DAILY WORKFLOW ARCHIVE

2026-05-29 AI创业新闻

候选线索仅供信息发现,请在引用或实践前回到原始来源核验。

2026-05-29 AI创业新闻

Kimsuky Deploys HTTPSpy, Expands Arsenal with HelloDoor and VS Code Tunnels

The North Korean state-sponsored threat actor known as Kimsuky (aka Velvet Chollima) has been attributed to a fresh set of cyber attacks targeting South Korean military and corporate entities through March and April 2026. “Kimsuky employed a range of tailored social engineering tactics, such as spoofing security software installation pages and crafting a fake Webex meeting page that leveraged a legitimate meeting schedule,” ENKI said in an analysis published this week. The attacks have been found to deliver a variant of a known malware family dubbed HTTPSpy by disguising it as installers from South Korean security software, a tactic the threat actor has consistently adopted since 2023. In the latest campaign observed in March 2026, the adversary has been found to propagate malicious payloads through a bogus web page impersonating the security software installation page of a South Korean B2B messaging service.

Given the nature of the lure, it’s suspected that the activity may have been specifically designed to single out messaging administrators within corporate environments. The page claims to offer two security tools: a firewall and a keyboard security program. Once unsuspecting users initiate the download, it results in the download of either of the two executables - “nos-setup.exe” and “astx-setup.exe” - that masquerade as nProtect Online Security and AhnLab Safe Transaction (ASTx). Despite the differences in the name, the malicious behavior embedded in them is identical.

The primary responsibility of the binaries is to launch a second-stage DLL payload (“MemLoader.dll”) via “regsvr32.exe,” after which a batch script is run to delete themselves from disk. The DLL establishes persistence on the host using a scheduled task and contacts a command-and-control (C2) server to retrieve an as-yet-unknown payload. “The attacker likely monitored the recurring GET requests from the malware and selectively delivered payloads to specific victims,” ENKI said. In another campaign observed in April 2026, a counterfeit web page mimicking Cisco Webex is said to have been used to display a pop-up message urging the victim to download and run a script to address issues with accessing the camera.

Doing so results in the retrieval of a ZIP archive containing an encrypted JavaScript (JSE) file (“fix-camera.jse”). The execution of the JSE file results in the deployment of an intermediate downloader (“mTSTCv8.mdxm”) using PowerShell, which then runs anti-analysis checks and contacts a C2 server to fetch the next-stage malware (“engine.dat” or “spyInster.dll”). In the final stage, the DLL drops a loader component (“cacheMon.dat”) that, in turn, executes HTTPSpy on the compromised system. HTTPSpy is a full-featured remote access trojan that supports a wide range of capabilities to run shell commands, upload/download files, execute processes, capture screenshots, inject DLL paths into specified PID processes, and erase itself from the endpoint.

This is not the first time Kimsuky has deployed HTTPSpy. In its 2025 European Threat Landscape Report, CrowdStrike said the hacking group likely targeted a German defense manufacturer’s employees via a credential phishing campaign deploying the malware between May 2024 and at least September 2024. The first use of HTTPSpy dates back to 2022. Simultaneously, the malware also drops and opens an HTML file named “meeting.html,” which immediately redirects the victim to a Webex meeting room.

Accessing the URL opens a legitimate Webex meeting room associated with an actual scheduled event that took place around the same time. “This indicates that the attacker likely compromised a service member’s device or account to obtain the meeting schedule, then crafted a fake meeting page to distribute malware to the other attendees,” the cybersecurity company said. ENKI said it also discovered additional fake web pages that query a local server set up by the malware on the victim’s machine via JSONP (JSON with Padding) to verify malware execution status and display an installation prompt if it’s not running. The technique has been codenamed JSONPing.

However, the exact nature of the downloaded malware remains unknown as the URL is currently inactive. “Kimsuky went beyond simple malware distribution, introducing sophisticated mechanisms to maximize delivery success, including real-time infection verification via JSONPing and crafting a fake page using a stolen meeting schedule,” ENKI said. Kimsuky Evolves with HelloDoor and HttpMalice The disclosure comes as Kaspersky detailed the threat actor’s use of Microsoft Visual Studio Code (VS Code) tunneling, Cloudflare Quick Tunnels, DWAgent, large language models (LLMs), and the Rust programming language in its latest campaigns, highlighting its continued adaptation and evolution. “Specifically, Kimsuky leveraged legitimate VS Code tunneling mechanisms to establish persistence and distributed the open-source DWAgent remote monitoring and management tool for post-exploitation activities,” the Russian cybersecurity company said .

“These activities affected various sectors in South Korea, impacting both public and private entities.” Attack chains have been found to rely on a variety of droppers written in JSE, PIF, SCR, and EXE to deliver two broad malware families: PebbleDash and AppleSeed . While PebbleDash attacks have also been recorded against defense organizations in Brazil and Germany, the AppleSeed cluster has mainly targeted government organizations. Some of the key malware families delivered by the droppers are as follows - HelloDoor , a Rust-based PebbleDash variant first identified in August 2025 and likely developed using an LLM. It supports basic functionality to set the current directory, sleep for a specific time interval, and run commands.

HttpMalice , the latest backdoor variant of PebbleDash, emerged no later than December 2025. It comes with capabilities to gather information about the compromised system, set up persistence, perform reconnaissance using native Windows commands, capture screenshots, load downloaded payloads into memory, run commands, and exfiltrate the execution output. HttpTroy , a backdoor delivered via a loader named MemLoad, allows file upload/download, screenshot capture, command execution, in-memory loading of executables, reverse shell, process termination, and trace removal. AppleSeed , which comes in two variants: Dropper and Spy.

The Dropper is responsible for downloading additional malware and executing commands received from its C2 server. The Spy version gathers sensitive information such as documents, screenshots, keystrokes, and lists of USB drives. This also includes harvesting data from the C:\GPKI directory, mirroring a similar feature implemented in Troll Stealer . HappyDoor , an advanced version of AppleSeed that first surfaced in 2021 .

Another notable tactical shift involves the abuse of the legitimate VS Code Remote Tunneling feature to establish covert remote access to the victim’s device, thereby eliminating the need for traditional malware-based C2 channels. This approach has also been highlighted by Darktrace and Logpresso . “Our analysis shows that the actor retains access to the original source code of the malware clusters and the ability to modify it,” Kaspersky researcher Sojun Ryu said. “Two clusters have overlapping target sectors that span the defense, military, government, medical, machinery, and energy industries.” “The AppleSeed cluster is shifting its focus to data exfiltration, and GPKI certificate extraction has become a signature capability.

Meanwhile, the PebbleDash cluster demonstrates advanced remote control capabilities and an expanding set of targets.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code

A critical security vulnerability has been disclosed in Gogs, a popular open-source self-hosted Git service, that allows an authenticated user to execute arbitrary code under certain conditions. The security flaw, per Rapid7, is rated 9.4 on the CVSS scoring system. It does not have a CVE identifier. “The vulnerability allows any authenticated user to achieve remote code execution (RCE) on the server by creating a pull request with a malicious branch name that injects the –exec flag into git rebase during the ‘Rebase before merging’ merge operation,” security researcher Jonah Burgess said .

Rebasing is a Git action that’s used to take a sequence of commits from one feature branch and replay them on top of another base branch to create a linear project history. While “git rebase” solves the same problem as “git merge” – i.e., integrating changes from one branch into another – the former rewrites the project history by creating new commits for each commit in the original branch. The “git rebase” action also accepts as an argument a shell command via an –exec flag that’s executed after each commit is replayed. A notable aspect of the vulnerability is that it does not require admin privileges or interaction with other users.

To pull off the attack, all an unauthenticated threat actor has to do is create an account and repository on any default-configured instance. “Any registered user who creates a repo is automatically its owner,” Burgess said. “From there, enabling rebase merging is a single toggle in settings, and the entire exploit chain can be operated without interaction from any other user.” In an alternative scenario, a user with write access to a repository where rebase is already enabled can exploit the flaw directly to obtain code execution. On Gogs instances where repository creation is restricted, an attacker is required to have write access to any repository that has rebase merging enabled.

As of writing, the vulnerability remains unpatched despite it being reported to the maintainer on March 17, 2026. Successful exploitation of the bug could grant an attacker the ability to breach the server, access every repository on the instance, dump credentials, move to other network-accessible systems, and tamper with any hosted repository’s code. What’s more, it can result in a cross-tenant data breach, allowing the attacker to read other users’ private repositories hosted on the same shared server. According to Rapid7, the flaw impacts all supported platforms, such as Windows, Linux, and macOS.

There are an estimated 1,141 internet-facing Gogs instances. However, the actual figure is expected to be higher, given that most deployments are placed behind VPNs or internal networks. In the absence of a patch, the following recommendations are outlined - Restrict user registration (DISABLE_REGISTRATION = true in app.ini) to prevent untrusted users from creating accounts Restrict repository creation (MAX_CREATION_LIMIT = 0 in app.ini) to prevent users from creating their own repositories Audit rebase merge settings Rapid7 has also made a Metasploit module that automates the full exploit chain against both Linux and Windows targets. The module supports two modes: a default mode where a temporary repository is created under the attacker’s account, the exploit is run, and the repository is deleted.

The second approach targets a repository that the attacker already has write and merge access to. “When the attacker creates and deletes their own repository, the only trace is an HTTP 500 in the server logs,” the cybersecurity expert said. “When exploiting an existing repository, additional artifacts remain.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer

Threat actors are continuing to exploit a critical, now-patched security flaw impacting FortiClient Endpoint Management Server (EMS) deployments to deliver credential-stealing malware. “The campaign abused trusted endpoint management infrastructure to deliver malware across managed endpoints,” Arctic Wolf said . “Threat actors disguised the credential stealer payload as a Fortinet endpoint update, silently executing the malicious executable through PowerShell.” The activity, observed by the cybersecurity company in May 2026, involves the exploitation of CVE-2026-35616 (CVSS score: 9.1), a critical pre-authentication API access bypass leading to privilege escalation. The issue was addressed by Fortinet in FortiClient EMS 7.4.7 and later.

A successful compromise is followed by the threat actor taking steps to modify configurations to defer firmware upgrade reminders, as well as modifying a Remote Access Profile configuration and endpoint policy to insert a malicious script for execution on endpoint devices. “The observed execution pattern suggests that threat actors used FortiClient’s own management pathway to push malicious PowerShell commands to managed endpoints in a way that resembled legitimate management operations,” Arctic Wolf said. “Once the threat actors had a route to modify EMS-managed configuration, every managed endpoint became a potential execution target without requiring a separate intrusion path to each device.” In addition, the attack has been found to leverage “fortitray.exe,” a legitimate executable associated with FortiClient to launch a .cmd script file using “cmd.exe.” The .cmd script is designed to invoke a Base64-encoded PowerShell script that, in turn, is responsible for downloading a malicious payload, running it, and exfiltrating the results to “83.138.53[.]110” via an HTTP POST request. The executable, named “FortiEndpoint_Patch.exe,” masquerades as an update, but, in reality, is a previously unreported Windows information stealer capable of harvesting sensitive data, such as passwords, cookies, and autofill details such as credit card information, addresses, and phone numbers, from Chromium- and Gecko-based browsers.

The data is written to a log file and saved to the ProgramData directory. It’s worth noting that the stealer lacks network-based exfiltration capabilities. It’s the PowerShell script that transmits the captured data to the attacker-controlled infrastructure. “By bypassing API authentication and interacting with EMS functionality in a privileged context, threat actors were able to modify management configuration and push malicious scripts for execution on managed endpoints,” Arctic Wolf said.

“Session cookies and saved browser credentials may provide threat actors with follow-on access to cloud services, internal applications, and other authenticated resources, including cases where session reuse may circumvent MFA prompts.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Securing AI Use Within Your Organization Starts Here

Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal

Microsoft has come out strongly in favor of Coordinated Vulnerability Disclosure (CVD), urging the research community to share their findings and give affected vendors an opportunity to better understand the impact and address them before they are publicly disclosed. The development comes after a researcher named Chaotic Eclipse (aka Nightmare-Eclipse) disclosed details of multiple zero-day vulnerabilities affecting various Windows components, including Defender and BitLocker, over the past month, citing a breakdown in Microsoft’s handling of the vulnerability disclosure process. “In recent weeks, several zero-day vulnerabilities have been publicly disclosed,” the tech giant said . “The details of these vulnerabilities were not shared with Microsoft prior to release, and the disclosures put our customers at unnecessary risk.” “In response to the unnecessary risk created by these disclosures, our security teams have been working around the clock to understand the impact, protect our customers, and develop security updates.” The vulnerabilities include BlueHammer (CVE-2026-33825), RedSun (CVE-2026-41091), UnDefend (CVE-2026-45498), YellowKey (CVE-2026-45585), GreenPlasma , and MiniPlasma .

Following disclosure, BlueHammer, RedSun, and UnDefend have all come under active exploitation in the wild. Microsoft said it “firmly” opposes such uncoordinated disclosures and that putting proof-of-concept code for unpatched vulnerabilities can have “real-world consequences” when they end up in the hands of bad actors. “We invite diverse perspectives that help the security community work together to protect everyone. We realize that we will not always agree on everything, but we are committed to transparency and continue to create opportunities for dialogue,” the tech giant added.

“These conversations happen at researcher appreciation events, security conferences, and the everyday work we do together to understand and address vulnerabilities.” The fallout from these disclosures is said to have led GitHub to take down the researcher’s account last week. Although the exploit code for the six vulnerabilities was subsequently uploaded to GitLab, the newly created account has since been blocked. “So let me get this straight, when I actively asked you to communicate with me, you refused, humiliated me, and made sure to insult me in front of people,” the researcher said in a post published over the weekend. “You defame me in public with your CVE-2026-45585 advisory even though you literally deleted the Microsoft account I used to report bugs to you with and I got zero pennies from doing so and I still happily did like an idiot.

Now you take the courtesy to flag my GitHub account and wipe it out of the public, just like that? You are proving to everyone that you [sic] actively escalating this conflict but I’m done begging you.” The researcher also said they intend to release something on July 14, 2026, that “will make sure your bones are shattered that day.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

ThreatsDay Bulletin: Claude Security Plugin, Azure Priv-Esc, Kali365 MFA Bypass, FIFA Scams +15 More

Every time you think the industry has finally stopped doing some reckless, low-effort crap, somebody spins up a fresh box full of sketchy loaders, fake installers, recycled social-engineering bait, and enough exposed infrastructure to make you wonder if prod is just a public beta now - meanwhile some researcher casually drops a technique that turns a “minor” foothold into total account compromise because apparently six digits and blind trust were all that stood between your vault and getting absolutely pwned. Cool. Great. Love that for us.

Then there’s the supply chain mess… signed binaries, poisoned updates, legit tooling getting hijacked like it’s still 2017, plus a few reports this week that feel less like advanced tradecraft and more like watching skiddies discover low-hanging fruit with enterprise branding slapped on top. The weird part isn’t that it works. The weird part is how damn easy it still is.

Anyway. Grab caffeine. Let’s get into it. Massive regional C2 footprint More than 1.3K C2 Servers Discovered in the Middle East Hunt.io said it identified more than 1,350 command-and-control (C2) servers across 98 Middle East infrastructure providers over the past three months, between February 1 and May 1, 2026.

“C2 infrastructure dominates malicious activity (~96.8%), far exceeding phishing infrastructure (~0.5%) and publicly reported IOCs (~0.5%), while malicious open directories account for the remaining ~2.2% of observed artifacts,” it said . “Saudi Arabia’s STC (Saudi Telecom Company) hosts 981 C2 servers, representing 72.4% of all detected C2 infrastructure in the region. IoT-focused botnets (Hajime, Mozi, and Mirai) combined with offensive frameworks (Tactical RMM, Cobalt Strike, Sliver) represent the dominant malware families operating across Middle Eastern infrastructure.” AKS privilege escalation flaw Microsoft Patches Azure Backup for AKS Privilege Escalation Bug Microsoft is said to have silently fixed a privilege escalation flaw in Azure Backup for AKS that allowed a user with only the “Backup Contributor” Azure role (zero Kubernetes permissions) to gain cluster-admin on any AKS cluster, per security researcher Justin O’Leary . The vulnerability, which does not have a CVE, carries a CVSS score of 9.9.

While Microsoft rejected the vulnerability report as “AI-generated content,” it appears to have been patched since, and additional validation checks were enforced that did not exist in March 2026. Cybercrime operator jailed Romanian National Sentenced to Prison for U.S. Cyber Attacks A 46-year-old Romanian national found guilty of breaking into an Oregon state government office in 2021 and other cyber attacks across the U.S. has been sentenced to 56 months in prison.

Catalin Dragomir pleaded guilty to one count of aggravated identity theft and one count of obtaining information from a protected computer in February. Dragomir was arrested in Romania in November 2024 and extradited to the U.S. in January 2025 to face charges. Dragomir “sold access to a computer on the network of an Oregon state government office after obtaining unauthorized access to it in June of 2021,” the Justice Department said .

“During the sale, Dragomir provided the prospective buyer with samples of personal identifying information from the computer. He also sold access to the computer networks of numerous other victims in the United States, causing losses of at least $250,000.” DAEMON Tools added to KEV CISA Adds DAEMON Tools Supply Chain Incident to KEV Catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the supply chain attack targeting DAEMON Tools software to its Known Exploited Vulnerabilities ( KEV ) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply necessary fixes by May 30, 2026. The incident is now being tracked under the identifier CVE-2026-8398 (CVSS v4 score: 9.3).

“Attackers gained unauthorized access to the vendor’s (AVB Disc Soft) build or distribution infrastructure and trojanized three binaries: DTHelper.exe, DiscSoftBusServiceLite.exe, and DTShellHlp.exe,” according to the description of the CVE. “These files were digitally signed with the legitimate AVB Disc Soft code-signing certificate, allowing the malicious installers to appear trustworthy and bypass signature-based detection.” Apple unveils PQC code Apple Open-Sources PQC Implementation Apple has published its post-quantum cryptography (PQC) implementations in corecrypto , including quantum-secure ML-KEM and ML-DSA algorithms, along with mathematical verification tools that it built to assure compliance with FIPS 203 and FIPS 204 specifications for independent evaluation by experts. “Corecrypto is used continuously in our products, providing encryption and decryption, hashing, random number generation, and digital signatures on over 2.5 billion active devices,” Apple said . “A critical bug in corecrypto has the potential to compromise the security and reliability of every app and feature that depends on it, so we are conservative when adding new code to the library and make exceptional efforts to be comprehensive in our testing.” Law firms targeted by SRG Silent Ransom Group Impersonates IT Personnel in Social Engineering Attacks The U.S.

Federal Bureau of Investigation (FBI) has warned that the threat actor known as the Silent Ransom Group (SRG), also known as Luna Moth, Chatty Spider, and UNC3753, has been targeting law firms using social engineering techniques as part of fresh attacks since spring 2026. Law firms are a rich target due to the highly sensitive nature of the data they possess. “Through phone calls and phishing emails, SRG actors pose as IT support to establish access to victim computers and exfiltrate data, usually through legitimate remote access tools or by sending an individual in-person to the victim company’s location to gain physical access to computers,” the FBI said . “While SRG has victimized companies in many sectors, including those in the insurance, finance, and healthcare industries, the group has consistently targeted U.S.-based law firms since Spring 2023.” As part of the scheme involving in-person visits, the threat actor tells the victim they need to image the device or create a backup file to address potential impacts from the phishing email.

Upon gaining a foothold, the attackers move swiftly to escalate privileges and pivot to data exfiltration without encryption. “By sending someone in-person to the victim’s location to facilitate the intrusion, SRG actors exfiltrate data to an external hard drive or USB drive inserted by the threat actor into the victim’s computer,” the FBI added. Fake installers spread Deno RAT Fake Software on GitHub and SourceForge Distributes Deno RAT Attackers are hosting counterfeit installers and plugins masquerading as popular software, including ChatGPT, Claude, ZENOLOGY, Ableton Live, AutoTune, and Kontakt, on GitHub and SourceForge to distribute a Deno backdoor known as DinDoor (aka Tsundere). “Attackers are using compromised YouTube channels to distribute links to these platforms,” Malwarebytes said .

“DinDoor ultimately drops different types of malware, including a stealthy remote access Trojan (RAT), which also uses the Deno JavaScript runtime.” PureLogs phishing wave Phishing Campaign Delivers PureLogs Stealer Variant A phishing campaign is using deceptive emails disguised as purchase orders to trick recipients into opening malicious JavaScript files contained within RAR archives that lead to the deployment of a PureLogs variant to steal sensitive data from the victim’s device. “Upon analyzing the PureLogs module, the malware’s primary capability is to collect sensitive data from the victim’s system, including basic hardware and system information, saved credentials, cryptocurrency-related data, and more,” Fortinet said . “The malware then compresses and encrypts the collected data before transmitting it to the C2 server.” U.K. targets crypto sanctions evasion U.K.

Government Unveils New Sanctions Against Crypto Networks The U.K. has announced sanctions against cryptocurrency exchanges and the A7 network used by Russia to evade existing restrictions. Among those hit by sanctions is HTX (aka Huobi Global), which is one of the largest cryptoasset exchanges in the world, with $3.3 trillion in trading volume in 2025. “It is suspected of providing services to A7, the sanctioned Russian payments network, and Garantex, the sanctioned cryptocurrency exchange,” Elliptic said .

It’s worth noting that the A7 corporate-and-token infrastructure emerged in the wake of the March 2025 Garantex takedown. Per data from TRM Labs , Huobi has sent more than $4.9 billion in direct on-chain transactions to U.K.-sanctioned and A7-network entities since 2021. Other entities hit by sanctions include Bitpapa and Rapira Group , the latter of which has transacted $375.6 million with Garantex’s named successor Grinex.io. Claude gains built-in code review Anthropic Announces Security-Guidance Plugin Anthropic has announced two new security features for its Claude AI: a self-hosted sandbox for Claude Managed Agents and a new security-guidance plugin.

“The security guidance plugin makes Claude review its own code changes for common vulnerabilities while it works and fixes what it finds in the same session,” Anthropic said . “The plugin catches issues such as injection, unsafe deserialization, and unsafe DOM APIs before the code reaches a pull request, reducing how much security review falls to human reviewers downstream. Once installed, the plugin runs automatically. There is nothing to invoke and no separate command to remember.” As described by Red Hat, a self-hosted sandbox “outsources the ‘thinking’ while keeping the ‘doing’ on your own infrastructure.” DACH cyberattacks jump 124% DACH Sees Rise in Hacktivism, Ransomware Data from Check Point has revealed that hacktivism and ransomware targeting organizations across Germany, Austria, and Switzerland increased 124% in 2025.

More than 60% of the hacktivist incidents have involved defacing websites to amplify political messaging. These efforts originated from NoName057(16), Mr Hamza, chinafans, Dark Storm Team, and Hezi Rash. Ransomware attacks, on the other hand, were mainly led by Akira, Qilin, and Safepay. “Germany accounted for more than 80% of regional incidents, with Switzerland at 12% and Austria at 8%,” Check Point said.

“Across Europe, the DACH region represented 18% of all recorded attacks, placing Germany above France, Spain, and Italy by individual country share.” World Cup scams explode online Scam and Fraud Campaigns Surge Ahead of FIFA World Cup Threat actors are increasingly capitalizing on the public excitement around the FIFA World Cup 2026 for scam campaigns. Bitdefender said it has identified more than 55 football-related malvertising campaigns targeting users through fake online stores, social media ads, IPTV piracy operations, fraudulent football apps, and FIFA-themed giveaway and lottery scams distributed through email. “The most-targeted users were in the United Kingdom, Portugal, Spain, Algeria, the United States, Canada, Mexico, Belgium, Germany, Brazil, and Australia,” the Romanian company said . Check Point said bad actors are “flooding the internet” with fake merchandise stores, fraudulent betting platforms, and phishing domains designed to steal personal data and money.

Host nations of the sporting event, Canada, Mexico, and the U.S., have also recorded an increase in the weekly average number of cyber-attacks per organization in April 2026, with Mexico registering a weekly average of 3,548 cyber attacks per organization. Group-IB said it uncovered six distinct fraud schemes and over 4,300 fraudulent domains impersonating FIFA’s official web presence. This includes a sophisticated phishing campaign conducted by a Chinese-speaking, financially motivated operator called GHOST STADIUM that involves using more than 300 domains using a shared phishing kit that exploits FIFA’s PingIdentity SSO login flow to harvest credentials and conduct fake ticket sales and payment fraud at scale. “GHOST STADIUM has built a pixel-perfect clone of the official FIFA website, complete with a replicated single sign-on (SSO) authentication flow, and multi-language support in 11 languages,” Group-IB said .

” Facebook Ads serves as the primary paid traffic acquisition channel for the GHOST STADIUM campaign.” Chrome extensions harvest WhatsApp data WaSteal, a 126-Extension WhatsApp Data Collection Network Cybersecurity researchers have uncovered a 126-extension Chrome Web Store extension network dubbed WaSteal that masquerades as independent WhatsApp CRM tools while exfiltrating user personal data, advertising cookies, and voice messages to operator-controlled servers, affecting nearly 148,000 users. According to researcher Jean-Marie R., the network is operated by wascript.com.br, which operates a white-label platform. “The largest variant (WaSeller, 100k installs) embeds a live GTM container giving its operator silent, permanent remote code execution with no extension update or Chrome review required,” the researcher said. “The operator’s own privacy policy directly contradicts every behavior documented.” GhostTree breaks endpoint scanning Bypassing Windows Security Using GhostTree A new technique named GhostTree abuses NTFS junctions to generate infinite file paths, causing endpoint security products to hang and leave files unscanned.

“We discovered that by pointing a junction back at its own parent directory, an attacker can create recursive loops that generate effectively infinite file paths,” Varonis said . “With just two lines of code, a user can generate endless valid paths, making it impossible to finish scanning parent directories with the dir command recursively. The same applies to EDR products that scan folders for malicious files. An attacker places malware in the parent directory, sets up the GhostTree structure, and the containing folder becomes effectively unscannable.

The scan hangs. The malicious files go unexamined.” Kali365 targets Microsoft 365 Microsoft 365 Users Targeted by Kali365 Phishing Kit An emerging Phishing-as-a-Service (PhaaS) platform called Kali365, first observed in April 2026, has been targeting Microsoft 365 environments. “Kali365 has primarily been distributed via Telegram, enabling cyber threat actors to obtain Microsoft 365 access tokens and bypass multi-factor authentication (MFA) protocols without intercepting the user’s credentials,” the FBI said . “Through the Kali365 platform subscription, cyber threat actors can capture ‘OAuth’ tokens and gain persistent access to targeted individuals/entities’ Microsoft 365 environments.” Like other PhaaS platforms, Kali365 risks lowering the barrier of entry to cybercrime, offering less-technical attackers access to artificial intelligence (AI)-generated phishing lures, automated campaign templates, real-time targeted individual/entity tracking dashboards, and OAuth token capture capabilities.

Kali365 is available to affiliates on a subscription basis, ranging from $250 for 30 days to $2,000 for a year. In a report published last month, Arctic Wolf said it observed a device code phishing campaign using Kali365 to obtain initial access and conduct follow-on activity. “The campaign relied on high-fidelity lures directing victims to Microsoft’s legitimate device login flow, where users unknowingly authorized threat actor-initiated sessions,” the company said . “Captured OAuth access and refresh tokens enabled immediate mailbox access and post-compromise activity.

In select cases, threat actors established malicious inbox rules to suppress security notifications, extending dwell time and reducing user awareness.” Barracuda Networks and Proofpoint have also warned of a spike in device code phishing campaigns in recent months. Barracuda said it detected more than 7 million device code attacks between March and April 2026. “The surge of device code phishing is the natural progression of credential phishing, as more people become aware of multi-factor authentication bypass techniques, criminals must get creative,” Proofpoint noted. Vaultjacking targets Google passwords Decrypting Google Password Manager Vault Using Vaultjacking PhishU has detailed a new technique called Vaultjacking , which demonstrates how a victim’s 6-digit Google Password Manager (GPM) PIN captured via an adversary-in-the-middle (AitM) phishing page can be used to decrypt the entire synced GPM vault.

“That single PIN releases Google’s Security Domain Secret, which decrypts every synced password and passkey on the account – not just the credential being registered, the entire vault,” Curtis Brazzell, PhishU Flounder and CEO, said in a statement. Once the AitM page harvests the user’s session cookies and GPM PIN, a threat actor can add a passkey to the victim’s Google account for persistence and then unlock the victim’s entire synced credential vault from their own infrastructure. Signed RVTools trojan spreads RAT Fake RVTools Installer Drops Python RAT A trojanized MSI installer for RVTools is being used to deploy a modular Python-based remote access trojan (RAT) using a VBScript loader. The malware includes a reconnaissance module that fingerprints the host and maps out Active Directory and a persistent command-and-control (C2) agent that encrypts stolen data and waits for operator commands.

“What made this campaign particularly effective was the use of a legitimately issued Sectigo code-signing certificate, registered under what appears to be a shell entity - Xiamen Lunwei Huage Network Co.(Sectigo), Ltd,” K7 Labs said . “At the time of delivery, the certificate was fully valid, meaning Windows SmartScreen and most endpoint controls raised no flags. It has since been revoked, though it offers limited protection to environments not enforcing real-time OCSP or CRL checks at execution time.” None of this was especially sophisticated. That’s the lesson nobody wants to hear.

Most breaches still start with trust abuse, stale configs, lazy access controls, or users getting socially engineered by someone sounding vaguely competent over the phone. Patch faster. Audit harder. Stop assuming signed software, MFA prompts, or “internal-only” tooling means safe.

The attackers already figured out the shortcuts. Might be time defenders stop pretending those shortcuts don’t exist. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

New AI Usage Report: Enterprise AI Risk Is Heavily Concentrated Among a Small Group of AI “Power users”

State of AI Usage Report 2026 ( full report here ) by LayerX Security reveals the extent of the enterprise AI visibility gap and why most organizations still don’t understand where their AI exposure is actually coming from. The research shows that enterprise AI risk is not distributed evenly across users or platforms. Instead, it is heavily concentrated among a small group of AI power users and a handful of dominant AI platforms that drive the majority of enterprise AI activity and sensitive data exposure. At the same time, AI usage is rapidly fragmenting across personal accounts, AI browser extensions, embedded copilots, AI connectors, and secondary AI tools operating outside traditional visibility and governance controls.

The result is a fragmented AI ecosystem that most organizations still cannot fully see or govern. While AI Is Everywhere in the Enterprise, Most Employees Are Casual The common perception is that “everyone uses AI now”. The report paints a much more nuanced picture. While nearly half of enterprise users interacted with AI tools over the past year, only 18% use AI on a weekly basis.

This suggests that most employees remain casual users. At first glance, that sounds like good news for security teams. Fewer users should mean lower risk. But the report found the opposite.

Enterprise AI activity is heavily concentrated among a very small group of employees. While half of the users had 12 AI conversations or fewer, the top 5% generated at least 144 conversations. These same users also engaged in much deeper interactions, averaging 18 prompts per conversation compared to the average of 2. This creates a new class of “AI power users” that conduct far more conversations, interact across multiple AI platforms, and engage in significantly deeper prompt chains than average employees.

The result: AI risk is not distributed evenly across the organization. A relatively small group of users drives a disproportionate amount of enterprise AI exposure. ChatGPT Is Still Dominating Enterprise AI Usage, But Copilot is Coming Closer Despite the rapid growth of enterprise copilots, ChatGPT remains the dominant AI platform inside enterprises by a significant margin. It accounts for 36% of enterprise AI users and more than 55% of all AI conversations.

That gap matters because it shows ChatGPT users are far more active than users of competing platforms. Copilot M365 is growing quickly, reaching 29% adoption and nearly a quarter of enterprise AI conversations. The growth of Copilot also signals something important: enterprise AI usage is starting to split between governed enterprise-native AI and consumer-driven AI adoption. But beyond those two leaders, most AI platforms remain far behind despite the attention they receive.

While Copilot M365 usage is largely tied to corporate-managed Microsoft environments, where organizations typically maintain stronger visibility and governance controls, Gemini presents a very different risk profile. Most enterprise Gemini usage still happens through the regular consumer version, not Gemini Enterprise. In many cases, employees access it through personal accounts and unmanaged environments. That means organizations often have little visibility into how data is retained, whether prompts are used for model training, or how enterprise information is ultimately handled.

The implication is significant: not all enterprise AI adoption carries the same level of risk. The real governance challenge increasingly comes from consumer AI usage operating inside enterprise workflows under the appearance of legitimate productivity tools. Shadow AI Is No Longer A Few Applications; It’s a Long Tail of Under-the-Radar AI Apps Most organizations still think about Shadow AI as employees using an unapproved chatbot. That definition is already outdated.

The LayerX research shows that enterprise AI usage is rapidly fragmenting across a growing ecosystem of AI tools, embedded assistants, AI browser extensions, AI search engines, coding copilots, and AI-powered SaaS features that often operate outside traditional visibility and governance controls. Nearly 30% of enterprise users already use multiple AI platforms, while the top 5% interact with six or more AI applications. Employees are no longer relying on a single assistant for isolated tasks. They are combining multiple AI systems inside the same workflows, often switching between tools depending on the task, data type, or convenience.

This is what modern Shadow AI actually looks like. It’s the growing long tail of AI tools that organizations struggle to see, track, or govern. In many cases, organizations may not even realize AI is being used at all, creating a far larger governance challenge than most organizations anticipate. Enterprise AI Usage Is Far More Personal Than Organizations Realize Most organizations assume that if employees use AI for work, they will naturally use corporate-managed AI environments.

But that’s not true. Nearly half of all enterprise AI conversations happen through personal identities rather than corporate-managed accounts. What’s even more concerning is that over 14% of conversations conducted with corporate identities are tied to personal AI licenses. This creates a major governance blind spot, as when employees use personal AI accounts, organizations lose visibility into retention policies, auditability, model training exposure, and how enterprise data is ultimately handled.

Sensitive company information can move into external AI ecosystems without centralized oversight or policy enforcement. What makes this particularly surprising is that the divide is not just about identities. It is increasingly shaping platform selection itself. Enterprise-focused platforms such as Copilot M365 and Gemini Enterprise are used primarily through corporate-managed accounts.

Meanwhile, platforms like ChatGPT, Claude, and DeepSeek remain dominated by personal usage. This means the enterprise AI problem is no longer just about AI applications. It is increasingly becoming a “personal AI” and governance problem. Sensitive Data Flows Into All AI Platforms, With DeepSeek and ChatGPT The Worst Culprits The report found that more than 6% of enterprise AI conversations already contain sensitive data.

We categorized the sensitive data to find that personal data was the most common category by far, appearing in 5.81% of conversations, while financial and IT-related data appeared less frequently but still represented meaningful exposure. DeepSeek showed the highest sensitive data exposure rate at 12.63% of conversations. ChatGPT followed at 8.38%. Copilot M365 showed a significantly lower exposure rate at 3.65%.

This suggests enterprise-integrated AI platforms may operate within more controlled governance environments, while consumer-oriented AI tools continue to see much riskier usage patterns. The question is no longer whether employees will share sensitive data with AI systems. They already are. The real challenge is understanding where it happens, how often, and through which identities and platforms.

AI Extensions and Connectors Are Quietly Expanding the AI Risk Surface The report also highlights two fast-growing AI channels that many organizations are barely tracking today: AI browser extensions and AI connectors. About 15% of enterprise users already run at least one AI browser extension. Nearly 75% of these extensions request high or critical browser permissions. More than 16% already have known vulnerabilities.

At the same time, AI connectors are increasingly linking AI systems directly to enterprise applications like SharePoint, GitHub, Slack, Atlassian, and Google Workspace. This means that AI systems are no longer limited to employees manually pasting information into chatbot windows. They are increasingly being granted persistent, programmatic access to enterprise systems, documents, collaboration platforms, and internal knowledge repositories. This fundamentally changes the nature of enterprise AI risk.

Turning Insight Into Action: The Path Forward for CISOs The report makes one thing clear: traditional AI governance approaches are falling behind how employees actually use AI. It outlines a clear direction for security leaders: Identify and Monitor High-Risk AI Power Users: AI risk is highly concentrated among a small group of employees who rely heavily on AI across multiple platforms and expose significantly more sensitive data than average users. Treating all AI usage equally wastes resources and misses the highest-risk behavior. Stop Focusing Only on “Approved AI”: The biggest visibility gap is the growing long tail of AI tools, embedded assistants, browser extensions, AI search engines, and connectors quietly spreading across the enterprise.

Block Personal Account Usage as Active Shadow AI: Unmanaged personal AI accounts and personal AI licenses expose sensitive enterprise workflows to uncontrolled AI environments. Enforcing corporate AI identities and blocking personal account usage helps ensure that AI interactions, prompts, and data flows remain visible, governed, and protected under enterprise security controls. Shift From “Block or Allow” to Inline AI Guardrails: Blocking AI outright is no longer realistic, and an “allow-all” approach is equally risky. Organizations need inline guardrails that monitor prompts, uploads, responses, and AI-driven actions in real-time to prevent sensitive data exposure without disrupting productivity.

Download the full State of AI Usage report from here Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

JINX-0164 Targets Cryptocurrency Firms with Fake Recruiter Lures and macOS Malware

A new campaign orchestrated by a previously undocumented threat actor has targeted cryptocurrency organizations with an aim to facilitate digital asset theft using recruitment-themed social engineering and bespoke macOS malware. “These campaigns leveraged sophisticated social engineering techniques, custom macOS malware, and deep targeting of CI/CD infrastructure,” Wiz researchers Shira Ayal, Eden Abergil, Andre Maccarone, Yuval Dan, and Benjamin Read said . “The used methods enabled the threat actor to move laterally from compromised employee laptops to code distribution systems and development infrastructure.” The Google-owned cloud security company is tracking the activity under the moniker JINX-0164 . The threat actor is assessed to be active since at least mid-2025 and motivated by financial gain, targeting developers through recruitment-themed and other social engineering techniques to siphon cryptocurrencies.

In at least one case, the adversary is said to have carried out a supply chain attack. In the attack chain documented by Wiz, JINX-0164 has been found to leverage credible LinkedIn profiles to approach victims and offer a virtual meeting. The meeting invite is designed to steer the target to a rogue domain that masquerades as a teleconference provider. From there, victims are tricked into downloading and executing a malicious file disguised as the meeting client.

This, in turn, triggers the retrieval of a Python-based macOS infostealer and remote access trojan codenamed AUDIOFIX using a bash script hosted on a fake driver store domain (“apple.driver-store[.]com”). “The [bash] script downloaded an architecture-aware payload from the same domain, compatible with both Intel and Apple Silicon systems. The payload masquerades as a system audio driver named coreaudiod, was saved as ChromeUpdater, and was executed via launchctl,” Wiz said. The Python malware is then leveraged to steal sensitive data from the compromised endpoint, laterally move to internal code distribution systems and development infrastructure by injecting the AUDIOFIX payload, and modify source code in an attempt to compromise other endpoints and steal cryptocurrency wallet credentials.

The captured data includes credentials from password managers, web browsers, and iCloud Keychain files; local admin credentials; SSH keys; configuration files; console history files; cryptocurrency browser extensions information; cryptocurrency wallet addresses; and active Discord, Slack, and Telegram sessions. Besides information theft, AUDIOFIX supports several commands that allow manual reconnaissance, exfiltration, arbitrary shell command execution, file deletion, and payload retrieval from an external server. JINX-0164 has also been observed targeting software developers by impersonating recruiters, while employing the same social engineering technique: using a job opportunity ploy to set up a meeting that displays a fake technical error and instructs the victim to download a “fix” that leads to malware installation. Another key component of the threat actor’s arsenal is MiniRAT, a Go-based backdoor that was previously distributed via a compromised version of an npm package named @velora-dex/sdk , a legitimate DeFi toolkit used for token swaps, limit orders, and delta trading on the VeloraDEX decentralized exchange platform.

Per details shared by SafeDep and StepSecurity last month, the poisoned version downloaded a shell script from a remote server, which then delivered an macOS-specific binary called MiniRAT . The malware is equipped to upload files, run arbitrary shell commands, and fetch additional payloads or tools from attacker-controlled domains. It’s worth noting that some aspects of the campaign, coupled with the use of VPN services like Astrill VPN and the focus on cryptocurrency and developers, are reminiscent of those used by multiple North Korean threat clusters such as BlueNoroff , Contagious Interview , and UNC1069 . However, Wiz said there are no infrastructure overlaps connecting JINX-0164 to Pyongyang at this stage.

“Similarly, the types of spoofing domains are similar to those used by other North Korean actors; however, JINX-0164 infrastructure does not have any overlaps with other publicly tracked North Korean groups,” Wiz said. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Grandoreiro Malware and BTMOB RAT Campaigns Target Windows and Android Users

Latin America and Europe become the target of two banking trojan campaigns that are designed to infect Windows and Android devices with Grandoreiro and BTMOB malware, respectively. That’s according to new findings from WatchGuard and ESET, which have observed the two malware families being used to single out companies in Spain, Portugal, and Mexico, as well as mobile users in Brazil. The Grandoreiro campaign “uses the DLL Side-Loading technique abusing four different software, targeting banks in Portugal,” WatchGuard researcher Euler Neto said . Active since 2016, Grandoreiro is an actively evolving banking malware that’s capable of stealing credentials associated with thousands of financial institutions across 45 countries and territories.

It’s typically distributed via phishing emails, instructing recipients to click on sketchy links. Despite some arrests and attempts by Brazilian authorities to dismantle its infrastructure in early 2024, the malware has continued to expand its targeting footprint, while incorporating CAPTCHA checks to resist analysis. The latest campaign flagged by WatchGuard has been found to leverage DLL side-loading to launch DLLs that are developed in Delphi 11, a programming language commonly used for malware targeting the region. Two of the DLLs - mingwm10.dll and libwebp.dll - have been found to incorporate sgcWebSockets , a WebSocket and real-time communication library, for peer-to-peer (P2P) and WebRTC communications.

“The DLLs associated with this case use the Session Traversal Utilities for NAT ( STUN ) protocol, which is a protocol that helps devices behind a NAT discover their public IP address and port number, enabling peer-to-peer communication,” WatchGuard explained. “The advantage for threat actors to use web conferencing traffic in their campaigns is due to this traffic being noisy, being difficult to monitor, and due to WebRTC being commonly used across all major web-conferencing platforms.” Two other DLLs associated with the campaign are libffi-6.dll and libpng15.dll, which make use of the Interactive Connectivity Establishment ( ICE ) protocol instead of STUN to achieve the same goal. These files specifically reference banks and financial institutions that operate in Portugal, such as Abanca, Banco de Portugal, BBVA PT, Caixa Geral Depositos, and Santander, among others. Also targeted are Revolut and Wise.

WatchGuard also said it identified another campaign in which phishing emails are used to deliver a ZIP archive hosted on Mediafire. The file contains an obfuscated Visual Basic Script that’s responsible for launching an executable, which displays a message asking users to update Adobe Reader by clicking on a button embedded in the alert. Doing so triggers a series of checks aimed at avoiding detection and complicating malware analysis, before launching the final payload to steal banking information and sensitive data. Some of the tactics overlap with a prior Grandoreiro campaign detailed by Kaspersky in October 2024.

“The bigger story here is not just that Grandoreiro is still active,” WatchGuard said. “It is that financially motivated threat groups continue to adapt quickly, reuse legitimate services, and hide inside traffic patterns that many organizations may already trust.” “By combining phishing, DLL side-loading, WebRTC-related components, cloud service abuse, and anti-analysis checks, these campaigns show how banking malware is becoming harder to spot with surface-level defenses alone.” BTMOB Offers Ready-Made Campaign Tools The disclosure coincides with a report from ESET about BTMOB, an Android remote access trojan (RAT) that first emerged in February 2025 with capabilities to unlock devices, capture screenshots, log keystrokes, automate credential theft through HTML injections when certain apps are opened, and enable remote control. A subsequent iteration introduced the ability to capture Alipay PINs. “The RAT is also sold with an APK builder interface, allowing anyone to generate new payloads and adapt phishing lures for specific regions at a rapid clip - and without writing any code,” ESET researcher Daniel Cunha Barbosa said .

BTMOB campaigns have been mainly observed in attacks in Brazil and Latin America, but the malware’s phishing-based delivery and device takeover capabilities, coupled with the ready-made app-building tooling, makes it a potent threat that poses risks well beyond the region and brings down the time and effort required to conduct a full device compromise, the Slovakian security vendor warned. The primary method through which the malware spreads is via social engineering, where users are sent links to bogus websites masquerading as streaming services, cryptocurrency mining platforms, and other trusted online services. From those sites, victims are directed to fake Google Play Store app listings that trick them into installing an Android package (APK) file containing the malware. Once installed, the malware seeks permissions to use Android’s accessibility services and then leverages it to grant itself additional system access without any user interaction.

BTMOB is believed to be the successor to CraxsRAT, CypherRAT, and SpySolr families. As of May 2026, the latest version of the malware (BTMOB v4.5.5) claims to offer enhanced APK protection and compatibility with the latest Google Play updates. “This update is all about speed and stability,” an X profile allegedly linked to the malware posted on May 1, 2026. “We’ve expanded our infrastructure and refined the builder to keep you ahead of the latest mobile security patches.” The Trojan is advertised by a threat actor named EVLF (@craxso) for a price tag of $700 per month.

According to a YouTube video shared by the malware author on May 1, 2026, a lifetime license is worth $1,200. The complete server source code is available for $7,000, allowing customers to host the command-and-control (C2) panels on their own infrastructure. As recently as this week, the X profile also shared a link to a Medium article about “how BTMOB RAT is turning Android phones into remote-controlled weapons,” and has been “evolving fast” since early 2025. “It slips in through phishing sites, grabs accessibility services, and turns your phone into a puppet,” the article reads.

“Hackers watch your screen live. They steal banking details. They even mine crypto in the background while you scroll Instagram.” Interestingly, the article was published by an account named “CraxsRAT Main developer.” The account’s bio claims they are a “skilled and resourceful cybercriminal who built a profitable cybercrime enterprise by selling highly advanced RAT malware to other threat actors.” The fact that BTMOB is sold under a malware-as-a-service (MaaS) model risks lowering the barrier to entry for less sophisticated threat actors. This is compounded by reports that leaked versions are already circulating on underground forums and Telegram, increasing the risk of abuse through copycats and other aspiring criminals.

“Access rarely stays contained forever, and the tool can move into secondary markets through resale, barter, or sharing inside closed groups,” ESET said. “Competing malware families can also copy some elements that make payload customization and campaign management easier for less skilled criminals.” Italian cybersecurity company D3Lab, in an analysis of the leaked BTMOB RAT development toolkit published in December 2025, said it included the Android payload source code, its dropper, a builder environment, the operator panel for Windows, the C2 backend, and all the software dependencies required to deploy the platform. “The BTMOB leak provides a rare perspective on the inner workings of a modern Android RAT-as-a-Service ecosystem,” D3Lab noted at the time. “It demonstrates that the threat actor operates not merely as a developer selling a toolkit, but as a service provider enforcing licensing, authentication, and version control over their customers.” Found this article interesting?

Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Malicious npm Package Stole Files From Claude AI User Directory via GitHub

Cybersecurity researchers have discovered a new malicious package on the npm registry that comes with information stealing capabilities. According to OX Security, the package, named “ mouse5212-super-formatter ,” is designed to upload files from “/mnt/user-data,” a dedicated directory used by Anthropic’s Claude artificial intelligence (AI) tool to handle uploads and outputs in the background. The activity has been codenamed Malware-Slop . “By analyzing the malware, it turns out that the script presents itself as an internal ‘archive deployment sync’ utility that validates or initializes a GitHub repository, captures a lightweight ‘network status’ snapshot, and then performs a structured synchronization of local workspace files into a remote tracking tree,” researchers Moshe Siman Tov Bustan and Nir Zadok said .

In reality, however, it authenticates to GitHub during the postinstall stage, either using a GitHub access token found in the victim’s environment or a hard-coded token as a fallback, checks whether a target repository exists, and if not, creates it, and then recursively uploads every file to a threat actor-controlled GitHub account . The stolen files are stored within randomly named folders to help the operator distinguish between different theft sessions. The malware also writes a fake “network connections” log to give the impression that it’s sending diagnostic information, while obscuring its true operational behavior of unauthorized collection and remote transfer of local data. The package is still available for download from npm and is estimated to have been downloaded 676 times.

However, how many of these correspond to actual installs remains unclear. The GitHub account linked to the campaign is no longer available, although OX noted that it was created on May 26, 2026, a few hours before the first malicious version was uploaded to npm. What’s notable about the package is that it leaked details of the GitHub account, including its private token, raising the possibility that the threat actor is using AI to generate malware while not implementing basic operational security (OPSEC) best practices. “Now that the bar to create malicious code was reduced significantly, we’re going to see more threat actors getting into the game - uploading more sloppy malwares, mostly mimicking APT groups to get a slice of the cake until npm starts automatically blocking malware completely,” OX Security said.

Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

5 Steps to Managing Shadow AI Tools Without Slowing Down Employees

When an employee installs an AI writing assistant, connects a coding copilot to their IDE, or starts summarizing meetings with a new browser tool, they are doing exactly what a productive employee should do: finding faster ways to work. Across most organizations today, employees are running three to five AI tools on any given day. Most were never reviewed by IT. A significant portion connects to corporate data through OAuth tokens or browser sessions, giving them access to shared drives, emails, and internal documents the employee never specifically intended to expose.

Security teams often have no visibility into any of it. This is the shadow AI gap, and it is widening fast. Most security tools were built to monitor email and network traffic flowing through the corporate network. A browser-based AI tool that connects to company data through a quick login approval bypasses those controls entirely, because it never passes through the corporate network at all.

According to Gartner , 69% of organizations suspect or have confirmed that employees are using prohibited AI tools at work, and only 37% have an AI governance policy in place. The result is a growing disconnect between how employees work and what security teams can see. A program that channels AI adoption into a safe, visible, approved path gives security teams the visibility they need and employees the tools they want. The five steps below show exactly how to build one.

Step 1: Build a Full Picture of What’s Running A security program can only manage what it can see. The first step is discovering which AI tools are in use across the organization, and most security teams will find the answer surprising. Three areas account for the majority of shadow AI activity. OAuth connections.

Most AI tools request access to Google Workspace or Microsoft 365 through OAuth, which grants them read or write permissions to corporate data. A quarterly audit of connected third-party apps, sorted by permission scope, usually surfaces dozens of tools the security team never reviewed. Browser extensions. Many AI tools run as browser extensions and never touch the operating system, so traditional endpoint management tools miss them entirely.

A browser management solution or a lightweight agent installed on employee devices can scan for and identify which extensions are active across the organization. AI features bundled inside already-approved tools. Microsoft Copilot, Google Gemini, and Salesforce Einstein are examples of AI capabilities that may have been introduced after the original vendor review, often without a separate security evaluation. A simple employee survey is also worth running.

A survey framed around helping employees work more safely tends to get candid responses. Many shadow tools surface through surveys that automated discovery misses entirely. The goal of this step is a current, accurate inventory: every AI tool in use, who is using it, and what data it has access to. Step 2: Write a Policy That Works With Employees Most AI acceptable use policies stall for the same reason: they give employees a list of prohibited tools with no guidance on what the approved path looks like.

A policy designed as a practical guide, one that identifies approved tools and provides a clear process for requesting new ones, is the foundation employees need to make good decisions. An effective AI governance policy covers five things. A current list of approved tools and where to find them. Clear data classification rules specifying which categories of data, including customer records, source code, and financial information, should never be entered into any AI tool.

A verified data training opt-out status for each approved tool. Many AI tools use company inputs to improve their models by default unless enterprise settings are explicitly configured otherwise. Approval should require a confirmed opt-out for any tool that handles sensitive data. A defined process for requesting new tools, with a target turnaround time.

A plain-language explanation of why the guidelines exist. That last element matters more than it might seem. Employees who understand why OAuth connections carry data exposure risk apply that reasoning to every tool decision they make. Policy becomes a form of education when the reasoning is included.

Step 3: Create a Fast Lane for New Tool Requests Shadow AI grows fastest in organizations where the official approval process cannot keep pace with the rate of AI product releases. An employee who needs a tool today and faces a six-week security review will find a workaround within days. The goal of this step is to remove that friction. Most AI tool requests do not warrant a full procurement review.

A structured intake form with defined evaluation criteria is enough for the majority of lower-risk tools. A structured intake form and a defined set of evaluation criteria make faster decisions possible. For tools with limited data access, many organizations find a shorter turnaround feasible once evaluation criteria are documented and consistently applied. The evaluation criteria should cover data access scope, vendor security practices, data training opt-out status, compliance certifications, and whether the tool already has a functional equivalent on the approved list.

Security teams that publish their approved tool list openly and keep it current typically see a meaningful reduction in shadow AI usage. When employees know where to find the right tools, they use them. Step 4: Use Monitoring as a Shared Safety Layer Continuous visibility into AI tool usage across an organization serves two groups simultaneously. Security teams get the real-time picture they need to identify and address exposure before it becomes an incident.

Employees get a form of protection they often do not have on their own: a signal when a tool they are using may be putting their credentials or company data at risk. A browser-native monitoring approach gives security teams visibility into AI activity without rerouting employee web traffic or adding friction to daily work. The signals it captures feed into each employee’s broader risk profile, sitting alongside their phishing simulation results and training completion data in one place. That combined view matters because risky behaviors compound.

An employee who clicks phishing links, skips training, and runs unapproved AI tools with access to sensitive data presents a much higher risk than any single behavior would indicate. Seeing the full picture in one place helps security teams focus on the employees who need attention most. Step 5: Make Good Security Behavior Easy Security programs that make the secure choice the easiest choice are the ones employees follow. In the context of AI governance, two things drive that: just-in-time coaching and training that explains the reasoning behind the rules.

Just-in-time coaching delivers a brief, contextual prompt at the moment an employee attempts to use an unsanctioned tool. This is more effective than quarterly training modules, because the intervention happens at the point of decision. A well-designed prompt tells the employee what the concern is, directs them to an approved alternative, and takes less than thirty seconds to read. Training that explains the reasoning behind AI governance policies builds the kind of judgment employees can apply across any situation they encounter, including tools and threats that emerge long after the training itself.

The AI tool landscape is changing fast enough that no training program can anticipate every specific case. An employee who understands that OAuth connections to corporate Google Workspace can expose the entire shared drive to a third-party vendor will apply that understanding to tools that did not exist six months ago. Building a Security Program Based on How Teams Work AI adoption is a signal of productive teams doing their jobs well. Companies that build practical programs around that momentum, with clear paths to approved tools and real-time visibility for security teams, tend to handle it best.

Security teams that close that gap find that shadow AI usage declines organically over time. Browser-native visibility, clear paths to approved tools, and just-in-time coaching at the moment of risk are what make that possible. When employees have access to effective, approved tools and a fast, transparent path to get new ones reviewed, the incentive to work around the system largely disappears. Adaptive Security’s AI Governance product gives security teams real-time visibility into every AI tool and shadow app running across their organization, with automated policies and just-in-time employee coaching built in.

Learn more at adaptivesecurity.com . Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure

CrowdStrike, in partnership with Google and the Shadowserver Foundation, has announced the simultaneous disruption of all command-and-control (C2) channels associated with GlassWorm , a persistent software chain campaign targeting software developers through malicious packages and extensions. “Since at least early 2025, GlassWorm operators have systematically targeted software developers, a population with access to source code repositories, cloud platforms, CI/CD pipelines, and package registries,” CrowdStrike said . The development comes as developers have increasingly become lucrative targets for pulling off software supply chain attacks, enabling attackers to leverage a single compromised workstation to impact thousands of downstream organizations and users at once. GlassWorm, since its emergence last year, has conducted a “multi-pronged campaign” using trojanized VS Code extensions published on both the Microsoft VS Code Marketplace and Open VSX, thereby making it possible to target users of VS Code forks like Cursor, Positron, Windsurf, and VSCodium.

The campaign is also known to have introduced malicious code through compromised npm and Python packages. The end goal of the attacks is to deliver a data-theft framework with credential harvesting, cryptocurrency wallet exfiltration, and system profiling capabilities. Subsequent iterations of GlassWorm have been found to deploy a Websocket-based JavaScript RAT called GlassWormRAT to steal web browser data and run arbitrary code, including installing a Google Chrome extension that, in turn, collects sensitive data, including screenshots, keystrokes, and clipboard content, from the infected system. “Once active, the malware searches the host for developer credentials (GitHub, NPM, OpenVSX tokens, crypto wallets), enabling further compromise of repositories and package uploads,” Endor Labs researcher Kiran Raj said .

“Infected hosts are converted into covert infrastructure: SOCKS proxies, hidden VNC (HVNC) servers, and remote execution nodes (via WebRTC or spawned Node.js processes). That gives attackers anonymized network access into corporate and personal networks and a platform to propagate further.” Cumulatively, the malicious activity is said to have poisoned more than 300 GitHub repositories using stolen developer credentials. What made the operation notable was its use of four distinct C2 channels for improved resilience - Using the Solana blockchain as a dead drop resolver by storing C2 server addresses in the memo fields of blockchain transactions Querying the BitTorrent Distributed Hash Table (DHT) peer-to-peer network to retrieve configuration data Employing Google Calendar as a dead drop resolver to fetch the C2 server address from event titles Directly connecting to C2 infrastructure hosted on commercial VPS providers “The combination of blockchain, peer-to-peer, and legitimate web services as resolution layers was designed to be resilient against takedowns - a dynamic front protecting the actual C2 servers behind multiple layers of indirection,” CrowdStrike said. As a result of the takedown, all four channels have been neutralized simultaneously in a coordinated effort so that infected machines can no longer receive new instructions or payloads.

Describing the GlassWorm operators as “well-resourced and persistent,” the cybersecurity company attributed the activity to likely Russia-based cybercriminals given that the malware terminates execution on systems located in the Commonwealth of Independent States (CIS) countries and contains Russian-language comments. “The software supply chain remains one of the most consequential attack surfaces in modern computing,” CrowdStrike concluded. “Adversaries are turning an organization’s dependencies on tools, updates, and libraries into weaponized delivery mechanisms and force multipliers.” “The barrier to poisoning a package or extension is low; the potential blast radius is enormous. As long as developer environments, build pipelines, and code repositories remain under-protected, every organization that consumes software inherits the risk of everyone who produces it.

GlassWorm demonstrates that attackers know this and are investing in resilient infrastructure to maintain persistent access to developer ecosystems.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

3 SOC Steps that Shut Down Incident Risks Early

Most organizations still picture cyber defense as a fortress problem: build stronger walls, add more guards, buy another detection engine. But modern incidents rarely crash through the front gate. They drift in disguised as routine activity, hide inside legitimate processes, and quietly accumulate risk long before anyone labels them an “incident.” That changes the role of the SOC entirely. The best SOCs today are not simply detecting attacks.

They are reducing the amount of uncertainty the business can accumulate. Every unidentified process, every unenriched alert, every delayed investigation becomes operational debt that compounds silently until it erupts into downtime, compliance issues, customer impact, or reputational damage. Prevention, then, is no longer about blocking everything at the perimeter. It is about shrinking the time between “something changed” and “we understand exactly what it means.” That requires three things: continuously updated visibility into emerging threats, immediate context around suspicious activity, and investigation outputs teams can act on without friction.

Here’s how mature SOCs implement those steps to shut down incident risk before it escalates into business disruption. 1. Keep Monitoring Systems Up to Date to Spot Threats Earlier Your detection capability is only as current as the threat intelligence behind it. A SIEM firing on yesterday’s IOCs is a filter with holes in it.

And adversaries know exactly where those holes are. Newly registered domains used in phishing campaigns, fresh C2 infrastructure, malware variants that dropped last week: none of that trips an alarm if your feeds haven’t caught up. ANY.RUN’s Threat Intelligence Feeds deliver a continuous, high-confidence stream of IOCs - IP addresses, domains, URLs observed in active sandbox sessions and incident investigations across more than 15,000 organizations and 600,000 SOC professionals. These aren’t recycled from third-party aggregators.

They come from real execution environments where real malware runs, every day. TI Feeds: data sources and benefits The feeds integrate directly into SIEM, firewall, EDR, and threat intelligence platforms via standard formats (STIX/TAXII, CSV, JSON), meaning your detection stack refreshes automatically without analyst intervention. This allows SOCs to: detect campaigns earlier, identify malicious infrastructure before execution spreads, reduce blind spots in monitoring pipelines, and automate detection updates without overloading analysts. Business Outcome: Keeping monitoring systems continuously updated reduces the probability of silent attacker dwell time.

That directly lowers the risk of: operational disruption, ransomware escalation, compliance failures, supply-chain propagation, and expensive incident recovery cycles. In practice, fresh intelligence turns detection systems from passive archives into active radar arrays. 2. Enrich Alerts with Complete Triage Context to Accelerate Decisions One of the biggest hidden risks inside modern SOC operations is not alert volume itself.

It is incomplete context. The question isn’t whether analysts can triage effectively, it’s whether the system is asking them to do work that could already be done before the alert hits their screen. Threat Intelligence Lookup gives analysts on-demand access to a deep, continuously updated intelligence database. Teams can quickly investigate: IPs, domains, URLs, file hashes, processes, mutexes, registry keys, and other artifacts, while immediately seeing related malware families, network behavior, execution chains, detection labels, and associated infrastructure.

Analysts receive investigation-ready context in seconds. destinationIP:”181.134.198.53” Contextual data on suspicious IP in TI Lookup This dramatically improves triage speed and confidence, especially during high-volume alert periods where rapid prioritization determines whether threats are contained early or allowed to spread. Business outcome: Alert triage time drops sharply; False positive rates fall; Tier 1 teams can handle more volume without sacrificing quality; Critical alerts get the response speed they deserve, because they’re no longer indistinguishable from noise. Prevent incidents and reduce business risks with early threat detection.

Get an exclusive 10th anniversary deal for your team. 3. Supply the Team with Response-Ready Reports to Eliminate Investigation Bottlenecks Even when a threat is identified correctly, organizations often lose valuable time translating technical findings into actionable response steps. This gap between “analysis completed” and “response initiated” creates dangerous operational lag.

Security engineers, incident responders, management teams, and compliance stakeholders all require different forms of information. If analysts must manually prepare reports for each audience, investigations slow down precisely when speed matters most. This is where automation and structured reporting become critical. Using the ANY.RUN Interactive Sandbox, analysts can safely detonate suspicious files and URLs in a live interactive environment while observing: process execution, network communications, dropped files, persistence mechanisms, command-line activity, registry changes, and attacker behavior in real time.

Sandbox malware detonation session The platform then helps transform technical analysis into response-ready outputs through: detailed Tier 1 investigation reports, AI-generated summaries, visual execution chains, IOC extraction, and structured behavioral insights. This allows both technical and non-technical stakeholders to understand the threat quickly without waiting for lengthy manual documentation. Instead of raw telemetry chaos, teams receive actionable intelligence packaged for operational response. AI Summary of a sandbox analysis Business Outcome: Response-ready reporting reduces escalation friction and accelerates coordinated action across security, IT, leadership, and compliance teams.

That leads to: faster remediation, improved cross-team communication, reduced incident handling costs, and lower probability of prolonged business disruption. In high-pressure incidents, clarity becomes a force multiplier. A good report is not paperwork. It is compressed response time.

Get ANY.RUN Special Offers Before May 31
To celebrate its 10th anniversary, ANY.RUN is rolling out special pricing for teams looking to strengthen phishing analysis, threat intelligence, and SOC response workflows. ANY.RUN special offers for stronger SOC and earlier threat visibility
Until May 31, teams can secure anniversary offers across key ANY.RUN solutions:
Interactive Sandbox
Bonus seats and exclusive pricing for teams that need in-depth malware and phishing analysis. Threat Intelligence solutions
Extra months to bring fresher intelligence into detection, investigation, and response. For SOCs, this is a good moment to expand phishing visibility, bring fresh threat intelligence into existing workflows, and improve response readiness without slowing down operations.

Get your special offer now to strengthen malware & phishing detection and help your SOC act before exposure spreads. Prevention Happens Before the Incident Gets a Name The most effective SOCs do not wait for a confirmed breach before acting decisively. They continuously: refresh detection visibility, enrich signals with context, and convert investigations into rapid operational response. Together, these three steps dramatically reduce the amount of unmanaged risk capable of accumulating inside an organization.

Using ANY.RUN solutions, SOC teams can move from reactive investigation toward proactive interruption of threats before they evolve into full-scale incidents. Because in modern cybersecurity, the real victory is often invisible: the incident that never had the chance to happen. Found this article interesting? This article is a contributed piece from one of our valued partners.

Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.