2026-05-22 AI创业新闻
CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting Langflow and Trend Micro Apex One to its Known Exploited Vulnerabilities ( KEV ) catalog, citing evidence of active exploitation. The vulnerabilities in question are listed below - CVE-2025-34291 (CVSS score: 9.4) - An origin validation error vulnerability in Langflow that could allow an attacker to execute arbitrary code and achieve full system compromise. CVE-2026-34926 (CVSS score: 6.7) - A directory traversal vulnerability in on-premise versions of Trend Micro Apex One that could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations.
In a report published in December 2025, Obsidian Security said CVE-2025-34291 exploits three combined weaknesses: overly Permissive CORS, lack of cross-site request forgery (CSRF) protection, and an endpoint that allows code execution by design. “The impact is severe: successful exploitation not only compromises the Langflow instance but also exposes all sensitive access tokens and API keys stored within the workspace,” the company noted at the time. “This can trigger a cascading compromise across all integrated downstream services in cloud and SaaS environments.” In a report published in March 2026, Ctrl-Alt-Intel said the vulnerability had been exploited by an Iranian hacking group named MuddyWater to obtain initial access to target networks. As for CVE-2026-34926, Trend Micro said it “observed at least one instance of an attempt to actively exploit one of these vulnerabilities in the wild.” “This vulnerability is only exploitable on the on-premise version of Apex One and a potential attacker must have access to the Apex One Server and already obtained administrative credentials to the server via some other method to exploit this vulnerability,” it added.
In light of active exploitation, Federal Civilian Executive Branch (FCEB) agencies are required to apply the necessary fixes by June 4, 2026, to secure their networks. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access
Cisco has rolled out updates for a maximum-severity security flaw impacting Secure Workload that could allow an unauthenticated, remote attacker to access sensitive data. Tracked as CVE-2026-20223 (CVSS score: 10.0), the vulnerability arises from insufficient validation and authentication when accessing REST API endpoints. “An attacker could exploit this vulnerability if they are able to send a crafted API request to an affected endpoint,” Cisco said . “A successful exploit could allow the attacker to read sensitive information and make configuration changes across tenant boundaries with the privileges of the Site Admin user.” The shortcoming impacts Cisco Secure Workload Cluster Software on SaaS and on-prem deployments, regardless of device configuration.
Cisco said there are no workarounds that address the vulnerability. The issue has been addressed in the following versions - Cisco Secure Workload Release 3.9 and earlier (Migrate to a fixed release) Cisco Secure Workload Release 3.10 (Fixed in 3.10.8.3) Cisco Secure Workload Release 4.0 (Fixed in 4.0.3.17) The networking equipment major said it found the vulnerability during internal security testing and that there is no evidence of it being exploited in the wild. The disclosure comes a week after Cisco revealed that another maximum-severity authentication bypass flaw in Catalyst SD-WAN Controller ( CVE-2026-20182 , CVSS score: 10.0) has been exploited by a threat actor known as UAT-8616 to gain unauthorized access to SD-WAN systems. Found this article interesting?
Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
Showboat Linux Malware Hits Middle East Telecom with SOCKS5 Proxy Backdoor
Cybersecurity researchers have disclosed details of a new Linux malware dubbed Showboat that has been put to use in a campaign targeting a telecommunications provider in the Middle East since at least mid-2022. “Showboat is a modular post-exploitation framework designed for Linux systems, capable of spawning a remote shell, transferring files, and functioning as a SOCKS5 proxy,” Lumen Technologies Black Lotus Labs said in a report shared with The Hacker News. It’s assessed that the malware has been employed by at least one, and possibly more, threat activity clusters affiliated with China, with correlations identified between command-and-control (C2) nodes and IP addresses geolocated to Chengdu, the capital city of the Chinese province of Sichuan. One such threat actor is Calypso (aka Bronze Medley and Red Lamassu), which is known to be active since at least September 2016, targeting state institutions in Brazil, India, Kazakhstan, Russia, Thailand, and Turkey.
It was first publicly documented by Positive Technologies in October 2019. Some of the key tools in its arsenal include PlugX and backdoors like WhiteBird and BYEBY , the latter of which is part of a broader cluster tracked by ESET under the moniker Mikroceen. The use of Mikroceen has been attributed to a closer known as SixLittleMonkeys, which, in turn, shares tactical overlaps with another China-linked group referred to as Webworm . This puts Showboat along with other shared frameworks like PlugX, ShadowPad, and NosyDoor that have been used by multiple China-nexus groups.
This “resource pooling” reinforces the presence of a digital quartermaster that state-sponsored threat actors from China have relied on to supply them with necessary tooling. The starting point of the investigation was an ELF binary that was uploaded to VirusTotal in May 2025, with the malware scanning platform classifying it as a sophisticated Linux backdoor with rootkit-like capabilities. Kaspersky is tracking the artifact as EvaRAT. Black Lotus Labs security researcher Danny Adamitis told The Hacker News that the exact initial access vector used to deliver the malware is currently unknown.
However, in the past, Calypso has been observed leveraging an ASPX web shell after exploiting a flaw or breaking into a default account used for remote access. The adversary was also among the earliest China-aligned groups to weaponize CVE-2021-26855, a security vulnerability in Microsoft Exchange Server that serves as the first step in an exploit chain called ProxyLogon . The malware is designed to contact a C2 server, gather system information, and transmit the information back to the server in a PNG field as an encrypted and Base64-encoded string. It’s also equipped to upload and download files to and from the host machine, conceal its presence from the process list, and manage C2 servers.
To hide itself on the host machine, Showboat retrieves a code snippet hosted on Pastebin. The paste was created on January 11, 2022. Furthermore, the malware can scan for other devices and connect to them via the SOCKS5 proxy. This suggests that the primary purpose of Showboat is to establish a foothold on compromised systems.
“This would allow the attackers to interact with machines that are not exposed publicly to the internet and only accessible via the LAN,” Black Lotus Labs said. Further infrastructure analysis has uncovered two victims: an Afghanistan-based internet service provider (ISP) and another unknown entity located in Azerbaijan. A secondary C2 cluster using similar X.509 certificates as the original C2 server has uncovered two possible compromises in the U.S. and one in Ukraine.
“While some threat actors are increasingly using stealthy, native system tools to evade detection, others still deploy persistent malware implants,” Adamitis said. “The presence of such threats should be taken as an early warning sign, indicating the potential for broader and more serious security issues within affected networks.” Also put to use by Calypso in the campaign targeting the telecommunications provider in Afghanistan is a fully featured Windows implant codenamed JFMBackdoor that’s delivered via DLL side-loading. The attack chain involves a batch script that’s used to launch a legitimate executable that then loads the rogue DLL. JFMBackdoor supports a wide range of capabilities, including remote shell access, file operations, network proxying, screenshot capture, and self-removal.
“The targeting of Afghanistan and its telecommunications sector aligns with what we assess to almost certainly be Red Lamassu’s wider operational goals and objectives,” PricewaterhouseCoopers (PwC) said in a coordinated report. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
Military Appreciation Month: 10% Off SANS Cybersecurity Training
ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories
This week starts small. A token leaks. A bad package slips in. A login trick works.
An old tool shows up again. At first, it feels like the usual mess. Then you see the pattern: attackers are not always breaking in. They are using the parts we already trust.
That is what makes it worrying. The danger is in normal things now - updates, apps, cloud buttons, support chats, trusted accounts. AI does not make the attacks magic. It just helps people try more things, faster.
Here’s what showed up this week. 47 zero-days exposed 47 0-Days Discovered in Pwn2Own Berlin 2026 The Pwn2Own Berlin 2026 hacking contest has concluded, with security researchers collecting $1,298,250 in rewards after exploiting 47 zero-day flaws in various products from Windows, Linux, VMware, and NVIDIA. DEVCORE won the event with 50.5 Master of Pwn points and $505,000 in rewards throughout the three-day contest after hacking Microsoft SharePoint, Microsoft Exchange, Microsoft Edge, and Windows 11. STARLabs SG and Out Of Bounds followed with $242,500 (25 points) and $95,750 (12.75 points).
Agentic AI security warning U.K. NCSC Issues Guidance for Responsible AI Use The U.K. National Cyber Security Centre (NCSC) has released new guidance for organizations to implement adequate security controls when rolling out agentic artificial intelligence (AI) tools in enterprise environments. “If an agent is over-privileged or poorly designed, a single failure can quickly become a serious incident,” NCSC said .
“It is crucial, therefore, to think before you deploy.” Signal alternative pushed Poland Urges Government Officials to Use Indigenous Signal Alternative The Polish government is urging public officials and “entities within the National Cybersecurity System” to stop using Signal, instead directing them to use an encrypted messenger called mSzyfr developed by a leading Polish research organization, citing social engineering attacks orchestrated by advanced persistent threat (APT) groups. The development comes as multiple governments have warned of a rise in social engineering attacks, including efforts that involve threat actors impersonating Signal support, to take control of victims’ accounts. Fraud suspects unmasked Dutch Police Game Over?! Gets off to a Successful Start The Dutch police said the identity of 74 of 100 suspects has been unmasked following the launch of an initiative called Game Over?!
that displays blurred photos of 100 suspected fraudsters on billboards at various public places, as well as in television and online advertisements, giving the criminals two weeks to surrender before the images are unblurred. Of these, 34 suspects voluntarily reported to authorities, while the remaining suspects were identified through information provided by the public. The youngest suspect is only 14, and the oldest is 42 years old. Game Over?!
was launched in March 2026. Espionage admission President Trump Acknowledges U.S. Spies on China U.S President Donald Trump said he and Chinese President Xi Jinping discussed cyber attacks and espionage activities carried out by both nations during the bilateral meetings last week. “They’re talking about the spying.
Well, we do it too,” Trump said during his return flight to the U.S. “We spy like hell on them too,” adding “I told him, ‘we do a lot of stuff to you that you don’t know about and you’re doing things to us that we probably do know about.’” While Trump did not elaborate on the attacks carried out against China, the acknowledgement comes as China has been accused of conducting sweeping intrusions into U.S. networks. Ransomware hits Korea Gunra Ransomware Goes After South Korea The ransomware family known as Gunra has targeted five South Korean companies since it was first discovered in April 2025, S2W said.
“When Gunra ransomware was first discovered, it utilized Conti-based ransomware,” the South Korean security vendor noted . “However, after transitioning to a RaaS (Ransomware-as-a-Service) model, the group developed and utilized its own ransomware.” As of March 2026, the group has claimed 32 victims. Composer token leak Packagist Urges Composer Update After GitHub Actions Token Leak Composer, a dependency manager for the PHP programming language, has urged its users to update Composer to version 2.9.8 or 2.2.28 (LTS). “The new releases fix a vulnerability where Composer leaks the full contents of GitHub Actions issued GITHUB_TOKEN’s or GitHub App installation tokens to the GitHub Actions logs,” Composer said.
The vulnerability has been assigned the CVE identifier CVE-2026-45793 (CVSS score: 7.5). The development came after GitHub introduced a new format for these tokens as of late last month. “The new format, including a - (hyphen) fails Composer’s validation and leads to disclosure of the GITHUB_TOKEN in logs,” Composer said. As workarounds, it’s advised to disable any GitHub Actions workflow that runs Composer commands until Composer has been updated.
Linux rootkit persists OrBit Linux Malware Is Still Around In July 2022, cybersecurity firm Intezer detailed a Linux malware named OrBit that implements advanced evasion techniques, gains persistence on the machine by hooking key functions, provides the threat actors with remote access capabilities over SSH, harvests credentials, and logs TTY commands. Nearly four years later, several new artifacts of the userland rootkit have been identified, indicating that the malware is being actively refined and maintained by its operators. “We discovered two parallel lineages: a full-featured ‘Lineage A’ build that tracks closely with the 2022 original, and a lite ‘Lineage B’ fork that drops entire capability domains (PAM, pcap, TCP-port hiding) in exchange for a smaller footprint,” researcher Nicole Fishbein said . “Along the way, the operators rotate XOR keys, shuffle install paths, swap backdoor credentials, add auditd-evasion hooks, and eventually bolt on a service-side PAM impersonation primitive.” OrBit has been put to use by Blockade Spider, a cybercrime group running Embargo ransomware campaigns.
It’s assessed that OrBit is a fork of an open-source rootkit called Medusa , which first publicly surfaced in December 2022. “Based on this information, there are two options: either the Medusa author published a privately-circulated rootkit source that had already been deployed operationally, or the earliest OrBit sample was built from a pre-publication snapshot of the same tree,” Intezer said. “Either way, the 2022 OrBit sample and the December 2022 Medusa source tree are the same codebase. This suggests that the backdoor was created before its public release and has since been selectively forked, configured, and redeployed by multiple operators over four years.” AI-driven intrusions surge 2 Vibe Hacking Campaigns Target Governments and Financial Orgs in Latin America Two emerging campaigns, dubbed SHADOW-AETHER-040 and SHADOW-AETHER-064, have independently deployed agentic AI with “strikingly similar tactics” to facilitate intrusion operations against governments and financial organizations in Latin America.
“Both campaigns established traffic tunnels to victim systems, enabling AI agents to conduct malicious attacks directly into victim internal network environments via ProxyChains and SSH,” Trend Micro said . “The AI agents dynamically generated multiple hacking tools and scripts, rather than relying on pre-built hacking tools. This reduced the likelihood of detection by traditional security solutions that rely on known tool signatures.” The two activity clusters are said to be the work of separate entities. The attackers bypassed AI safety controls by framing their requests as authorized penetration testing and red teaming exercises.
Undertaken by a Spanish-speaking threat actor, SHADOW-AETHER-040 has compromised six government entities in Mexico between December 27, 2025, and January 4, 2026. This activity is consistent with Gambit Security’s report about large-scale compromise of multiple Mexican government organizations between December 2025 and February 2026 by an unknown adversary using Anthropic’s Claude and OpenAI’s GPT AI models to carry out the intrusion activities. According to Dragos, which is tracking the activity as TAT26-12, one of these attacks targeted a municipal water and drainage utility in January 2026, leading to an unsuccessful attempt to breach its operational technology environment. “Claude acted as the primary technical executor and independently identified the OT environment’s relevance to critical infrastructure, assessed its potential as a crown jewel asset, and investigated possible access pathways to breach the IT-OT boundary,” Dragos said .
The second campaign, linked to a Portuguese-speaking hacking crew named SHADOW-AETHER-064, has been active since April and has singled out financial organizations in Brazil. The findings show how commercial AI tools are compressing the traditional attack kill chain, accelerating tasks like reconnaissance and exploit development that historically required significant time and operator expertise. Like in the case of VoidLink , while the tools assembled for these attacks may not be particularly sophisticated or novel, the speed at which AI models generate and improve upon them is operationally significant, essentially collapsing what would have taken days or weeks of manual development effort into hours. Mythos intel sharing expands Anthropic Lets Mythos Preview Users Share Threat Intel According to the Wall Street Journal, Anthropic has begun letting users of its Mythos AI model share cybersecurity threats with others who may face similar vulnerabilities.
“Last week, Anthropic began telling the companies they could share information about cyber threats and Mythos findings with other entities as long as it was done responsibly,” a spokesperson for the company was quoted as saying. “As the program has matured, we’ve adapted them to ensure key information can be shared broadly - including outside the program - for maximum defensive impact.” The development comes as Cloudflare said Mythos is a “real step forward” and is capable of chaining “small attack primitives together into a working exploit.” It’s also equipped to find vulnerabilities and prove they are exploitable. The web infrastructure and security company also said it has designed a multi-stage vulnerability discovery harness to scan codebases across “runtime, edge data path, protocol stack, control plane, and the open-source projects we depend on.” Just like Microsoft’s MDASH, different agents handle different responsibilities: “hunter” agents identify candidate vulnerabilities, others argue for or against their exploitability, while a deduplication stage collapses findings that share the same root cause. A tracer agent checks whether attacker-controlled input actually reaches the bug from outside the system, while a final “reporting” agent writes a structured report.
Calls now encrypted Discord Rolls Out E2EE for Voice, Video calls Discord has announced that all voice and video calls through the communication platform are now protected by default with end-to-end encryption (E2EE). The solution is powered by the DAVE protocol. “The DAVE protocol is open, and the implementation is open-source ,” Discord said. “As of early March 2026, every voice and video call on Discord, whether in DMs, group DMs, voice channels, or Go Live streams, is end-to-end encrypted by default.” Discord said there are no plans to extend it to text messages.
“Many of the features people use on Discord were built on the assumption that text isn’t end-to-end encrypted, and rebuilding them to work with encryption is a meaningful engineering challenge,” it added. Azure identities abused Storm-2949 Abuses Self-Service Password Reset for Azure Data Theft Attacks Microsoft has shed light on a “methodical, sophisticated, and multi-layered attack” orchestrated by Storm-2949 with an aim to exfiltrate sensitive data from an unnamed organization’s high-value assets. The attack, which is notable for abusing Microsoft’s Self-Service Password Reset ( SSPR ) process to trick the target into completing multi-factor authentication (MFA) prompts, led to the exfiltration of data from Microsoft 365 applications, file-hosting services, and Azure-hosted production environments. The social engineering attack targeted IT personnel and senior leadership so as to compromise their identities for post-compromise actions.
The attacker is also said to have conducted discovery activities, installed ScreenConnect, and attempted to disable Microsoft Defender Antivirus protections. “Storm-2949 didn’t rely on traditional malware and other on-premises tactics, techniques, and procedures (TTPs),” Microsoft said . “Instead, they leveraged legitimate cloud and Azure management features to gain control-plane and data-plane access, which they then used to execute code remotely on VMs, and access sensitive cloud resources such as Key Vaults and storage accounts, among others. These activities allowed them to move laterally across cloud and endpoint environments while blending into expected administrative behavior.” App Store fraud blocked Apple Blocked 2M Problematic Apps in 2025 Apple said its App Store stopped over $2.2 billion in potentially fraudulent transactions and rejected over 2 million problematic app submissions in 2025.
“Last year, Apple’s systems also successfully rejected 1.1 billion fraudulent customer account creations - blocking bad actors at the outset - and deactivated an additional 40.4 million customer accounts for fraud and abuse,” Apple said . “In 2025, Apple terminated 193,000 developer accounts over fraud concerns and rejected more than 138,000 developer enrollments. To further protect users from harmful software, Apple in 2025 detected and blocked 28,000 illegitimate apps on pirate storefronts, which include malware, pornography apps, gambling apps, and pirated versions of legitimate apps from the App Store.” Apple also rejected over 22,000 submissions for containing hidden or undocumented features and more than 443,000 submissions for privacy violations. In the last month alone, the iPhone maker said it prevented 2.9 million attempts to install or launch apps distributed illicitly outside the App Store or approved alternative app marketplaces.
Fraud routing exposed Two Plead Guilty to Tech-Support Fraud Scheme Two U.S. nationals, CEO Adam Young, 42, of Miami, and Harrison Gevirtz, 33, of Las Vegas, have pleaded guilty to running a business that provided services to customers engaged in widespread telemarketing and tech-support fraud schemes targeting victims across the country. The services, which included telephone numbers, call routing services, call tracking, and call forwarding services, were offered to customers who engaged in tech-support fraud schemes. They are scheduled to be sentenced on June 16, 2026.
The investigation also led to the conviction of five India-based telemarketing fraudsters and a former employee of their call routing company (Sahil Narang, Chirag Sachdeva, Abrar Anjum, Manish Kumar, and Jagmeet Singh Virk) for targeting and defrauding Americans. “Call centers based in India utilized Young and Gervitz’s business to route their ‘tech fraud’ scheme calls and, in some instances, advised those fraudsters on methods intended to reduce complaints and prevent account terminations,” the U.S. Justice Department said . The schemes used deceptive pop-up messages to falsely convince users that their computers had been infected with viruses or malware, urging them to contact a number to address the issue.
In reality, the numbers connected the victims to call centers, where they were duped into paying hundreds of dollars for unnecessary or fictitious technical-support services. In some instances, the call center agents gained remote access to victims’ computers and obtained personal and financial information. Linux printing RCE risk HP Fixes Critical Flaw in Linux Imaging and Printing (HPLIP) Software HP has released fixes for CVE-2026-8631 (CVSS score: 9.3), a critical heap-based buffer overflow vulnerability in HPLIP that could allow escalation of privileges and/or arbitrary code execution. “Because HPLIP is deeply integrated into the standard Linux printing architecture (CUPS), this flaw exposes millions of Linux endpoints and enterprise print servers,” security researcher Mohamed Lemine Ahmed Jidou, who discovered the flaw, told The Hacker News.
“An unauthenticated attacker over the network - or a low-privileged local user - can silently exploit this by simply submitting a maliciously crafted print job. Successful exploitation grants the attacker arbitrary command execution on the host machine. This allows for immediate system compromise, unauthorized access to sensitive documents passing through the print spooler, and provides a stealthy foothold for lateral movement across corporate networks.” Telegram accounts hijacked Telegram Smishing Campaign Facilitates Account Takeovers AhnLab is warning of a new Telegram-oriented smishing campaign that’s designed to take control of victims’ accounts and steal account information using SMS messages that claim to be about non-existent security issues. “Threat actors hijack Telegram accounts by tricking users into entering their phone numbers and login codes on phishing sites,” AhnLab said .
“Once an account is compromised, it can lead to personal information and chats being leaked, as well as secondary damage.” Premium SMS fraud Android Android Carrier Billing Fraud Campaign Uncovered A new sophisticated Android malware campaign dubbed Premium Deception has been observed conducting carrier billing fraud through premium SMS abuse across Malaysia, Thailand, Romania, and Croatia between March 2025 and January 2026. The activity involves more than 250 malicious applications that selectively target users based on their mobile operator, stealthily subscribing users to premium services without their knowledge or consent by abusing Google’s SMS Retriever API to capture OTPs for billing confirmation. Device metadata and subscription confirmations are sent to the operators via a Telegram-based exfiltration channel. “When deployed on devices with non-targeted operators, the malware employs a fallback mechanism to display benign content, thereby evading detection and maintaining persistence,” Zimperium zLabs said .
Three distinct malware variants have been identified, each with varying levels of sophistication. There is no evidence that these apps were circulated via the Google Play Store. Instead, the scheme relies on social media platforms like Facebook and TikTok for distribution. Brazilian banking RAT Banana RAT Targets Brazilian Banks A new Brazilian banking trojan dubbed Banana RAT has become the latest malware to target financial institutions in the region.
Unlike other Latin American banking malware that are typically written in Delphi, Banana RAT is a PowerShell-only client orchestrated by a Python (FastAPI) server-side polymorphism engine. Once active, it enables operator-driven fraud through remote input control, keylogging, clipboard monitoring, screen streaming, fake overlays, and Pix QR code interception targeting Brazilian banks. It also monitors foreground window titles and serves a bogus credential harvesting overlay when a victim opens a website that matches a target list of more than 30 bank and cryptocurrency exchanges. Trend Micro, which is tracking the activity under the moniker SHADOW-WATER-063 , said the design diverges “meaningfully” from the Delphi binary architecture historically associated with the banking malware ecosystem comprising Grandoreiro, Mekotio, Casbaneiro, Guildma, and CHAVECLOAK.
“The Brazilian cybercrime cartels are very sophisticated and organized, and they have been a bane to the financial sector since 2000,” Tom Kellermann, TrendAI’s vice president of AI Security and Threat Research, said. “The RATs and rootkits they develop are on par with those we have seen from Russia. Insufficient attention is being paid to cybercrime in LATAM, and the financial sector has good reason to be concerned as something wicked comes this way.” DNS-backed Go backdoor Go Typosquat Library Uses DNS TXT Records as a Command Channel A malicious Go module published as github.com/shopsprint/decimal has been flagged as a typosquat of the widely used github.com/shopspring/decimal arbitrary precision arithmetic library. It was first published in November 2017 and was weaponized in August 2023 when version v1.3.3 added a malicious functionality that “opens a DNS TXT record command-and-control channel to a threat actor-controlled subdomain on a free dynamic DNS provider,” per Socket.
Although the GitHub repository and the shopsprint owner account have since been removed, the library continues to be served by proxy.golang[.]org. The payload “polls net.LookupTXT(“dnslog-cdn-images.freemyip.com”) every five minutes, and sleeps on DNS failure without logging or signaling an error,” researcher Kush Pandya said . “Each returned TXT value is passed directly to os/exec.Command and executed.” npm package hijacked art-template Compromised to Serve Coruna iOS Exploit Kit The npm package art-template, a JavaScript template engine with about 26,000 weekly downloads, has been compromised through a maintainer account takeover to push malicious versions (from 4.13.3 through 4.13.6) designed to load external JavaScript from third-party domains. “Unauthorized code in template-web.js injects external
“The external domain (v3.jiathis[.]com) serves a multi-stage payload when the request includes a Referer header. The payload injects Baidu Analytics tracking on all visitors and targets iPhone users with a hidden iframe chain leading to an obfuscated JavaScript payload. The final payload is the Coruna exploit kit .” Malware game removed Steam Removes Game That Served Malware A malicious game distributed through Steam has been removed from Valve after it was observed profiling players’ systems and communicating with external infrastructure that allows it to deploy secondary payloads. The game, titled Beyond The Dark, masqueraded as a free indie horror title on Steam.
The discovery was documented by YouTuber Eric Parker. Router zero-day outage Luxembourg Nationwide Telecom Outage Linked to Huawei Router 0-Day The exploitation of a zero-day vulnerability in Huawei enterprise router software led to a nationwide telecom outage in Luxembourg on July 23, 2025, The Record reported this week. The incident disrupted mobile, landline, and emergency communications for more than three hours. The attack is said to have caused Huawei enterprise routers to enter into a continuous restart loop, crashing parts of POST Luxembourg’s infrastructure.
There are currently no details about the vulnerability, and it remains unclear if the issue was patched by Huawei. Crypto ATM losses surge FBI Says $388M Lost in Crypto ATM Scams in 2025 The U.S. Federal Bureau of Investigation (FBI) has revealed that Americans have lost over $388 million last year to scams using cryptocurrency kiosks (aka crypto ATMs or Bitcoin ATMs). “Cryptocurrency kiosks are ATM-like devices or electronic terminals that allow users to exchange cash and cryptocurrency,” the FBI said .
“Criminals may direct victims to send funds via cryptocurrency kiosks.” The development comes as CertiK noted that physical coercion attacks (aka wrench attacks ) on cryptocurrency holders rose 75% year-over-year to 72 confirmed cases worldwide and $41 million in known losses in 2025, up 44% from 2024. This year alone, 34 verified incidents have been recorded internationally, compared to 24 over the same period in 2025. ICS attacks persist Sandworm’s Targeting of Industrial Environments Operational technology security company Nozomi Networks said it detected 29 events between July 2025 and January 2026 that “conclusively identified as Sandworm activity.” Based on data collected from customer and partner engagements, honey research, and telemetry, the activity follows a bureaucratic execution model, “peaking midweek and during post-lunch business hours, with Wednesday at approximately 2:00 PM Moscow time showing the highest alert volume.” Across the dataset, 17 Sandworm-infected machines were identified across the 10 customers. These systems conducted lateral movement against 923 unique internal targets.
“Despite widespread awareness and patch availability, Sandworm continues to rely on older but proven exploit chains, including EternalBlue, DoublePulsar, and WannaCry,” Nozomi Networks said . “Perhaps the most critical finding: every single Sandworm-infected system produced 20 to 155 days of warning alerts prior to Sandworm activity.” Stego loader deployed Phishing Campaign Delivers PureLogs Stealer A new phishing campaign has been observed using invoice-themed lures to distribute malicious archives to trigger the execution of JavaScript code, which employs environment variables to hide malicious commands and uses a steganographic loader dubbed PawsRunner to deploy the PureLogs infostealer malware. “The embedded JavaScript uses a sophisticated technique to store decoded malicious commands in environment variables, which then triggers a decrypted steganographic .NET loader,” Fortinet said . “This loader retrieves the final payload by extracting encrypted data hidden within a cat image.
This version of PureLogs uses extensive async/await patterns to improve task efficiency and complicate analysis.” A similar campaign was detailed by Swiss Post Cybersecurity in January 2026. Card dump released B1ack’s Stash Releases 4.6 Million Stolen Credit Cards for Free The notorious B1ack’s Stash dark web carding marketplace has announced the free download of 4.6 million stolen credit card records. According to SOCRadar , the released data includes full card numbers, expiration dates, CVV2 codes, cardholder names, billing addresses, email addresses, phone numbers, and IP addresses. Of these, 4.3 million records appear to be new and usable for illicit activities.
Most of the records belong to victims from the U.S., Canada, the U.K., France, and Malaysia. Browser-locking scareware New CypherLoc Browser-Locking Shareware Emerges A new web-based scareware kit called CypherLoc is capable of combining “advanced evasion, aggressive browser controls, and psychological manipulation” to drive victims into calling fraudulent tech support phone numbers. Barracuda Networks said it has observed around 2.8 million attacks featuring the kit since the start of 2026. “The attack usually starts with a phishing email that directs the victim to a malicious web page through a link that is either embedded in the email body or in an attachment,” Barracuda said .
“The web page initially appears harmless but gradually transitions into a fully controlled scareware environment. The trigger for this transition is hidden in the web page and will only decrypt if certain conditions are met.” The end result is a full-screen scareware interface that locks the browser and displays fake security messages that urge victims to contact support immediately. AI phishing at scale Generative AI-Enabled Attacks Against Individuals via Public Social Media Data New research has demonstrated that “publicly available social-media data and generative AI (GenAI) can be misused to automate and scale highly personalized, context-aware spear-phishing campaigns.” Researchers from the University of Texas at Arlington and Louisiana State University, Baton Rouge, said a “small amount of public activity per target” is enough for AI models to extract interests and contextual cues that could be exploited to carry out persuasive phishing campaigns that mirror a target’s style. The findings show that bad actors do not have to rely on stolen databases or extensive reconnaissance to carry out targeted phishing campaigns.
Legacy LOLBIN abused Microsoft MSHTA Still in Use in Malware Campaigns Bitdefender haș disclosed that attackers are continuing to exploit Microsoft HTML Application Host (MSHTA), a legacy utility available by default on Windows systems, for malware campaigns. “MSHTA remains a widely abused Living-off-the-Land binary (LOLBIN) despite being a legacy utility,” Bitdefender said . “Attackers use it across multiple malware categories, from commodity stealers to advanced threats. Campaigns frequently rely on multi-stage, fileless execution chains involving PowerShell and HTA scripts.” MSHTA has been abused in delivery chains for commodity stealers such as Lumma Stealer and Amatera, loaders such as CountLoader and Emmenhtal Loader (aka PEAKLIGHT), clipper malware, and more advanced threats like Purple Fox .
GovCloud secrets exposed CISA Leaves AWS GovCloud Keys Exposed on GitHub A contractor for the U.S. Cybersecurity and Infrastructure Security Agency (CISA) maintained credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems exposed on a public GitHub repository (ironically named “Private-CISA”) since November 2025. The repository was discovered by GitGuardian on May 14, 2026. It harbored 844 MB of plain-text passwords, AWS tokens, and Entra ID SAML certificates belonging to the agency.
The repository has since been pulled offline following responsible disclosure. There is no evidence that any sensitive data was compromised as a result of this incident. Trojanized apps cluster Tracking TamperedChef Clusters Palo Alto Networks Unit 42 said it has identified 4,000 samples across 100 unique variants associated with a threat known as TamperedChef (aka EvilAI), which involves using trojanized versions of productivity software to deliver malicious payloads using malicious ads that direct users to sites hosting the applications. “TamperedChef-style malware samples share characteristics with potentially unwanted programs (PUPs) and adware,” Unit 42 said .
“These include robust mechanisms to remain persistent, and end-user licensing agreements (EULAs) that attempt to legally cover the software’s questionable actions. However, TamperedChef-style malware is far more stealthy than PUPs or adware, remaining dormant for weeks to months before activating. This includes continuous command and control (C2) methods enabling adversaries to retrieve additional payloads, such as information stealers, proxy tooling or remote access Trojans (RATs).” The activity has been attributed to three distinct clusters distributing malicious apps since early 2023: CL-CRI-1089 (Calendaromatic, DocuFlex, and AppSuite PDF), CL-UNK-1090 (CrystalPDF, Easy2Convert, and PDF-Ezy), and CL-UNK-1110 (JustAskJacky, GoCookMate, RocketPDFPro, ManualReaderPro). While CL-CRI-1089 appears to target credentials and deploy adware and proxy-style payloads, the motivations of the other two clusters are unknown.
That’s the problem with weeks like this. Nothing feels shocking for more than five minutes, because the next thing is already waiting. A fake app here, a bad package there, a cloud trick in the middle. Same fire, new room.
Patch what matters. Watch what you trust. And do not ignore the boring alerts just because they look familiar. That is usually where the story starts.
Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
Microsoft Warns of Two Actively Exploited Defender Vulnerabilities
Microsoft has disclosed that a privilege escalation and a denial-of-service flaw in Defender has come under active exploitation in the wild. The former, tracked as CVE-2026-41091 , is rated 7.8 on the CVSS scoring system. Successful exploitation of the flaw could allow an attacker to gain SYSTEM privileges. “Improper link resolution before file access (‘link following’) in Microsoft Defender allows an authorized attacker to elevate privileges locally,” Microsoft said in an advisory.
The second vulnerability under exploitation is CVE-2026-45498 (CVSS score: 4.0), a denial-of-service bug impacting Defender. The two vulnerabilities have been addressed in Microsoft Defender Antimalware Platform versions 1.1.26040.8 and 4.18.26040.7, respectively. Although Microsoft has not formally confirmed, the vulnerability descriptions for CVE-2026-41091 and CVE-2026-45498 overlap with that of RedSun and UnDefend , two Defender zero-days that were disclosed by Chaotic Eclipse (aka Nightmare-Eclipse) last month. Huntress has since observed exploitation of both the vulnerabilities, alongside BlueHammer (CVE-2026-33825).
Also addressed in version 1.1.26040.8 is a heap-based buffer overflow vulnerability in Defender ( CVE-2026-45584 , CVSS score: 8.1) that an unauthorized attacker could exploit to achieve remote code execution. There is no evidence the vulnerability has been exploited in the wild. The tech giant noted that systems that have disabled Microsoft Defender are not susceptible to the vulnerability, adding that no action is required to install the update since it automatically updates malware definitions and the Microsoft Malware Protection Engine for optimal protection. Microsoft credited five different parties with discovering and reporting CVE-2026-41091, including Sibusiso, Diffract, Andrew C.
Dorman (aka ACD421), Damir Moldovanov, and an anonymous researcher. To ensure the latest version of the Microsoft Malware Protection Platform and definition updates are being actively downloaded and installed, users are recommended to follow the steps below: Open the Windows Security program. In the navigation pane, select Virus & threat protection . Then click on Protection Updates in the Virus & threat protection section updates.
Select Check for updates . In the navigation pane, select Settings , and then select About . Examine the Antimalware ClientVersion number. The U.S.
Cybersecurity and Infrastructure Security Agency (CISA) has added both of them to its Known Exploited Vulnerabilities ( KEV ) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by June 3, 2026. With the latest development, a total of three Microsoft vulnerabilities have been flagged as exploited within a span of a week. Last week, Redmond disclosed that a cross-site scripting flaw impacting on-premise versions of Exchange Server (CVE-2026-42897, CVSS score: 8.1) had been weaponized in real-world attacks. Also added to the KEV catalog on Wednesday are four other Microsoft flaws from 2008, 2009, and 2010 - CVE-2010-0806
- Microsoft Internet Explorer contains a use-after-free vulnerability that could allow remote attackers to execute arbitrary code.
CVE-2010-0249
- Microsoft Internet Explorer contains a use-after-free vulnerability that could allow remote attackers to execute arbitrary code. CVE-2009-1537
- Microsoft DirectX contains a NULL byte overwrite vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow, which could allow remote attackers to execute arbitrary code via a crafted QuickTime media file. CVE-2008-4250
- Microsoft Windows contains a buffer overflow vulnerability in the Windows Server Service that allows remote attackers to execute arbitrary code via a crafted RPC request. Another vulnerability that finds a mention in the list is CVE-2009-3459 , a heap-based buffer overflow vulnerability in Adobe Acrobat and Reader that could allow remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption.
Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
When Identity is the Attack Path
Consider a cached access key on a single Windows machine. It got there the way most cached credentials do - a user logged in, and the key stored itself automatically. Standard AWS behavior. No one misconfigured anything or violated a policy.
Yet that single key, which was easily accessible to a minor-league attacker, could have opened a path to some 98% of entities in the company’s cloud environment - nearly every critical workload the business depended on. This real-world exposure was caught before an attacker could use it. But the takeaway is clear: identity itself, and every permission it carries, has become the attack path. Your environment runs on identity.
Active Directory, cloud identity providers, service accounts, machine identities, and AI agents - all of these carry permissions that span systems and trust boundaries. A single stolen credential hands the attacker a legitimate identity - along with every permission attached to it. Despite this, most security programs still treat identity as a perimeter control - something to protect through authentication and access policies. Yet the real risk starts inside the front door.
Once an attacker has a foothold, identity is what lets them advance, cross boundaries, and reach critical assets. Because identity is not a perimeter - it’s a highway that runs through every layer of your environment. In this article, we’ll look at how cached credentials, excessive permissions, and forgotten role assignments can turn into attack paths across hybrid environments - and why the tools designed to catch them keep missing. The Attack Path Runs Through Identity The cached access key from that opening scenario is just one example of a much larger phenomenon.
Across hybrid environments, identity One Active Directory group membership that no one reviewed gives an attacker on a retail endpoint a direct path to the corporate domain. A developer SSO role provisioned for a cloud migration keeps its permissions long after the project wraps, giving anyone who compromises that identity a four-step route from developer access to production admin. What makes these real-world examples so dangerous is how they connect. That cached credential on the retail endpoint led to an overprivileged role in Active Directory, which led to a cloud workload with an attached admin policy.
Together, the links in this type of identity exposure chain form a single attack path - from an initial foothold to a critical asset. How prevalent is this? Palo Alto found that identity weaknesses played a serious role in nearly 90% of its 2025 incident response investigations . And given the prevalence of AI agents taking on enterprise workloads, those numbers are likely to go up.
SpyCloud’s 2026 Identity Exposure Report flagged non-human identity theft as one of the fastest-growing categories in the criminal underground, with a third of recovered non-human credentials tied to AI tools. What happens when one of those non-human identities carries admin-level permissions? Consider a dev team that configures an MCP server with high-level permissions so their AI tooling can operate across systems. The AI agent using the MCP server inherits those privileges as its own identity.
A vulnerability in the open-source tooling can easily hand an attacker the permissions that agent holds. From there, the path runs straight into cloud resources, databases, and production infrastructure. The credentials that make this possible are exactly the kind found circulating in criminal marketplaces by the millions. Why the Tools Keep Missing Clearly, the threat of identity exposures is not a new one.
Yet the identity tools most organizations still rely on were built to solve specific problems in isolation – and in a different threat era. IGA platforms manage user lifecycle - provisioning, deprovisioning, access reviews, and more. PAM solutions store privileged credentials and monitor sessions. Each of these tools does its job in isolation.
But none of them can map how identity exposures chain together across endpoints, Active Directory, and cloud environments into a single exploitable route. This is why the rates of identity-based incidents keep climbing even as security spending grows. The IBM X-Force 2026 Threat Intelligence Index found that stolen or misused credentials accounted for 32% of incidents - the second most common initial access vector. Today’s attackers really don’t need to write malware or exploits, they can just log in.
The vast majority of these identity-based exposures are entirely preventable. In fact, Palo Alto found that over 90% of the breaches its teams investigated in 2025 were enabled by exposures that existing tools should have caught. The organizations had the tools and the staff. Yet the gaps persisted because no single tool had visibility into how identity exposures chained together across environments into attack paths.
Closing the Gap Until security programs can connect identity, permissions, and access controls into a unified view of how an attacker actually moves, identity will remain one of the easiest ways to compromise critical assets. Every scenario in this article follows the same structure: a credential, permission, or role assignment that no single tool flags as dangerous creates a traversable path from a low-level foothold to a critical asset. The path only becomes visible when identity, access policies, and environment context are mapped together. Security programs that map those connections across hybrid environments can close identity-based attack paths before an attacker chains them.
Programs that keep treating identity as a perimeter problem will continue losing ground to attackers who already know it’s a highway. Note: This article was thoughtfully written and contributed for our audience by Alex Gardner , Director of Product Marketing at XM Cyber Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros
Cybersecurity researchers have disclosed details of a vulnerability in the Linux kernel that remained undetected for nine years. The vulnerability, tracked as CVE-2026-46333 (CVSS score: 5.5), is a case of improper privilege management that could permit an unprivileged local user to disclose sensitive files and execute arbitrary commands as root on default installations of several major distributions like Debian, Fedora, and Ubuntu. It’s also codenamed ssh-keysign-pwn. According to Qualys, which discovered the flaw, the problem is rooted in the kernel’s __ptrace_may_access() function and was introduced in November 2016.
“The primitive is reliable and turns any local shell into a path to root or to sensitive credential material,” Saeed Abbasi, senior manager of Threat Research Unit at Qualys, said . Successful exploitation of the flaw could permit a local attacker to disclose /etc/shadow and host private keys under /etc/ssh/*_key, as well as execute arbitrary commands as root through four different exploits targeting chage, ssh-keysign, pkexec, and accounts-daemon. The disclosure comes as a proof-of-concept (PoC) exploit for the vulnerability was released last week, shortly after a public kernel commit emerged. CVE-2026-46333 is the latest security vulnerability disclosed in the Linux kernel after Copy Fail, Dirty Frag , and Fragnesia over the past month.
It’s recommended to apply the latest kernel update released by Linux distributions. If the updates cannot be carried out immediately, temporary workarounds include raising “kernel.yama.ptrace_scope” to 2. “On hosts that have allowed untrusted local users during the exposure window, treat SSH host keys and locally cached credentials as potentially disclosed,” Qualys said. “Rotate host keys and review any administrative material that lived in the memory of set-uid processes.” The development follows the release of a PoC for a local privilege escalation flaw called PinTheft that allows local attackers to gain root privileges on Arch Linux systems.
The exploit requires the Reliable Datagram Sockets (RDS) module to be loaded on the target system, io_ring to be enabled, a readable SUID-root binary, and x86_64 support for the included payload. “PinTheft is a Linux local privilege escalation exploit for an RDS zerocopy double-free that can be turned into a page-cache overwrite through io_uring fixed buffers,” Zellic and the V12 security team said . “The bug lived in the RDS zerocopy send path. rds_message_zcopy_from_user() pins user pages one at a time.
If a later page faults, the error path drops the pages it already pinned, and later RDS message cleanup drops them again because the scatterlist entries and entry count remain live after the zcopy notifier is cleared. Each failed zerocopy send can steal one reference from the first page.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension
GitHub on Wednesday officially confirmed that the breach of its internal repositories was the result of a compromise of an employee device involving a poisoned version of the Nx Console Microsoft Visual Studio Code (VS Code) extension. The development comes as the Nx team revealed that the extension, nrwl.angular-console , was breached after one of its developers’ systems was hacked in the wake of the recent TanStack supply chain attack. Other companies that were impacted by the TanStack compromise include OpenAI, Mistral AI , and Grafana Labs . “We have no evidence of impact to customer information stored outside of GitHub’s internal repositories, such as our customer’s own enterprises, organizations, and repositories,” Alexis Wales, Chief Information Security Officer of GitHub, said in a statement.
“Some of GitHub’s internal repositories contain information from customers, for example, excerpts of support interactions. If any impact is discovered, we will notify customers via established incident response and notification channels.” The attack is said to have allowed the threat actor, a cybercriminal group known as TeamPCP, to exfiltrate about 3,800 repositories. GitHub said it has taken steps to contain the incident and rotated critical secrets, adding it’s continuing to monitor the situation for follow-on activity. In a post on X, Jeff Cross, co-founder of Narwhal Technologies, the company behind nx.dev, said , “this incident highlights that there need to be deeper, more fundamental changes to how we and other maintainers need to think about securing developer tooling and open source distribution.” “We’re also beginning conversations with other high-profile open source maintainers about how we can work together on some of the deeper structural problems around software supply chain security.
A lot of the assumptions the ecosystem has operated under for years no longer hold.” In recent months, TeamPCP has rapidly gained notoriety for large-scale software supply chain attacks, specifically going after widely-used open-source projects and security-adjacent tools that developers rely on. What’s notable here is that the trojanized version of the VS Code extension was live on Visual Studio Marketplace only for 18 minutes (between 12:30 p.m. and 12:48 p.m. UTC on May 18, 2026).
But this short window was enough for the attackers to distribute a credential stealer capable of harvesting sensitive data from 1Password vaults, Anthropic Claude Code configurations, npm, GitHub, and Amazon Web Services (AWS). “The extension looked and behaved like normal Nx Console, but on startup it silently ran a single shell command that downloaded and executed a hidden package from a planted commit on the official nrwl/nx GitHub repository,” OX Security researcher Nir Zadok said . “The command was disguised as a routine MCP setup task so it would not raise suspicion.” The interlinked nature of modern software has allowed TeamPCP to unleash a self-sustaining cycle of new compromises. The pattern that drives home this aspect is deceptively simple as it’s nefarious: break into one trusted tool, steal credentials from developer systems that may install it, and use those credentials to break into the next legitimate tool.
“Every popular extension marketplace ships with auto-update on by default. VS Code, Cursor, the whole lineup,” Aikido security researcher Raphael Silva said . “The reasoning makes sense in isolation, because most developers never update anything manually, so leaving it off means a long tail of editors running stale, vulnerable code.” “The trade-off stops making sense once you account for hostile/compromised publishers. Auto-update gives an attacker who controls a release a direct push channel into every machine running that extension.
Marketplaces don’t impose any review gate or waiting period between when an update is published and when installed clients pull it in.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
Highly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE Attacks
Drupal has released security updates for a “highly critical” security vulnerability in Drupal Core that could be exploited by attackers to achieve remote code execution, privilege escalation, or information disclosure. The vulnerability, now tracked as CVE-2026-9082 , carries a CVSS score of 6.5 out of 10.0, per CVE.org. Drupal said the vulnerability resides in a database abstraction API that is used in Drupal Core to validate queries and ensure they are sanitized against SQL injection attacks. “A vulnerability in this API allows an attacker to send specially crafted requests, resulting in arbitrary SQL injection for sites using PostgreSQL databases,” it said .
“This can lead to information disclosure, and in some cases privilege escalation, remote code execution, or other attacks.” Drupal noted the security flaw can be exploited by anonymous users, and impacts only sites that use PostgreSQL. The following versions address the issue - Drupal 11.3.10 Drupal 11.2.12 Drupal 11.1.10 Drupal 10.6.9 Drupal 10.5.10 Drupal 10.4.10 Drupal 7 isn’t affected. The releases for supported branches (versions 11.3, 11.2, 10.6, and 10.5) include upstream security updates for Symfony and Twig, making it essential that the latest versions are installed. As previously disclosed by Drupal, manual patches have also been released for Drupal versions 9 and 8, which have reached end-of-life - Drupal 9.5 Drupal 8.9 “Drupal 11.1.x, Drupal 11.0.x, Drupal 10.4.x, and below are end-of-life and do not receive security coverage,” Drupal said.
“Drupal 8 and Drupal 9 have both reached end-of-life. “Due to this issue’s severity, the unsupported releases and patches for unsupported versions are provided as a best effort. Those unsupported versions will still have other, previously disclosed security vulnerabilities.” Update Searchlight Cyber has released two working proof-of-concept (PoC) code for CVE-2026-9082, stating the vulnerability can be exploited by anonymous users on any deployment that backs Drupal with PostgreSQL. “Both are gated on PostgreSQL being the database backend, so MySQL and SQLite installs are not exploitable through these paths,” researchers Patrik Grobshäuser, Kevin Gervot, and Tomais Williamson said .
“The upgrade is still worth picking up on those installs for the bundled Symfony and Twig advisories that the same Drupal release carries.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents During Development
Microsoft has unveiled two new open-source tools called RAMPART and Clarity to assist developers in better testing the security of artificial intelligence (AI) agents. RAMPART , short for Risk Assessment and Measurement Platform for Agentic Red Teaming, functions as a Pytest-native safety and security testing framework for writing and running safety and security tests for AI agents, covering both adversarial and benign issues, as well as various harm categories. Users can write test cases to attack or probe an AI agent to explore possible safety violations like cross-prompt injections, where untrusted data reaches an AI system indirectly via a data source (e.g., email, file, or a web page) processed by it, or unintended behavioral regressions and data exfiltration. RAMPART then evaluates the outcome of those tests and reports the results.
All it needs is an adapter that connects an agent to the test suite. The tool builds on PyRIT (short for Python Risk Identification Tool), which Microsoft released more than two years ago as a way to test AI systems. Clarity , on the other hand, has been described by the tech giant as a “structured sounding board” to help developers arrive at the right approach even before writing a single line of code. It’s an “AI thinking partner that pushes back,” guiding them through problem clarification, solution exploration, failure analysis, and decision tracking.
In publicly releasing these tools, Microsoft said the idea is to address why certain decisions are incorporated at an early stage of software development so that any potential issue - for example, an agent’s access to a tool - is addressed well before the system is built. “We wanted to give product managers and engineers a way to pressure-test their assumptions at the start of a project, when changing course is cheap and the right conversation can save months of rework,” Ram Shankar Siva Kumar , a Data Cowboy and founder of Microsoft’s AI Red Team, said in a blog shared with The Hacker News. Microsoft noted that a secondary motivation behind investing in these tools is to make incidents reproducible and mitigations verifiable and scale the learnings from red teaming exercises by turning them into runnable engineering assets. “Where PyRIT is optimized for black-box discovery by security researchers after the system is built, RAMPART is built for engineers as the system is being built,” Siva Kumar added.
“Clarity helps teams clarify design intent and capture assumptions. Together, these approaches move AI safety from a one-time review to a set of living artifacts that developers can use throughout the lifecycle.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks
Microsoft on Tuesday said it disrupted a malware-signing-as-a-service (MSaaS) operation that weaponized the company’s Artifact Signing system to deliver malicious code and conduct ransomware and other attacks, compromising thousands of machines and networks across the world. The tech giant attributed the activity to a threat actor it calls Fox Tempest , which it said offered the MSaaS scheme to allow cybercriminals to disguise malware as legitimate software. The threat actor has been active since May 2025. The seizure effort has been codenamed OpFauxSign .
“To disrupt the service, we seized Fox Tempest’s website signspace[.]cloud, took offline hundreds of the virtual machines running the operation, and blocked access to a site hosting the underlying code,” Steven Masada, assistant general counsel at Microsoft’s Digital Crimes Unit, said . Microsoft noted that the operation enabled the deployment of Rhysida ransomware by threat actors such as Vanilla Tempest, along with other malware families like Oyster, Lumma Stealer, and Vidar, illustrating the crucial role played by Fox Tempest within the cybercrime ecosystem. In addition, connections have been uncovered between the threat actor and affiliates associated with several prominent ransomware strains, including INC, Qilin, BlackByte, and Akira. Attacks mounted by these operations have targeted healthcare, education, government, and financial services located across the U.S., France, India, and China.
Artifact Signing (formerly Azure Trusted Signing) is Microsoft’s fully managed, end-to-end signing solution that allows developers to easily build and distribute applications, while ensuring that the software is legitimate and hasn’t been modified by unauthorized parties. Fox Tempest is said to have leveraged this mechanism to generate short-lived, fraudulent code-signing certificates and use them to deliver trusted, signed malware and slip past security controls. The certificates were valid for only 72 hours. “To obtain legitimate signed certificates through Artifact Signing, the requestor must pass detailed identify validation processes in keeping with industry standard verifiable credentials (VC), which suggests the threat actor very likely used stolen identities based in the United States and Canada to masquerade as a legitimate entity and obtain the necessary digital credentials for signing,” Microsoft explained .
“The SignSpace website was built on Artifact Signing and enabled secure file signing through an admin panel and user page, leveraging Azure subscriptions, certificates, and a structured database for managing users and files.” The service allowed paying cybercriminal customers to upload malicious files for code-signing using certificates fraudulently obtained by Fox Tempest. This, in turn, allowed malware and ransomware to masquerade as legitimate software like AnyDesk, Microsoft Teams, PuTTY, and Cisco Webex. The service cost between $5,000 and $9,000. Starting February 2026, the threat actor is said to have shifted to providing customers with pre-configured virtual machines (VMs) hosted on Cloudzy , thereby making it possible to directly upload the necessary artifacts to the attacker-controlled infrastructure and receive signed binaries in return.
“This infrastructure evolution reduced friction for customers, improved operational security for Fox Tempest, and further streamlined the delivery of malicious but trusted, signed malware at scale,” Microsoft said. Threat actors like Vanilla Tempest have been found to distribute binaries signed through the service via legitimately purchased advertisements that redirected users searching for Microsoft Teams to bogus download pages, paving the way for the deployment of Oyster (aka Broomstick or CleanUpLoader), a modular implant and loader that’s responsible for delivering Rhysida ransomware. Microsoft said Fox Tempest has continually adapted its tradecraft as the company enacted countermeasures, such as disabling fraudulent accounts and revoking the illicitly obtained certificates, with the threat actor even attempting to shift to a different code-signing service. Court documents reveal that Microsoft worked with a “cooperative source” to purchase and test the service between February and March 2026.
“When attackers can make malicious software look legitimate, it undermines how people and systems decide what’s safe,” Redmond said. “Disrupting that capability is key to raising the cost of cybercrime.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
Webworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph API
Cybersecurity researchers have flagged fresh activity from a China-aligned threat actor known as Webworm in 2025, deploying custom backdoors that employ Discord and Microsoft Graph API for command-and-control (C2 or C&C) communications. Webworm, first publicly documented by Broadcom-owned Symantec in September 2022, is assessed to be active since at least 2022, targeting government agencies and enterprises spanning IT services, aerospace, and electric power sectors in Russia, Georgia, Mongolia, and several other Asian nations. Attacks mounted by the group have leveraged remote access trojans (RATs) like Trochilus RAT, Gh0st RAT, and 9002 RAT (aka Hydraq and McRat). The threat actor is said to overlap with China-nexus clusters tracked as FishMonger (aka Aquatic Panda), SixLittleMonkeys , and Space Pirates .
SixLittleMonkeys is best known for deploying Gh0st RAT and a RAT called Mikroceen targeting entities in Central Asia, Russia, Belarus, and Mongolia. “In recent years, it has started moving toward both existing and custom proxy tools, which are more stealthy than full-fledged backdoors,” ESET researcher Eric Howard said . “In 2025, Webworm also added two new backdoors to its toolset: EchoCreep, which uses Discord for C&C communication, and GraphWorm, which uses Microsoft Graph API for the same purpose.” Underlying these efforts is the use of a GitHub repository impersonating a WordPress fork (“github[.]com/anjsdgasdf/WordPress”) as a staging ground for malware and tools like SoftEther VPN in an effort to blend in and fly under the radar. The reliance on SoftEther VPN is a tried-and-tested approach adopted by several Chinese hacking groups .
Over the past two years, the adversary has been observed shifting away from traditional backdoors to (semi-)legitimate utilities such as SOCKS proxies, while also increasingly focusing on European countries, including governmental organizations in Belgium, Italy, Serbia, Poland, and Spain, and a local university in South Africa. The discovery of EchoCreep and GraphWorm marks an expansion of Webworm’s arsenal, even as Trochilus and 9002 RAT appear to have been abandoned by the threat actor. Other tools of note are iox and custom proxy solutions such as WormFrp, ChainWorm, SmuxProxy, and WormSocket. WormFrp has been found to retrieve configurations from a compromised Amazon S3 bucket.
“These custom proxy tools are not only capable of encrypting communications, but also support chaining across multiple hosts both internally and externally to a network,” ESET said. “We believe that the operators use these tools in conjunction with SoftEther VPN to better cover their tracks and increase the stealth of their activities.” EchoCreep supports file upload/download and command execution via “cmd.exe” capabilities, while GraphWorm is a more advanced backdoor that can spawn a new “cmd.exe” session, execute a newly created process, upload and download files to and from Microsoft OneDrive, and stop its own execution after receiving a signal from the operators. An analysis of the Discord channel leveraged by EchoCreep as C2 shows that the earliest commands were sent as far back as March 21, 2024. In all, 433 Discord messages have been sent via the C2 server to more than 50 unique targets.
Exactly how these backdoors are delivered, and the initial access pathway used by Webworm, is presently unknown. However, it has emerged that the attacker utilizes open-source utilities like dirsearch and nuclei to brute-force victim web server files and directories, and search for vulnerabilities within. As for tradecraft overlaps, ESET told The Hacker News that Webworm’s links to Space Pirates is tenuous at best, citing the use of open-source RATs and a lack of concrete evidence tying the two clusters. “The relation on which Webworm and Space Pirates is built is on behalf of RATs which are open sourced,” Howard told The Hacker News via email.
“Unfortunately, due to the open-source nature of these RATs, several China-aligned groups make use of these tools. It’s not relevant enough to say that the two groups are related.” “In addition, we have not recently observed any indication that there are overlaps with the group known as Space Pirates. From the recent activity we’ve reported on, we do not believe any other groups were involved.” The disclosure comes as Cisco Talos shed light on a BadIIS variant that’s likely sold or shared among multiple Chinese-speaking cybercrime groups under a malware-as-a-service (MaaS) model designed for continuous monetization. The offering is believed to have been under development since at least September 30, 2021.
The same malware author, who operates under the alias “lwxat,” has also made available a set of supplementary tools, including service-based installers, droppers, and persistence mechanisms that automate deployment, ensure survivability across IIS server restarts, and sidestep detection. The service offers a dedicated builder tool that “allows threat actors to generate configuration files, customize payloads, and inject parameters into BadIIS binaries - enabling capabilities including traffic redirection to illicit sites, reverse proxying for search engine crawler manipulation, content hijacking, and backlink injection for malicious search engine optimization (SEO) fraud,” Talos researcher Joey Chen said. (The story was updated after publication to include a response from ESET.) Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.