DAILY WORKFLOW ARCHIVE

2026-05-27 AI创业新闻

候选线索仅供信息发现,请在引用或实践前回到原始来源核验。

2026-05-27 AI创业新闻

MuddyWater Uses DLL Side-Loading in Espionage Campaign Targeting 9 Countries

The Iranian hacking group known as MuddyWater has been linked to a new campaign affecting at least nine organizations across nine countries on four continents in the first quarter of 2026. The activity targeted industrial and electronics manufacturing, education and public-sector bodies, financial services, and professional services, per the Threat Hunter Team from Symantec and Carbon Black. Among the victims is a major South Korean electronics manufacturer, with the attackers spending a week inside its network in February 2026. Also singled as part of the sprawling espionage effort were an international airport in the Middle East, Southeast Asian industrial manufacturers, and a Latin American financial-services provider.

“The attackers relied heavily on DLL side-loading using legitimately signed Fortemedia (fmapp.exe) and SentinelOne (sentinelmemoryscanner.exe) binaries to execute malicious DLLs while masquerading as benign software,” Broadcom’s cybersecurity teams said . The use of “fmapp.exe” to sideload “fmapp.dll” was previously documented by Group-IB in connection with another MuddyWater campaign codenamed Operation Olalampo . According to Huntress , the DLL contains code to connect to an attacker-controlled IP address (“157.20.182[.]49”). On the other hand, the abuse of “sentinelmemoryscanner.exe” - a binary associated with a security product - is assessed to be a deliberate choice, as it can bypass signature-based detection.

It’s designed to sideload a rogue DLL named “sentinelagentcore.dll.” Both the DLLs embed an open-source tool called ChromElevator to siphon passwords, cookies, and payment card data from Chromium-based browsers, effectively getting around App-Bound Encryption ( ABE ) protections. A noteworthy aspect of the attacks is the use of Node.js scripts to launch PowerShell code responsible for carrying out discovery and information gathering operations. In at least one instance, the attackers have been found to stage the stolen data on sendit[.]sh, a public file-transfer service. “A node.exe-based implant chain was used to drop PowerShell scripts that performed reconnaissance, screenshot capture, SAM hive theft, privilege escalation, and SOCKS5 reverse-proxy tunnelling,” Symantec and Carbon Black said.

Also delivered are the two aforementioned DLL side-loading pairs to provide attackers with a covert tunnel to relay traffic and launch ChromElevator . The attacks are also characterized by efforts to dump credentials that would allow them to move laterally across the networks. In the intrusion targeting the South Korean electronics manufacturer, MuddyWater is believed to have repeatedly carried out PowerShell-based reconnaissance, as well as re-execute the two binaries to ensure it retains access to the compromised host. The initial access vector used to breach the organization is unknown.

“The cadence is again consistent with implant-driven activity rather than continuous operator presence,” the researchers said. “Its campaign history shows a clear move towards quieter, more disciplined operations. None of these techniques is individually novel, but in combination they provide more evidence of a significant step up in operational hygiene from the Seedworm that we knew of two or three years ago.” The development comes as the European Council imposed sanctions against Iranian company Emennet Pasargad for hacking a Swedish SMS service, accessing the contents of a French subscriber database and putting it up for sale, and for spreading disinformation via compromised advertising billboards during the 2024 Paris Olympic Games. The company, per the U.S.

State Department, goes by the name Shahid Shushtari and is affiliated with Iran’s Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC). It’s tracked under the monikers Cobalt Obelisk, Cotton Sandstorm, Haywire Kitten (formerly ChaoticOrchestra), Marnanbridge, and UNC5866. “Shahid Shushtari members have caused significant financial damage and disruption to U.S. businesses and government agencies through coordinated cyber and cyber-enabled information operations,” the State Department noted in December 2025.

“These campaigns have targeted multiple critical infrastructure sectors, including news, shipping, travel, energy, financial, and telecommunications in the United States, Europe, and the Middle East.” Iran-backed hackers have also been tied to an exfiltration campaign aimed at organizations in the U.S., Israel, Saudi Arabia, and Turkey between late March and early April 2026, with at least two U.S. victims also targeted by destructive operations, such as deletion of partitions and data backups. Although these incidents were claimed by a pro-Iranian persona named Ababil of Minab , a new analysis from Gambit Security has tied the campaign infrastructure to Iran’s Ministry of Intelligence and Security (MOIS). Other targets include an Israeli organization in the media sector, an Israeli higher education institution, a Turkish insurance brokerage, and several additional websites across the restaurant, culture, digital services, and news sectors.

No destructive activity has been observed against these victims. In these cases, the adversary has been found to employ a bespoke C++ file collection and exfiltration tool internally codenamed FileFiend. “The binary could enumerate local drives and SMB shares, walk the file system, and send files to a hard-coded C2 [command-and-control] server,” Gambit Security researchers Eyal Sela and Nir Varon said in a report published today. Alternatively, data of interest is compressed into RAR archives on a host inside the victim environment and uploaded to the organization’s public website at the web root, from where they are extracted using the Axel command-line download accelerator and tunneled through proxychains.

Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

[THN Webinar] New AI DDoS Attacks Are Smarter. Learn How to Fight Back

Every single day, hackers are finding new ways to crash websites and steal data. But right now, something has changed. Hackers are no longer working alone. They are now using powerful Artificial Intelligence (AI) tools to make their attacks faster, stronger, and much harder to stop.

According to recent updates from The Hacker News , bad actors are using AI to find weak spots in systems and launch massive “DDoS attacks” that can take your business offline in seconds. If your website goes down, you lose money, you lose customer trust, and you spend days trying to fix the mess. 👉 Save Your Free Webinar Seat The Old Way of Protection Doesn’t Work Anymore In the past, you could set up a simple firewall, update your software, and feel safe. Not anymore.

AI-assisted attacks can think and adapt. They don’t just hit your front door; they look for hidden entry points, smart APIs, and tiny mistakes in your cloud setup. They do in minutes what used to take human hackers weeks to plan. If you are relying on old security habits, you are leaving your business exposed.

The good news? You can use AI to fight back. You just need to know the new rules of the game. What You Will Learn in This 45-Minute Webinar We are hosting a live online event to show you exactly how to protect your network from these new, fast-moving threats.

Here is a sneak peek at what we will cover: The 12-Hour Window: Why top security experts say you must patch flaws faster than ever before-and how to do it without breaking your systems. The AI Trap: The #1 mistake companies make when setting up cloud security that actually makes it easier for AI attacks to get in. The Smart Defense: How to use automated tools to spot a threat before it hits your main servers. Live Blueprint: A simple, step-by-step checklist you can give your team to secure your business this week.

Secure Your Spot for this Webinar ➜ AI security is a major topic right now, and spots are filling up very quickly. Don’t wait until your website goes offline to think about security. Sign up today, learn how to protect your digital assets, and keep your business safe. P.S.

Even if you cannot watch it live, sign up anyway! We will email you the full recording and the checklist right after the event ends. Click here to register now. Found this article interesting?

This article is a contributed piece from one of our valued partners. Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions

Microsoft has rolled out updates to fix a remote code execution vulnerability impacting SharePoint that could be exploited by bad actors in attacks without requiring any specialized conditions to be met. The vulnerability, tracked as CVE-2026-45659 , carries a CVSS score of 8.8. It has been assigned an important severity. “Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network,” Microsoft said in an advisory released last week.

Microsoft noted that the vulnerability could be triggered by any authenticated attacker, and that it does not require administrator or other elevated privileges. “In a network-based attack, an authenticated attacker, who has a minimum of Site Member permissions (PR:L), could execute code remotely on the SharePoint Server,” the Windows maker added. Microsoft credited a researcher named MEOW for discovering and reporting the flaw. Updates have been released for the following versions - SharePoint Server Subscription Edition SharePoint Server 2019 SharePoint Enterprise Server 2016 Last month, Microsoft issued fixes for a spoofing vulnerability impacting Microsoft SharePoint Server ( CVE-2026-32201 , CVSS score: 6.5) that it said has been exploited in the wild.

Although the tech giant notes that CVE-2026-45659 is less likely to be exploited, it’s essential that users apply the necessary fixes for optimal protection, particularly when considering the fact that several flaws in the collaborative platform have been repeatedly weaponized by attackers over the years. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Securing AI Use Within Your Organization Starts Here

MFA Prompt Bombing: Why Your Second Factor Isn’t Saving You

Multi-factor authentication (MFA) was supposed to close a critical gap in identity security. It meant that, even if an attacker possessed the account credentials, they couldn’t log in without the second factor. While that logic was sound, attackers have now figured out that they don’t need to steal the second factor: they just need the user to hand it over. If your workforce authenticates with push-based MFA, this attack is a live threat to your organization today.

Tools like Specops Secure Access are built specifically to close that gap, but before getting into the fix, it’s worth understanding how this technique works. How MFA prompt bombing works The attack requires three key elements to work: Valid account credentials, usually sourced from breached password dumps on the dark web A login portal that uses push-based MFA (such as a VPN, Microsoft 365, Okta, or Duo) A victim who is alerted every time the attacker tries the login Attackers repeatedly trigger the prompt, attempting to trick the target or wear them down to approve the request. Sometimes, attackers will pair prompt bombing with a vishing call pretending to be from IT, where they will try to socially engineer the target. The danger is that these methods only need to work once.

If the prompt is approved, the attacker is logged in as that user. Security systems typically won’t be alerted, as the login looks entirely legitimate. The Cisco breach The 2022 Cisco breach is a key example of how effective this technique is against even mature security programs. An attacker linked to the Yanluowang ransomware group compromised a Cisco employee’s personal Google account, which was syncing browser-stored credentials, including the employee’s Cisco VPN password.

From there, the attacker pushed MFA prompts to the employee’s phone. That initially didn’t work, so they began using vishing calls posing as trusted support organizations, speaking in various accents, and eventually convincing the employee to accept a push notification. Once accepted, the attacker had VPN access as the employee. They then enrolled their own devices for MFA to maintain persistence, escalated to administrative privileges, reached Citrix servers and domain controllers, and exfiltrated around 2.8GB of data before being evicted.

The fact that prompt bombing worked against a company like Cisco, which is far from having a weak security posture, highlights just how dangerous and effective the attack has become. Why push MFA doesn’t eliminate risk The issue with push-based MFA is that users are asked to approve or deny a login with very little to go on. There’s no clear indication of where the request originated, what device is being used, or whether the login attempt was initiated by the user at all. In isolation, that might be manageable.

But when prompts start arriving repeatedly, it’s easy to assume something’s misfiring rather than recognizing it as a potential attack. If that’s paired with a well-timed phone call from someone posing as IT support, the situation becomes even harder to assess. At that point, the user isn’t acting carelessly, but responding to a scenario designed to feel routine and legitimate, using credentials the attacker already has. 3 ways organizations can prevent prompt bombing 1.

Use fatigue and phishing-resistant MFA factors Push notifications are the weakest common form of MFA. Phishing-resistant factors such as FIDO2 security keys, hardware tokens like YubiKey, or number-matching codes from authenticator apps are harder to abuse. Specops Secure Access supports more than 15 identity providers and includes these fatigue-resistant options for Windows logon, RDP, and VPN connections, so organizations can retire push-only MFA for high-risk access points. Specops Secure Access 2.

Block compromised passwords at the source Prompt bombing is only made possible when the attacker already has a valid password. Scanning Active Directory (AD) continuously against a live database of breached passwords, and forcing a reset when a match appears, removes the fuel for the attack. Relying on default AD password policies won’t catch reused, incremental, or breached passwords. If you don’t know where you stand today, Specops Password Auditor is a free, read-only scan of your AD that flags vulnerabilities like compromised passwords or inactive admin accounts.

Specops Password Auditor

  1. Add risk signals to the login Conditional access policies that factor in geography, device posture, and login times can block or step up authentication before a prompt is ever sent to the user’s phone. This reduces reliance on user behaviour alone and introduces real-time context to stop suspicious logins before they escalate into successful account compromise. MFA still matters MFA prompt bombing isn’t a reason to move away from MFA, but it does highlight where some factors fall short.

When approval requests can be triggered repeatedly with no meaningful context, the control becomes easier to influence than intended. If push is still your default second factor, it’s worth revisiting that decision. Number matching or phishing-resistant methods strengthen the MFA method itself, while scanning for compromised passwords limits the risk of attackers possessing the first authentication step. If you’re looking to evolve your identity security with more robust MFA, talk to Specops .

Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

CERT-In Recommends 12-Hour Patching for Internet-Facing Flaws Amid AI-Assisted Attacks

The Indian Computer Emergency Response Team (CERT-In) has issued new guidelines requiring organizations to patch critical security vulnerabilities in internet-exposed systems within 12 hours of being flagged where “feasible” to safeguard against potential threats stemming from threat actors’ abuse of artificial intelligence (AI) tools and large language models (LLMs) to automate vulnerability discovery and exploitation, and enhance the scale and velocity of cyber attacks. “AI-assisted cyber exploitation reduces the time required for adversaries to identify, weaponize, and exploit vulnerabilities, exposed services, weak identities, insecure APIs, and misconfigured systems,” CERT-In said in a 38-page blueprint published Monday. “As organizations become increasingly dependent on interconnected digital infrastructure, cloud ecosystems, software supply chains, operational technologies, and AI-enabled platforms, the potential impact of AI-enabled cyber threats continues to increase across sectors.” With threat actors beginning to increasingly rely on AI for a wide range of tasks, including attack surface discovery, exploit analysis, convincing phishing content, and even malware generation, they can significantly compress attack preparation timelines and bypass traditional security controls. Furthermore, AI-enabled systems may themselves become targets of malicious attacks via prompt injections, data leakage vulnerabilities, jailbreaking techniques, model manipulation, training data poisoning, model theft, and orchestration pipeline compromises, effectively undermining their confidentiality and integrity.

CERT-In has warned that organizations should expect exploitation timelines to collapse significantly and attacks to become autonomous, necessitating the need for adopting heightened cybersecurity measures that involve continuous threat assessment, proactive exposure reduction, and operational preparedness. Some of the defensive principles outlined by the cybersecurity agency to reduce exposure and better respond to AI-assisted cyber threats are listed below - Assume breach and prepare for rapid detection, containment, and recovery from compromise scenarios. Adopt a Zero Trust approach by enforcing continuous verification and least-privilege access. Implement a defense-in-depth strategy with layered controls across infrastructure to eliminate single points of failure and minimize the overall impact of a successful breach.

Monitor and reduce exposure to security vulnerabilities. Embed a secure-by-design paradigm into systems, applications, and AI workflows. Maintain operational continuity during cyber incidents and disruption scenarios. Safeguard sensitive and operationally critical data throughout its lifecycle.

Reduce software supply chain risks arising from third-party software, AI models, and dependencies through SBOM, provenance validation, and assessments. Test security effectiveness against evolving threats through red teaming, vulnerability assessments, penetration testing, and independent audits. Prioritize controls based on operational criticality and threat exposure. Establish formal governance mechanisms regarding the use of AI systems.

Maintain visibility into AI systems, integrations, and operational behavior. “Organizations should implement layered, risk-based, and continuously validated technical controls to reduce exposure to AI-assisted cyber threats,” CERT-In said. “Controls should prioritise protection of internet-facing systems, critical business applications, identities, cloud environments, APIs, sensitive data, AI-enabled systems, and operational infrastructure.” The agency is also urging organizations to embrace “continuous, risk-based vulnerability and patch management practices” to reduce exposure arising from security flaws, misconfigurations, insecure APIs, publicly-accessible services, and weak identities. To that end, known exploited vulnerabilities affecting internet-facing and critical systems should be remediated within 12 hours where applicable.

Other risk-based remediation times are as follows - Critical externally exposed vulnerabilities: Within 1 day Known exploited vulnerabilities affecting internal systems: Within 1 day unless other mitigations are implemented and documented Critical internal vulnerabilities affecting high-value systems: Within 3 days High-severity vulnerabilities: Within 5 days based on risk prioritization In scenarios where no patches are immediately available, it’s advised to implement temporary mitigations such as isolation, access restriction, WAF/API protection, enhanced monitoring, or feature disablement until the fix is released. “Given the rapidly evolving nature of AI-assisted cyber threats, organisations should continuously reassess exposure, validate security controls, strengthen resilience capabilities, and enhance operational preparedness through ongoing audits, monitoring, testing, and coordinated cybersecurity governance,” CERT-In said. The blueprint arrives a month after CERT-In released an advisory warning of the growing cyber capabilities of frontier AI models from Anthropic and OpenAI , stating how their “dual-use nature” could “lower the barrier to entry for malicious cyber actors and be leveraged to accelerate attack execution, automate exploitation workflows and scale cyber campaigns.” “Keeping pace with frontier AI-driven cyber developments is critical for maintaining cyber resilience,” it added. “Baseline cybersecurity controls remain critical and should be rigorously enforced.” Found this article interesting?

Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Iranian Hackers Deploy MiniFast and MiniJunk V2 via Phishing and SEO Poisoning

The Iranian state-sponsored threat actor known as Nimbus Manticore (aka Screening Serpens and UNC1549 ) has been attributed to a fresh campaign using lures impersonating organizations in the aviation and software sectors across the U.S., Europe, and the Middle East following the joint U.S.-Israeli military campaign against the country in late February 2026. The activity, besides embracing previously undocumented techniques and enhanced capabilities, is characterized by the use of a new backdoor codenamed MiniFast (aka MiniUpdate) that appears to have been developed with assistance using artificial intelligence (AI), Check Point said in an analysis published last week. Affiliated with Iran’s Islamic Revolutionary Guard Corps (IRGC), Nimbus Manticore is best known for targeting defense, aviation, and telecommunication sectors using career-themed phishing lures. These campaigns have also been codenamed the Iranian Dream Job, owing to tactical similarities with Operation Dream Job orchestrated by North Korean hackers.

Recent attack chains linked to the threat actor have witnessed a shift in tradecraft, as evidenced by the use of AppDomain hijacking to deliver MiniJunk in February 2026, followed by the deployment of the MiniFast backdoor in March and a reliance on SEO poisoning to distribute a trojanized version of Oracle’s SQL Developer software in April. In the first campaign observed before the onset of the war, employees in software and aviation sectors in Saudi Arabia and Australia were targeted with bogus career opportunities, tricking them into downloading a ZIP archive hosted on OnlyOffice. Launching a benign executable within the ZIP file leveraged a technique known as AppDomain hijacking to launch a rogue MiniJunk DLL. The March 2026 campaign has been found to follow more or less the same approach, only this time the threat actor also used a trojanized Zoom installer as part of the attack sequence to launch the binary that then leverages AppDomain hijacking to deploy MiniFast.

It’s suspected that the activity was part of a phishing campaign using fake meeting invitations. There are signs that Nimbus Manticore used AI-assisted development to help create MiniFast. This includes excessive error handling and defensive programming logic, repetitive function and method naming patterns with descriptive or verbose identifiers, several detailed error-reporting strings and debug-style status messages, and modular code organization despite the malware’s overall simplicity. Check Point said it also observed last month a fake website impersonating a download page for SQL Developer, duping visitors who land the page via SEO poisoning to download a weaponized installer that delivers MiniFast.

The development marks the first time the threat actor has resorted to this approach for malware delivery. “This malware delivery method differs from Nimbus Manticore’s usual infection chains, which typically rely on career-themed phishing lures,” the company said. “In this campaign, the actor abuses search engine optimization techniques by registering dozens of domains that link to the bogus domain, getsqldeveloper[.]com. This is likely an attempt to increase the site’s visibility through link-based reputation signals.” MiniFast is described as a fully featured backdoor designed for long-term persistence and remote command execution.

It communicates with a remote server over HTTP requests to fetch tasks, upload command execution results, exfiltrate files, and download additional payload from the server. Before entering the tasking loop, the malware also beacons basic system information to the operator. The commands supported by the backdoor are varied, enabling file operations, directory listings, process enumeration, command execution via “cmd.exe,” process termination using its PID, DLL loading, ZIP archive creation, persistence via scheduled tasks, and privilege escalation via the “runas” command. The backdoor also supports the ability to update the polling interval and jitter value applied to beacon intervals so as to randomize the frequency with which commands are retrieved from the server.

“What stands out is that this group’s ambitions extended well beyond targeted espionage in the Middle East,” Sergey Shykevich, threat intelligence group manager at Check Point Research, said in a statement shared with The Hacker News. “We found strong indicators that Nimbus Manticore used AI tools to write malware faster.” “They built and deployed a brand-new backdoor mid-conflict while operations were actively underway. We also tracked a third campaign wave using a completely different playbook: SEO poisoning.” “They built a fake SQL Developer download page and pushed it to the top of Bing and DuckDuckGo - no spearphishing, no fake job offer, just waiting for a developer to search for common software. And when you map all three waves together, February through April, there was no pause.

The conflict didn’t slow them down; it actually accelerated them.” The disclosure coincides with a report from Palo Alto Networks Unit 42 about the threat actor’s targeting of entities in the U.S., Israel, the United Arab Emirates, and the Middle East with MiniUpdate and an updated version of MiniJunk called MiniJunk V2. Among those targeted as part of the elaborate espionage scheme was a U.S. oil and gas firm. The findings show that Iranian threat actors are taking a page out of North Korea’s playbook to infiltrate organizations of interest by going after their employees with lucrative job opportunities.

“The group has increased its operations since the regional conflict that started in February 2026, deploying two families of RAT variants across entities in up to five different countries,” Unit 42 researchers said. “A defining characteristic of these recent campaigns is the deep personalization of the attackers’ lures. By leveraging tailored social engineering tactics, including fake job requisitions and spoofed video conferencing meeting invitations, the attackers lure victims into initiating the infection chain, thereby exposing their organizations to further exploitation.” The development also comes as Iranian hackers are suspected to have conducted a series of attacks aimed at tank readers at gas stations across multiple states in the U.S. While the incidents did not cause physical damage or harm, they have sparked concerns that such access could potentially cause gas leaks to go undetected or create other risks to critical infrastructure.

“The hackers responsible have exploited automatic tank gauge (ATG) systems that were sitting online and unprotected by passwords, allowing them in some cases to tinker with display readings on the tanks but not the actual levels of fuel in them,” CNN reported , citing unnamed sources. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

KnowledgeDeliver LMS Flaw Exploited to Deploy Godzilla and Cobalt Strike

A now-patched high-severity security flaw affecting Digital Knowledge KnowledgeDeliver , a Learning Management System (LMS) popular in Japan, was exploited as a zero-day to deliver the Godzilla web shell and ultimately facilitate the deployment of Cobalt Strike Beacon. The vulnerability, tracked as CVE-2026-5426 (CVSS score: 7.5), stems from the use of hard-coded ASP.NET machine keys, leading to unauthenticated remote code execution via a ViewState deserialization attack. The abuse of publicly disclosed ASP.NET machine keys by threat actors was first documented by Microsoft in February 2025. “An unknown threat actor leveraged this access to inject malicious code into the LMS platform, with the goal of infecting users visiting the site,” Google Mandiant and Google Threat Intelligence Group (GTIG) said .

The security flaw impacted Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026. It’s worth noting that similar vulnerabilities in Sitecore Experience Manager (XM) and Gladinet CentreStack and TrioFox have also been exploited by threat actors. The problem is rooted in the fact that KnowledgeDeliver installations relied on a standardized web.config file provided by the vendor that contained hard-coded machineKey values used by the ASP.NET framework to encrypt and sign data, including ViewState payloads. As a result, a threat actor who manages to obtain the keys from one deployment could leverage them to compromise other internet-facing KnowledgeDeliver instances.

“The ASP.NET ViewState persists page state across postbacks,” Google said. “When the machineKey is known, a threat actor can craft a malicious ViewState payload. By sending this payload in an HTTP request (via the __VIEWSTATE parameter), the threat actor can make the server deserialize it.” In the activity observed in connection with CVE-2026-5426, attackers have been found to deploy the Godzilla (aka BLUEBEAM) web shell, granting them the ability to run commands or drop additional payloads. Among the commands executed were instructions to escalate their control over the web server’s file system by granting “Everyone” complete access to the web application directory.

Subsequently, the threat actor tampered with an application JavaScript file to include code that displayed a fake security alert, urging users to install a “security authentication plugin.” In tandem, the unauthorized modifications made it possible to stealthily load a malicious script hosted on an attacker-controlled domain. The script, in turn, convinced users to download a fake installer, ultimately infecting the machines with Cobalt Strike Beacon. “The payload was encrypted using a key that used the name of the compromised organization, which indicated that the threat actor prepared this payload specifically for the targeted organization,” Google said. “The exploitation of KnowledgeDeliver highlights the severe risks of using shared secrets in deployment templates.

A single leaked key can compromise an entire ecosystem of installations. By implementing unique secrets and robust endpoint monitoring, organizations can defend against these deserialization attacks.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain Chaos

Monday recap. Same mess, new week. A sketchy dev tool got people pwned, old bugs came back from the dead, and security products somehow needed protecting from themselves. A bunch of companies spent the week checking old boxes and forgotten servers they should’ve patched years ago.

Good times. Phishing crews are getting smarter too - less obvious scam junk, more targeted stuff that actually looks real. Meanwhile, botnets are grabbing anything exposed to the internet like it’s free candy. The Internet’s still a dumpster fire.

Let’s get into it. ⚡ Threat of the Week GitHub Breached via Nx Console VS Code Extension —GitHub officially confirmed that the breach of its internal repositories was the result of a compromise of an employee device involving a poisoned version of the Nx Console Microsoft Visual Studio Code (VS Code) extension. The attack is said to have allowed the threat actor, a cybercriminal group known as TeamPCP, to exfiltrate about 3,800 repositories. GitHub said it has taken steps to contain the incident and rotated critical secrets, adding it’s continuing to monitor the situation for follow-on activity.

The Nx team revealed that the extension, nrwl.angular-console, was breached after one of its developers’ systems was hacked in the wake of the recent TanStack supply chain attack. Other companies that were impacted by the TanStack compromise include OpenAI, Mistral AI, and Grafana Labs. Grafana Labs was also the target of an extortion attempt, but the company said it refused to pay the hackers who had threatened to release the company’s codebase. The incidents are just some examples of the long tail of downstream victims emerging from the Mini Shai-Hulud campaign.

This, coupled with TeamPCP’s public release of the Shai-Hulud code, marks a significant evolution in software supply chain threats, as it gives attackers a ready-made blueprint for fleshing out similar worms targeting open-source repositories and developer environments. 80% of Security Teams Know OAuth Security Is Urgent. Half Are Doing Nothing Manual OAuth reviews don’t scale, and the rapid adoption of AI agents is making it worse. Material’s OAuth Threat Remediation Agent continuously monitors every connection across your cloud workspace, classifies risk, and automatically kills malicious ones before they become incidents.

Close the Gap Today ➝ 🔔 Top News Microsoft Took Down Fox Tempest —Microsoft has cracked down on Fox Tempest, a cyber threat actor that fueled Rhysida ransomware attacks and other infections involving Oyster, Lumma Stealer, and Vidar. The group operates upstream in the malware and ransomware supply chain, acting as an enabler and providing tools for other threat actors to carry out attacks. This included a fraudulent code-signing service that let cybercriminals deploy malware “through the front door” without being detected. While bad actors have been known to resell code-signing certificates for at least a decade, Fox Tempest’s operation stood out because it provided a scalable service for extortion, phishing, SEO poisoning, or malware-laced advertising.

9-Year-Old Linux Kernel Flaw Enables Root Command Execution —A new vulnerability disclosed in the Linux kernel remained undetected for nine years. The vulnerability, tracked as CVE-2026-46333 (CVSS score: 5.5), is a case of improper privilege management that could permit an unprivileged local user to disclose sensitive files and execute arbitrary commands as root on default installations of several major distributions like Debian, Fedora, and Ubuntu. The issue was introduced in November 2016. Microsoft Warned of Two Actively Exploited Defender Vulnerabilities —Microsoft has disclosed that a privilege escalation and a denial-of-service flaw in Defender have come under active exploitation in the wild.

While CVE-2026-41091 could allow an attacker to gain SYSTEM privileges, CVE-2026-45498 relates to a case of denial-of-service. Although Microsoft has not formally confirmed, the vulnerability descriptions for CVE-2026-41091 and CVE-2026-45498 overlap with those of RedSun and UnDefend, two Defender zero-days that were disclosed by Chaotic Eclipse (aka Nightmare-Eclipse) last month. Newly Disclosed Drupal Core Flaw Under Attack —A critical security flaw impacting Drupal Core has come under active exploitation within days of public disclosure. The vulnerability in question is CVE-2026-9082 (CVSS score: 6.5), an SQL injection vulnerability affecting all supported versions of Drupal Core.

Drupal acknowledged that “exploit attempts are now being detected in the wild.” Thales-owned Imperva said it has observed over 15,000 attack attempts targeting almost 6,000 individual sites across 65 countries. Claude Mythos AI Finds 10K High-Severity Flaws in Popular Software —Anthropic revealed that Project Glasswing has helped uncover more than 10,000 high- or critical-severity vulnerabilities across some of the most “systemically” important software across the world since the cybersecurity initiative went live last month. Of these vulnerabilities, 6,202 have been classified as high- or critical-severity flaws impacting more than 1,000 open-source projects. Subsequent analysis of these vulnerability candidates has identified that 1,726 are valid true positives.

As many as 1,094 flaws are assessed to be either high- or critical-severity. In total, these efforts have led to 97 findings being patched upstream and 88 advisories being issued. Cisco Patched CVSS 10.0 Secure Workload Flaw —Cisco rolled out updates for a maximum-severity security flaw impacting Secure Workload that could allow an unauthenticated, remote attacker to access sensitive data. Tracked as CVE-2026-20223 (CVSS score: 10.0), the vulnerability arises from insufficient validation and authentication when accessing REST API endpoints.

“An attacker could exploit this vulnerability if they are able to send a crafted API request to an affected endpoint,” Cisco said. “A successful exploit could allow the attacker to read sensitive information and make configuration changes across tenant boundaries with the privileges of the Site Admin user.” Microsoft Released Mitigations for YellowKey —Microsoft released a mitigation for a BitLocker bypass vulnerability named YellowKey following its public disclosure last week. The zero-day flaw, now tracked as CVE-2026-45585, carries a CVSS score of 6.8. It has been described as a BitLocker security feature bypass.

The issue impacts Windows 11 version 26H1 for x64-based Systems, Windows 11 Version 24H2 for x64-based Systems, Windows 11 Version 25H2 for x64-based Systems, Windows Server 2025, and Windows Server 2025 (Server Core installation). Microsoft noted that successful exploitation could permit an attacker with physical access to sidestep the BitLocker Device Encryption feature on the system storage device and gain access to encrypted data. 🔥 Trending CVEs Bugs drop weekly, and the gap between a patch and an exploit is shrinking fast. These are the heavy hitters for the week: high-severity, widely used, or already being poked at in the wild.

Check the list, patch what you have, and hit the ones marked urgent first — CVE-2026-48172 (LiteSpeed User-End cPanel Plugin), CVE-2026-34926 (Trend Micro Apex One), CVE-2026-20223 (Cisco Secure Workload), CVE-2026-41091, CVE-2026-45498, CVE-2026-45584 (Microsoft Defender), CVE-2026-46333 (Linux Kernel), CVE-2026-9082 (Drupal Core), CVE-2026-45585 (Microsoft Windows BitLocker), CVE-2026-2743 (SEPPMail), CVE-2026-7301, CVE-2026-7302, CVE-2026-7304 (SGLang), CVE-2026-29205 (cPanel), CVE-2026-8178 (Amazon Redshift JDBC driver), CVE-2026-8053 (MongoDB), CVE-2026-45829 aka ChromaToast (ChromaDB), CVE-2026-8153 (Universal Robots PolyScope 5), CVE-2026-3102 (ExifTool), CVE-2026-9110, CVE-2026-9111 , from CVE-2026-8511 through CVE-2026-8522 (Google Chrome), CVE-2026-45434 (Apache OFBiz), CVE-2026-33000, CVE-2026-34908, CVE-2026-34909, CVE-2026-34910, CVE-2026-34911 (UniFi OS), CVE-2026-45401 (Open WebUI), CVE-2026-9256 , CVE‑2026‑8711 (F5 NGINX Plus and NGINX Open Source), CVE-2026-20239 (Splunk Enterprise and Splunk Cloud Platform), CVE-2026-46376 (FreePBX), CVE‑2026‑6637 (PostgreSQL), and CVE-2026-35194 (Apache Flink). 🎥 Cybersecurity Webinars Learn How Attackers Use AI to Supercharge DDoS Efficiency (and How to Stop It) → Adversaries are weaponizing AI to exploit network blind spots, auto-generate evasion scripts, and bypass traditional defenses with surgical precision. This webinar bridges the gap between AI-driven exploitation and cloud resilience, offering data-driven insights into how attackers maximize DDoS success rates. Join us to move beyond theory, leverage AI for non-disruptive security testing (CTEM), and transition your team from reactive mitigation to automated, continuous resilience.

Beyond the Zero-Day: Hunting for Threats That Don’t Need an Exploit → Zero-day exploits are no longer the ultimate metric of cyber risk. Today, sophisticated adversaries bypass traditional defenses entirely by leveraging identity flaws, living-off-the-land techniques, and AI automation that don’t rely on unpatched software. This session moves beyond the zero-day obsession to expose how attackers operationalize modern post-compromise tactics—and how security teams can pivot from reactive patching to proactive, behavioral threat hunting. 📰 Around the Cyber World Vulnerability Exploitation Overtakes Compromised Credentials in a Long Time —Vulnerability exploitation has overtaken compromised credentials for the first time in nearly two decades as the most common initial access vector for data breaches, per Verizon .

Nearly a third (31%) of data breaches over the past year started with vulnerability exploitation, up from 20% in 2024. Credential abuse declined from 22% to 13%. What’s more, only 26% of critical vulnerabilities listed in the U.S. Cybersecurity Infrastructure and Security Agency Known Exploited Vulnerabilities (KEV) catalog were fully remediated by organizations in 2025, a drop from 38% the previous year.

“The median time for full resolution went up to 43 days, almost two weeks more than the previous year’s 32 days,” the report said. “In the median case, organizations had 50% more critical vulnerabilities to patch in this year’s reporting dataset compared to the previous year.” Ransomware accounted for 48% of all breaches last year, up from 44% in 2024. But in a positive development, ransom payments have continued to decline, with the median payment sliding from $150,000 in 2024 to almost $140,000. Attackers Go After India’s Education Ecosystem —Threat actors are abusing student data within India’s education ecosystem, spanning educational institutions, third-party vendors, and online services, for phishing, impersonation, social engineering, and financially motivated fraud operations.

“Attackers commonly leverage exposed or misused student information to create highly convincing scams related to admissions, scholarships, internships, fee payments, and academic services,” CYFIRMA said . “In several instances, threat actors exploited trusted educational branding, fraudulent portals, and insider access to obtain credentials, financial information, or direct payments. Additionally, some cases indicated the misuse of student-linked bank accounts within broader fraud and mule account operations.” RondoDox Adds ASUS Router Flaw to its Arsenal —The operators of the RondoDox botnet have incorporated CVE-2018-5999 (CVSS score: 9.8), a critical ASUS router flaw, to their arsenal, marking the first observation of in-the-wild exploitation of the vulnerability. The activity was first detected on May 17, 2026, against its honeypots.

“The attack pattern: payloads that set the ateCommand_flag to 1, enabling the infosvr interface to accept arbitrary configuration changes,” VulnCheck CTO Jacob Baines said in a post on LinkedIn. Fake Microsoft Teams Sites Deliver ValleyRAT —Fake Microsoft Teams distribution sites shared on X are being used to trick unsuspecting users into downloading a trojanized installer packaged as a ZIP archive, ultimately leading to the deployment of ValleyRAT , a malware associated with a Chinese cybercrime group called Silver Fox. “The delivered payload leverages a DLL sideloading chain via a legitimate executable (GameBox.exe) developed by Tencent, ultimately deploying a ValleyRAT variant,” K7 Labs said . “This malware campaign stands out for its clean execution chain, combining social engineering with staged payload delivery, in-memory decryption, and stealthy persistence mechanisms.” Malicious Activity Targeting Malaysian Entities —An attacker-controlled infrastructure hosted on Microsoft Azure infrastructure in the Malaysia West region has been used to conduct a targeted intrusion campaign against multiple Malaysian organizations, per Oasis Security.

“The operation demonstrates a high degree of operational planning, with the attacker developing purpose-built Python tooling for each target — covering internal network enumeration, database access, and external data exfiltration,” the company said . The infrastructure hosts target-specific Python scripts, webshell deployment tools, a Laravel remote code execution exploit chain, and source code for custom command-and-control (C2) components. Texas Attorney General Sues Meta Over WhatsApp Encryption Claims —The Texas Attorney General has sued Meta over allegations that the company’s WhatsApp messenger doesn’t provide the end-to-end encryption (E2EE) it has long claimed. “Reports suggest that employees of WhatsApp have been able to access user communications,” the Office of the Texas Attorney General said .

“Additional reporting and investigations indicate that message content can be pulled and viewed after the message has been sent. This is a complete and total misrepresentation of Meta’s privacy policies.” The lawsuit hinges on a report from Bloomberg from last month about how the U.S. Commerce Department’s Bureau of Industry and Security had abruptly closed an investigation into allegations that Meta could access encrypted WhatsApp messages. Preliminary findings from the department claimed that “there is no limit to the type of WhatsApp message that can be viewed by Meta.” Meta has called the allegations “baseless.” FIOD Arrests Two in Connection with Stark Industries —The Netherlands Fiscal Intelligence and Investigation Service (FIOD) arrested two men and seized 800 servers in connection with a web hosting company that enabled cyber attacks, interference operations, and disinformation campaigns.

The arrested individuals included a 57-year-old man from Amsterdam and a 39-year-old man from The Hague. Although the name of the company was not explicitly mentioned, it is assessed to be Stark Industries , which was sanctioned by the E.U. in May 2025. Following the sanctions, a significant chunk of the technical infrastructure was transferred to a Dutch-based entity known as THE.Hosting aka WorkTitans.

“This new company actually acts as a cover for the sanctioned entities,” FIOD said . “The director and (indirect) sole shareholder of this company is the 57-year-old suspect.” A second unnamed Dutch company is said to have played a facilitating role. “This company, of which the 39-year-old is a suspected director and sole shareholder, ensures that the servers of the former new company are connected to the internet,” FIOD added. UNG0002 Targets Chinese Educational Sector —The Chinese educational sector has become the target of a new campaign conducted by UNG0002 as part of a spear-phishing campaign codenamed Operation Dragon Whistle.

“What makes this campaign particularly effective is the precision of its social engineering,” Seqrite Labs said . “The threat actor did not use a generic lure — they specifically identified that Changzhou University conducts mandatory annual fitness assessments where failure directly impacts graduation eligibility. This creates an environment of urgency and compliance that significantly increases the probability of victim engagement.” The emails have been found to distribute ZIP archives that ultimately lead to the deployment of Cobalt Strike Beacon. Void Botnet Uses Ethereum Smart Contracts for C2 —A new botnet malware called Void Botnet uses Ethereum smart contracts for seizure-resistant command-and-control (C2).

It’s a Rust-based malware that’s advertised on cybercrime forums by a developer operating under the handle TheVoidStl. “Based on the seller’s documentation and panel screenshots, Void Botnet is a Rust-native loader with two command-and-control modes in the same binary,” Qrator Labs said . “The first mode routes commands through Ethereum smart contracts: the operator writes instructions to a contract, and infected machines check it at regular intervals, picking up new tasks within three to five minutes. The second mode connects machines directly to the operator’s web panel, with tasks completing in under thirty seconds.

The operator switches between them at any time by updating the contract.” The botnet works by writing commands to smart contracts, bots polling public RPC endpoints, and C2 infrastructure that is hard to take down. Proton Debuts AI Access Tokens in Proton Pass —Proton Pass, a secure, end-to-end encrypted (E2EE) password manager, has added credential sharing through AI access tokens, allowing users to give AI agents access to items it’s permissioned to and monitor their activity. “AI access tokens are our newest secure sharing option to bring password management into the age of agentic AI,” Proton said . “Every time an AI agent uses an access token, this is logged, and a reason for the access must be provided.

For extra security, you can also set an expiration for each token, from one hour to one year, after which it can no longer be used.” DevilNFC and NFCMultiPay Android NFC Relay Malware Spotted —Two new Android NFC relay malware families named DevilNFC and NFCMultiPay have been observed targeting European and LATAM banking customers. “These two NFC relay toolkits are being developed and operated outside the Chinese-speaking MaaS ecosystem: DevilNFC carries an exclusively Spanish-speaking attribution, while NFCMultiPay’s developer fingerprint is Portuguese (Brazilian),” Cleafy said . “Local groups are no longer buying access to Chinese platforms; they are building their own.” It’s assessed that the malware families may have been developed with assistance using generative artificial intelligence (AI). Both malware families are designed to collect the victim’s card PIN.

“DevilNFC further locks the victim inside the malicious interface via Kiosk Mode, preventing any escape while the relay completes,” the Italian company said. “DevilNFC employs an asymmetric architecture in which a single APK serves both roles in a relay attack: a passive reader on the victim’s device and a system-level card emulator on the attacker’s rooted device, achieved via a hooking framework that intercepts NFC traffic below the Android API layer.” DevilNFC overlaps with an NGate variant documented by ESET last month. The malicious apps are distributed via SMS or WhatsApp messages, directing victims to fake landing pages impersonating Google Play Store listings. TAX#TRIDENT Uses Indian Income Tax Lures —A new campaign dubbed TAX#TRIDENT is using Indian Income Tax-themed lures to target Windows endpoints via three delivery paths.

The campaign starts with fake tax assessment lures and then moves victims toward ZIP files, VBScript downloaders, or PHP-looking web endpoints that actually return script content,” Securonix said . “The first branch uses a ZIP file and a signed ClientSetup installer. Once executed, the installer creates a hidden client tree, adds service and driver persistence, and starts network communication. The second branch uses ‘Assessment_Order.vbs.’ The script shows a tax assessment decoy image, downloads the same ClientSetup payload, writes a new ‘YTSysConfig.ini,’ and runs the payload hidden.

The third branch uses a PHP-looking endpoint that returns VBScript. That script downloads more stages from S3, disguises a VBS file as a PNG image, changes UAC prompt behavior, and silently installs a signed ManageEngine UEMS / Endpoint Central agent.” CISA Launches KEV Nomination Form to Report Exploited Bugs —The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has introduced an online Nomination Form that lets researchers, vendors, and industry partners submit known exploited vulnerabilities (KEVs) directly so as to “quickly identify, validate, and share KEVs, critical threat information.” Exploitation of Four-Faith Router Flaw —Attackers are exploiting CVE-2024-9643 (CVSS score: 9.8), a critical authentication bypass flaw in Four-Faith F3x36 industrial cellular routers, as part of a large-scale campaign since mid-May 2026 to turn fold compromised devices into botnets for further campaigns. CrowdSec said it has observed 139 attacking IP addresses through May 18, 2026.

“Exploitation was first observed on April 20 and escalated to the point of being reclassified as mass exploitation on May 12, a strong signal that attackers are operationalizing this flaw at scale,” it added . Chinese-Language PhaaS Ecosystem Detailed —An analysis of a dozen current phishing-as-a-service (PhaaS) offerings in the Chinese underground has found that they have shifted away from static password harvesting towards real-time interception and tokenization via live administration panels, allowing attackers to capture one-time passcodes (OTPs) and bypass multifactor authentication (MFA) instantly. The services, such as YY Lai Yu, primarily target non-Chinese entities, with advertisements regularly posted to Telegram rather than channels such as WeChat (Weixin) or Tencent QQ. A crucial aspect of these operations is their exploitation of digital wallet provisioning to monetize stolen payment details.

Attackers have been found to leverage captured credentials and OTPs to provision the victim’s card into a digital wallet on an attacker-controlled device. Once tokenized, the card can be used for high-value transactions, contactless payments, and ATM withdrawals. “Instead of simply gaining account access, these operations focus on exploiting digital wallet provisioning to transform stolen payment data into tokenized assets within ecosystems,” Google said. “This shift—combined with the use of encrypted delivery channels like RCS and iMessage to bypass traditional carrier security filters on SMS messages—represents an emerging development where the goal is no longer just a login, but securing direct, unauthorized control over a victim’s financial accounts.” 🔧 Cybersecurity Tools Bumblebee → It is an open-source security tool for macOS and Linux designed to find software supply-chain vulnerabilities on developer computers.

It acts as a lightweight, read-only scanner that audits metadata files, manifests, and configurations rather than executing code. This allows it to safely check local language packages, web browser extensions, text editor add-ons, and AI tool configurations for known security exposures without running potentially malicious install scripts. Claude-BugHunter → It is an open-source add-on that configures Anthropic’s Claude Code command-line tool into a specialized security assistant. It equips the AI with pre-built vulnerability patterns, attack techniques, and reporting templates, automating the process of finding and documenting security flaws during authorized testing.

Disclaimer: This is strictly for research and learning. It hasn’t been through a formal security audit, so don’t just blindly drop it into production. Read the code, break it in a sandbox first, and make sure whatever you’re doing stays on the right side of the law. Conclusion Patch the easy stuff before it becomes a bigger problem next week.

The old bugs everyone ignored? Attackers didn’t ignore them. They never do. Right now, the internet feels held together with tape and luck.

Every week, there’s a new mess, a new scam, or some old box getting dragged into a botnet. See you next Monday. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

Threat actors are exploiting a recently disclosed critical security flaw in Ghost CMS to inject malicious JavaScript code with an aim to fuel ClickFix attacks. According to QiAnXin XLab, the activity involves the exploitation of CVE-2026-26980 (CVSS score: 9.4), an SQL injection vulnerability in Ghost’s Content API that could allow an unauthenticated attacker to read arbitrary data from the database. The security flaw was addressed in February 2026 in version 6.19.1. The vulnerability was discovered by Anthropic using Claude.

What makes the vulnerability severe is that it allows an attacker to gain access to a site’s admin API key without permission, granting them the ability to poison the site by injecting malicious code. The admin API key can be used to invoke the admin API and can directly modify articles published on the content management system. The threat actor leveraged the security flaw to “obtain the target site’s Admin API Key without authorization, and then used the Ghost Admin API to tamper with articles in bulk, injecting malicious JavaScript loaders at the bottom of the pages to assist fake CAPTCHA attacks,” XLab said . The activity has been described by the Chinese security vendor as a “large-scale poisoning” campaign weaponizing the Ghost CMS flaw.

At least two different threat clusters are assessed to be behind the campaign, in some cases implanting certain sites with malicious code within a single day. It was first detected on May 7, 2026. In all, the campaign has compromised more than 700 websites, spanning universities , blockchain, artificial intelligence, software-as-a-service (SaaS), security research, media, and financial technology sectors. The fact legitimate websites have been breached could further increase the success rate of the ClickFix attacks, XLab said.

The injected JavaScript code at the bottom of an article functions as a two-stage loader that’s responsible for retrieving the main payload at runtime from an external domain (“clo4shara[.]xyz/11z77u3.php”). This architecture offers added flexibility as it enables the threat actor to swap out the payloads based on different criteria, while keeping the loader functionality intact across several compromised sites. “Directly accessing clo4shara[.]xyz/11z77u3.php reveals a piece of code, which is actually a typical traffic distribution script,” XLab explained. “Its core function is to collect various fingerprint information from the user’s browser and upload it to the server, then perform actions such as redirection, popups, and downloads based on the returned instructions.” The PHP script is powered by Adspect , a commercial cloaking service.

The idea behind using the cloaking script is to ensure that only real victims are served the actual payload, while security scanners and crawlers will only see a benign web page. The script also supports 19 different commands to run arbitrary JavaScript code and facilitate remote control of the victim’s browser. Site visitors deemed as the intended targets are ultimately served a fake CAPTCHA verification page within an iframe HTML element to prove they are human. This, in turn, triggers a ClickFix attack, as part of which they are instructed to copy and paste a Base64-encoded command into the Windows Run dialog.

The command serves as a dropper for delivering a ZIP archive and extracts from it a Windows batch script and runs it. The script, for its part, executes a PowerShell command to download a DLL file from a remote domain, launch it using “rundll32.exe,” and open a bogus web page to the user as a distraction. Subsequent iterations of the malware have been found to replace the DLL with a JavaScript payload. Regardless of the type of the payload, the end goal of the attack is to drop a Windows executable.

In the case of the DLL, the executable is a PuTTY client with a valid code-signing certificate. The binary distributed via JavaScript is an Inno Setup installer for an Electron application. The application is a modified version of the open-source Grape desktop client that’s designed to achieve persistence and poll a remote server (“web-telegram[.]ug”) every 30 seconds to process instructions issued by the attacker, including running JavaScript code or executable files. Ghost CMS users are advised to upgrade their instances to the latest version, rotate all credentials, clean up the sites, audit access logs for signs of suspicious activity, and notify users who may have visited the sites during the contamination period for potential compromise.

Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

The Alert Firehose Finally Meets Its Match

Ask a cybersecurity pro about Network Detection and Response (NDR) and you might still hear “Noisy,” “Too much data.” But ask the teams running NDR that includes agentic AI capabilities and you’ll hear they’re actually using it to catch threats earlier, triage faster, and chase fewer false positives. The old complaint lingers in part because reputations are sticky, and because NDR has evolved faster than the narrative. The origins of noise NDR deployments have always given analysts deep visibility into network traffic, encrypted session behavior, and protocol anomalies. But visibility often came as raw material, not finished intelligence.

Some systems required extensive manual tuning during deployment to prevent SIEM overload. Organizations that couldn’t invest that time (or didn’t know how important it was) helped cement NDR’s “alert firehose” or “noisy” reputation. NDR with agentic AI turns noise into narrative Agentic AI autonomously fetches data, triages alerts, and performs correlation and initial analysis, handling the time-consuming, repetitive work that used to bury analysts. Here’s the unexpected twist: the data volume that once could overwhelm teams if the NDR wasn’t appropriately tuned, has become a strategic asset.

Because AI can ingest and simultaneously analyze thousands of data points, “noise” can become rich ground for finding actionable signals such as connections between low-severity, informational, or otherwise low profile activity most SOC teams would never have the capacity to piece together. The system can surface detections that might otherwise have been missed. With AI processing data volume and tedious tasks, analysts are freed up to focus on the top threats. NDR with agentic AI pieces together a complete, correlated story from network data and surfaces a prioritized set of detections such as an anomalous connection tied to a failed login, a suspicious DNS query, or unusual file access.

Each detection is delivered with the network evidence analysts need for immediate context. NDR should still be tuned to ignore true “meaningless” noise, but agentic AI’s correlation capabilities also reduce the need for the manual tuning that some NDR deployments sometimes struggled with in the past by identifying and automating detection improvements. Comparing NDR without and with agentic AI Let’s start without agentic AI. In a typical 24-hour window, imagine your NDR system detects 847 network anomalies, and ML models flag 312 as potentially malicious.

Now the analysts step in to manually triage and investigate these, likely dismissing a large number as false positives. Four detections eventually emerge that require action. Now picture the same window and the same number of anomalies, but with agentic AI handling triage. It correlates alerts, reasons through the evidence, and draws conclusions.

It then presents the analysts with four prioritized detections to review, each with relevant evidence and suggested response actions attached. For example, it might determine that a DNS anomaly correlates with a new process on an endpoint, flag a compromised identity, and match TTP patterns to Cobalt Strike beacons. Advanced NDR even lets analysts look under the hood to see how the AI reached its conclusions, for full transparency. The analysts simply pick up the prioritized detections and begin their review.

Operational deployment Agentic AI still doesn’t fully eliminate the need for proper deployment. Three key areas contribute to NDR becoming a trusted partner instead of a noisy neighbor: baselining, staying tuned, and SOC integration. Baselining NDR has detection engines that can generate alerts immediately out of the box, but some methods such as anomaly detection require the platform to run for a period of time to baseline the network’s normal behavior. During this period it observes typical traffic flows, known server and endpoint activities, and expected devices.

Most NDR platforms already automate this process, which helps the system distinguish routine operations from true threats and identify malicious traffic. Tuning builds on that baseline. When false positives fire, analysts can classify and eliminate them from the alert queue, helping retrain the detections and further reducing noise. Staying tuned Networks change.

New applications, cloud workloads, unknown devices, and AI-driven data flows can shift the baseline, and an outdated baseline can lead to more false positives. Regular tuning keeps NDR calibrated while AI can help spot emerging patterns before they turn into noise. SOC integration NDR data can fuel other systems in an AI-powered SOC, and better fuel can deliver cleaner results. This matters for the noise problem: when AI has high-fidelity data to work with, it can more accurately distinguish true threats from false positives.

In one example, a recent report demonstrated just how much data quality matters, with one type of data improving CTF test scores by over 350%. In this report, the same data increased accuracy (95% vs. 26%) and delivered nearly 300% more IR findings compared to common log formats. Across test runs conducted during the study, frontier AI models performed at comparable levels, meaning data quality, not model choice, had the greater impact on security outcomes.

This same data can enrich other AI SOC tools, SIEMs powered with AI (e.g., CrowdStrike’s Charlotte), and connections to local models via MCP. Organizations getting the most from their systems use APIs and detection feeds strategically, letting the NDR AI handle correlation before alerts reach other platforms, further reducing noise before it ever hits the analyst queue. The bottom line Myths often persist because they’re easy to repeat. The “NDR is noisy” story is quickly being replaced by AI designed to correlate at scale that: Handles the volume Creates context Finds signals otherwise lost in the noise Reduces manual tuning dependency Shifts analyst focus to high-severity threats Proper deployment handles the rest.

What emerges is NDR that delivers better visibility and faster response, and fuels the SOC to finally keep pace with the network. Corelight Network Detection & Response Trusted to defend the world’s most sensitive networks, Corelight’s Network Detection & Response (NDR) platform combines deep visibility with agentic AI, and advanced behavioral and anomaly detections to help your SOC uncover new, fast-moving threats. Learn more about Corelight. Found this article interesting?

This article is a contributed piece from one of our valued partners. Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Lazarus Deploys RemotePE Memory-Only RAT Against Financial and Crypto Firms

Cybersecurity researchers have shed light on a cross-platform malware called RemotePE that has been put to use by the North Korea-linked Lazarus Group in attacks targeting financial and cryptocurrency organizations. RemotePE, per NCC Group subsidiary Fox-IT, is part of a multi-stage attack chain that involves two loaders tracked as DPAPILoader and RemotePELoader. “DPAPILoader decrypts and loads RemotePELoader from disk using the Windows Data Protection API ( DPAPI ),” security researchers Yun Zheng Hu and Mick Koomen said . “RemotePELoader beacons to a C2 server and waits until it receives the next stage: RemotePE, a RAT executed entirely in memory and never written to disk, leaving no filesystem artifacts.” RemotePE was first highlighted by the security vendor in September 2025 in connection with an attack targeting an unnamed organization in the decentralized finance (DeFi) sector, leading to the deployment of three malware families, including PondRAT, ThemeForestRAT, and RemotePE.

The intrusion commenced with the compromise of an employee’s device through social engineering, after having approached the victim on Telegram under the guise of an existing employee of a trading company and scheduling a meeting on fake Calendly and Picktime domains. The RemotePE infection sequence goes through three stages, with the DPAPILoader DLL (“Iassvc.dll”) responsible for decrypting and loading an encrypted payload from disk using DPAPI. The earliest DPAPILoader artifact dates back to November 2023. The decrypted payload is another loader, RemotePELoader, which is designed to contact a remote server (“aes-secure[.]net”) over HTTP, fetch the core module, and execute it in memory, but not before taking steps to evade detection using techniques like Hell’s Gate and patching Event Tracing for Windows ( ETW ).

The final stage is a full-fledged remote access trojan named RemotePE that’s written in C++ and polls a command-and-control (C2) server for further instructions. The malware supports six categories of commands, allowing it to - Obtain or modify the C2 configuration Get or change the current working directory, register a new DLL module, get loaded DLLs, and unload a DLL Perform file operations Get a list of running processes, create a new process, or kill process by ID Sleep for a predetermined interval or exit RemotePE Ping the server A notable aspect of the file deletion command is that it overwrites each file with constant bytes seven times before renaming and deleting it, a pattern also observed in PondRAT and POOLRAT (aka SIMPLESEA). PondRAT is assessed to be a lightweight version of POOLRAT. Fox-IT said it obtained four RemotePE samples that indicate the RAT was under active development between mid-2023 and mid-2024.

The first version has a compilation timestamp of July 4, 2023. “The toolset’s environmental keying, memory-only execution, EDR evasion, and low forensic footprint suggest it is purpose-built for long-term observation campaigns,” the researchers said. “This allows the actor to quietly maintain access over an extended period before moving to a high-impact final objective such as data theft or a large-scale financial heist, consistent with this actor’s known history.” “The actor-in-the-loop delivery model and the toolset’s low detection rate (neither RemotePELoader nor RemotePE appeared on VirusTotal prior to this publication) suggest this toolset may be reserved for high-value targets where long-term, stealthy access is the objective, consistent with this Lazarus subgroup’s known focus on financial and cryptocurrency organizations.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

A new coordinated cross-ecosystem software supply chain attack campaign has targeted npm, PyPI, and Crates.io to distribute credential-stealing malware. The campaign, codenamed TrapDoor , spans more than 34 malicious packages across over 384 versions. The earliest activity was recorded on May 22, 2026, at 8:20 p.m. UTC, with new packages published to the ecosystems in waves from a cluster of accounts in quick succession.

“TrapDoor targets developers in crypto, DeFi, Solana, and AI communities,” Socket said. “The malicious packages are designed to steal developer secrets, crypto wallets, SSH keys, cloud credentials, browser data, and environment variables.” “Several npm packages also deploy a shared payload, trap-core.js, that scans for credentials, validates AWS and GitHub tokens, attempts SSH-based lateral movement, and plants persistence through .cursorrules, CLAUDE.md, Git hooks, shell hooks, systemd, cron, and SSH.” It’s worth noting that the activity has no connection to another campaign of the same name that HUMAN’s Satori Threat Intelligence and Research Team detailed last week as engaging in ad fraud by distributing 455 Android apps through the Google Play Store. The list of identified packages is below - Crates.io move-analyzer-build move-compiler-tools move-project-builder sui-framework-helpers sui-move-build-helper sui-sdk-build-utils npm async-pipeline-builder build-scripts-utils chain-key-validator crypto-credential-scanner defi-env-auditor defi-threat-scanner deployment-key-auditor dev-env-bootstrapper eth-wallet-sentinel llm-context-compressor mnemonic-safety-check model-switch-router node-setup-helpers project-init-tools prompt-engineering-toolkit solidity-deploy-guard token-usage-tracker wallet-backup-verifier wallet-security-checker web3-secrets-detector workspace-config-loader PyPI cryptowallet-safety data-pipeline-check defi-risk-scanner env-loader-cli eth-security-auditor git-config-sync solidity-build-guard The operation is notable for its diverse delivery paths, using postinstall hooks, remote JavaScript payloads that are executed during package imports, and malicious build.rs scripts to target Sui and Move developers. The packages masquerade as seemingly harmless tools, giving attackers the ability to reach a broad audience.

The npm packages have been found to run a JavaScript payload (“trap-core.js”), which scans for credentials and developer secrets, validates stolen credentials using AWS and GitHub API calls, and creates persistence on the host using cron jobs, systemd services, Git hooks, and moves across the network via SSH. The Rust crates, in a similar fashion, search for local keystores, encrypt the data using a hardcoded XOR key, and exfiltrate it to GitHub Gists. The packages are also noteworthy for the use of a build script (“build.rs”) to trigger the execution of the malicious code. The Python packages associated with TrapDoor are designed such that they are auto-executed on import.

The primary goal of the packages is to download JavaScript from an attacker-controlled GitHub Pages domain (“ddjidd564.github[.]io”), and run it using “node -e.” “This technique allows the Python package to delegate execution to a remote JavaScript payload, giving the attacker more flexibility after publication,” Socket explained. “By hosting the payload externally, the attacker can update behavior without publishing a new PyPI release.” An unusual aspect of the campaign is the implanting of .cursorrules and CLAUDE.md containing hidden instructions to trick artificial intelligence (AI) assistants into running a “security scan” that results in secret discovery and exfiltration. This is achieved by opening GitHub pull requests (PRs) across popular AI and developer projects, including “browser-use/browser-use,” “langchain-ai/langchain,” and “langflow-ai/langflow.” The PR activity indicates that TrapDoor extends beyond pushing malicious packages to open-source ecosystems. Socket said the threat actor is likely testing whether AI-related project files can be introduced through regular open-source contribution workflows, thereby causing AI coding tools to parse those hidden instructions and apply them.

The findings once again demonstrate how threat actors are increasingly targeting developer workflows, aiming to steal a wide range of information that could make it possible to burrow deeper into target environments for follow-on attacks. “TrapDoor shows how attackers are combining traditional package typosquatting with newer developer-environment attack paths,” Socket said. “The package names are tailored to appear relevant to crypto development, AI tooling, local environment setup, and security workflows. The malware then uses ecosystem-specific execution paths: build.rs in Rust, postinstall hooks in npm, and import-time execution in Python.” Found this article interesting?

Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.