2026-06-26 AI创业新闻
Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability
An analysis of a popular Google Chrome ad block extension for YouTube has uncovered the ability to execute arbitrary JavaScript code. According to Island, the extension, named Adblock for YouTube (ID: cmedhionkhpnakcndndgjdbohmhepckk), has more than 10 million installs and carries a Featured badge on the Chrome Web Store. The extension description states that it allows users to prevent web page elements like ads, including preroll ads, from being displayed on the video sharing platform, as well as on external sites that load YouTube. While the add-on offers the promised functionality, it also features capabilities to run arbitrary JavaScript code.
“It also contains the architectural ingredients for arbitrary JavaScript execution on any website, activated by a single server-side configuration change, without an extension update, without a store review, and without any visible sign that something has changed,” researchers Oleg Zaytsev and Shachar Gritzman said in a report shared with The Hacker News. “In practical terms, that could mean reading pages, stealing data, and acting as the user inside personal accounts, work apps, admin panels, and other sensitive browser sessions.” It’s worth emphasizing here that there is no evidence malicious payload has been distributed to users in this manner, but the mere presence of the capability, coupled with ties to other ad-blocking extensions that have since been removed from the storefront for malware, raises privacy and security risks, Island added. The list of related extensions that have been taken down is listed below - Adblock for Chrome (ID: onomjaelhagjjojbkcafidnepbfkpnee) Adblock for You (ID: ogcaehilgakehloljjmajoempaflmdci) AdBlock Suite (ID: gekoepiplklhniacchbbgbhilidiojmb) Adblock for YouTube has been on the Chrome Web Store since 2014, starting off as a basic YouTube ad blocker before it changed ownership four years later. Early iterations of the extension were found to ship with an ad-injection software development kit (SDK) named Unistream SDK, although it was removed in June 2024.
What’s been constant is the presence of remote-controlled script injection paths since February 2025, opening the door to the creation of arbitrary “
Specifically, it’s been found that contrary to its name, the extension runs on every website a user visits on the browser, while adding a check that activates only when the current URL contains “youtube.com.” However, in reality, the check only verifies if the string corresponding to “youtube.com” appears anywhere in the URL, and does not validate the hostname, frame origin, or embedded player context. This means that the check can be trivially bypassed by putting youtube.com anywhere in the URL, as depicted in the following URL patterns - www.facebook.com/page?ref=youtube.com bank.example.com/search?q=youtube.com internal.corp.com/redirect?from=youtube.com “The concern is not a single suspicious line of code,” Island said. “It is the combination: a high-install extension with all-site access, a remote-controlled injection path, prior ad-injection infrastructure, a major ownership and codebase change, and related extensions that were removed from the Chrome Web Store for malware.” The Hacker News has contacted the developer of the extension for comment, and we will update the story if we hear back. The disclosure comes as Palo Alto Networks Unit 42 said it detected 18 browser extensions impersonating consumer brands with an aim to monetize through affiliate marketing.
“Upon installation, all extensions open the .shop domain in a new tab,” Unit 42 said . “The .shop domain redirects to another domain. The domain presents a page citing that further action is required. The page cites incompatibility issues and asks users to install a gaming-oriented browser.” Found this article interesting?
Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
ThreatsDay Bulletin: Smart TV Proxyware, 24-Year curl Bug, AI Crime Forums + 13 More Stories
It’s dumb out there again. This week has the usual smell of prod on fire and nobody wanting to admit who left the door open — old creds still working, trusted apps doing sketchy crap, browser tricks jumping the fence, and “normal” workflows turning into phishing pipes because apparently email was not enough hell already. The worst part is how cheap some of it feels. Not elite.
Not cinematic. Just stale secrets, fake updates, lazy trust, and random boxes quietly becoming someone else’s infrastructure. Same internet, fresh headache. Let’s get into it.
Privacy-first bot defense Cloudflare Partners With Browser Makers for PACT Cloudflare has teamed up with Google Chrome, Microsoft Edge, and Mozilla Firefox to create a privacy-preserving protocol that websites can use to separate desirable web traffic from undesirable network requests. This involves the use of Private Access Control Tokens (PACT), which allow websites to issue anonymous tokens that assert a given browsing session is being run by a human. “A user’s browser can then provide these tokens to other sites to prove that a human is in the loop, reducing the need for annoying and clunky captchas or invasive tracking,” Cloudflare said . “PACT is designed so that sites cannot leverage it to track or identify users or their browsing history.” Six curl CVEs Multiple Flaws in curl AISLE said it discovered six vulnerabilities in curl, which range from “classic memory-lifetime issues to logic bugs in how libcurl decides whether a connection, credential, or host identity is still valid.” One of the notable vulnerabilities is CVE-2026-8932 , which allows the library to “reuse a previously created connection even when some mTLS config-related option had been changed that should have prohibited reuse.” AISLE described it as the oldest curl vulnerability reported so far, adding that it has been shipped in releases since curl version 7.7 , which was released on March 22, 2001.
The identified flaws have been addressed in version 8.21.0 . Unauthenticated takeover Maximum-Severity Bug in Hoppscotch A critical security flaw has been disclosed in self-hosted versions of Hoppscotch(CVE-2026-50160, CVSS score: 10.0), an open source API platform, that can result in complete compromise. Offgrid Security’s autonomous AI security agent, Kiro, has been credited with discovering the bug. “The POST /v1/onboarding/config endpoint allows an unauthenticated attacker to inject arbitrary InfraConfig keys – including JWT_SECRET and SESSION_SECRET – into the database via mass assignment,” the project maintainers said .
“These keys are not declared in the SaveOnboardingConfigRequest DTO, but because the NestJS ValidationPipe does not strip extra properties, they pass through to the service layer, where Object.entries(dto) iterates all keys without restriction.” A successful exploitation leads to full server compromise and persistent access that survives password resets. OffGrid Security told The Hacker News that four independent weaknesses are combined to allow an unauthenticated attacker to overwrite the JWT signing key in a single HTTP request, and the exploit requires no credentials. The issue has been fixed in hoppscotch-backend version 2026.5.0. Proxyware in smart TVs Residential Proxy SDKs Hidden in LG and Samsung Smart TV Apps A new report from Spur Intelligence has revealed that more than one-third of LG and Samsung smart TV apps it reviewed contain proxyware that can relay third-party traffic through the TV owner’s internet connection with users’ consent.
The company said it scanned 6,038 apps across LG webOS and Samsung Tizen and found 2,058 that contain residential proxy software. This includes clocks, screensavers, games, fish tanks, and other low-utility apps. On LG webOS, 42.5% of apps carried such code. On Samsung Tizen, the rate was 26.9%.
Across both platforms, it reached 34.1%. Bright Data, Massive, and Oxylabs take up the top three SDK providers for webOS and Tizen. “Smart TVs are almost ideal proxy hosts. They sit on the same home network as everything else, but they do not feel like computers, so people rarely audit them like computers,” Spur said.
“There is no battery drain to notice, no cellular bill to spike, no app switcher full of suspicious background activity. A TV can stay plugged in, signed in, and online for years while the user thinks of it as furniture.” The threat intelligence firm said this dynamic also changes the consent equation, as users may not realize what it actually means to sell access to their residential IP address. “Technically, these applications are compliant with gaining consent based on how they inform the user,” Spur CTO Alastair Parr told The Hacker News. “However, there is often no verification that the user is either of age or authorized to provide consent on the device.
The reality is that there are likely many smart TVs scattered across office spaces and residential homes, quietly part of these networks, without the responsible owners’ awareness or consent.” Amazon’s Device and System Abuse Policy explicitly bars apps that facilitate proxy services for third parties. Similar protections have been enabled by Roku as well. However, LG and Samsung are yet to enforce an equivalent policy. Edgecution via Teams Payouts King Ransomware IAB Deploys Edgecution Malware An initial access broker (IAB) affiliated with Payouts King ransomware has been observed masquerading as IT personnel in social engineering attacks conducted via Microsoft Teams to deliver a malicious Microsoft Edge browser extension dubbed Edgecution.
“The technique utilizes a malicious Microsoft Edge browser extension that exploits the Chrome native messaging protocol to interact with host-native applications beyond the confines of the browser sandbox,” Zscaler ThreatLabz said . “By abusing this interface, the attackers gain direct host access, enabling them to manipulate the local filesystem, launch processes, and execute arbitrary code on the compromised host.” The malware has two components: a Microsoft Edge browser extension named “Edge Monitoring Agent” that beacons to a command-and-control (C2) server and relays host-based commands to a Python-based backdoor, which can collect system information, enumerate running processes, provide filesystem access, and execute arbitrary Python code and shell commands. The extension will be invisible to a user as it’s loaded in a headless Microsoft Edge browser. A similar attack chain involving a Chromium-based extension codenamed SNOWBELT was detailed by Google-owned Mandiant in April 2026.
Legacy credential breach Klue Says Stolen Credential Dates Back to 2022 Competitive intelligence company Klue has revealed that a credential dating back to 2022, which was used as part of a limited pilot, was exploited by the Icarus extortionists to steal Salesforce data from its corporate customers, including several cybersecurity companies. In a statement shared with TechCrunch, the company said the credential was “originally provided to a third-party in 2022, for a limited pilot.” Klue did not share specifics about the purpose of the pilot, the duration for which it ran, or the identity of the third-party to whom the company gave the credentials. It’s also unclear why the credential wasn’t revoked immediately, assuming the pilot had concluded. Questions remain about how the attackers managed to acquire this legacy credential in the first place.
A number of companies have come forward to confirm they have had limited Salesforce information stolen during the attack, including 8x8, BeyondTrust, Gong, Jamf, HackerOne, Insurity, LastPass, OneTrust, Pendo, Recorded Future, Snyk, Sprout Social, and Tanium. State-crime convergence Nation-State Actors Adopt Cybercriminal Tactics NCC Group said it has found growing evidence of nation-state actors increasingly leveraging tools and tactics traditionally associated with financially motivated cybercrime to disguise their espionage and intelligence-gathering operations, blurring the line between the two sets of activities. “Historically, organisations could draw a relatively clear distinction between ransomware attacks driven by financial gain and nation-state operations designed to support strategic objectives. That distinction is becoming increasingly difficult to make,” Matt Hull, VP of Cyber Intelligence and Response at NCC Group, said .
“What we’re seeing is a convergence of criminal and state-backed activity. Threat actors are sharing infrastructure, adopting common tooling and, in some cases, deliberately operating behind established ransomware brands to obscure attribution and delay response efforts.” Admin reset alerts Google Expands Admin Password Reset Alerts Google said it’s expanding the existing “Super Admin password reset” alert into a broader Admin password reset alert in Alert Center . “Previously, this rule only triggered alerts when a super admin’s password was changed,” the company said . “With this update, the alert will now cover password resets for all administrator roles within your organization.
This update provides admins with better visibility and control over the security of their organization’s privileged accounts. Monitoring password changes for all admin roles provides a higher level of oversight to respond more quickly to potential account compromises or unauthorized changes.” The change is applicable to all Google Workspace customers. ClickFix targets macOS New ClickFix Attack Mounts DMG Images to Deliver macOS Infostealer A new ClickFix campaign has been observed tricking users into copying malicious commands and pasting them to the Terminal app that silently downloads and mounts a malicious DMG file. The disk image file contains a self-signed information stealer that can harvest a user’s system password, data from web browsers, wallets, messaging apps, and Keychain, exfiltrate the data, set up LaunchAgent persistence, and tamper with Ledger Live and Trezor Suite installations by replacing legitimate components to hijack cryptocurrency wallet information.
The stealer is assessed to belong to the Atomic macOS Stealer (AMOS) lineage, particularly a variant called Odyssey, per Palo Alto Networks Unit 42. The development comes as the cybersecurity company detailed another multi-step ClickFix attack that employs techniques like brandsquatting to deliver a cross-platform trojan with browser-credential stealing, remote shell, live screen streaming, keylogger, file manager, and SSH tunneling capabilities. TfL hackers convicted Scattered Spider Actors Convicted for TfL Hack Thalha Jubair, 20, from East London, and Owen Flowers, 18, from Walsall, have been convicted in the U.K. for orchestrating a cyber attack on Transport for London (TfL) in 2024, costing $38.2 million in losses.
The two defendants, who were members of the online criminal collective known as Scattered Spider, were arrested last September but pleaded not guilty to their crimes during a court appearance in November 2025. They are now scheduled for sentencing on July 16, 2026. “Scattered Spider is a prolific criminal group that engages in data extortion and other criminal activities, utilizing social engineering techniques and SIM swap attacks, to obtain credentials, install remote access tools, and/or bypass multi-factor authentication,” the U.S. Federal Bureau of Investigation (FBI) said .
Marketplace admin extradited Algerian Man Extradited to the U.S. for Running Cybercrime Marketplaces Abdellah Belmili (aka Dila Belmili or SPOX), a 26-year-old Algerian national, has been arrested, charged, and extradited from Spain to the U.S. on charges of conspiracy to commit bank fraud. SPOX is alleged to have acted as an administrator for a cybercrime marketplace (“www.market0day[.]com”) as well as created phishing kits that have been used to compromise major U.S.
financial institutions. “Between September and November 2020, Belmili advertised the marketplace and facilitated some of the customer support for the marketplace on his personal Telegram channel @SpoxCoder,” the U.S. Justice Department said . “In late December 2020, after several customers complained that they had not received their purchases from www.market0day[.]com, Belmili replied that he was no longer the administrator, and instead had opened up a new marketplace – www.spoxy[.]us, advertising the new marketplace – www.spoxy.us, advertising the new marketplace as a ‘new store for bulk SMS.’ ‘Bulk SMS’ typically refers to sending phishing or other fraudulent messages via text message.” Approximately 5,600 U.S.
and international victims have been identified. Collaboration phishing Phishing Campaign Abuses Microsoft 365 Workflows A new phishing campaign is abusing Outlook Groups and Microsoft 365 collaboration features to “make malicious activity appear routine,” Fortra said. The attack involves adding targets to an attacker-controlled Microsoft 365 group and then using the group mailbox, shared files, or fake calendar invites (aka CalPhishing) to facilitate credential theft, token capture, or malware delivery. “The technique shifts malicious intent away from a single phishing email into a trusted productivity workflow,” the company said .
“A user may see what looks like a normal group addition, internal update, shared resource, or calendar item before being pushed toward an action.” AI in cybercrime How Cybercriminals Are Approaching AI A new analysis from Sophos has revealed that AI has emerged as a hot button topic in underground communities , as threat actors debate its potential for malware and tool development, while some express concerns about the technology reducing work opportunities. This includes posts selling API keys for generative AI tools, advertising solutions that can enhance social engineering, AI-enabled malware (e.g., ApexAI, Metatron, and PolyEngine), discussing jailbreaks for public AI models to bypass censorship and other safeguards using techniques like role-play framing, multi-stage prompting, and contextual manipulation, and offers to hire or partner with prompt engineers. Threat actors have also discussed the use of public AI assistants for intrusion activity, as well as marketed a tool called Leak Bazaar that claims to use AI to triage and sift through mountains of stolen data before it can be packaged and exchanged with other threat actors. Not all have embraced AI with open arms, however, with some outlining skepticism and worries about how the rise of AI could “reshape roles, pricing, and competitive advantage within the cybercrime economy.” 8,500 REDCap instances REDCap Exposure Analysis Censys has uncovered just over 8,500 REDCap instances globally as of June 16, 2026, with most of them located in the U.S., the U.K., Germany, and Australia.
REDCap, short for Research Electronic Data Capture, is a web application used by research institutions globally to hold clinical trial data, participant records, and other sensitive research information. Last week, Google Threat Intelligence Group (GTIG) attributed a year-plus espionage campaign against North American academic, medical, and military research institutions to UNC6508 , a China-nexus actor. The intrusion set leveraged internet-facing REDCap servers as an initial access vector to deploy a backdoor called INFINITERED to exfiltrate sensitive data. Exactly how these servers are hacked is unconfirmed.
The earliest known compromise dates to September 2023. Surveillance export gaps Bulgaria Licensed Surveillance Exports to Human Rights Violators A report from Human Rights Watch has revealed that a Bulgaria-based surveillance technology firm named Circles sold its tools to countries that were likely to use them for repression or to commit serious human rights violations. Documents describe licenses for exports of Circles’ technology to Azerbaijan, Bahrain, Brazil, Dominican Republic, El Salvador, Ghana, Guatemala, Israel, Jordan, Malaysia, Mexico, Morocco, Panama, Serbia, and the U.A.E. Clients included intelligence services, military and police bodies, regional governments, and private companies, Human Rights Watch said.
That said, it’s currently not known whether the technology was actually exported. “Nonetheless, issuing the licenses demonstrates a major flaw in how individual governments implement E.U. export controls for surveillance technology,” the non-profit said. “The controls are intended to limit exports of surveillance technology to destinations where there is a likelihood it could be used to violate rights, and to provide transparency about what exports take place.” BitB malware lures Brandsquatting Campaign Uses BitB Technique for Malware Delivery A campaign that impersonates popular software brand names has leveraged the Browser-in-the-Browser ( BitB ) technique to distribute malicious payloads by means of a reusable phishing kit.
It makes use of a draggable pop-up with a spoofed URL to serve a fake software update warning. “The campaign uses social engineering to trick victims into downloading and manually executing a malicious installer (e.g., an .exe payload),” Unit 42 said. “The pages simulate a stalled document load and present an ‘out of date’ software error.” Earlier this month, Unit 42 disclosed details of a second BitB campaign involving at least 10 unique domains that was used to steal Microsoft 365 credentials using a draggable, OS/browser-fingerprinted pop-up with a spoofed OAuth URL. In this attack, victims who click a Microsoft sign-in button are presented with what appears to be a standard login page designed to harvest credentials.
If there’s a theme here, it’s that attackers do not need magic when the boring crap still works — forgotten creds, lazy trust, fake updates, loose admin paths, and users getting nudged into doing the dangerous part themselves. The future is here, somehow, and it still smells like a misconfigured staging box. Patch what you can. Revoke what you forgot.
Maybe glance at the devices you’ve been treating like furniture. See you next ThreatsDay, assuming the internet hasn’t found an even dumber way to catch fire by then. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
Surviving the Mythos Era: Richard Bejtlich on the Case for NDR
Despite the abundance of telemetry at analysts’ disposal, many security operations teams struggle to answer a few basic questions during incident investigation: What happened? What evidence do we have? How do we know we’re seeing it all, in context? Answering these questions requires teams to go beyond alerts, the most common basis for initial triage.
But investigations (and their outcomes) require defensible evidence, not assumptions, which is what alerts tend to offer. Alerts are becoming less useful as vulnerability discovery accelerates (a.k.a., the Mythos Era). Most organizations can’t investigate the volume of new findings with existing workflows. Even with increased automation, SecOps teams need validated evidence of active exploit and exposure, not more raw telemetry.
As AI expedites both attacks and defense, security teams need to lay the groundwork that allows them to validate findings, understand attacker behavior, and stop suspicious traffic before it results in a breach. Richard Bejtlich’s NDR Essentials: A Practical Guide to Network Detection and Response , published in partnership with Corelight, explores how network detection and response (NDR) helps practitioners navigate the current era of networking. The free guide is an introduction to NDR and a practical resource for teams looking to strengthen threat hunting and AI-assisted investigations. The case for network interdiction Many security programs focus on prevention.
The reality is, though, that organizations can’t just shift left or shift right. Attention and control must be placed throughout the entire attack sequence. If preventative controls were the simple answer, stolen credentials wouldn’t work once an attacker gains a foothold. Malware would be stopped at the perimeter.
And data wouldn’t ever leave its storage environment. Yet, these events occur all the time. For these reasons, Bejtlich argues that resilient security programs should focus on interdiction: identifying and disrupting malicious activity before attackers achieve their objectives. True defensive success depends on an organization’s ability to isolate and contain malicious actors after initial compromise but before a full-blown breach.
Interdiction, he argues, shifts the focus from basic blocklists to active threat disruption within the perimeter. It enables vulnerability mitigation and threat containment, helping halt an attack before the adversary achieves a core mission. The guide explains how NDR supports interdiction by providing visibility into traffic moving throughout the network. Four primary sources of network evidence are worth exploring in depth: Full packet captures Extracted files Transaction logs Alerts and detections Rather than functioning as a passive barrier, modern NDR facilitates active intervention.
It gives security teams the situational awareness and context to prevent the propagation of an attack and preserve high-fidelity network evidence. Threat hunting starts with a hypothesis One of the strongest chapters in the book focuses on how organizations can evolve threat hunting to match current attacker techniques, ones capable of evading traditional detection boundaries. According to Bejtlich, threat hunting must not be predicated on alert follow-up. Instead, it should begin with a hypothesis about adversarial techniques.
Once a hypothesis is formed, the analyst then runs queries against network logs and sessions to either validate or disprove the theory. Network evidence remains the nexus of the investigation. Network-based techniques that support proactive threat hunting include: Identify executables Investigate unusual protocols Track large outbound data transfers Detect lateral movement Analyze certificate exposure The focus of the hunt should be specific, observable anomalies rather than generic security warnings, which is precisely what can be gained from observing network transactions. AI in network detection and response Artificial intelligence has transformed network defense, just as it has transformed attacks against the network.
- In chapter 5 of the guide, Bejtlich describes how SOC analysts can use AI for the greater good — creating efficiencies, reducing cognitive load, and improving evidence-gathering. He covers three functional areas in depth:
- Optimized alert frameworks
- where and how traffic data is captured — the edge and/or center — and how each affects analysis. Agentic triage to accelerate incident response cycles
- how autonomous agents should be used to execute playbooks, but just as importantly, up-level human analysts’ strategic decision-making abilities. Tool interoperability
- though the network is often called the “ground truth,” modern attack investigation requires a holistic view of the network, endpoints, cloud platforms, applications, and so forth.
AI orchestration coordinates siloed tools and their outputs. To achieve maximum efficacy, practitioners can integrate these AI models into daily workflows for their specific use cases (described in detail in the book). While AI is inevitable in today’s digital ecosystem, human verification remains a critical control point. At least for the near-term, automation must be governed to prevent hallucinations or unintended consequences.
- When used correctly, AI is a win for investigations and the analysts governing them. Two lessons for better operations
- Successful operations teams continually seek process improvement. Operators must evolve investigative techniques to match today’s speed and sophistication, and the network presents that basis. The book offers numerous operational recommendations, and two stand out for their efficacy:
- Initial alert baselines
- Too many pre-enabled rules result in alert fatigue.
- In turn, alert fatigue numbs and/or buries security teams. Bejtlich therefore, recommends organizations adopt a “zero-baseline” strategy. You can read more about this method in the eBook. Alert definitions
- Operators should treat an alert as the beginning of an investigation rather than the conclusive definition of an event.
Doing so facilitates deep evidence collection in support or rejection of a hypothesis, ensuring that, at the end of the investigation, the analyst can conclusively answer: What happened? What evidence do we have? How do we know we’re seeing it all, in context? Why network interdiction matters now Threat actors continue to evolve their tactics, but network evidence remains a definitive source of truth for defense.
Practitioners who want to build a modern, resilient security architecture can find actionable strategies within this eBook. The value of NDR Essentials isn’t simply that it explains NDR. It provides a practical framework for thinking about modern investigations. To explore these concepts in depth, download the free PDF from the NDR Essentials page .
For organizations seeking to implement these modern defensive strategies, additional insights are available at corelight.com/elitedefense . Corelight Network Detection and Response Corelight delivers network detection and response (NDR) that accelerates threat investigations through AI-powered defense. Using comprehensive network visibility, behavioral analytics, and evidence-driven detection, Corelight’s Open NDR Platform combines deep network telemetry with actionable context. Analysts can identify threats faster, validate findings with confidence, and take action with clarity.
Learn more at corelight.com/elitedefense . Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
New Gaslight macOS Malware Uses Prompt Injection to Disrupt AI-Assisted Analysis
A previously undocumented Rust-based macOS implant and information stealer has been found to embed a prompt injection payload designed to trick a malware analyst’s artificial intelligence (AI) tools and trick it into aborting or refusing an analysis of the artifact. The malware has been codenamed Gaslight owing to this deceptive behavior. It’s been assessed with high confidence that the tool is the work of North Korea-aligned threat actors. “Its most notable feature is an embedded cascade of fabricated system-failure messages, designed to make an LLM-assisted triage agent doubt its own session,” SentinelOne researcher Phil Stokes said in a technical report.
“It attacks the agent’s perception, rather than the sandbox it runs in.” Central to the malware’s architecture is a Telegram bot API based command-and-control (C2) channel that enters into a polling loop, allowing the operator to issue instructions over an interactive shell and return the results of the execution. In the event two instances of the same bot token poll simultaneously, a “Conflict” response is issued, causing the second copy to terminate. The shell supports six main commands, granting a persistent foothold over the infected host - help, to show command help id, to identify the implant to the operator shell, to execute a shell command via execvp kill, to terminate a target process by PID upload, to exfiltrate a file via Telegram’s “attach://” mechanism stop, to halt the execution of the implant SentinelOne said it identified signs suggesting the presence of a seventh command named “focus,” although its functionality remains undetermined at this stage. To achieve persistence, Gaslight makes use of a LaunchAgent that uses the label “com.apple.system.services.activity” in its .plist file.
Also embedded within the malware is a 6.6 KB Base64-encoded Python script that functions as an information gathering suite responsible for harvesting Terminal command histories, installed application listings, snapshots of running processes, system hardware and software profile, macOS Keychain database , and data from Chrome, Brave, Firefox, and Safari web browsers. The collected data is subsequently compressed into a ZIP archive (“temp/collected_data.zip”) and uploaded via Telegram. The Python stealer, for its part, is deployed by means of a separate 2 KB Base64-encoded bash installer that drops a cpython-3.10.18 interpreter from the “astral-sh/python-build-standalone” project. The presence of emojis and extensive comment headers indicates that it was likely generated using a large language model (LLM).
What’s notable about Gaslight is that details related to the bot token, the chat ID (tg_room_id), and the rest of the operator configuration are not hard-coded into the sample, but rather supplied at runtime. “The implant self-redacts its Telegram bot token in its own runtime output, denying it to anyone who captures logs or crash artifacts,” Stokes added. On top of that, the malware attempts to evade an AI-based detection by incorporating a Markdown-fenced block containing 38 fabricated “system” messages designed to trick a security agent into aborting, truncating, or refusing analysis. “The scaffold contains fake system messages about token expiry, out-of-memory kills, disk exhaustion, and repeated operation failures.
It also plants bogus warnings about injection vulnerabilities and static-analysis flags,” SentinelOne said, calling it an “attempt to weaponize the LLM-assisted triage pipelines that increasingly sit in the reverse-engineering loop.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
New Mistic Backdoor Linked to KongTuke in ClickFix and ModeloRAT Campaigns
A new, stealthy backdoor named Mistic has been deployed as part of suspected financially motivated attacks aimed at multiple organizations spanning insurance, education, IT, and professional services sectors since April 2026. According to Symantec and Carbon Black’s Threat Hunter Team, the backdoor, also tracked as MLTBackdoor, is said to be linked to an initial access broker (IAB) named KongTuke (aka 404 TDS, Chaya_002, LandUpdate808, TAG-124, and Woodgnat), and dropped along with ModeloRAT, a Python remote access trojan (RAT) previously attributed to the group. “The backdoor runs payloads in memory with no file written to disk and includes a kill switch that lets it delete itself, which are features consistent with an operator seeking long-term, low-visibility access,” Broadcom’s cybersecurity teams said in a report shared with The Hacker News. ModeloRAT was first flagged by Huntress in January 2026 in connection with a variant of a ClickFix campaign dubbed CrashFix, in which the KongTuke actors used a malicious Google Chrome extension masquerading as an ad blocker to intentionally crash a victim’s web browser and trick them into running arbitrary commands under the pretext of running a security scan.
The malware was also distributed in a different ClickFix campaign that involved running commands carrying out a Domain Name System (DNS) lookup to retrieve the next-stage payload, with Microsoft noting that the attack chain uses DNS as a “lightweight staging or signaling channel.” Mistic’s use of ClickFix as a delivery vector was highlighted by Zscaler ThreatLabz earlier this month, attributing the activity to a ransomware-related threat actor to establish a foothold for lateral movement. The latest findings from Broadcom show that the malware relies on DLL side-loading techniques, using trusted Microsoft endpoint security tooling (“MpExtMs.exe”) to blend in and avoid raising red flags. The backdoor runs directly in memory, enabling a wide range of capabilities typically associated with a malware family of this kind - Upload or download a file Move, rename, or delete a file Create a folder Modify the time interval after which it polls a remote server for commands Execute code received from C2 in memory without leaving any artifacts on disk Load Beacon Object Files (BOFs) to dynamically expand its capabilities Terminate and delete itself “The targeting appears to be opportunistic, with the attackers casting a wide net and then assessing which organizations they could sell access to rather than focusing on a single sector,” Symantec and Carbon Black said, adding that ModeloRAT has been observed in attacks that deployed Qilin ransomware. KongTuke is known to operate a traffic distribution system (TDS) built on compromised WordPress sites, using it to serve an ever-evolving set of lures that lead unsuspecting site visitors to malware.
As recently as last month, Rapid7 and ReliaQuest revealed that the threat actor has pivoted to sending Microsoft Teams messages from a fake IT Support account to trigger an attack chain that leads to the deployment of ModeloRAT. “The stealth of the backdoor is also notable, as is the fact that Woodgnat is also possibly behind the development of ModeloRAT, indicating a group that is quite highly skilled at the development of stealthy remote access tools,” Broadcom said. “The use of custom tools in ransomware attacks is becoming a more common phenomenon, with multiple examples of ransomware groups using custom exfiltration and other tools in recent times. Backdoor.Mistic appears to be a continuation of this trend, though it appears to be likely developed by access brokers working with ransomware affiliates rather than a ransomware group itself.” Found this article interesting?
Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Gain Root Access
An unknown threat actor exploited a recently disclosed high-severity security flaw impacting Cisco Catalyst SD-WAN as a zero-day at least two months before it was publicly disclosed, according to new findings from Google-owned Mandiant. The vulnerability, tracked as CVE-2026-20245 (CVSS score: 7.8), allows an authenticated, local attacker to execute arbitrary commands with elevated privileges by supplying a crafted file to the affected system by taking advantage of the device’s insufficient validation of user-supplied input. Earlier this month, Cisco acknowledged that it became aware of exploitation of this vulnerability, adding that a malicious actor must have netadmin privileges on an affected system to pull off a successful attack. “Throughout the intrusion, to maintain operational security and avoid detection, the threat actor consistently employed anti-forensic techniques, selectively deleting and restoring system configuration files that were modified during their activities,” Mandiant researchers Chester Sng, Pete Boonyakarn, and Logeswaran Nadarajan said .
The incident, the tech giant’s incident response and threat intelligence arm added, targeted an unspecified communications service provider to elevate a compromised admin account to full root-level access. Two distinct periods of unauthorized activity have been detected, one taking place between late 2025 and January 2026 and the other in March 2026. At this stage, it’s unclear if these two events are connected and the work of the same threat actor. During the first wave, the victim is said to have experienced unauthorized peering connections that likely exploited one of two authentication bypass flaws in Cisco Catalyst SD-WAN controllers ( CVE-2026-20127 or CVE-2026-20182 ).
It’s worth noting that both the security vulnerabilities were undisclosed zero-days at that point. Then in March 2026, a second wave of rogue peering connections targeted a device running a newer software version that was patched against CVE-2026-20127. Cisco has since confirmed that these connections did not leverage CVE-2026-20182, raising the possibility that the attacker, who may or may not have been behind the previous unauthorized peering connections, relied on stolen certificates from a prior breach of the same device to obtain initial access. “The attacker then changed default admin credentials before exploiting CVE-2026-20245 as a zero-day via a malicious CSV file upload (evil_tenant.csv),” Mandiant said.
“This exploit allowed them to escalate privileges and create a rogue user account (named ‘troot’) with full root-level shell control.” The attackers have also been found to consistently cover their tracks by deleting files created by them, reversing configuration changes, and running scripts to ensure that no evidence was left behind and limit defenders’ ability to assess the full extent of the compromise. “After changing the default admin password and exfiltrating the SD-WAN fabric configuration, the actor changed the password back to its original value so an administrator logging in would not notice anything was off,” Austin Larsen, principal threat analyst at Google Threat Intelligence Group (GTIG), said . “They escalated to root through a malicious CSV upload, created a hidden “troot” account in /etc/passwd and /etc/shadow, then deleted every file they touched and ran a validation script to confirm their indicators were gone.” Google pointed out that the activity once again highlights the “continuing trend” of bad actors weaponizing zero-days in edge devices like SD-WAN, as they lack the telemetry needed for deep forensic analysis, and a foothold in those systems can facilitate persistent visibility into internal traffic across the fabric. “Advanced adversaries continue to primarily target and exploit network devices and other systems that don’t natively support EDR solutions,” Charles Carmakal, chief technology officer of Mandiant Consulting, said in a post on LinkedIn.
Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
CISA Warns Critical Lantronix EDS5000 Flaw Is Being Actively Exploited
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday warned of active exploitation of a critical security flaw impacting Lantronix EDS5000 Series devices, urging Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by June 26, 2026. The vulnerability in question is CVE-2025-67038 (CVSS score: 9.8), a code injection flaw that could result in the execution of arbitrary commands with elevated privileges. “The HTTP RPC module executes a shell command to write logs when the user’s authentication fails,” according to the vulnerability’s description on CVE.org.
“The username is directly concatenated with the command without any sanitization. This allows attackers to inject arbitrary OS commands into the username parameter. Injected commands are executed with root privileges.” The security flaw was disclosed by Forescout Research Vedere Labs in April 2026 as part of a broader set of vulnerabilities collectively codenamed BRIDGE:BREAK that impacted serial-to-IP converters from Lantronix and Silex. There are currently no details on how the vulnerability is being exploited, or who is behind the efforts.
The disclosure comes as CISA also confirmed active exploitation of three maximum-severity security defects in Ubiquity UniFi OS, days after Defused Cyber said it detected in-the-wild abuse of the remote code execution chain comprising CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910 to deploy commodity malware. CVE-2026-34908 - An improper input validation vulnerability that could allow a malicious actor with access to the network to conduct command injection CVE-2026-34909 - A path traversal vulnerability that could allow a malicious actor with access to the network to access files on the underlying system that could be manipulated to access an underlying account. CVE-2026-34910 - An improper access control vulnerability that could allow a malicious actor with access to the network to make unauthorized changes to the system. Earlier this month, Bishop Fox detailed a proof-of-concept (PoC) that chains together the three shortcomings to obtain a reverse shell with full root privileges in a single request.
Patches for the flaws were released by Ubiquiti late last month. “The vulnerabilities could allow remote attackers to make unauthorized system changes, access sensitive files, disclose information, or execute arbitrary commands on vulnerable systems, highly impacting the confidentiality, integrity, and availability of targeted devices,” Belgium’s Centre for Cybersecurity said . “Given that UniFi OS devices are often centrally integrated into networks, successful compromise could enable lateral movement and broader network compromise.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
Amadey and StealC Malware Network Disrupted, 27M Stolen Credentials Recovered
A coordinated law enforcement operation, in partnership with private sector companies, including Bitdefender, Bitsight, ESET, and Microsoft, has resulted in the takedown of criminal infrastructure powering Amadey and StealC. “The main common goal was to disrupt the ‘assembly lines’ cybercriminals use to launch ransomware, financial fraud, and attacks on critical infrastructure,” Europol said in a statement. The development comes days after authorities from the Netherlands, Canada, Germany, and the U.S. disrupted malicious infrastructure associated with SocGholish and cleaned up nearly 15,000 infected WordPress websites.
As part of the two-week-long action, cryptocurrency assets of criminal origin valued at more than $47 million have been identified, flagged, and restricted from use. In addition, as many as 27 million stolen login credentials have been recovered, and the malware distribution network has been hindered by dismantling 326 servers and 142 domains. “This takedown is a powerful demonstration of what public and private sector collaboration can achieve in dismantling the infrastructure that enables cybercrime at scale,” Alex Cosoi, chief security strategist at Bitdefender, said in a statement. “It also sends a clear message to those behind malware ecosystems: no matter how sophisticated the tools or how distributed the network, coordinated international action will find them.” All three malware families are known to be advertised under a malware-as-a-service (MaaS) model, allowing customers to deliver additional payloads or steal sensitive information from compromised hosts.
SocGholish and Amadey function as loaders for introducing next-stage malware, with the malware primarily disseminated using compromised WordPress sites and phishing campaigns, respectively. Amadey has also been propagated via other loaders like Emmenhtal and SmokeLoader . A C++-based modular backdoor, it’s known to be active since October 2018 and advertised by a threat actor known as InCrease. The service is priced at $600 for a single license, with an extra $50 charged per rebuild.
The latest version of Amadey is 5.87. Some of the supported commands are listed below - Fingerprint the machine Downloads files, DLLs, MSI, or PowerShell scripts Run commands using “cmd.exe” Take screenshots Spawn a SOCKS proxy Open a VNC or reverse proxy session Capture clipboard contents and credentials Enable RDP According to data published by Mitsui Bussan Secure Directions, the daily number of active Amadey command-and-control (C2 or C&C) servers ranged roughly between two and 18 until around September 2022. “From January 2023 to early December 2023, however, this figure rose to between 5 and 30, suggesting that Amadey had come into widespread use,” the Japanese cybersecurity company said . “In 2024, after a brief dormant period, the daily count gradually declined from a peak of 17 and has continued to fall to the present day.” The number of malware samples distributed via Amadey is said to have scaled a high of 11,635 in 2025, up from 66 in 2019, 260 in 2020, 1,231 in 2021, 3,500 in 2022, 8,360 in 2023, and 7,619 in 2024.
Since the start of the year, 1,837 payloads have been distributed through the malware loader. Malware dropped by Amadey in 2025 and 2026 and StealC in 2026 StealC, on the other hand, has leveraged various initial access vectors ranging from malware loaders (including Amadey ) and ClickFix lures, and is equipped to extract sensitive information, such as screenshots, credentials, session cookies, autofill entries, credit card data, browsing history, and extension data. The malware first surfaced in the wild in January 2023 and sold for $300 per month (or $1,000 for six months) by a threat actor using the moniker “plymouth.” Like Amadey, StealC has been actively maintained by its operators. As of June 2026, the latest version of the stealer is 2.2.1.
The highest infection concentrations have been reported in the U.S., Poland, and Italy. Besides targeting Chromium browsers, the malware harvests data from desktop applications like Discord, FileZilla, Foxmail, Microsoft Outlook, Steam, and Telegram, as well as files matching certain naming patterns. It also acts as a secondary loader, capable of downloading and executing EXE, MSI, or PowerShell payloads based on commands from an external server. Written in C++, a notable aspect of the stealer is its ability to query the system’s default language and terminate itself if the locale matches countries like Russia, Ukraine, Belarus, Kazakhstan, or Uzbekistan.
Amadey also features a similar check to skip certain functionalities like credential stealing and clipboard stealing when running on a Russian, Ukrainian, or Belarusian host. A representative infostealer to ransomware attack chain Earlier this January, CyberArk disclosed a cross-site scripting (XSS) vulnerability in the web-based control panel by the StealC operators that made it possible to glean insights into the MaaS operation, including one of its customers named YouTubeTA, who has relied on Google’s video sharing platform to distribute the stealer by advertising cracked versions of Adobe Photoshop and Adobe After Effects. IBM X-Force and Proofpoint also noted that multiple security flaws were identified in the C2 panel, one of which was a directory traversal bug that made it possible to upload a web shell to the StealC C2 server. The issue was patched by StealC developers in February 2026, but not before it was likely exploited by an affiliate to steal data from other affiliates.
Proofpoint researchers told The Hacker News via email that “the vulnerability we reported on is different than the ones reported by CyberArk,” adding it does not participate in active exploitation or “hacking back” activities. “Where applicable, if our researchers identify exploitable aspects of malicious infrastructure or tooling that can be used for investigations, we will report them to the proper authorities,” it said. “In both ecosystems, affiliates receive a self-hosted administration panel that must be deployed on their own server infrastructure,” ESET researchers Jakub Tomanek and Tomáš Procházka said . “Amadey used a pay-per-rebuild model.
Affiliates purchased a license and then paid an additional fee each time they needed to generate a new build, for example, when rotating to a new C&C server.” “StealC took a more affiliate-friendly approach, offering unlimited build generation as part of its subscription. This lowered the operational cost of rotating C&C infrastructure and made it easier for affiliates to generate new samples as needed.” A total of 53 unique clusters have been inside the Amadey ecosystem, with the largest botnet cluster distributing payloads like Lumma Stealer, Vidar Stealer, StealC, Rugmi, PureCrypter, Agent Tesla, Rhadmanthys Stealer, RedLine Stealer, SmokeLoader, XWorm, and AsyncRAT. Microsoft has revealed that not only do Amadey and StealC employ the same infrastructure, but the malware families have been linked to more than 140,000 infected computers globally in the first two weeks of May 2026. The tech giant said it has identified over 18,000 victim computers and severed criminal control of those devices.
In all, the tech giant said it flagged 200 malicious Amadey and StealC C2 domains and IP addresses, all of which have since been shut down using a combination of court orders, domain seizures, registrations, and provider notifications. Daily trend in the number of active Amadey C2 servers “Loaders and stealers are the two halves of the commodity malware pipeline,” Bitsight said . “A loader gets the first foothold and rents it out; a stealer leverages that foothold to collect credentials, cookies, and wallets, to then be sold on underground forums (including Telegram).” The latest effort, which took place between June 15 and 19, 2026, marks the latest chapter of Operation Endgame. It involved judicial authorities and law enforcement from Belgium, Canada, Denmark, France, Germany, the Netherlands, the U.K., and the U.S.
“Operation Endgame targets the initial access malware used to infect devices,” Eurojust said . “Cybercriminals use this malware as a gateway to silently infiltrate victims’ systems and steal sensitive data. By fighting the initial stage of the attack chain, the operation strikes at the heart of the entire ‘cybercrime-as-a-service’ ecosystem.” (The story was updated after publication to include a response from Proofpoint.) Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks
Cybersecurity researchers have flagged a new class of CI/CD workflow weakness that allows attackers to hijack workflows and compromise open-source supply chains. The “critical exploitable pattern” has been codenamed Cordyceps by Novee Security. The issue can allow full attacker control of repositories at dozens of the largest organizations worldwide, including Microsoft, Google, Apache, and Cloudflare. “The flaw is exploitable by any unauthenticated user,” Elad Meged, founding engineer and security researcher at Novee Security, said .
“No org membership or special privileges; a free account is enough to forge approvals, push code, or steal credentials.” The penetration-testing company’s scan of about 30,000 high-impact repositories has revealed more than 300 to be fully exploitable, enabling attacker-controlled code execution, credential theft, and supply chain compromise, which can have severe downstream impacts. The core of the problem trickles down to weak CI/CD configurations that grant pull requests (PRs) more permissions than they should have. PRs are proposals to merge code changes from one branch into the main project. However, because an untrusted PR can trigger privileged workflows, it can open the door to command injection, privilege escalation, and supply chain compromise.
“This supply chain vulnerability lies in the foundational open-source plumbing the entire industry runs on, and the kind of issue that hides from scanners because, technically, every individual piece is working as designed,” Novee explained. “The workflow does what it was told. The vulnerability exists only in the composition – untrusted data crossing a trust boundary that no one audited.” On Microsoft’s Azure Sentinel, for example, Novee found a comment on a PR that could run anonymous attacker code on Microsoft’s CI and steal a non-expiring GitHub App key. In a similar case, a PR on Google’s AI Agent Development Kit (“adk-samples”) could execute attacker code on Google’s CI to gain complete authority over a Google Cloud repository.
Other findings are listed below - Apache Doris, where two zero-click attacks cause a single comment on any PR or a forked PR to run attacker code and exfiltrate hard-coded CI credentials or a token with full write permissions Cloudflare Workers SDK, where a PR with a crafted branch name can execute arbitrary commands on Cloudflare’s CI runners Python Software Foundation’s Black, where a single pull request from anyone could execute attacker code on Black’s build systems and steal the automation token, which can then be used to approve pull requests. Following responsible disclosure, both Microsoft and Google confirmed impact, while Cloudflare, Python, and Apache have applied hardening and patches, respectively. “The nature of agentic coding means these CI/CD vulnerabilities are reproduced persistently, at scale, ‘infecting’ repositories at an exponential rate,” Meged said. “Because anonymous users can use them to gain control over the software supply chain, we like to think of it as ‘puppeteering’ the repositories of some of the world’s biggest companies, silently manipulating their workflows.” Found this article interesting?
Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
Dawn of the Apex Agentic Adversary
We are standing at the end of an era we never thought to mourn: the era of human-speed threats . For years, cybersecurity moved to a rhythm organizations could follow. A researcher found a bug, a CVE was cataloged, a vendor navigated a patch cycle, and weeks or even months later, a fix was deployed. In this era, dwell time was measured in days, sometimes weeks.
We are now approaching an inflection point in the threat timeline unlike any that came before it. The trigger was the emergence of frontier agentic models in early 2026: AI entities that no longer just suggested code, but actively tested it. These models don’t merely accelerate the offensive lifecycle; they radically compress the time between discovery and weaponization. The predator wearing a productivity badge There is a reason the old saying warns about the wolf in sheep’s clothing.
In the scramble to stay competitive, organizations have handed AI the keys to the deepest layers of their infrastructure: granting LLM agents write access to repos and allowing third-party AI wrappers to plug into internal APIs. These are the sheep: the helpful, fluffy productivity boosters sitting in our software ribbons. But there lie wolves in the fabric. The same technology that allows a developer to refactor code in seconds gives agentic offensive models the power to hunt for logic flaws at the same speed.
These tools are capable of finding an exposure, weaponizing it, and executing a breach before a human defender has even finished their first cup of coffee. The operational agility that modernized our workflows is now the same agility an adversary can turn against them. The death of the Catalog The most unsettling part of this cusp is not just the speed, but the increasing anonymity. In the pre-AI era, we relied on public exploitation accounting like CISA’s KEV Catalog and EPSS.
We looked for known signatures and documented behaviors. But as AI-driven breaches become autogenous and self-generating, they become ephemeral. Attacks will soon be so fast, so targeted, and so mutated that they will not even stay in the room long enough to be cataloged. If attack design, creation, and execution happen at machine speed and there is no signature to find, did it even happen?
- By the time your SIEM triggers an alert, the AI agent has already pivoted, exfiltrated, and potentially left no trace. The illusion of separation in a converged world
- The risk compounds because our fabric is no longer just digital; it is physical. The continuing convergence of IT and OT has created a unified playground for AI attackers. We used to rely on the
- segmentation illusion
- the comfortable assumption that our critical industrial assets were air-gapped or safely tucked away behind firewalls.
In a converged world, that air gap or segmentation is a design flaw. An AI agent does not see a firewall; it sees an exploitable asset. In this evolving landscape, lateral movement is an automated reflex. The AI identifies the technician’s laptop that bridges the corporate Wi-Fi to the factory LAN and traverses that gap in milliseconds.
It treats insecure-by-design industrial protocols like Modbus, BACnet, and S7comm as open expressways. When an IT-originated breach cascades into the OT environment at machine speed, it is no longer just a data leak. It is a factory floor shutdown or a safety valve opening. It is the wolf moving from the screen to the physical world.
Taking the tactical high ground (Layer 2 and below) The agentic adversary wins on information asymmetry. They thrive in the information gap : the space between what you think is on your network and what is actually there. Asset inventory is no longer a compliance formality; it defines the boundaries of your hunting ground. While your attention is focused on the imminent exploit hitting your secure servers, an AI agent is already identifying the choke points you didn’t know you had: the single multi-homed device or forgotten workstation that grants total access to the critical areas of your network.
You cannot outrun a predator if you are tripping over your own blind spots. To survive, defensive strategies must shift from reactive to proactive environmental hardening. runZero built their latest capabilities to deny the adversary the shadows they need to operate: Mapping the unmappable: runZero introduced the ability to peek behind protocol gateways. Where traditional tools see a single gateway IP, runZero leverages its unrivaled library of proprietary IT, IoT, and OT protocol safe-probes to walk the backplane.
It natively queries and unmasks the dozens of PLCs and field-level devices sitting downstream, ensuring no industrial asset stays hidden. Illuminating the unknown: Agentic models can swiftly hunt for rogue access points, forgotten IoT devices, and shadow IT that lack security coverage. runZero’s unauthenticated discovery uses these same advanced protocol insights to identify unmanaged assets without requiring agents or credentials, ensuring that your blind spots don’t become an adversary’s primary point of entry. Validating the assumption: Recent research on network segmentation shows that many of these paths are accidental.
Interactive attack path mapping allows you to move past assumptions, visualizing exactly how an attacker could use these multi-protocol environments to move laterally through your IT and OT systems alike. Acting on Asset Intelligence: Knowing you have exposures isn’t enough; you need to know which ones are most critical to address first. runZero prioritizes your risk by identifying the exact choke points where your vulnerabilities intersect with viable cross-protocol attack paths. Instead of wasting cycles fixing everything, you can fortify the precise defensive bottlenecks that completely cut off the intruder’s route to your critical assets.
Identify the predator or become the prey We have not yet reached the point where every attack is an instantaneous strike. While frontier AI’s offensive capabilities haven’t reached total autonomy yet, here is the sobering truth: this is the least capable these models will ever be. The predator is learning. We are currently moving through the tall grass of the perimeter’s blind spot.
While most organizations are still scanning for the tracks of yesterday’s hunters, a new breed of agentic adversary is already circling. Your only hope of survival is to spot the predator before it breaks cover. See what’s on your network in minutes with runZero, start a free trial or book a demo . Found this article interesting?
This article is a contributed piece from one of our valued partners. Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
DoJ Seizes Huione Cloud Account Tied to Cyber Scam Money Laundering
The U.S. Department of Justice (DoJ) on Tuesday announced the seizure of a cloud computing account put to use by subsidiaries of Cambodia-based corporate conglomerate HuiOne Group, as the Treasury unveiled fresh sanctions against nine individuals and 26 entities linked to Prince Group . “These subsidiaries are alleged to have assisted individuals and organizations in transferring proceeds of cryptocurrency investment frauds, cyber scams, and other criminal activities on cryptocurrency blockchains and allowing for the conversion of the proceeds of these schemes to the legitimate banking sector undetected,” the DoJ said. The seized account, the Justice Department added, hosted backend infrastructure for the subsidiaries, including HuiOne Guarantee (aka Haowang Guarantee), which operated an illicit Telegram-based marketplace that engaged in transactions with billions of dollars between 2021 and 2025 by peddling a wide range of crimeware tools.
These included personal and financial data, money laundering services, web development services for setting up fraudulent investment platforms and phishing websites, the procurement of individuals for human trafficking schemes, as well as software to facilitate face swapping, voice cloning, and deepfake-powered impersonation during video calls with victims. “HuiOne Guarantee also provided escrow services for criminals transacting on its platforms to facilitate transactions, including money launderers laundering cryptocurrency,” the DoJ said. “In doing so, HuiOne Guarantee facilitated the movement of considerable funds stolen by Southeast Asian scam centers .” A July 2024 analysis from Elliptic revealed that merchants on HuiOne also marketed tear gas, electric batons, and electronic shackles for use by scam compound operators to imprison and torture their workers. “The merchants refer to ‘preventing escapers’ and controlling ‘runaway dogs,’” the company noted at the time.
“Those working within the scam compounds are commonly referred to as ‘dogs’ or ‘dog pushers.’” “The HuiOne Group used this cloud computing account as part of a technological backbone that allowed billions in fraud proceeds to be transferred, moved, and concealed – much of it stolen through Southeast Asian scam centers,” said Assistant Attorney General A. Tysen Duva of the Justice Department’s Criminal Division. “Seizures of these marketplaces is critical in the fight against fraud that affects so many Americans, and to stop avenues for criminal proceeds to be laundered.” Although HuiOne announced it was ceasing operations in May 2025, a new analysis from Flare has revealed that more than 30 marketplaces have emerged since to fill up the void left by the guarantee platform, with the operators building proprietary messaging platforms to bypass Telegram’s bans. “The wave of enforcement in 2025 was the first coordinated attempt to reach both the financial and physical layers of the ecosystem at the same scale,” Flare researcher Chris d’Eon said .
“It has produced visible adaptation, including reshuffled channel branding, redistributed flows across successor markets, and accelerated work on alternative venues. However, it has not meaningfully reduced volume across the ecosystem in aggregate.” In tandem, the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN) has assessed H-Pay Service PLC as a primary money laundering concern to guard against “HuiOne Group’s attempts to circumvent being cut off from the U.S. financial system .” It’s worth noting that FinCEN designated HuiOne Group as a “primary money laundering concern” in May 2025.
“Merchants sold money laundering services, stolen personal data, websites and other goods and services necessary to perpetrate so-called ‘pig butchering’ scams and other online fraud,” Elliptic said in a statement. “By the time HuiOne was forced offline, it had received more than $31 billion in cryptoasset transactions, making it the largest illicit online marketplace ever recorded, more than 25 times larger than Silk Road and AlphaBay combined.” The development also comes as the Treasury levied sanctions against Prince Group’s leadership, investors in scam compounds , and front companies, a little over eight months after it was classified as a Transnational Criminal Organization (TCO) for its role in furthering a criminal enterprise built on the foundations of scam compounds, fraud, and money laundering. Prince Group’s chairman, Chen Zhi has since been arrested, extradited to China, and stripped of his Cambodian citizenship. “Transnational criminal organizations based in Southeast Asia, like the Prince Group TCO and with support of their enablers like HuiOne Group, continue to target Americans through large-scale cyber-enabled fraud and scam operations,” Treasury said .
Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
Cisco Unified CM Flaw Exploited After PoC Reveals File-Write Path to Root
Threat actors have begun to exploit a recently disclosed critical security flaw impacting Cisco Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME). The vulnerability, tracked as CVE-2026-20230 (CVSS score: 8.6), is a case of improper input validation for specific HTTP requests that could allow an unauthenticated, remote attacker to conduct server-side request forgery (SSRF) attacks through an affected device. “An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device,” Cisco said in an advisory released earlier this month. “A successful exploit could allow the attacker to write files to the underlying operating system that could be used later to elevate to root.” In a post shared on X earlier this week, Defused Cyber said it observed active exploitation of the vulnerability in attacks.
“This is currently being exploited from a single source using an unvetted PoC, with genuinely-formatted file:// file-write payloads landing on our decoys,” it noted. However, for successful exploitation to occur, the WebDialer service must be enabled. It’s disabled by default. To check if the WebDialer is enabled, users can complete the following steps - Log in to the Cisco Unified CM Administration interface From the Navigation menu, choose Cisco Unified Serviceability and click Go From the Tools menu, choose Control Center - Feature Services In the CTI Services section of the page, check whether the current status of the Cisco WebDialer Web Service is Started or Not Running If the status is Started, WebDialer is enabled The vulnerability has been patched in Unified CM and Unified CM SME versions 14SU6 and 15SU5.
If immediate patching is not an option, it’s advised to disable the WebDialer service until a fix can be applied. SSD Secure Disclosure has since published additional technical specifics of CVE-2026-20230, describing it as a flaw that allows unauthenticated attackers to arbitrarily write files in the server by leveraging the Webdialer component to obtain the true hostname of the target and ultimately achieve code execution. Cisco has yet to update the advisory to reflect the exploitation status. Last week, the network security company released security updates for a medium-severity security flaw in Catalyst SD-WAN Manager ( CVE-2026-20262 , CVSS score: 6.5) that has come under active exploitation in the wild.
Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.