2026-05-19 AI创业新闻
Popular GitHub Action Tags Redirected to Imposter Commit to Steal CI/CD Credentials
In yet another software supply chain attack, threat actors have compromised the popular GitHub Actions workflow, actions-cool/issues-helper , to run malicious code that harvests sensitive credentials and exfiltrates them to an attacker-controlled server. “Every existing tag in the repository has been moved to point to an imposter commit that does not appear in the action’s normal commit history,” StepSecurity researcher Varun Sharma said . “That commit contains malicious code that exfiltrates credentials from CI/CD pipelines that run the action.” An imposter commit refers to a deceptive software supply chain attack strategy in which malicious code is injected into a project by referencing a commit or tag that exists only in an adversary-controlled fork, rather than the original trusted repository. As a result, attackers can bypass standard Pull Request (PR) reviews and achieve arbitrary code execution.
The imposter commit, per the cybersecurity company, contains code that, upon being executed within a GitHub Actions runner, performs a series of actions - Downloads the Bun JavaScript runtime to the runner. Reads memory from the Runner.Worker process to extract credentials. Makes an outbound HTTPS call to an attacker-controlled domain (“t.m-kosche[.]com”) to transmit the stolen data. StepSecurity said 15 tags associated with a second GitHub action, “actions-cool/maintain-one-comment” have also been compromised with the same functionality.
GitHub has since disabled access to the repository due to a “violation of GitHub’s terms of service.” It’s currently not known what led the Microsoft-owned subsidiary to this decision. Interestingly, the exfiltration domain “t.m-kosche[.]com” has been observed in the latest wave of the Mini Shai-Hulud campaign targeting npm packages from the @antv ecosystem, indicating the two clusters of activity could be related. “Because every tag now resolves to malicious commits, any workflow that references the action by version pulls the malicious code on its next run,” StepSecurity said. “Only workflows pinned to a known-good full commit SHA are unaffected.” Found this article interesting?
Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account
Cybersecurity researchers have discovered a fresh software supply chain attack campaign that has compromised various npm packages associated with the @antv ecosystem as part of the ongoing Mini Shai-Hulud attack wave. “The attack affects packages tied to the npm maintainer account atool, including echarts-for-react, a widely used React wrapper for Apache ECharts with roughly 1.1 million weekly downloads,” Socket said . The list of affected packages include @antv packages such as @antv/g2, @antv/g6, @antv/x6, @antv/l7, @antv/s2, @antv/f2, @antv/g, @antv/g2plot, @antv/graphin, and @antv/data-set, as well as related packages outside the @antv namespace, including echarts-for-react, timeago.js, size-sensor, canvas-nest.js, and others. The application security company said the tradecraft matches Mini Shai-Hulud, where a compromised maintainer account is leveraged to push out trojanized versions in quick succession.
The development comes as the supply chain attack campaign continues to slither its way through the software supply chain, worming through different open-source registries rapidly and infecting hundreds of software packages by embedding credential-stealing code into popular development tools. “The potential blast radius is significant because the affected publishing account is connected to widely used packages across data visualization, graphing, mapping, charting, and React component ecosystems,” Socket said. “Even if only a subset of those packages received malicious updates, the popularity of the package ecosystem creates meaningful downstream exposure for organizations that automatically pull new dependency versions.” The attacker is said to have published 639 malicious versions across 323 unique packages, including 558 versions across 279 unique @antv packages. The stealer payload harvests more than 20 credential types, Amazon Web Services, Google Cloud, Microsoft Azure, GitHub, npm, SSH, Kubernetes, Vault, Stripe, database connection strings, and attempts Docker container escape via the host socket.
The stealer is identical to the Mini Shai-Hulud payload used in the SAP compromise . The collected data is eventually serialized, compressed, encrypted, and exfiltrated to the domain (“t.m-kosche[.]com:443”). As a fallback mechanism, the malware leverages the stolen GitHub token to create a public repository under the victim’s account and commit the data in a JSON file. The repositories feature the description “niagA oG eW ereH :duluH-iahS,” which reverses to “Shai-Hulud: Here We Go Again.” As of writing, there are more than 2,200 repositories in GitHub containing this marker.
Furthermore, the malware incorporates an npm propagation logic that abuses the stolen npm tokens to first validate them through the npm registry API, enumerates packages maintained by the token owner, downloads package tarballs, injects the malicious payload, adds a preinstall hook, increases the package versions, and republishes them using the compromised maintainer’s identity. Shai-Hulud Framework “The attack uses two execution paths,” SafeDep said . “Each compromised version adds a preinstall hook (bun run index.js). 630 of the 631 malicious versions also inject an optionalDependencies entry [pointing to imposter commits ] that delivers a second copy of the payload via the legitimate antvis/G2 GitHub repository.” “The 22-minute publish burst across 314 packages (631 versions), with an identical obfuscated payload, rules out a gradual or targeted operation.
This was automated, rapid exfiltration using a stolen token.” The self-replicating Mini Shai-Hulud campaign is assessed to be the work of a financially motivated threat actor named TeamPCP. However, as of last week, the activity has entered an aggressive, new phase after TeamPCP released the entire source code for other threat actors to use as part of a supply chain attack contest announced in partnership with BreachForums. “The open-sourcing of a production offensive framework is not unprecedented, but it’s unusual for an active campaign,” Datadog said . “It lowers the barrier for other actors to adopt TeamPCP’s playbook including the more sophisticated techniques like OIDC token abuse, provenance forgery, and AI tool persistence hooks.” Since then, an unknown threat actor has uploaded four malicious npm packages , one of which contains a near-verbatim copy of the Shai-Hulud worm with its own command-and-control infrastructure, an indication that cloned versions of the worm may infest open-source ecosystems.
This copycat wave , in turn, complicates attribution efforts, while the attacks continue to facilitate credential theft and open the door for follow-on exploitation. The incident once again demonstrates how compromising tools that are already trusted inside enterprise networks can be abused as delivery vehicles for malware. What makes the campaign truly dangerous is that one compromise feeds into the next, resulting in an ever-expanding blast radius as more packages are hacked. “This campaign is built for credential theft at scale,” Trend Micro said in a report last week.
“Organizations using GitHub Actions, PyPI, Docker Hub, GHCR [GitHub Container Registry], VS Code extensions, and cloud-connected CI runners are directly exposed to this risk.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
INTERPOL Operation Ramz Disrupts MENA Cybercrime Networks with 201 Arrests
INTERPOL has coordinated a first-of-its-kind cybercrime crackdown across the Middle East and North Africa (MENA) that led to 201 arrests and the identification of an additional 382 suspects. The initiative involved the efforts of 13 countries from the region between October 2025 and February 2026, aiming to investigate and neutralize malicious infrastructure, arrest perpetrators behind these activities, and prevent future losses. “The operation focused on neutralizing phishing and malware threats, as well as tackling cyber scams that inflict severe cost to the region,” INTERPOL said in a statement. “In addition to the arrests made, 3,867 victims were identified, and 53 servers were seized.” The operation, codenamed Ramz , led to the disruption of a phishing-as-a-service (PhaaS) by Algerian authorities after its server was confiscated, along with a computer, a mobile phone, and hard drives containing phishing software and scripts.
One suspect was arrested in connection with the scheme. Elsewhere, Moroccan officials seized computers, smartphones, and external hard drives that contained banking data and software used for phishing operations. Authorities also identified a legitimate server located in a private residence in Oman that contained sensitive information. The server suffered from multiple critical security vulnerabilities and was infected by malware.
INTERPOL said actions were taken to disable the server. In a similar case, compromised devices were discovered in Qatar, with the owners themselves unaware that their systems were being used to spread “malicious threats.” Although the exact nature of these threats was not disclosed, the impacted machines are said to have been secured, and the device owners were alerted to take appropriate security measures. Lastly, Jordanian police identified a computer that was used to run financial fraud scams, where unsuspecting users were tricked into investing their assets in a seemingly legitimate trading platform, only for it to shut down once the funds were deposited. “A raid uncovered 15 individuals carrying out the scams, but investigators determined that they were victims of human trafficking who had been recruited under the false promise of employment from their home countries in Asia,” INTERPOL said.
“Upon arrival in Jordan, their passports were confiscated, and they were forced or coerced into participating in the scheme. Two individuals suspected of orchestrating the operation were arrested.” Group-IB, which was one of the private sector companies that participated in the effort, said it provided “actionable intelligence” on over 5,000 compromised accounts, including those that were associated with government infrastructure, and shared details about active phishing infrastructure across the region. “Cybercrime is borderless, and the only effective response is one that is equally borderless,” Joe Sander, CEO of Team Cymru, said . “Operation Ramz is exactly that kind of response, law enforcement and trusted private-sector partners pooling intelligence, moving in concert, and dismantling the infrastructure that criminals depend on.” Countries that took part in Operation Ramz included Algeria, Bahrain, Egypt, Iraq, Jordan, Lebanon, Libya, Morocco, Oman, Palestine, Qatar, Tunisia, and the U.A.E.
Series of Law Enforcement Actions The arrests come against the backdrop of a string of law enforcement actions announced by Germany and the U.S. Department of Justice (DoJ) in recent weeks - The sentencing of Thomasz Szabo (aka Plank, Jonah, and Cypher), 27, of Romania, to 48 months in prison for his role as the mastermind of an online swatting ring that targeted more than 75 public officials, four religious institutions, and multiple journalists. The indictment of Owe Martin Andresen (aka Speedstepper), the suspected main administrator of the illicit darknet marketplace, Dream Market, on money laundering charges, following his arrest in Germany last week. The shutdown of a relaunched version of the Crimenetwork marketplace (it was originally dismantled in December 2024) and the arrest of a suspected administrator, a 35-year-old German citizen, on the Spanish island of Mallorca.
The conviction of Sohaib Akhter , 34, of Alexandria, Virginia, by a federal jury for deleting 96 databases storing U.S. government information and stealing the plaintext password of an individual who had submitted a complaint to the Equal Employment Opportunity Commission’s Public Portal. The sentencing of Alan Bill , 33, of Bratislava, the Slovakian Administrator of Kingdom Market , to 200 months (more than 16 years) in prison after he pleaded guilty to a conspiracy to distribute controlled substances, illegal drugs, stolen financial data, counterfeit documents, and malware earlier this January. The sentencing of David Jose Gomez Cegarra , 25, of Venezuela to time served and pay restitution totaling $294,820 in connection with a string of ATM jackpotting incidents between October 5 and November 11, 2024, in the U.S.
states of New York, Massachusetts, and Illinois. The arrest of a 21-year-old from Dordrecht for their involvement in a tool called JokerOTP that’s used by cybercriminals to intercept one-time passwords (OTPs) and two-factor authentication (2FA) codes for hijacking online accounts by impersonating trusted organizations such as banks, cryptocurrency exchanges, and other major service providers. The sentencing of Marlon Ferro (aka GothFerrari), 20, of Santa Ana, California, to 78 months in prison in connection with a social engineering conspiracy that stole more than $250 million in cryptocurrency from victims across the U.S. between late 2023 and early 2025.
“This [social engineering] scheme blended sophisticated online fraud with old-fashioned burglary to drain victims of millions of dollars in digital assets,” U.S. Attorney Jeanine Ferris Pirro stated. “The conspiracy’s operatives typically targeted individuals believed to hold significant cryptocurrency holdings. Its members manipulated victims into surrendering access to their digital wallets through elaborate fraud schemes.
When victims stored their cryptocurrency in hardware wallets, physical devices that cannot be accessed remotely, the enterprise turned to Ferro.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More
Monday opens with a trust problem. A mail server flaw is under active use. A network control system was targeted. Trusted packages were poisoned.
A fake model page pushed a stealer. Then came the familiar ransom claim: the data was returned and deleted. The pattern is clear. One weak dependency can leak keys.
One leaked key can open cloud access. One cloud foothold can become a production incident. AI is speeding up vulnerability discovery, attackers are moving quickly, and old exposure still keeps paying off. Patch the quiet risks first.
Let’s get into it. ⚡ Threat of the Week On-Prem Microsoft Exchange Server Exploited in the Wild —Microsoft disclosed a security vulnerability impacting on-premise versions of Exchange Server, which has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-42897 (CVSS score: 8.1), has been described as a spoofing bug stemming from a cross-site scripting flaw. An anonymous researcher has been credited with discovering and reporting the issue.
Microsoft is providing a temporary mitigation through its Exchange Emergency Mitigation Service, while it’s readying a permanent fix for the security defect. There are currently no details on how the vulnerability is being exploited, the identity of the threat actor behind the activity, or the scale of such efforts. It’s also unclear who the targets are and if any of those attacks were successful. The Case for Autonomous Validation in Four On-Demand Sessions Enterprise CISOs, an industry analyst, and security leaders covered why point-in-time testing no longer matches the speed of modern threats, and how teams are using validation evidence to prioritize remediation, prove control effectiveness, and report risk to leadership.
Four sessions, all on demand. Watch Now ➝ 🔔 Top News Cisco Catalyst SD-WAN Controller Flaw Under Attack —A sophisticated threat actor tracked as UAT-8616 has been attributed to the exploitation of CVE-2026-20182, a critical authentication bypass in Cisco Catalyst SD-WAN Controller. “8616 performed similar post-compromise actions after successfully exploiting CVE-2026-20182, as was observed in the exploitation of CVE-2026-20127 by the same threat actor,” Cisco Talos said. “UAT-8616 attempted to add SSH keys, modify NETCONF configurations, and escalate to root privileges.” UAT-8616 is the same threat actor that was behind the weaponization of CVE-2026-20127 earlier this year to gain unauthorized access to SD-WAN systems.
Cisco isn’t the only security vendor facing a barrage of attacks on its customers, but it is among the most heavily targeted, along with Fortinet and Ivanti. “For nation-state operators, a bug like this (as seen with the actively exploited CVE-2026-20127) is ideal for pre-positioning,” Rapid7 said . “They are usually not looking for a smash and grab. They want persistence.
They want access that blends in. They want to sit in the right place long enough to observe, influence, and pivot when the time is right. An SD-WAN controller is a great place to do that, because it lives in the middle of trust relationships most organizations rarely question.” Blast Radius of TeamPCP Attacks Expands —A new wave of the Mini Shai-Hulud campaign compromised dozens of TanStack npm packages as part of a broader supply chain attack worming through developer ecosystems , including packages tied to UiPath, Mistral AI, OpenSearch and PyPI. The activity has been attributed to TeamPCP, which has orchestrated a series of high-profile supply chain attacks targeting popular open-source projects in recent months.
The goal is the same across all attack campaigns — use poisoned, open-source software to deploy stealer malware and harvest user credentials, API keys, SSH keys, and other secrets. TeamPCP is said to be weaponizing credentials and secrets obtained in the supply chain attacks to access organizations’ cloud infrastructure, not to mention turn into an initial access broker for follow-on attacks like ransomware by teaming up with other cybercrime groups. In some waves, the attackers used the Trufflehog scanner to validate those credentials. The escalating attacks show that TeamPCP prioritizes speed rather than subtlety and stealth.
Supply chain attacks have become an increasingly serious concern because of the sheer scale at which trusted dependencies are reused. A single poisoned package can rapidly propagate into thousands of downstream applications, enterprise environments, and production systems. The development coincided with the compromise of the node-ipc package to distribute a stealer malware. It’s currently not known who is behind the attack.
Since the library is a dependency for hundreds of other packages, which in turn could be dependencies for even more packages, the attack could have cascading consequences. Apple and Google Roll Out Cross-Platform E2EE for RCS Messages —End-to-end encrypted (E2EE) Rich Communication Services (RCS) messaging is being rolled out in beta between iPhone and Android devices, closing one of the biggest interoperability gaps in mainstream mobile messaging. The feature is available to iPhone users on iOS 26.5 with supported carriers and to Android users on the latest version of Google Messages. Encrypted conversations are marked with a padlock icon in the chat interface.
The wider rollout to iPadOS, macOS, and watchOS will follow in future software updates, Apple said. Instructure Reaches Ransom Agreement with ShinyHunters —Instructure, the developer of school information portal Canvas, said it struck a deal with the ShinyHunters group, which breached its systems, stole a massive amount of data, and disrupted thousands of schools that rely on the company’s software. The company did not say what it had given the threat actors in exchange for the destruction of the data, but it’s fair to say it likely made the controversial decision to make a ransom payment. The company said it also received “digital confirmation” that the hackers destroyed any remaining copies in the form of “shred logs.” In addition, the agreement included the return of the stolen data, assurances that affected customers would not be extorted, and a commitment that individual institutions would not need to engage with the threat actor.
While it remains to be seen if the threat actors will keep their side of the bargain, it’s worth highlighting a key problem with paying a ransom: once attackers have a victim’s data, there is no guarantee it was not copied or shared with others. As of May 12, the listing for Instructure has been removed from the ShinyHunters’ data leak site. The group said: “The data is deleted, gone. The company and it’s [sic] customers will not further be targeted or contacted for payment by us.” Fake Hugging Face Repository Delivers Stealer Malware —A malicious Hugging Face repository managed to take a spot in the platform’s trending list by impersonating OpenAI’s Privacy Filter open-weight model to deliver a Rust-based information stealer to Windows users.
The project, named Open-OSS/privacy-filter, masqueraded as its legitimate counterpart, released by OpenAI late last month (openai/privacy-filter), including copying the entire description verbatim to trick unsuspecting users into downloading it. The description accompanying the fake model diverged from the legitimate project in one aspect: instructing users to run start.bat on Windows or execute python loader.py on Linux and macOS to deploy the stealer. Access to the malicious model has since been disabled by Hugging Face. The incident highlights how public AI model registries are emerging as a new software supply chain risk for enterprises, emphasizing why AI model supply chain security needs the same level of rigor as software supply chain security.
It’s essential to verify publisher identity, check model card provenance, and scan for unexpected binary downloads. OpenAI Announces Daybreak —OpenAI announced Daybreak, a new initiative based on its frontier large language models (LLMs) and its artificial intelligence (AI)-powered coding assistant, Codex, to help developers secure their software from the ground up. Like Anthropic’s Mythos and Project Glasswing, the initiative makes it possible to scan a codebase to identify flaws and fix them, triage vulnerability backlog and prioritize fixes by severity, impact, or exploitability, and automate vulnerability detection, validation and response. In a related development, Microsoft detailed its own AI-assisted vulnerability discovery system called MDASH , which orchestrates more than 100 specialized AI agents across multiple frontiers and distilled AI models to find vulnerabilities in the tech giant’s own codebases.
MDASH is designed to run a structured pipeline that goes through distinct stages: preparation, scanning, validation, deduplication, and proof construction. The emergence of Daybreak and MDASH comes amid a spike in vulnerability discovery, mainly fueled by the use of AI tools. Five months into 2026, Microsoft has already patched more than 500 vulnerabilities in its software, a rate that could see the company break its own annual record for the most number of security fixes in a year. The U.K.
National Cyber Security Centre (NCSC) has also warned organizations that they should prepare for a surge of software updates driven by AI-assisted vulnerability discovery. At this stage, access to these advanced tools is tightly controlled. OpenAI has framed the access controls as a response to the dual-use nature of the underlying technology. The same AI capabilities that allow defenders to identify vulnerabilities and accelerate remediation could be misused by bad actors.
Per Google, hacking groups are already using AI models to boost the speed, scale, and sophistication of their attacks, as well as perform reconnaissance and build better malware. 🔥 Trending CVEs Bugs drop weekly, and the gap between a patch and an exploit is shrinking fast. These are the heavy hitters for the week: high-severity, widely used, or already being poked at in the wild. Check the list, patch what you have, and hit the ones marked urgent first — CVE-2026-42945 (NGINX Plus and NGINX Open), CVE-2026-44112 (OpenClaw), CVE-2026-42897 (Microsoft Exchange Server), CVE-2026-41096 (Microsoft Windows DNS), CVE-2026-42826 (Microsoft Azure DevOps), CVE-2026-20182 (Cisco Catalyst SD-WAN Controller), CVE-2026-44338 (PraisonAI), CVE-2026-46300 , CVE-2026-46333 (Linux Kernel), CVE-2026-45185 (Exim), CVE-2026-8043 (Ivanti Xtraction), CVE-2026-44277 (Fortinet FortiAuthenticator), CVE-2026-26083 (Fortinet FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS), CVE-2026-34260, CVE-2026-34263 (SAP), CVE-2026-42231, CVE-2026-42232, CVE-2026-44791, CVE-2026-44789, CVE-2026-44790 , CVE-2026-42236 , CVE-2026-42230 ( n8n ), CVE-2026-6815 (Casdoor), CVE-2026-2291, CVE-2026-4890, CVE-2026-4891, CVE-2026-4892, CVE-2026-4893, CVE-2026-5172 (dnsmasq), CVE-2026-6787, CVE-2026-6788 (WatchGuard Agent on Windows), CVE-2026-23479, CVE‑2026‑25243, CVE-2026-25588, CVE‑2026‑25589 (Redis), CVE-2026-41002 , CVE-2026-40982 , CVE-2026-40981 , CVE-2026-41713 , CVE-2026-41712 , CVE-2026-41705 (Spring), CVE-2026-6722 (PHP ext-soap), CVE-2026-43824 (Argo CD), CVE-2026-27174 (MajorDoMo), CVE-2026-25254, CVE-2026-25293 (Qualcomm), CVE-2026-28819, CVE-2026-43668, CVE-2026-28972 (Apple macOS), CVE-2026-44413 (JetBrains TeamCity), CVE-2026-42010, CVE-2026-33845, CVE-2026-42009, CVE-2026-33846, CVE-2026-1584 (GnuTLS), CVE-2026-30905 , CVE-2026-30906 (Zoom), CVE-2026-4782, CVE-2026-4798 (Avada Builder plugin), CVE-2026-43898 (SandboxJS), CVE-2026-8509, CVE-2026-8510 (Google Chrome), CVE-2026-44578 (Next.js), CVE-2025-14177 (PHP), CVE-2026-33439 (OpenAM), CVE-2025-66335 (Apache Doris MCP), an authentication validation bypass in Apache Pinot MCP, and an information disclosure flaw in Alibaba RDS MCP.
- 🎥 Cybersecurity Webinars
- AppSec Tools Blind to Lethal Chains: Code → Pipeline → Cloud Attacks
- Your AppSec tools are drowning in alerts but completely blind to how real attackers breach you. Modern threats don’t exploit single bugs — they chain tiny weaknesses across code, pipelines, and cloud into lethal attack paths. Join the webinar to discover the 3 deadliest cross-lifecycle patterns from Wiz experts (ex-Okta/GitLab) and learn how to map & stop them. AI is making DDoS attacks dangerously intelligent.
Are you ready? AI is turning DDoS attacks into smart, adaptive weapons that scan weaknesses in real-time, mimic legit traffic, and dodge traditional defenses. With a 358% surge in incidents, it’s time to upgrade your strategy. Join the webinar to learn the latest tactics and how to defend effectively.
📰 Around the Cyber World Flaw in Apple’s Memory Integrity Enforcement —Calif said it discovered a new way of circumventing Apple’s Memory Integrity Enforcement (MIE), a new hardware-assisted memory safety system, and achieved privilege escalation. The discovery was made possible while testing an early version of Anthropic’s Mythos Preview in April. “It’s the first public macOS kernel memory corruption exploit on M5 silicon, surviving MIE,” Calif said. “The exploit is a data-only kernel local privilege escalation chain targeting macOS 26.4.1 (25E253).
It starts from an unprivileged local user, uses only normal system calls, and ends with a root shell. The implementation path involves two vulnerabilities and several techniques, targeting bare-metal M5 hardware with kernel MIE enabled.” Additional details are currently withheld to give Apple time to address the issues. Mustang Panda Delivers Updated FDMTP Tool —A new campaign consistent with tradecraft associated with Mustang Panda has been observed targeting the Asia-Pacific and Japan (APJ) region to deliver an updated version of FDMTP using DLL side-loading. The malware is designed to connect to an external server and receive commands from the remote server, profile compromised hosts, and load additional plugins to handle scheduled tasks, manage Windows Registry persistence, or retrieve files or commands.
The activity has been spotted since September 2025. New Flaw in Burst Statistics Plugin Exploited —Threat actors are exploiting a critical flaw in the Burst Statistics WordPress plugin (CVE-2026-8181, CVSS score: 9.8), which “allows unauthenticated attackers who know a valid administrator username to fully impersonate that administrator for the duration of any REST API request, including WordPress core endpoints such as /wp-json/wp/v2/users, by supplying any arbitrary and incorrect password in a Basic Authentication header,” per Wordfence. An attacker could exploit this flaw to create a new administrator-level account with no prior authentication and seize control of the site. The plugin has over 200,000 installations.
Wordfence said it has blocked thousands of attacks targeting this vulnerability. CISA and Others Release Guidance to Strengthen AI Supply Chain —Multiple government cyber agencies issued a joint guidance to help public and private sector stakeholders improve transparency in their AI systems and supply chains. “A software bill of materials (SBOM) acts as an ‘ingredients list’ for software that better positions organizations to understand their supply chains and make risk-informed decisions about how to protect their critical systems,” the agencies said. “Because AI systems are software systems, these recommendations should be considered in addition to the general minimum elements for an SBOM .” Stealer Malware Continues to Evolve —Cybersecurity researchers disclosed details of various new and emerging information stealers like Salat , Gremlin , and Reaper , the last of which is a new SHub macOS stealer variant that spoofs Apple, Google, and Microsoft across a multi-stage attack chain to steal credentials, exfiltrate business files, and establish persistent backdoor access.
“Reaper uses fake WeChat and Miro installers as lures,” SentinelOne researcher Phil Stokes said. “The payload may be hosted on a typo-squatted Microsoft domain, executed under the guise of an Apple security update, and persist from a fake Google Software Update directory.” Unlike other macOS stealers that trick users into opening and pasting malicious commands into the Terminal app, Reaper relies on the applescript:// URL scheme to trigger the execution of a malicious AppleScript, thereby bypassing Terminal-based mitigations Apple introduced in late March 2026. According to a report published by Flare.io last week, one in four infostealer victims has active access to corporate infrastructure: VPN credentials, SaaS sessions, cloud platforms. “One in six gaming-related infections involves a user with corporate infrastructure access,” it said .
“16% of victims infected through gaming lures also held active credentials for VPNs, SaaS platforms, or cloud environments, creating a direct pipeline from personal device use to enterprise compromise.” Flaws in myAudi Platform —Multiple security flaws have been discovered in the myAudi connected car platform, allowing anyone with knowledge of a vehicle’s VIN to add it to their account as a guest and access sensitive data. The leaked information included the embedded SIM’s IMEI and ICCID identifiers, the GPS location of the primary owner when they triggered a “honk & flash” command, and vehicle lock status. One of the identified issues has been fixed by Audi and CARIAD. 🔧 Cybersecurity Tools Rustinel → It is an open-source endpoint detection tool for Windows and Linux.
It collects system activity using ETW on Windows and eBPF on Linux, checks events against Sigma rules, YARA rules, and IOCs, and writes alerts in ECS NDJSON format for use in SIEM or log pipelines. It is built for blue teams, detection engineers, researchers, and testing environments, not as a full replacement for commercial EDR. Giskard → It is an open-source Python tool for testing and evaluating LLM agents and AI systems. It helps developers check whether an AI app behaves correctly, stays grounded in context, follows safety rules, and handles multi-turn conversations reliably.
Its current version focuses on lightweight evaluation workflows, while related scanning and RAG evaluation features are still being developed or are available in older versions. VanGuard → It is a cross-platform incident response toolkit for Windows and Linux that lets security teams collect evidence, run triage, perform threat hunting, capture memory, gather disk artifacts, manage Velociraptor workflows, and generate reports from a single portable binary without installation. It includes 28 pre-built investigation workflows, supports offline use, and tracks evidence with hashing, chain of custody, and audit logging. Disclaimer: This is strictly for research and learning.
It hasn’t been through a formal security audit, so don’t just blindly drop it into production. Read the code, break it in a sandbox first, and make sure whatever you’re doing stays on the right side of the law. Conclusion The message is simple: trust less, check more. Bad packages, fake pages, weak plugins, leaked keys, and old bugs all lead to the same place.
Patch first. Rotate keys. Review what you run in prod. That’s the work.
That’s the recap. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
How to Reduce Phishing Exposure Before It Turns into Business Disruption
What happens when a phishing email looks clean enough to pass through security, but dangerous enough to expose the business after one click? That is the gap many SOCs still struggle with: the attacks that leave teams unsure what was exposed, who else was targeted, and how far the risk has spread. Early phishing detection closes that gap. It helps teams move from uncertainty to evidence faster, reduce response delays, and stop one missed link from turning into account exposure, remote access, or operational disruption.
Why Phishing Creates Bigger Risk for Security Leaders Now Phishing has become harder to manage because it no longer creates one clear, easy-to-contain event. A single click can turn into identity exposure, remote access, data access, or a wider investigation before the team has a clear picture. What makes it a bigger concern now: Puts identity at the center of the attack: Stolen credentials can expose email, SaaS apps, cloud platforms, and internal systems. Weakens confidence in MFA: Some campaigns capture OTP codes, so “MFA is enabled” is not always enough.
Hides behind normal user behavior: CAPTCHA checks, login pages, invites, and trusted tools can make early signals look routine. Slows business-level decisions: Teams may need time to confirm what was accessed, who was affected, and whether containment is needed. Increases operational exposure: The longer phishing activity stays unclear, the greater the chance of account abuse, remote access, or business disruption. The Fastest Way to Turn Phishing Signals into Action When a phishing email gets through, speed depends on what the SOC does next.
The strongest teams don’t investigate one suspicious link in isolation. They use it as the start of a connected process: validate the behavior, expand the intelligence, and check the environment for related exposure before the risk spreads. Step 1: Confirm the Real Risk Behind the Phishing Links and Emails The first thing SOC teams need is a safe place to check what a suspicious email or link actually does beyond the inbox. This is where interactive sandboxes become critical: they let teams open attachments, follow URLs, observe redirects, pass through phishing flows, and expose behavior that may not be visible from the original message alone.
Check recent phishing attack with fake invitation Phishing attack exposed inside ANY.RUN sandbox A recent ANY.RUN investigation shows why this matters. Researchers found a dangerous phishing campaign targeting U.S. organizations, especially in high-exposure industries such as Education, Banking, Government, Technology, and Healthcare . The attack looked routine at first: a fake invitation, a CAPTCHA check, and an event-themed page.
- But behind that flow, the campaign could lead to credential theft, OTP capture, or delivery of legitimate RMM tools. Expand your team’s phishing analysis capacity before the next threat becomes a serious incident. Claim bonus seats and special pricing while the offer is available until May 31. Get special offer now
- Inside ANY.RUN’s interactive sandbox, the full attack chain was exposed in just
- 40 seconds
- redirects, fake pages, credential prompts, downloads, and signs of possible remote access.
That is the speed security teams need when every minute of uncertainty can increase exposure. 38 seconds needed to analyze the full attack chain of complicated phishing attack inside ANY.RUN’s sandbox After the sandbox exposes the full attack path, leadership gets what phishing investigations often lack: early proof of business exposure. Instead of waiting for signs of account abuse or endpoint compromise, the SOC can understand the risk while there is still time to contain it. With that proof, teams can: confirm whether the link creates real exposure act before compromised accounts or endpoints become a wider problem give leadership the evidence needed to approve fast containment Step 2: Contextualize One Attack into Full Threat Landscape Once the sandbox exposes the phishing behavior, the next step is to understand whether the threat is isolated or part of a wider campaign.
This is where ANY.RUN’s threat intelligence solutions help teams move from one suspicious link to a broader view of the threat. In the fake invitation campaign, the sandbox revealed repeatable patterns across phishing pages, including requests to /favicon.ico , /blocked.html , and resources stored under /Image/*.png . These details are valuable because they help connect related domains, pages, and infrastructure that may belong to the same campaign. Relevant analysis sessions displayed with ANY.RUN’s Threat Intelligence for broader context and full behavior visibility Once the threat context is expanded, teams are no longer reacting to one alert in isolation.
They can understand how far the campaign may reach, which areas of the business are most exposed, and whether the response should stay limited or scale across users, departments, or clients. That wider view helps CISOs: prioritize response based on campaign scale, not a single phishing link reduce blind spots across users, regions, and business units make faster decisions on blocking, hunting, and escalation before more exposure builds up Step 3: Keep Defenses Current for Early Risk Awareness Once the threat is validated and enriched, the next step is to make that intelligence usable across the tools the SOC already depends on. The goal is not to keep findings inside one investigation, but to turn them into detection, blocking, enrichment, and response across the environment. With ANY.RUN’s threat intelligence solutions, teams can use behavior-based IOCs and campaign context across SIEM, TIP, SOAR, NDR, firewalls, and other security tools.
Built from real attack analysis across 15,000 organizations and 600,000 security professionals , this intelligence gives teams fresh context they can apply directly inside existing workflows. ANY.RUN’s TI Feeds provides fresh, behavior-based IOCs across security stack This helps teams move from “we analyzed one phishing link” to “we can now look for related exposure across the business.” The collected intelligence can surface related domains, repeated URL paths, suspicious requests, downloaded files, or signs of RMM activity connected to the same campaign. For CISOs, this is where phishing intelligence becomes operational control. It helps teams: use existing security investments to detect related activity faster reduce blind spots across email, network, endpoint, identity, and cloud data act before one phishing case turns into broader business exposure This process closes the loop: the sandbox proves the behavior, threat intelligence expands the context, and the security stack helps teams find and stop related threats before they spread.
Get Special ANY.RUN Offers Before May 31 To celebrate its 10th anniversary , ANY.RUN is offering special conditions for teams that want to strengthen phishing analysis, threat intelligence, and SOC response workflows. ANY.RUN special offers for stronger SOC and earlier threat visibility Until May 31 , teams can access anniversary offers across key ANY.RUN solutions: Interactive Sandbox: Bonus seats and exclusive pricing for teams that need in-depth malware and phishing analysis. Threat Intelligence solutions: Extra months to bring fresher intelligence into detection, investigation, and response. For SOCs, this is a good moment to expand phishing visibility, bring fresh threat intelligence into existing workflows, and improve response readiness without slowing down operations.
Get a special offer now to strengthen phishing detection and help your SOC act before exposure spreads. Turn Early Phishing Detection into Measurable SOC Impact Early phishing detection matters because delay is where risk grows. When a suspicious link gets through, every extra minute can mean more uncertainty, more manual work, and more time before the team knows whether accounts, endpoints, or business systems are exposed. Teams report 3x stronger SOC efficiency with ANY.RUN’s solutions ANY.RUN helps close that gap between the first phishing signal and confident response.
Teams can analyze the link safely, confirm what it does, enrich the findings with related threat context, and push that intelligence into their security stack to find and stop connected activity across the environment. Teams using ANY.RUN report: 21 minutes faster MTTR per case to reduce the window between phishing detection and containment 94% faster triage reported by users to cut uncertainty around suspicious links 30% fewer Tier 1 to Tier 2 escalations to protect senior team capacity Up to 20% lower Tier 1 workload to reduce alert fatigue and manual investigation effort Up to 3x stronger SOC efficiency across validation, enrichment, and response workflows Close phishing blind spots before they turn into business exposure. Get bonus seats and special pricing to expand SOC visibility while the offer is available. Found this article interesting?
This article is a contributed piece from one of our valued partners. Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
Developer Workstations Are Now Part of the Software Supply Chain
Supply chain attackers are not only trying to slip malicious code into trusted software. They are trying to steal the access that makes trusted software possible. Recently, three separate campaigns hit npm, PyPI, and Docker Hub in a 48-hour window, and all three targeted secrets from developer environments and CI/CD pipelines, including API keys, cloud credentials, SSH keys, and tokens. This is an ongoing concern and is self-propagating, as seen in attacks like the “mini Shai Hulud” campaigns.
That pattern should change how security teams think about the software supply chain. Traditionally, security focused on shared systems like source code repositories, CI/CD platforms, artifact registries, package managers, and cloud environments. The goal was to protect production workloads and data. We absolutely still need to focus on these areas, but it is an incomplete picture.
Modern software delivery begins before code reaches Git. It begins on the developer workstation, where code is written, dependencies are installed, credentials are tested, AI assistants are prompted, containers are built, and trusted actions begin. Developer workstations are a real part of the software supply chain. Treating them as ‘just’ ordinary endpoints leaves gaps among endpoint security, identity security, application security, and supply chain governance.
Supply Chain Attacks Have Become Credential-Harvesting Operations Recent incidents keep pointing to the same operational truth. Attackers may use poisoned packages, compromised images, dependency bots, malicious workflows, or vulnerable developer tools, but the recurring objective is access. Events like the TeamPCP and Shai-Hulud campaigns show how supply chain attacks increasingly converge around credential theft. In the TeamPCP campaign, attackers used compromised packages and developer tooling to harvest tokens, cloud credentials, SSH keys, npm configuration files, and environment variables.
Shai-Hulud pushed the same pattern even further, turning infected developer environments into credential collection points that exposed thousands of secrets across GitHub, cloud services, package registries, and internal systems. That is not just software tampering. It is credential collection at the points where developers and automation already hold trust. The supply chain is exposed when attackers gain access to credentials and context that allow them to alter, publish, build, deploy, or impersonate trusted software systems.
Packages altered and published in a modern supply chain attack remain live for hours, while automation tools merge malicious updates in minutes. The common thread across many of the recent attacks has been secrets, either as an initial access vector or as the target of collection. The Attacker Path Now Runs Through Developer-Side Context The developer workstation is valuable because it concentrates context. It often contains local repositories, .env files, shell history, SSH keys, package manager credentials and configs, build scripts, debugging logs, and browser sessions.
Those pieces become far more dangerous when viewed together. A single access token may look limited in isolation. A token found next to a Git remote, deployment script, README, cloud profile, and CI configuration tells an attacker where the token fits and what it might unlock. In the Shai-Hulud 2.0 campaign, for example, GitHub credentials dominated the exposed and exfiltrated credentials, each with potential admin access to repositories and CI workflows.
Local compromise is not only a device problem. It can serve as a map for source control, cloud accounts, package publishing workflows, CI/CD systems, internal APIs, and production-adjacent infrastructure. Developer Machines Concentrate Software Delivery Authority A standard employee laptop may expose corporate data. A developer workstation may expose the ability to change software.
That distinction is critical when considering endpoint security. Developers often need broad access to do their jobs. They clone private repositories, authenticate to cloud services, publish packages, access staging environments, and interact with multiple internal tools. Their machines become a working intersection of source code, credentials, automation, and delivery authority.
While not every developer has production access, many do have enough access to influence the systems that eventually produce production outcomes. A registry token can affect packages. A GitHub token can affect repositories or workflows. A cloud profile can expose infrastructure.
A CI/CD credential can affect build behavior. The board and auditors do not care if a developer stored a secret locally. The business risk is really that a local exposure gives attackers a path into systems that build, modify, release, or operate software. That shift changes the questions security teams should ask: Can you identify which credentials are usable from developer workstations?
Can you limit the value and lifetime of those credentials? Can you detect sensitive material before it enters Git history, CI logs, tickets, artifacts, or chat? Can you revoke and rotate access quickly when you suspect workstation compromise? Can you tell the difference between low-impact local exposure and credentials with admin-like privilege?
Those questions sit between AppSec, endpoint, identity, platform, and cloud security. However your organization chooses to coordinate, you must understand how developer behavior connects to delivery systems. Automation And AI Make The Exposure Surface Thinner And Faster Automation has compressed the time between compromise and impact. Dependency update bots can open and merge changes quickly.
CI/CD systems can execute trusted workflows automatically. Package managers can run installation scripts. AI agents and coding assistants can read files, call tools, generate commands, inspect output, and move context across systems. Automation is not inherently unsafe, but typically, any automation inherits trust, especially if it comes in an agentic form.
If a malicious dependency update appears routine, an automated workflow may move it forward faster than a human reviewer can understand what happened. AI In The Loop AI-assisted development adds another set of handoff points. Sensitive data can appear in prompts, terminal output, tool calls, generated code, agent memory, logs, and local configuration copied into a debugging session. The issue is broader than whether a model provider stores prompts.
The larger issue is that local development context now flows through more semi-automated systems. Security teams should evaluate AI coding risk through the same lens they use for supply chain risk. Teams need to answer: what sources and data can the tool read? What can it execute?
Where does output go? What credentials are nearby? And, maybe most importantly, what trust does the workflow inherit? Downstream Controls Still Matter, But They Are Too Late By Themselves Repository scanning, branch protection, CI/CD policy, artifact signing, dependency analysis, and runtime controls remain essential.
They create shared enforcement points and help teams govern software at scale. The problem is now timing, thanks to the speed of modern attacks. Attackers now leverage AI-powered tools to exploit any and all secrets within seconds of discovery. Guardrails reduce potential exposure and the blast radius.
Catching sensitive material while a developer is editing a file, preparing a commit, running a local command, installing a dependency, or interacting with an AI assistant keeps the impact to a minimum. Mature programs distinguish between actions that should be blocked, actions that should give warnings, and actions that should merely generate telemetry for deeper investigation. The goal is not to bury developers in friction. Treat The Workstation As A Local Supply Chain Boundary The modern software supply chain does not start when code is pushed.
It starts where code, credentials, automation, and trust first come together. It is time to treat the developer workstation as a local supply chain boundary. That boundary includes the IDE, terminal, Git client, package manager, container tooling, cloud CLI, local build system, secrets handling practices, AI assistants, and automation agents. It is the place where individual developer action becomes organizational software delivery risk.
Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws
Ivanti, Fortinet, n8n, SAP, and VMware have released security fixes for various vulnerabilities that could be exploited by bad actors to bypass authentication and execute arbitrary code. Topping the list is a critical flaw impacting Ivanti Xtraction (CVE-2026-8043, CVSS score: 9.6) that could be exploited to achieve information disclosure or client-side attacks. “External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to information disclosure and possible client-side attacks,” Ivanti said in an advisory. Fortinet published advisories for two critical shortcomings affecting FortiAuthenticator and FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS that could result in code execution - CVE-2026-44277 (CVSS score: 9.1) - An improper access control vulnerability in FortiAuthenticator that may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.
(Fixed in FortiAuthenticator versions 6.5.7, 6.6.9, and 8.0.3) CVE-2026-26083 (CVSS score: 9.1) - A missing authorization vulnerability in FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS WEB UI that may allow an unauthenticated attacker to execute unauthorized code or commands via HTTP requests. (Fixed in FortiSandbox versions 4.4.9 and 5.0.2, FortiSandbox Cloud version 5.0.6, and FortiSandbox PaaS versions 4.4.9. and 5.0.2) SAP also shipped fixes for two critical vulnerabilities - CVE-2026-34260 (CVSS score: 9.6) - An SQL injection vulnerability in SAP S/4HANA CVE-2026-34263 (CVSS score: 9.6) - A missing authentication check in the SAP Commerce cloud configuration “The vulnerability is caused by an overly permissive security configuration with improper rule ordering, allowing an unauthenticated user to perform malicious configuration upload and code injection, resulting in arbitrary server-side code execution,” Onapsis said about CVE-2026-34263. On the other hand, CVE-2026-34260 could be exploited by an attacker to inject malicious SQL statements and potentially impact the confidentiality and availability of the application.
However, since the affected code only allows read access to data, the vulnerability does not compromise the integrity of the application. “It allows a low-privileged, authenticated attacker to inject malicious SQL code via user-controlled input, potentially exposing sensitive database information and crashing the application,” Pathlock said . Patches have also been released by Broadcom for a high-severity flaw in VMware Fusion (CVE-2026-41702, CVSS score: 7.8) that could pave the way for local privilege escalation. The issue has been addressed in version 26H1.
“VMware Fusion contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during an operation performed by a SETUID binary,” Broadcom said . “A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed.” Round off the list is a set of five critical vulnerabilities impacting n8n - CVE-2026-42231 (CVSS score: 9.4) - A vulnerability in the xml2js library used to parse XML request bodies in n8n’s webhook handler that allows prototype pollution via a crafted XML payload, enabling an authenticated user with permission to create or modify workflows to achieve remote code execution on the n8n host. (Fixed in n8n versions 1.123.32, 2.17.4, and 2.18.1) CVE-2026-42232 (CVSS score: 9.4) - An authenticated user with permission to create or modify workflows could achieve global prototype pollution via the XML Node, leading to remote code execution when combined with other nodes exploiting the prototype pollution. (Fixed in n8n versions 1.123.32, 2.17.4, and 2.18.1) CVE-2026-44791 (CVSS score: 9.4) - A bypass for CVE-2026-42232 that could result in remote code execution on the n8n host.
(Fixed in n8n versions 1.123.43, 2.20.7, and 2.22.1) CVE-2026-44789 (CVSS score: 9.4) - An authenticated user with permission to create or modify workflows could achieve global prototype pollution via an unvalidated pagination parameter in the HTTP Request node, leading to remote code execution on the n8n host. (Fixed in n8n versions 1.123.43, 2.20.7, and 2.22.1) CVE-2026-44790 (CVSS score: 9.4) - An authenticated user with permission to create or modify workflows could inject CLI flags on the Git node’s Push operation, enabling an attacker to read arbitrary files from the n8n server and resulting in full compromise. (Fixed in n8n versions 1.123.43, 2.20.7, and 2.22.1) Software Patches from Other Vendors Security updates have also been released by other vendors over the past several weeks to rectify various vulnerabilities, including - ABB Adobe Amazon Web Services AMD Apple ASUS Atlassian Axis Communications AVEVA Canon Cisco CODESYS ConnectWise Dell Devolutions Drupal F5 Fortra Foxit Software Fujitsu GitLab GnuTLS Google Android and Pixel Google Chrome Google Cloud Grafana Hikvision Hitachi Energy Honeywell HP HP Enterprise (including Aruba Networking and Juniper Networks ) Huawei IBM Intel Jenkins Lenovo Linux distributions AlmaLinux , Alpine Linux , Amazon Linux , Arch Linux , Debian , Gentoo , Oracle Linux , Mageia , Red Hat , Rocky Linux , SUSE , and Ubuntu MediaTek Meta WhatsApp Microsoft Mitel Mitsubishi Electric MongoDB Moxa Mozilla Firefox, Firefox ESR, and Thunderbird NVIDIA OPPO Palo Alto Networks Phoenix Contact Phoenix Technologies Progress Software QNAP Qualcomm React Ricoh Samsung Schneider Electric Siemens Sophos Spring Framework Supermicro Synology Tenable TP-Link WatchGuard Zoom , and Zyxel Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems
Chaotic Eclipse, the security researcher behind the recently disclosed Windows flaws, YellowKey and GreenPlasma , has released a proof-of-concept (PoC) for a Windows privilege escalation zero-day flaw that grants attackers SYSTEM privileges on fully patched Windows systems. Codenamed MiniPlasma , the vulnerability impacts “cldflt.sys,” which refers to the Windows Cloud Files Mini Filter Driver, and resides in a routine named “HsmOsBlockPlaceholderAccess.” It was originally reported to Microsoft by Google Project Zero researcher James Forshaw in September 2020. Although it was assumed that the shortcoming was fixed by Microsoft in December 2020 as part of CVE-2020-17103 , Chaotic Eclipse said further investigation has uncovered that the “exact same issue […] is actually still present, unpatched.” “I’m unsure if Microsoft just never patched the issue or the patch was silently rolled back at some point for unknown reasons. The original PoC by Google worked without any changes,” the researcher added.
“To highlight this issue, I weaponized the original PoC to spawn a SYSTEM shell. It seems to work reliably in my machines butsuccess rate may vary since it’s a race condition.” The researcher further pointed out that all Windows versions are likely affected by this vulnerability. In a post shared on Mastodon, security researcher Will Dormann said MiniPlasma works “reliably” to open a “cmd.exe” prompt with SYSTEM privileges on Windows 11 systems running the latest May 2026 updates. “I’ll note that it does not seem to work on the latest Insider Preview Canary Windows 11,” Dormann pointed out .
In December 2025, Microsoft also addressed another privilege escalation flaw in the same component ( CVE-2025-62221 , CVSS score: 7.8), which it identified as exploited by unknown threat actors. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware
Cybersecurity researchers have discovered four new npm packages containing information-stealing malware, one of which is a clone of the Shai-Hulud worm open-sourced by TeamPCP . The list of identified packages is below - chalk-tempalte (825 Downloads) @deadcode09284814/axios-util (284 Downloads) axois-utils (963 Downloads) color-style-utils (934 Downloads) “One of the packages (chalk-tempalte) contains a direct clone of the Shai-Hulud source code that TeamPCP leaked last week, probably inspired as part of the supply chain attack competition that was published in BreachForums not long after,” OX Security’s Moshe Siman Tov Bustan said. Interestingly, the malicious payloads embedded into the four npm packages are different, despite them being published by the same npm user, “ deadcode09284814 .” As of writing, the four libraries are still available for download from npm. An analysis of the packages has revealed that “axois-utils” is designed to deliver a Golang-based distributed denial-of-service (DDoS) botnet called Phantom Bot, with capabilities to flood a target website using HTTP, TCP, and UDP protocols.
It also establishes persistence on both Windows and Linux machines by adding the payload to the Windows Startup folder and creating a scheduled task. The remaining three drop a stealer payload on compromised systems. Of the three packages, the “chalk-tempalte” package contains a clone of the Shai-Hulud worm released by TeamPCP. “The actor took the code, and almost without any change at all – uploaded a working version with its own C2 server and private key into npm,” OX Security said.
“The stolen credentials are sent to the remote C2 server – 87e0bbc636999b.lhr[.]life” In addition, the data is exported to a new GitHub public repository using the stolen GitHub token via the API. The repository is given the description “A Mini Sha1-Hulud has Appeared.” The other two npm packages, “@deadcode09284814/axios-util” and “color-style-utils,” carry a more straightforward functionality that siphons SSH keys, environment variables, cloud credentials, system information, IP address, and cryptocurrency wallet data to “80.200.28[.]28:2222” and “edcf8b03c84634.lhr[.]life,” respectively. “Threat actors are getting even more motivated to conduct supply chain and typo-squatting, as attacks become easier to perform with the Shai-Hulud code becoming open source,” OX Security said. “We’re now seeing a single actor with multiple techniques and infostealer types spreading malicious code onto npm, as it’s just the first phase of an upcoming wave of supply chain attacks coming.” Users who have downloaded the packages are uninstall them immediately, find and delete malicious configuration from IDEs and coding agents like Claude Code, rotate secrets, check for GitHub repositories containing the string “A Mini Sha1-Hulud has Appeared,” and block network access to suspicious domains.
Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
Pre-Stuxnet Fast16 Malware Tampered with Nuclear Weapons Simulations
A new analysis of the Lua-based fast16 malware has confirmed that it was a cyber sabotage tool designed to tamper with nuclear weapons testing simulations. According to Broadcom-owned Symantec and Carbon Black teams, the pre-Stuxnet tool was engineered to corrupt uranium-compression simulations that are central to nuclear weapon design. “Fast16’s hook engine is selectively interested in high-explosive simulations inside LS-DYNA and AUTODYN,” the Threat Hunter Team said . “The malware checks for the density of the material being simulated and only acts when that value passes 30 g/cm³, the threshold uranium can only be reached under the shock compression of an implosion device.
The development comes weeks after SentinelOne presented an analysis of fast16, describing it as the first sabotage framework whose components may have developed as early as 2005, predating the earliest known version of Stuxnet (aka Stuxnet 0.5) by two years. Evidence unearthed by the cybersecurity company included a reference to the string “fast16” in a text file that was leaked by an anonymous hacking group called The Shadow Brokers in 2017. The file was part of a huge tranche of hacking tools and exploits allegedly used by the Equation Group, a state-sponsored threat actor with suspected ties to the U.S. National Security Agency (NSA).
At its core, the industrial sabotage malware features a set of 101 rules to tamper with mathematical calculations carried out by certain engineering and simulation programs that were prevalent at the time. Although the exact binaries that are patched by the malware is unclear, SentinelOne identified three probable candidates: LS-DYNA version 970, Practical Structural Design and Construction Software (PKPM), and Modelo Hidrodinâmico (MOHID). Symantec’s latest analysis has now confirmed that LS-DYNA and AUTODYN are the two applications targeted by fast16, adding it was designed explicitly to interfere with simulations of high-explosive detonations, almost certainly to facilitate sabotage against nuclear weapons research. “Both are software applications used to simulate real-world problems such as vehicle crashworthiness, material modelling, and explosive simulation,” Symantec and Carbon Black said.
“The hooks fast16 places inside of the simulation program consist of three attack strategies. The tampering only activates during full-scale transient blast and detonation runs.” The 101 hook rules can be categorized further into 9-10 hook groups, each targeting different builds of LS-DYNA or AUTODYN, suggesting that the developers of the malware were keeping track of software updates and adding support for different versions over time. This points to a methodical and sustained operation. “If hook rule groups were added sequentially as needed, we see a hook group added for a previous version of the software after a newer version,” researchers explained.
“One may imagine, the simulation user reverted to an older version when faced with the anomaly, before that version was also targeted. Secondly, the hook groups represent up to 10 different versions of simulation software, meaning the simulation user updates versions semi-frequently. Fast16 is crafted such that it will not infect computers that have certain security products installed. It also automatically spreads to other endpoints on the same network, so that any machine that’s used to run the simulations will generate the same tampered outputs.
The findings indicate that strategic industrial sabotage using malware was being conducted by nation-state actors as far back as 20 years ago, well before Stuxnet was used to damage uranium enrichment centrifuges at Iran’s nuclear plant in Natanz by injecting malicious code into Siemens programmable logic controllers. Speaking to cybersecurity journalist Kim Zetter, Vikram Thakur, technical director for Symantec, said the level of expertise and understanding required to design such a malware in 2005 is “mind-blowing.” That said, it’s not known if a modern-day version of fast16 exists in the wild. “That degree of domain knowledge, such as understanding which EOS [Equation of State] forms matter, which calling conventions are produced by which compilers, and which classes of simulation will or will not trip the gate, is unusual in any era and was very unusual in 2005,” Symantec and Carbon Black said. “The framework belongs to the same conceptual lineage as Stuxnet, in which malware was tailored not just to a vendor’s product but to a specific physical process being simulated or controlled by that product.” Found this article interesting?
Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE
A newly disclosed security flaw impacting NGINX Plus and NGINX Open has come under active exploitation in the wild, days after its public disclosure, according to VulnCheck . The vulnerability, tracked as CVE-2026-42945 (CVSS score: 9.2), is a heap buffer overflow in ngx_http_rewrite_module affecting NGINX versions 0.6.27 through 1.30.0. According to AI-native security company depthfirst, the vulnerability was introduced in 2008. Successful exploitation of the flaw can permit an unauthenticated attacker to crash worker processes or execute remote code with crafted HTTP requests.
- However, it bears noting that code execution is possible only on devices where Address Space Layout Randomization (ASLR), a safeguard against memory-based attacks, is turned off. “It relies on a specific NGINX config to be vulnerable, and for an attacker to know or discover the config to exploit it,” security researcher Kevin Beaumont
- said
- . “To reach RCE [remote code execution], also ASLR needs to have been disabled on the box.”
- In a similar assessment, AlmaLinux maintainers
- said
- “Turning the heap overflow into reliable code execution is not trivial in the default configuration, and on systems with ASLR enabled (which is the default on every supported AlmaLinux release), we do not expect a generic, reliable exploit to be easy to produce.” “That said, ‘not easy’ is not ‘impossible,’ and the worker-crash DoS is exploitable enough on its own that we recommend treating this as urgent,” the maintainers added. The latest findings from VulnCheck show that threat actors have begun to weaponize the flaw, with exploitation attempts detected against its honeypot networks.
The nature of the attack activity and the end goals are presently unknown. Users are advised to apply the latest fixes from F5 to secure their networks against active threats. Flaws in openDCIM Also Exploited The development comes as VulnCheck also revealed exploitation efforts targeting two critical flaws in openDCIM, an open-source application used for data center infrastructure management. The vulnerabilities, both rated 9.3 on the CVSS scoring system, are listed below - CVE-2026-28515
- A missing authorization vulnerability that could allow an authenticated user to access LDAP configuration functionality regardless of their assigned privileges.
In Docker deployments where REMOTE_USER is set without authentication enforcement, the endpoint may be reachable without credentials, allowing unauthorized modification of application configuration. CVE-2026-28517
- An operating system command injection vulnerability impacting the “report_network_map.php” component that processes a parameter called “dot” without sanitization and passes it directly to a shell command, resulting in arbitrary code execution. The two vulnerabilities were discovered alongside CVE-2026-28516 (CVSS score: 9.3), an SQL injection vulnerability in openDCIM, by VulnCheck security researcher Valentin Lobstein in February 2026. According to Lobstein, the three flaws can be chained to achieve remote code execution over five HTTP requests and spawn a reverse shell.
“The cluster of attacker activity we’re observing so far originates from a single Chinese IP and uses what appears to be a customized implementation of AI vuln discovery tool Vulnhuntr to automatically check for vulnerable installations before dropping a PHP web shell,” Caitlin Condon, vice president of security research at VulnCheck, said . Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt
Grafana has disclosed that an “unauthorized party” obtained a token that granted them the ability to access the company’s GitHub environment and download its codebase. “Our investigation has determined that no customer data or personal information was accessed during this incident, and we have found no evidence of impact to customer systems or operations,” Grafana said in a series of posts on X. The company also said it immediately launched a forensic analysis upon discovering the activity and that it identified the source of the leak, adding the compromised credentials have since been invalidated, and extra security measures have been implemented to secure against unauthorized access. Furthermore, Grafana revealed the attacker tried to blackmail and extort the company, demanding they make a payment to prevent the stolen database from being published.
Grafana said it has opted not to pay the ransom, citing guidance issued by the U.S. Federal Bureau of Investigation (FBI). The agency has previously warned against negotiating ransoms with perpetrators, as there is no guarantee that doing so will help affected companies get their data back. “It also encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity,” the FBI states on its website.
Grafana did not reveal when the incident took place or since when the threat actor had access to its environment, only revealing that it learned of the attack “recently.” The breach has not been attributed to any known threat actor or group. However, reports from Hackmanac and Ransomware.live indicate that a cybercrime group named CoinbaseCartel has claimed responsibility for the incident. Per details shared by Halcyon and Fortinet FortiGuard Labs , CoinbaseCartel is a data extortion crew that emerged in September 2025. It’s assessed to be an offshoot of the ShinyHunters, Scattered Spider, and LAPSUS$ ecosystems.
The group, which only focuses on data theft and extortion unlike traditional ransomware groups, has amassed 170 victims across healthcare, technology, transportation, manufacturing, and business services. The company also did not reveal what codebase the attacker downloaded, but Grafana offers various solutions like Grafana Cloud , a fully-managed, cloud-hosted observability platform for applications and infrastructure. The Hacker News has reached out to Grafana for comment, and we will update the story if we hear back. The development comes days after American educational technology company Instructure made the controversial decision to settle with the ShinyHunters extortion group after the latter threatened to leak terabytes of data belonging to thousands of schools and universities across the U.S.
Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.