it [Free Guide]
Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming
A critical security vulnerability impacting the Funnel Builder plugin for WordPress has come under active exploitation in the wild to inject malicious JavaScript code into WooCommerce checkout pages with the goal of stealing payment data. Details of the activity were published by Sansec this week. The vulnerability currently does not have an official CVE identifier. It affects all versions of the plugin before 3.15.0.3.
It’s used in more than 40,000 WooCommerce stores. The flaw lets unauthenticated attackers inject arbitrary JavaScript into every checkout page on the store, the Dutch e-commerce security company said. FunnelKit, which maintains Funnel Builder, has released a patch for the vulnerability in version 3.15.0.3. “Attackers are planting fake Google Tag Manager scripts into the plugin’s ‘External Scripts’ setting,” it noted.
“The injected code looks like ordinary analytics next to the store’s real tags, but loads a payment skimmer that steals credit card numbers, CVVs, and billing addresses from checkout.” Per Sansec, Funnel Builder includes a publicly exposed checkout endpoint that allows an incoming request to choose the type of internal method to run. However, older versions were designed such that they never checked the caller’s permissions or limited which methods are allowed to be invoked. A bad actor could exploit this loophole by issuing an unauthenticated request that can reach an unspecified internal method that writes attacker-controlled data directly into the plugin’s global settings. The added code snippet is then injected into every Funnel Builder checkout page.
As a result, an attacker could plant a malicious
Site owners are advised to update the Funnel Builder plugin to the latest version and review Settings > Checkout > External Scripts for anything that’s unfamiliar and remove it. “Dressing skimmers up as Google Analytics or Tag Manager code is a recurring Magecart pattern , since reviewers tend to skim straight past anything that looks like a familiar tracking tag,” Sansec said. The disclosure comes weeks after Sucuri detailed a campaign in which Joomla websites are being backdoored with heavily obfuscated PHP code to contact attacker-controlled C2 servers, receive and process instructions sent by the operators, and serve spammy content to visitors and search engines without the site owner’s knowledge. The ultimate aim is to leverage the sites’ reputation for injecting spam.
“The script acts as a remote loader,” security researcher Puja Srivastava said . “It contacts an external server, sends information about the infected website, and waits for instructions. The response from the remote server determines what content the infected site should serve.” “This approach allows attackers to change the behavior of the compromised website at any time without modifying the local files again. The attacker can inject spam product links, redirect visitors, or display malicious pages dynamically.” Found this article interesting?
Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access
The Russian state-sponsored hacking group known as Turla has transformed its custom backdoor Kazuar into a modular peer-to-peer (P2P) botnet that’s engineered for stealth and persistent access to compromised hosts. Turla, per the U.S. Cybersecurity and Infrastructure Security Agency (CISA), is assessed to be affiliated with Center 16 of Russia’s Federal Security Service (FSB). It overlaps with activity traced by the broader cybersecurity community under the names ATG26, Blue Python, Iron Hunter, Pensive Ursa, Secret Blizzard (formerly Krypton), Snake, SUMMIT, Uroburos, Venomous Bear, Waterbug, and WRAITH.
The hacking group is known for its attacks targeting government, diplomatic, and defense sectors in Europe and Central Asia, as well as endpoints previously breached by Aqua Blizzard (aka Actinium and Gamaredon) to support the Kremlin’s strategic objectives. “This upgrade aligns with Secret Blizzard’s broader objective of gaining long-term access to systems for intelligence collection,” the Microsoft Threat Intelligence team said in a report published Thursday. “While many threat actors rely on increasing usage of native tools (living-off-the-land binaries (LOLBins)) to avoid detection, Kazuar’s progression into a modular bot highlights how Secret Blizzard is engineering resilience and stealth directly into their tooling.” A key tool in Turla’s arsenal is Kazuar , a sophisticated .NET backdoor that has been consistently put to use since 2017. The latest findings from Microsoft charts its evolution from a “monolithic” framework into a modular bot ecosystem featuring three distinct component types, each with its own well-defined roles.
These changes enable flexible configuration, reduce observable footprint, and facilitate broad tasking. Overview of Kernel, Bridge, and Worker module interactions Attacks distributing the malware have been found to rely on droppers like Pelmeni and ShadowLoader to decrypt and launch the modules. The three module types that form the foundation for Kazuar’s architecture are listed below - Kernel , which acts as the central coordinator for the botnet by issuing tasks to Worker modules, manages communication with the Bridge module, maintains logs of actions and collected data, performs anti-analysis and sandbox checks, and sets up the environment by means of a configuration that specifies various parameters related to command-and-control (C2) communication, data exfiltration timing, task management, file scanning and collection, and monitoring. Bridge , which acts as a proxy between the leader Kernel module and the C2 server.
Worker , which logs keystrokes, hooks Windows events, tracks tasks, and gathers system information, file listings, and Messaging Application Programming Interface ( MAPI ) details. The Kernel module type exposes three internal communication mechanisms (via Windows Messaging, Mailslot, and named pipes) and three different methods for contacting attacker-controlled infrastructure (via Exchange Web Services, HTTP, and WebSockets). The component also “elects” a single Kernel leader to communicate with the Bridge module on behalf of the other Kernel modules. How the Kernel leader coordinates Worker tasking and uses the Bridge “Elections occur over Mailslot, and the leader is elected based on the amount of work (length of time the Kernel module has been running) divided by interrupts (reboots, logoffs, process terminated),” Microsoft explained.
“Once a leader is elected, it announces itself as the leader and tells all other Kernel modules to set SILENT. Only the elected leader is not SILENT, which allows the leader Kernel module to log activity and request tasks through the Bridge module.” Another function of the module is to initiate various threads to set up a named pipe channel between Kernel modules for inter-Kernel communications, specify an external communication method, as well as facilitate Kernel-to-Worker and Kernel-to-Bridge communication over Windows messaging or Mailslot. The end goal of the Kernel is to poll new tasks from the C2 server, parse incoming messages, assign tasks to the Worker, update configuration, and send the results of the tasks back to the server. Furthermore, the module incorporates a task handler that makes it possible to process commands issued by the Kernel leader.
Data collected by the Worker module is then aggregated, encrypted, and written to the malware’s working directory, from where it’s exfiltrated to the C2 server. “Kazuar uses a dedicated working directory as a centralized on-disk staging area to support its internal operations across modules,” Microsoft said. “This directory is defined through configuration and is consistently referenced using fully qualified paths to avoid ambiguity across execution contexts.” “Within the working directory, Kazuar organizes data by function, isolating tasking, collection output, logs, and configuration material into distinct locations. This design allows the malware to decouple task execution from data storage and exfiltration, maintain operational state across restarts, and coordinate asynchronous activity between modules while minimizing direct interaction with external infrastructure.” Found this article interesting?
Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence
Cybersecurity researchers have disclosed a set of four security flaws in OpenClaw that could be chained to achieve data theft, privilege escalation, and persistence. The vulnerabilities, collectively dubbed Claw Chain by Cyera, can permit an attacker to establish a foothold, expose sensitive data, and plant backdoors. A brief description of the flaws is below - CVE-2026-44112 (CVSS score: 9.6/6.3) - A time-of-check/time-of-use (TOCTOU) race condition vulnerability in the OpenShell managed sandbox backend that allows attackers to bypass sandbox restrictions and redirect writes outside the intended mount root. CVE-2026-44113 (CVSS score: 7.7/6.3) - A TOCTOU race condition vulnerability in OpenShell that allows attackers to bypass sandbox restrictions and read files outside the intended mount root.
CVE-2026-44115 (CVSS score: 8.8) - An incomplete list of disallowed inputs vulnerability that allows attackers to bypass allowlist validation by embedding shell expansion tokens in a here document (heredoc) body to execute unapproved commands at runtime. CVE-2026-44118 (CVSS score: 7.8) - An improper access control vulnerability that could allow non-owner loopback clients to impersonate an owner to elevate their privileges and gain control over gateway configuration, cron scheduling, and execution environment management. Cyera said successful exploitation of CVE-2026-44112 could allow an attacker to tamper with configuration, plant backdoors, and establish persistent control over the compromised host, whereas CVE-2026-44113 could be weaponized to read system files, credentials, and internal artifacts. The exploitation chain unfolds over four steps - A malicious plugin, prompt injection, or compromised external input gains code execution inside the OpenShell sandbox.
Leverage CVE-2026-44113 and CVE-2026-44115 to expose credentials, secrets, and sensitive files. Exploit CVE-2026-44118 to obtain owner-level control of the agent runtime. Use CVE-2026-44112 to plant backdoors or make configuration changes and set up persistence. The root cause for CVE-2026-44118, per the cybersecurity company, stems from the fact that OpenClaw trusts a client-controlled ownership flag called senderIsOwner, which signals whether the caller is authorized for owner-only tools, without validating it against the authenticated session.
“The MCP loopback runtime now issues separate owner and non-owner bearer tokens and derives senderIsOwner exclusively from which token authenticated the request,” OpenClaw detailed the fixes in an advisory for the flaw. “The spoofable sender-owner header is no longer emitted or trusted.” Following responsible disclosure, all four vulnerabilities have been addressed in OpenClaw version 2026.4.22. Security researcher Vladimir Tokarev has been credited with discovering and reporting the issues. Users are advised to update to the latest version to stay protected against potential threats.
“By weaponizing the agent’s own privileges, an adversary moves through data access, privilege escalation, and persistence – using the agent as their hands inside the environment,” Cyera said. “Each step looks like normal agent behavior to traditional controls, broadening blast radius and making detection significantly harder.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
What 45 Days of Watching Your Own Tools Will Tell You About Your Real Attack Surface
In Your Biggest Security Risk Isn’t Malware — It’s What You Already Trust , we made a simple argument: the most dangerous activity inside most organizations no longer looks like an attack. It looks like administration. PowerShell, WMIC, netsh, Certutil, MSBuild — the same trusted utilities your IT team uses every day are also the preferred toolkit of modern threat actors. Bitdefender’s analysis of 700,000 high-severity incidents found legitimate-tool abuse in 84% of them .
The reaction we heard most was a fair one: We know. So what do we actually do about it? That’s what Bitdefender’s complimentary Internal Attack Surface Assessment is built to answer. It’s a 45-day, low-effort engagement available to organizations with 250 or more employees that turns the abstract problem of “living off the land” into a specific, prioritized list of users, endpoints, and tools you can safely take away from attackers without breaking the business.
Why This, Why Now A clean Windows 11 install ships with 133 unique living-off-the-land binaries spread across 987 instances. Bitdefender Labs telemetry found PowerShell active on 73% of endpoints , much of it invoked silently by third-party applications. This isn’t a malware problem — it’s an over-entitlement problem, and you can’t patch your way out of it. Gartner now projects that preemptive cybersecurity will account for 50% of IT security spending by 2030, up from less than 5% in 2024 , and that 60% of large enterprises will adopt dynamic attack surface reduction (DASR) technologies by 2030, up from less than 10% in 2025 .
The reason is mechanical: when most intrusions involve no malware and adversaries move in minutes, “detect and respond” is too slow a loop. You have to remove the moves attackers can make in the first place. How the Assessment Works The engagement runs in four steps over roughly 45 days, powered by GravityZone PHASR — Bitdefender’s Proactive Hardening and Attack Surface Reduction technology — and sits alongside whatever endpoint stack you already run: Kickoff and behavioral learning. PHASR builds behavioral profiles for every machine-user pair, typically over 30 days.
Attack Surface Dashboard review. You receive an exposure score (0–100) and a prioritized list of findings across five categories: living-off-the-land binaries, remote admin tools, tampering tools, cryptominers, and piracy tools — each mapped to the specific users and devices they affect. Optional reduction sprint. Apply controls manually or let PHASR’s Autopilot enforce them.
Users can request access back through a built-in one-click approval workflow. Reduction review. A final session quantifies how much surface you’ve shrunk and what shadow IT and unauthorized binaries surfaced along the way. Early-access customers have reduced their attack surface by 30% or more in the first 30 days , with one reporting close to 70% by locking down LOLBins and remote tools — without investigation overhead or end-user disruption.
What It Means for Different Stakeholders For the CISO: a defensible, board-ready exposure number that moves week over week, mapped to behaviors attackers actually use. For the SOC and IT admin: up to 50% less investigation and response workload , because entire classes of suspicious-but-legitimate behavior simply don’t occur on endpoints that don’t need them. For the business decision-maker: documented, ongoing surface reduction — increasingly what regulators, auditors, and cyber-insurers want to see. Start Where the Attackers Already Are The previous article ended on a principle: the most significant risks are no longer external or unknown — they’re already inside your environment.
This one ends on a practice: you can have a precise, prioritized map of those risks within 45 days, at no cost, without changing your existing stack. If you run a Windows-heavy environment with 250 or more users, request your Internal Attack Surface Assessment here . Compromises will keep happening. Whether one becomes a breach depends almost entirely on what an attacker can reach once they’re in.
The fastest way to shorten that list is to look at it. Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates
OpenAI has disclosed that two of its employee devices in its corporate environment were impacted via the Mini Shai-Hulud supply chain attack on TanStack, but noted that no user data, production systems, or intellectual property were compromised or modified in an unauthorized manner. “Upon identification of the malicious activity, we worked quickly to investigate, contain, and take steps to protect our systems,” OpenAI said . “We observed activity consistent with the malware’s publicly described behavior, including unauthorized access and credential-focused exfiltration activity, in a limited subset of internal source code repositories to which the two impacted employees had access.” The artificial intelligence (AI) upstart said only limited credential material was successfully transferred from these code repositories, adding no other information or code was impacted. Upon being alerted of the activity, OpenAI said it isolated impacted systems and identities, revoked user sessions, rotated all credentials across impacted repositories, temporarily restricted code-deployment workflows, and audited user and credential behavior.
Since the impacted repositories included signing certificates for iOS, macOS, and Windows products, the company has taken the step of revoking the certificates and issuing new ones. As a result, macOS users of ChatGPT Desktop, Codex App, Codex CLI, and Atlas are required to update their apps to the latest versions. “This helps prevent any risk, however unlikely, of someone attempting to distribute a fake app that appears to be from OpenAI,” OpenAI said. “Users do not need to take any action for Windows and iOS apps.” The certificates are scheduled to be revoked on June 12, 2026, after which new downloads and launches of apps signed with the previous certificate will be blocked by built-in macOS protections.
Users are therefore advised to apply the updates before the cut-off date for optimal protection. This is the second time OpenAI has rotated its code-signing certificates for its macOS in as many months. Around mid-April 2026, it rotated the certificates after a GitHub Actions workflow used to sign its macOS apps led to the download of the malicious Axios library on March 31, which was compromised by a North Korean hacking group called UNC1069. “This incident reflects a broader shift in the threat landscape: attackers are increasingly targeting shared software dependencies and development tooling rather than any single company,” OpenAI said.
“Modern software is built on a deeply interconnected ecosystem of open-source libraries, package managers, and continuous integration and continuous deployment infrastructure, which means that a vulnerability introduced upstream can propagate widely and quickly across organizations.” The development comes close on the heels of TeamPCP claiming a number of fresh victims, compromising hundreds of packages associated with TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI as part of an ongoing supply chain attack campaign designed to push malware to downstream developers and steal credentials from their systems to further extend the scale of the breaches. “Just to be clear, no maintainer was phished, had a password leak, or a token stolen from their account,” TanStack said . “The attacker managed to engineer a path where our own CI pipeline stole its own publish token for them, at the exact moment it was created, by way of a cache that everyone in the chain implicitly trusted. It is a sophisticated approach that we hadn’t anticipated and that we’re taking very seriously.” TeamPCP has since announced a supply chain attack contest in partnership with Breached cybercrime, offering participants with a $1,000 in Monero to compromise open-source packages using the Shai-Hulud worm that it has made freely available to others.
The hacking group has also threatened to leak about 5GB of internal source code from Mistral AI, asking for $25,000 BIN from prospective buyers. “We are looking for $25k BIN or they can pay this and we will shred these permanently, only selling to the best offer and limited to one person, if we cannot find a buyer within a week we will leak all of these for free to the forums,” TeamPCP said in the post. In an updated advisory, Mistral AI confirmed it was impacted by a supply chain attack caused by the compromise of TanStack, leading to the release of trojanized versions of its npm and PyPI SDKs. It also said a lone developer device was impacted in the hack.
There is no evidence to suggest its infrastructure was breached. A deeper analysis of the modular Python toolkit delivered to Linux systems via the guardrails-ai and mistralai packages has uncovered that the primary command-and-control (C2) server address (“83.142.209[.]194”) is hard-coded. In case the primary C2 becomes unreachable, a fallback mechanism called FIRESCALE is activated. “When the primary C2 is unavailable, the malware searches all public GitHub commit messages worldwide for a signed alternative server URL, verified against an embedded 4096-bit RSA key,” Hunt.io said .
“Exfiltration follows three paths in sequence: primary C2 server, FIRESCALE dead-drop redirect, and the victim’s own GitHub repository. Blocking any single tier leaves the other two intact.” The cybersecurity company also revealed that the collection module responsible for harvesting Amazon Web Services (AWS) credentials covers all 19 availability zones in its target list, including us-gov-east-1 (AWS GovCloud - US-East) and us-gov-west-1 (AWS GovCloud - US-West), which are restricted to U.S. government agencies and defense contractors. Another unusual aspect of the campaign is the destructive behavior attached to it.
On machines geolocated to Israel or Iran, a 1-in-6 probability gate activates audio playback at maximum volume, followed by the deletion of all accessible files. The malware exists on systems with a Russian locale. The destructive actions targeting specific geographic regions mirror the “kamikaze” wiper that was unleashed by TeamPCP on Iran-based Kubernetes clusters in connection with a prior supply chain attack distributing a self-propagating worm known as CanisterWorm . These recurring behaviours point to a more intentional operation rather than something opportunistic.
That’s not all. A closer examination of the attacker-controlled infrastructure has revealed that three different IP addresses in the 83.142.209[.]0/24 subnet has served as C2 servers: 83.142.209[.]194 , 83.142.209[.]11, and 83.142.209[.]203, with the latter two used in the March 2026 supply chain attacks targeting Checkmarx and Telnyx , respectively. “Both C2 addresses (83.142.209[.]194 and 83.142.209[.]203) were first seen with SSH active on November 15 and 21, 2025, roughly four months before the TanStack attack went public,” Esteban Borges, head of research at Hunt.io, told The Hacker News via email. “The 83.142.209[.]0/24 block was provisioned during TeamPCP’s pre-campaign build-up phase and left dormant to accumulate a clean history before being activated.
Infrastructure aging is fairly common with organized groups.” “That same subnet showed up across every major TeamPCP wave we tracked through May 2026, not just TanStack and FIRESCALE. LiteLLM PyPI compromise, Trivy scanner hijack via GitHub Actions, the Checkmarx KICS attack, and the Jenkins AST Plugin backdoor in May.” Hunt.io also noted that the FIRESCALE tool and the modular Python malware are one of at least four distinct payloads attributed to this infrastructure, including the previous iteration of the TeamPCP Cloud Stealer targeting CI/CD runner secrets, a cryptocurrency miner from the December 2025 exploitation phase, and VECT ransomware deployed from late March 2026 using credentials stolen by the prior tools. “The toolkit is more capable, more resilient, and more sophisticated,” Hunt.io said. “Beyond credential files, the malware captures every environment variable on the machine, reads all SSH keys and config, walks the entire home directory for dotenv files, and pulls credentials from running Docker containers.” (The story was updated after publication on May 16, 2026, with additional insights from Hunt.io) Found this article interesting?
Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email
Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-42897 (CVSS score: 8.1), has been described as a spoofing bug stemming from a cross-site scripting flaw. An anonymous researcher has been credited with discovering and reporting the issue. “Improper neutralization of input during web page generation (‘cross-site scripting’) in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network,” the tech giant said in a Thursday advisory.
Microsoft, which tagged the vulnerability with an “Exploitation Detected” assessment, said an attacker could weaponize it by sending a crafted email to a user, which, when opened in Outlook Web Access and subject to other “certain interaction conditions,” can allow arbitrary JavaScript code to be executed in the context of the web browser. Redmond also noted that it’s providing a temporary mitigation through its Exchange Emergency Mitigation Service , while it’s readying a permanent fix for the security defect. The Exchange Emergency Mitigation Service will provide the mitigation automatically via a URL rewrite configuration, and is enabled by default. If it’s not on, users are advised to enable the Windows service.
According to Microsoft, Exchange Online is not impacted by this vulnerability. The following on-premises Exchange Server versions are affected - Exchange Server 2016 (any update level) Exchange Server 2019 (any update level) Exchange Server Subscription Edition (SE) (any update level) If using the Exchange Emergency Mitigation Service is not an option due to air-gap restrictions, the company has outlined the following series of actions - Download the latest version of the Exchange on-premises Mitigation Tool (EOMT) from aka[.]ms/UnifiedEOMT. Apply the mitigation on a per-server basis or on all servers at once by running the script via an elevated Exchange Management Shell (EMS): Single server: .\EOMT.ps1 -CVE “CVE-2026-42897” All servers: Get-ExchangeServer | Where-Object { $_.ServerRole -ne “Edge” } | .\EOMT.ps1 -CVE “CVE-2026-42897” Microsoft said it’s also aware of a known issue where the mitigation shows the “Mitigation invalid for this exchange version.” in the Description field. “This issue is cosmetic and the mitigation DOES apply successfully if the status is shown as ‘Applied,’” the Exchange Team said .
“We are investigating on how to address this.” There are currently no details on how the vulnerability is being exploited, the identity of the threat actor behind the activity, or the scale of such efforts. It’s also unclear who the targets are and if any of those attacks were successful. In the interim, it’s recommended to apply the mitigations recommended by Microsoft. Update The U.S.Cybersecurity and Infrastructure Security Agency (CISA), on May 15, 2026, added CVE-2026-42897 Mi to its Known Exploited Vulnerabilities ( KEV ) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the necessary mitigations by May 29, 2026.
Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits
The U.S.Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly disclosed vulnerability impacting Cisco Catalyst SD-WAN Controller to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to remediate the issue by May 17, 2026. The vulnerability is a critical authentication bypass tracked as CVE-2026-20182 . It’s rated 10.0 on the CVSS scoring system, indicating maximum severity. “Cisco Catalyst SD-WAN Controller and Manager contain an authentication bypass vulnerability that allows an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system,” CISA said .
In a separate advisory, Cisco attributed the active exploitation of CVE-2026-20182 with high confidence to UAT-8616 , the same cluster behind the weaponization of CVE-2026-20127 to gain unauthorized access to SD-WAN systems. “UAT-8616 performed similar post-compromise actions after successfully exploiting CVE-2026-20182, as was observed in the exploitation of CVE-2026-20127 by the same threat actor,” Cisco Talos said. “UAT-8616 attempted to add SSH keys, modify NETCONF configurations, and escalate to root privileges.” It’s assessed that the infrastructure used by UAT-8616 to carry out exploitation and post-compromise activities overlaps with Operational Relay Box (ORB) networks, with the cybersecurity company also observing multiple threat clusters exploiting CVE-2026-20133, CVE-2026-20128, and CVE-2026-20122 beginning March 2026. The three vulnerabilities, when chained together, can allow a remote unauthenticated attacker to gain unauthorized access to the device.
They were added to the CISA’s KEV catalog last month. The activity has been found to leverage publicly available proof-of-concept exploit code to deploy web shells on hacked systems, allowing the operators to run arbitrary bash commands. One such JavaServer Pages (JSP)-based web shell has been codenamed XenShell owing to the use of a PoC released by ZeroZenX Labs. At least 10 different clusters have been linked to the exploitation of the three flaws - Cluster 1 (Active since at least March 6, 2026), which deploys the Godzilla web shell Cluster 2 (Active since at least March 10, 2026), which deploys the Behinder web shell Cluster 3 (Active since at least March 4, 2026), which deploys the XenShell web shell and a variant of Behinder Cluster 4 (Active since at least March 3, 2026), which deploys a variant of the Godzilla webshell Cluster 5 (Active since at least March 13, 2026), which malware agent compiled off the AdaptixC2 red teaming framework Cluster 6 (Active since at least March 5, 2026), which deploys the Sliver command-and-control (C2) framework Cluster 7 (Active since at least March 25, 2026), which deploys an XMRig miner Cluster 8 (Active since at least March 10, 2026), which deploys the KScan asset mapping tool and a Nim-based backdoor that’s likely based on NimPlant and comes with capabilities to perform file operations, execute files using bash, and collect system information Cluster 9 (Active since at least March 17, 2026), which deploys an XMRig miner and a peer-based proxying and tunneling tool called gsocket Cluster 10 (Active since at least Mar 13, 2026), which deploys a credential stealer that attempts to obtain an admin user’s hashdump, JSON Web Tokens (JWT) key chunks that are used for REST API authentication, and AWS credentials for vManage Cisco is recommending that customers follow the guidance and recommendations outlined in the advisories for the aforementioned vulnerabilities to protect their environments.
Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access
Cisco has released updates to address a maximum-severity authentication bypass flaw in Catalyst SD-WAN Controller that it said has been exploited in limited attacks. The vulnerability, tracked as CVE-2026-20182 , carries a CVSS score of 10.0. “A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system,” Cisco said . The networking equipment major said the flaw stems from a malfunction of the peering authentication mechanism, which an attacker could exploit by sending crafted requests to the affected system.
A successful exploit could permit the attacker to log in to the Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account, and then weaponize it to access NETCONF and manipulate network configuration for the SD-WAN fabric.. The vulnerability impacts the following deployments - On-Prem Deployment Cisco SD-WAN Cloud-Pro Cisco SD-WAN Cloud (Cisco Managed) Cisco SD-WAN for Government (FedRAMP) According to Rapid7, which discovered CVE-2026-20182, the shortcoming has its echoes in CVE-2026-20127 (CVSS score: 10.0), another critical authentication bypass impacting the same component. The latter is said to have been exploited by a threat actor called UAT-8616 since at least 2023. “This new authentication bypass vulnerability affects the ‘vdaemon’ service over DTLS (UDP port 12346), which is the same service that was vulnerable to CVE-2026-20127,” Rapid7 researchers Jonah Burgess and Stephen Fewer said .
“The new vulnerability is not a patch bypass of CVE-2026-20127. It is a different issue located in a similar part of the ‘vdaemon’ networking stack.” That said, the end result is the same: a remote unauthenticated attacker can abuse CVE-2026-20182 to become an authenticated peer of the target appliance and carry out privileged operations. Cisco, in its advisory, noted that it became aware of “limited exploitation” of the flaw in May 2026, urging customers to apply the latest updates as soon as possible. The company also said Catalyst SD-WAN Controller systems that are accessible over the internet and that have ports exposed are at increased risk of compromise.
It’s recommending customers to audit the “/var/log/auth.log” file for entries related to Accepted publickey for vmanage-admin from unknown or unauthorized IP addresses. Another indicator is the presence of suspicious peering events in the logs, including unauthorized peer connections that occur at unexpected times and originate from unrecognized IP addresses, or involve device types that are inconsistent with the environment’s architecture. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets
Cybersecurity researchers are sounding the alarm about what has been described as “malicious activity” in newly published versions of node-ipc. According to Socket and StepSecurity , three different versions of the npm package have been confirmed as malicious - node-ipc@9.1.6 node-ipc@9.2.3 node-ipc@12.0.1 “Early analysis indicates that node-ipc@9.1.6, node-ipc@9.2.3, and node-ipc@12.0.1 contain obfuscated stealer/backdoor behavior,” Socket said. “The malware appears to fingerprint the host environment, enumerate and read local files, compress and chunk collected data, wrap the payload in a cryptographic envelope, and attempt exfiltration through a network endpoint selected via DNS/address logic.” StepSecurity said the heavily obfuscated payload is triggered when the package is required at runtime, and attempts to exfiltrate a broad set of developer and cloud secrets to an external command-and-control (C2) server. This includes 90 categories of credentials, including Amazon Web Services, Google Cloud, Microsoft Azure, SSH keys, Kubernetes tokens, GitHub CLI configs, Claude AI and Kiro IDE settings, Terraform state, database passwords, shell history, and more.
The harvested data is then compressed into a GZIP archive and transmitted to the “sh.azurestaticprovider[.]net” domain. The three versions were published by an account named “atiertant,” which has no connection to the package’s original author, “riaevangelist.” Although “atiertant” appears in the maintainer list, the account has no prior publish history in connection with the node-ipc package. The previous update to the package was in August 2024. The fact that the dormant, high-download package was compromised after a 21-month gap indicates that either the “atiertant” credentials were newly compromised, or the account was specifically added as a maintainer to publish the malicious versions.
What’s notable about the activity is that it does not rely on any npm lifecycle hooks such as preinstall, install, or postinstall scripts, instead appending the malicious payload as an Immediately Invoked Function Expression ( IIFE ) to the end of “node-ipc.cjs.” This, in turn, causes the malware to fire unconditionally on every require(‘node-ipc’). The oddity doesn’t end there, for the payload performs a SHA-256 fingerprint check and compares it against a hard-coded hash assembled from eight obfuscated table fragments embedded in the code, before proceeding with system enumeration and comprehensive credential harvesting. “This means 12.0.1 is entirely inert on any machine whose primary module path does not hash to the target value,” StepSecurity researcher Sai Likhith said. “The attacker knows exactly which project or developer is being targeted and pre-computed the hash of their entry point before publishing.
The 9.x versions do not have this gate and will execute the full payload on any system that loads them.” The malware also incorporates a second exfiltration channel besides issuing an HTTPS POST to the fake Azure domain containing the compressed stolen data. This involves encoding chunks of the archive as a DNS TXT record after overriding the system’s DNS resolver with Google Public DNS to sidestep local DNS-based security controls. “It first resolves sh.azurestaticprovider.net using 1.1.1.1 (primary) or 8.8.8.8 (fallback) to obtain the C2 IP,” StepSecurity said. “Then it re-targets the resolver directly at the C2 IP for all exfiltration queries.” “The direct-to-C2 DNS sink is a notable anti-detection technique.
Because the exfiltration queries never touch public DNS resolvers, there is no observable bt.node.js activity in public DNS logs. Organizations relying solely on DNS logging through corporate resolvers would not see this traffic.” Lastly, the malware also attempts to continue execution independently of the original Node.js process by forking itself into a detached background child processes, allowing exfiltration activity to continue silently after the parent application is terminated. “This campaign reflects how software supply chain attacks are evolving beyond simple malicious packages into infrastructure-aware credential harvesting operations,” Avital Harel, security research lead at Upwind, said in a statement. “Attackers are increasingly targeting the identities and automation systems powering modern software delivery pipelines while designing malware specifically to blend into normal developer and application behavior.” This is not the first time the npm package has had malicious functionality incorporated into its code.
In March 2022, the maintainer of the package deliberately introduced destructive capability to versions 10.1.1 and 10.1.2 by overwriting files on systems located in Russia or Belarus as a form of protest following Russia’s military invasion of Ukraine. Two subsequent versions – 11.0.0 and 11.1.0 – included the “peacenotwar” dependency, which was also published by the same maintainer as a “non-violent protest against Russia’s aggression.” “The latest incident appears to involve a suspicious republishing or reintroduction of malicious code into versions of a known package, rather than a typosquatting attempt,” Socket said. Users are advised to remove the compromised node-ipc versions and re-install a known clean version (9.2.1 and 12.0.0), assume compromise and rotate credentials and secrets, audit npm publish activity for any packages accessible with the rotated tokens, review workflow run logs for suspicious activity, audit cloud logs to check if any unauthorized actions were performed by IAM identities whose credentials were available during the compromised window, and block egress traffic to the C2 domain. Update It has since emerged that the dormant maintainer’s account may have been taken over via an expired email domain.
Per an X post from Ian Ahl, Chief Technology Officer (CTO) at Permiso Security, the email address for atiertant’s account was hosted on a domain called “atlantis-software[.]net” that had expired on January 10, 2025, and was re-registered on May 7, 2026, a week before the attack took place. “Assuming the npm account recovery email for atiertant was indeed hosted on atlantis-software[.]net, the new domain owner was then able to trigger a standard npm password reset, receive the reset email at a mailbox under their control, and gain publish rights without ever compromising any of the maintainer’s own infrastructure,” Socket said. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.