Posts on Security, Cloud, DevOps, Citrix, VMware and others.
Words and views are my own and do not reflect on my companies views.
Disclaimer: some of the links on this site are affiliate links, if you click on them and make a purchase, I make a commission.
Hungarian domestic intelligence, the national police in El Salvador, and several U.S. law enforcement and police departments have been attributed to the use of an advertising-based global geolocation surveillance system called Webloc.
The tool was developed by Israeli company Cobwebs Technologies and is now sold by its successor Penlink after the two firms merged in July 2023, according to a report published by the Citizen Lab. Penlink, founded in 1986, is a provider of "mission-critical communications and digital evidence collection and analysis software" to law enforcement agencies in the U.S. and across the world.
U.S. customers of the Webloc include Immigration and Customs Enforcement (ICE), the U.S. military, Texas Department of Public Safety, DHS West Virginia, NYC district attorneys, and various police departments in Los Angeles, Dallas, Baltimore, Tucson, Durham, and in smaller cities and counties like the City of Elk Grove and Pinal County.
"Webloc is sold as an add-on product to the social media and web intelligence system Tangles," Citizen Lab researchers Wolfie Christl, Astrid Perry, Luis Fernando Garcia, Siena Anstis, and Ron Deibert said. "Webloc provides access to a constantly updated stream of records from up to 500 million mobile devices across the globe that contain device identifiers, location coordinates, and profile data harvested from mobile apps and digital advertising."
The ad-based surveillance system, in a nutshell, makes use of data purchased from mobile apps and digital advertising to analyze the behaviours and movements of hundreds of millions of people. It was officially announced by Cobwebs Technologies in October 2020, describing it as a "cutting-edge location intelligence platform that gathers and analyzes web data fused with geospatial data points, using interactive layered maps to connect the digital world with physical data."
Customers of the tool can use it to monitor the location, movements, and personal characteristics of entire populations up to three years in the past. According to information available on Penlink's website, Webloc can be used for "investigating and interpreting location-based data to support your cases." Webloc also has the capability to infer location from IP addresses and identify the persons behind the devices by gathering their home addresses and workplaces.
Interestingly, Cobwebs Technologies was among the seven cyber mercenaries that were deplatformed by Meta in December 2021 for operating about 200 accounts to conduct reconnaissance on targets and even engage in social engineering to join closed communities and forums and trick people into revealing personal information.
The social media giant revealed at the time that it had identified Cobwebs Technologies customers in Bangladesh, Hong Kong, the United States, New Zealand, Mexico, Saudi Arabia, and Poland. "In addition to targeting related to law enforcement activities, we also observed frequent targeting of activists, opposition politicians, and government officials in Hong Kong and Mexico," Meta noted.
Reports from 404 Media, Forbes, and Texas Observer have revealed that Webloc can be used to track phones without a warrant, with one procurement notice highlighting the tool's "ability to automate and continuously monitor unique mobile advertising IDs, geolocated IP addresses, and connected devices analysis."
An analysis of corporate records and other public information has revealed that Cobwebs Technologies shares links to Israeli spyware vendor Quadream through Omri Timianker, the founder and former president of Cobwebs Technologies, who now oversees Penlink's international operations. The company is suspected to have shuttered its operations in 2023.
As many as 219 active servers associated with Cobwebs product deployments have been identified, most of which are located in the U.S. (126), Netherlands (32), Singapore (17), Germany (8), Hong Kong (8), and the U.K. (7). Potential product servers have also been detected in various countries across Africa, Asia, and Europe.
Responding to the report, Penlink said the findings "appear to rely on either inaccurate information or a misunderstanding about how we operate, including practices that Penlink does not engage in following our acquisition of Cobwebs Technologies in 2023." It also said it complies with U.S. state privacy laws.
"Our research shows that intrusive and legally questionable ad-based surveillance (i.e., without a warrant or adequate oversight) is being used by military, intelligence, and law enforcement agencies down to local police units in several countries across the globe," the Citizen Lab said.
from The Hacker News https://ift.tt/V2647AI
via IFTTT
A critical security vulnerability in Marimo, an open-source Python notebook for data science and analysis, has been exploited within 10 hours of public disclosure, according to findings from Sysdig. The vulnerability in question is CVE-2026-39987 (CVSS score: 9.3), a pre-authenticated remote code execution vulnerability impacting all versions of Marimo prior to and including
from The Hacker News https://ift.tt/paqQ7Ov
via IFTTT
Microsoft Defender Security Research has observed a widespread phishing campaign leveraging the device code authentication flow to compromise organizational accounts at scale. While traditional device code attacks are typically narrow in scope, this campaign demonstrated a higher success rate, driven by automation and dynamic code generation that circumvented the standard 15-minute expiration window for device codes. This activity aligns with the emergence of EvilTokens, a phishing-as-a-service (PhaaS) toolkit identified as a key driver of large-scale device code abuse.
This campaign is distinct because it moves away from static, manual scripts toward an AI-driven infrastructure and multiple automations end-to-end. This activity marks a significant escalation in threat actor sophistication since the Storm-2372 device code phishing campaign observed in February 2025.
Advanced backend automation: Threat actors used automation platforms like Railway.com to spin up thousands of unique, short-lived polling nodes. This approach allowed them to deploy complex backend logic (Node.js), which bypassed traditional signature-based or pattern-based detection. This infrastructure was leveraged in the attack end-to-end from generating dynamic device codes to post compromise activities.
Hyper-personalized lures: Generative AI was used to create targeted phishing emails aligned to the victim’s role, including themes such as RFPs, invoices, and manufacturing workflows, increasing the likelihood of user interaction.
Dynamic code generation: To bypass the 15-minute expiration window for device codes, threat actors triggered code generation at the moment the user interacted with the phishing link, ensuring the authentication flow remained valid.
Reconnaissance and persistence: Although many accounts were compromised, follow-on activity focused on a subset of high-value targets. Threat actors used automated enrichment techniques, including analysis of public profiles and corporate directories, to identify individuals in financial or executive roles. This enabled rapid reconnaissance, mapping of permissions, and creation of malicious inbox rules for persistence and data exfiltration.
Once authentication tokens were obtained, threat actors focused on post-compromise activity designed to maintain access and extract data. Stolen tokens were used for email exfiltration and persistence, often through the creation of malicious inbox rules that redirected or concealed communications. In parallel, threat actors conducted Microsoft Graph reconnaissance to map organizational structure and permissions, enabling continued access and potential lateral movement while tokens remained valid.
Attack chain overview
Device code authentication is a legitimate OAuth flow designed for devices with limited interfaces, such as smart TVs or printers, that cannot support a standard interactive login. In this model, a user is presented with a short code on the device they are trying to sign in from and is instructed to enter that code into a browser on a separate device to complete authentication.
While this flow is useful for these scenarios, it introduces a security tradeoff. Because authentication is completed on a separate device, the session initiating the request is not strongly bound to the user’s original context. Threat actors have abused this characteristic as a way to bypass more traditional MFA protections by decoupling authentication from the originating session.
Device code phishing occurs when threat actors insert themselves into this process. Instead of a legitimate device requesting access, the threat actor initiates the flow and provides the user with a code through a phishing lure. When the user enters the code, they unknowingly authorize the threat actor’s session, granting access to the account without exposing credentials.
Phase 1: Reconnaissance and target validation
The threat actor begins by verifying account validity using the GetCredentialType endpoint. By querying this specific Microsoft URL, the threat actor confirms whether a targeted email address exists and is active within the tenant. This reconnaissance phase is a critical precursor, typically occurring 10 to 15 days before the actual phishing attempt is launched.
The campaign uses a multi-stage delivery pipeline designed to bypass traditional email gateways and endpoint security. The attack begins when a user interacts with a malicious attachment or a direct URL embedded within a high-pressure lure (e.g., “Action Required: Password Expiration”).
To evade automated URL scanners and sandboxes, the threat actors do not link directly to the final phishing site. Instead, they use a series of redirects through compromised legitimate domains and high-reputation “Serverless” platforms. We observed heavy reliance on Vercel (*.vercel.app), Cloudflare Workers (*.workers.dev), and AWS Lambda to host the redirect logic. By using these domains, the phishing traffic “blends in” with legitimate enterprise cloud traffic, preventing simple domain-blocklist triggers.
Once the targeted user is redirected to the final landing page, the user is presented with the credential theft interface. This is hosted as browser-in-the-browser (an exploitation technique commonly leveraged by the threat actor that simulates a legitimate browser window within a web page that loads the content threat actor has created) or displayed directly within the web-hosted “preview” of the document with a blurred view, “Verify identity” button that redirects the user to “Microsoft.com/devicelogin” and device code displayed.
Below is an example of the final landing page, where the redirect to DeviceLogin is rendered as browser-in-the-browser.
The campaign utilized diverse themes, including document access, electronic signing, and voicemail notifications. In specific instances, the threat actor prompted users for their email addresses to facilitate the generation of a malicious device code.
Unlike traditional phishing that asks for a password, this “Front-End” is designed to facilitate a handoff. The page is pre-loaded with hidden automation. The moment the “Continue to Microsoft” button is clicked, the authentication begins, preparing the victim for the “Device Code” prompt that follows in the next stage of the attack.
The threat actor used a combination of domain shadowing and brand-impersonating subdomains to bypass reputation filters. Several domains were designed to impersonate technical or administrative services (e.g., graph-microsoft[.]com, portal-azure[.]com, office365-login[.]com). Also, multiple randomized subdomains were observed (e.g., a7b2-c9d4.office-verify[.]net). This is a common tactic to ensure that if one URL is flagged, the entire domain isn’t necessarily blocked immediately. Below is a distribution of Domain hosting infrastructure abused by the threat actor:
Phase 2: Initial access
The threat actor distributes deceptive emails to the intended victims, utilizing a wide array of themes like invoices, RFPs, or shared files. These emails contain varied payloads, including direct URLs, PDF attachments, or HTML files. The goal is to entice the user into interacting with a link that will eventually lead them to a legitimate-looking but threat actor-controlled interface.
Phase 3: Dynamic device code generation
When a user clicks the malicious link, they are directed to a web page running a background automation script. This script interacts with the Microsoft identity provider in real-time to generate a live Device Code. This code is then displayed on the user’s screen along with a button that redirects them to the official microsoft.com/devicelogin portal.
The 15-Minute race: Static vs. dynamic
A pivotal element of this campaign’s success is dynamic device code generation, a technique specifically engineered to bypass the inherent time-based constraints of the OAuth 2.0 device authorization flow. A generated device code remains valid for only 15 minutes. (Ref: OAuth 2.0 device authorization grant). In older, static phishing attempts, the threat actor would include a pre-generated code within the email itself. This created a narrow window for success: the targeted user had to be phished, open the email, navigate through various redirects, and complete a multi-step authentication process all before the 15-minute timer lapsed. If the user opened the email even 20 minutes after it was sent, the attack would automatically fail due to the expired code.
Dynamic Generation effectively solves this for the threat actor. By shifting the code generation to the final stage of the redirect chain, the 15-minute countdown only begins the moment the victim clicks the phishing link and lands on the malicious page. This ensures the authentication code is always active when the user is prompted to enter it.
Generating the device code
The moment the user is redirected to the final landing page, the script on the page initiates a POST request to the threat actor’s backend (/api/device/start/ or /start/). The threat actor’s server acts as a proxy. The request carries a custom HTTP header “X-Antibot-Token” with a 64-character hex value, and an empty body (content-length: 0)
It contacts Microsoft’s official device authorization endpoint on-demand and provides the user’s email address as hint. The server returns a JSON object containing Device Code (with a full 15-minute lifespan) and a hidden Session Identifier Code. Until this is generated, the landing page takes some time to load.
Phase 4: Exploitation and authentication
To minimize user effort and maximize the success rate, the threat actor’s script often automatically copies the generated device code to the user’s clipboard. Once the user reaches the official login page, they paste the code. If the user does not have an active session, they are prompted to provide their password and MFA. If they are already signed in, simply pasting the code and confirming the request instantly authenticates the threat actor’s session on the backend.
Clipboard manipulation
To reduce a few seconds in 15-minute window and to enable user to complete authentication faster, the script immediately executes a clipboard hijack. Using the navigator.clipboard.writeText API, the script pushes the recently generated Device Code onto the victim’s Windows clipboard. Below is a screenshot of a campaign where the codes were copied to the user’s clipboard from the browser.
Phase 5 – Session validation
Immediately following a successful compromise, the threat actor performs a validation check. This automated step ensures that the authentication token is valid and that the necessary level of access to the target environment has been successfully granted.
The polling
After presenting the code to the user and opening the legitimate microsoft.com/devicelogin URL, the script enters a “Polling” state via the checkStatus() function to monitor the 15-minute window in real-time. Every 3 to 5 seconds (setInterval), the script pings the threat actor’s /state endpoint. It sends the secret session identifier code to validate if the user has authenticated yet. While the targeted user is entering the code on the real Microsoft site, the loop returns a “pending” status.
The moment the targeted user completes the MFA-backed login, the next poll returns a success status. The threat actor’s server now possesses a live Access Token for the targeted user’s account, bypassing MFA by design, due to the use of the alternative Device Code flow. The user is also redirected to a placeholder website (Docusign/Google/Microsoft).
Phase 6: Establish persistence and post exploitation
The final stage varies depending on the threat actor’s specific objectives. In some instances, within 10 minutes of the breach, threat actor’s registered new devices to generate a Primary Refresh Token (PRT) for long-term persistence. In other scenarios, they waited several hours before creating malicious inbox rules or exfiltrating sensitive email data to avoid immediate detection.
Post compromise
Following the compromise, attack progression was predominantly observed towards Device Registration and Graph Reconnaissance.
In a selected scenario, the attack progressed to email exfiltration and account persistence through Inbox rules created using Microsoft Office Application. This involved filtering the compromised users and selecting targets:
Persona Identification: The threat actor reviewed and filtered for high-value personas—specifically those in financial, executive, or administrative roles—within the massive pool of compromised users.
Accelerated Reconnaissance: Using Microsoft Graph reconnaissance, the threat actor programmatically mapped internal organizational structures and identify sensitive permissions the moment a token was secured.
Targeted Financial Exfiltration: The most invasive activity was reserved for users with financial authority. For these specific profiles, the threat actors performed deep-dive reconnaissance into email communications, searching for high-value targets like wire transfer details, pending invoices, and executive correspondence.
Below is an example of an Inbox rule created by the threat actor using Microsoft Office Application.
Mitigation and protection guidance
To harden networks against the Device code phishing activity described above, defenders can implement the following:
Educate users about common phishing techniques. Sign-in prompts should clearly identify the application being authenticated to. As of 2021, Microsoft Azure interactions prompt the user to confirm (“Cancel” or “Continue”) that they are signing in to the app they expect, which is an option frequently missing from phishing sign-ins. Be cautious of any “[EXTERNAL]” messages containing suspicious links. Do not sign-in to resources provided by unfamiliar senders. For more tips and guidance – refer to Protect yourself from phishing | Microsoft Support.
Configure Anti-phising policies. Anti-phishing policies protect against phishing attacks by detecting spoofed senders, impersonation attempts, and other deceptive email techniques.
Configure Safelinks in Defender for Office 365. Safe Links scanning protects your organization from malicious links that are used in phishing and other attacks. Safe Links can also enable high confidence Device Code phishing alerts from Defender.
Implement a sign-in risk policy to automate response to risky sign-ins. A sign-in risk represents the probability that a given authentication request is not authorized by the identity owner. A sign-in risk-based policy can be implemented by adding a sign-in risk condition to Conditional Access policies that evaluates the risk level of a specific user or group. Based on the risk level (high/medium/low), a policy can be configured to block access or force multi-factor authentication.
For regular activity monitoring, use Risky sign-in reports, which surface attempted and successful user access activities where the legitimate owner might not have performed the sign-in.
Microsoft recommends the following best practices to further help improve organizational defences against phishing and other credential theft attacks:
Require multifactor authentication (MFA). Implementation of MFA remains an essential pillar in identity security and is highly effective at stopping a variety of threats.
Centralize your organization’s identity management into a single platform. If your organization is a hybrid environment, integrate your on-premises directories with your cloud directories. If your organization is using a third-party for identity management, ensure this data is being logged in a SIEM or connected to Microsoft Entra to fully monitor for malicious identity access from a centralized location. The added benefits to centralizing all identity data is to facilitate implementation of Single Sign On (SSO) and provide users with a more seamless authentication process, as well as configure Entra ID’s machine learning models to operate on all identity data, thus learning the difference between legitimate access and malicious access quicker and easier. It is recommended to synchronize all user accounts except administrative and high privileged ones when doing this to maintain a boundary between the on-premises environment and the cloud environment, in case of a breach.
Microsoft Defender XDR customers can refer to the list of applicable detections below. Microsoft Defender XDR coordinates detection, prevention, investigation, and response across endpoints, identities, email, and apps to provide integrated protection against attacks like the threat discussed in this blog.
Customers with provisioned access can also use Microsoft Security Copilot in Microsoft Defender to investigate and respond to incidents, hunt for threats, and protect their organization with relevant threat intelligence.
Using Safe Links and Microsoft Entra ID protection raises high confidence Device Code phishing alerts from Defender.
Tactic
Observed activity
Microsoft Defender coverage
Initial Access
Identification and blocking of spearphishing emails that use social engineering lures to direct users to threat actor-controlled pages that ultimately redirect to legitimate Microsoft device sign-in endpoints (e.g., microsoft.com/devicelogin). Detection relies on campaign-level signals, sender behavior, and message content rather than URL reputation alone, enabling coverage even when legitimate Microsoft authentication URLs are abused.
Microsoft Defender for Office 365
Predelivery protection for device code phishing emails.
Credential Access
Detects anomalous device code authentication using authentication patterns and token acquisition after successful device code auth.
Microsoft Defender For Identity
Anomalous OAuth device code authentication activity.
Initial Access / Credential Access
Detection of anomalous sign-in patterns consistent with device code authentication abuse, including atypical authentication flows and timing inconsistent with normal user behaviour.
Microsoft Defender XDR
Suspicious Azure authentication through possible device code phishing.
Credential Access
The threat actor successfully abuses the OAuth device code authentication flow, causing the victim to authenticate the threat actor’s session and resulting in issuance of valid access and refresh tokens without password theft
Microsoft Defender XDR
User account compromise via OAuth device code phishing.
Credential Access
Detects device code authentication after url click in an email from a non-prevalent sender
Microsoft Defender XDR Suspicious device code authentication following a URL click in an email from rare sender.
Defence Evasion
Post-authentication use of valid tokens from threat actor-controlled or known malicious infrastructure, indicating token replay or session hijacking rather than interactive user login.
Microsoft Defender XDR Malicious sign-in from an IP address associated with recognized threat actor infrastructure. Microsoft Entra ID Protection
Activity from Anonymous IP address (RiskEventType: anonymizedIPAddress).
Defence Evasion / Credential Access
Authentication activity correlated with Microsoft threat intelligence indicating known malicious infrastructure, suspicious token usage, or threat actor associated sign-in patterns following device code abuse.
Microsoft Entra ID Protection
Microsoft Entra threat intelligence (sign-in) (RiskEventType: investigationsThreatIntelligence).
Microsoft Sentinel
Microsoft Sentinel customers can use the TI Mapping analytics (a series of analytics all prefixed with ‘TI map’) to automatically match the malicious indicators mentioned in this blog post with data in their workspace. Additionally, Microsoft Sentinel customers can use the following queries to detect phishing attempts and email exfiltration attempts via Graph API. These queries can help customers remain vigilant and safeguard their organization from phishing attacks:
Security Copilot customers can use the standalone experience to create their own prompts or run the following prebuilt promptbooks to automate incident response or investigation tasks related to this threat:
Incident investigation
Microsoft User analysis
Threat actor profile
Threat Intelligence 360 report based on MDTI article
Vulnerability impact assessment
Note that some promptbooks require access to plugins for Microsoft products such as Microsoft Defender XDR or Microsoft Sentinel.
Threat intelligence reports
Microsoft customers can use the following reports in Microsoft products to get the most up-to-date information about the threat actor, malicious activity, and techniques discussed in this blog. These reports provide intelligence, protection information, and recommended actions to prevent, mitigate, or respond to associated threats found in customer environments.
Advanced hunting
Defender XDR customers can run the following queries to identify possible device code phishing related activity in their networks:
Validate errorCode 50199 followed by success in 5-minute time interval for the interested user, which suggests a pause to input the code from the phishing email.
EntraIdSigninEvents
| where ErrorCode in (0, 50199)
| summarize ErrorCodes = make_set(ErrorCode) by AccountUpn, CorrelationId, SessionId, bin(Timestamp, 1h)
| where ErrorCodes has_all (0, 50199)
Validate Device code authentication from suspicious IP Ranges.
EntraIdSigninEvents
| where Call has “Cmsi:cmsi”
| where IPAddress has_any (“160.220.232.”, “160.220.234.”, “89.150.45.”, “185.81.113.”, “8.228.105.”)
Correlate any URL clicks with suspicious sign-ins that follow with user interrupt indicated by the error code 50199.
let suspiciousUserClicks = materialize(UrlClickEvents
| extend AccountUpn = tolower(AccountUpn)
| project ClickTime = Timestamp, ActionType, UrlChain, NetworkMessageId, Url, AccountUpn);
//Check for Risky Sign-In in the short time window
let interestedUsersUpn = suspiciousUserClicks
| where isnotempty(AccountUpn)
| distinct AccountUpn;
EntraIdSigninEvents
| where ErrorCode == 0
| where AccountUpn in~ (interestedUsersUpn)
| where RiskLevelDuringSignin in (10, 50, 100)
| extend AccountUpn = tolower(AccountUpn)
| join kind=inner suspiciousUserClicks on AccountUpn
| where (Timestamp - ClickTime) between (-2min .. 7min)
| project Timestamp, ReportId, ClickTime, AccountUpn, RiskLevelDuringSignin, SessionId, IPAddress, Url
Monitor for suspicious Device Registration activities that follow the Device code phishing compromise.
Surface suspicious inbox rule creation (using applications) that follow the Device code phishing compromise.
CloudAppEvents
| where ApplicationId == “20893” // Microsoft Exchange Online
| where ActionType in ("New-InboxRule","Set-InboxRule","Set-Mailbox","Set-TransportRule","New-TransportRule","Enable-InboxRule","UpdateInboxRules")
| where isnotempty(IPAddress)
| mv-expand ActivityObjects
| extend name = parse_json(ActivityObjects).Name
| extend value = parse_json(ActivityObjects).Value
| where name == "Name"
| extend RuleName = value
// we are extracting rule names that only contains special characters
| where RuleName matches regex "^[!@#$%^&*()_+={[}\\]|\\\\:;""'<,>.?/~` -]+$"
Surface suspicious email items accessed that follow the Device code phishing compromise.
CloudAppEvents
| where ApplicationId == “20893” // Microsoft Exchange Online
| where ActionType == “MailItemsAccessed”
| where isnotempty(IPAddress)
| where UncommonForUser has "ISP"
Indicators of compromise (IOC)
The threat actor’s authentication infrastructure is built on well-known, trusted services like Railway.com (a popular Platform-as-a-Service (PaaS)), Cloudflare, and DigitalOcean. By using these platforms, these malicious scripts can blend in with benign Device code authentication. This approach was to ensure it is very difficult for security systems to block the attack without accidentally stopping legitimate business services at the same time. Furthermore, the threat actor compromised multiple legitimate domains to host their phishing pages. By leveraging the existing reputation of these hijacked sites, they bypass email filters and web reputation systems. Indicator
This research is provided by Microsoft Defender Security Research with contributions from Krithika Ramakrishnan, Ofir Mastor, Bharat Vaghela, Shivas Raina, Parasharan Raghavan, and other members of Microsoft Threat Intelligence.
Learn more
Review our documentation to learn more about our real-time protection capabilities and see how to enable them within your organization.
One of the clearest trends in the 2025 Talos Year in Review is just how quickly vulnerabilities are now being turned into working exploits. What used to take weeks or months is now happening in days, sometimes hours — and in some cases, exploitation is beginning almost immediately after vulnerability details are made public.
The process of exploitation itself is changing. With the increasing availability of proof-of-concept code, automation, and AI-assisted tooling, certain vulnerabilities can very quickly become weaponized, which is what we saw with React2Shell.
At the same time, the data shows that attackers are not just chasing new vulnerabilities. They are consistently targeting what is exposed, accessible, and valuable.
On one end of the spectrum, near-instant exploitation.
On the other, long-standing vulnerabilities that remain unaddressed.
Attackers are using a combination of speed, scale, and accessibility to reduce the window defenders have to respond, while increasing the impact when they can’t.
In the latest episode of the Talos Threat Perspective, we explore what the ‘industrialization of exploitation’ looks like in practice, and what it means for defenders trying to prioritise risk in an increasingly compressed timeline.
▶️ Watch the full episode below.
from Cisco Talos Blog https://ift.tt/nEPCzXe
via IFTTT
Cybersecurity researchers have flagged yet another evolution of the ongoing GlassWorm campaign, which employs a new Zig dropper that's designed to stealthily infect all integrated development environments (IDEs) on a developer's machine.
The technique has been discovered in an Open VSX extension named "specstudio.code-wakatime-activity-tracker," which masquerades as WakaTime, a popular tool that measures the time programmers spend inside their IDE. The extension is no longer available for download.
"The extension [...] ships a Zig-compiled native binary alongside its JavaScript code," Aikido Security researcher Ilyas Makari said in an analysis published this week.
"This is not the first time GlassWorm has resorted to using native compiled code in extensions. However, rather than using the binary as the payload directly, it is used as a stealthy indirection for the known GlassWorm dropper, which now secretly infects all other IDEs it can find on your system."
The newly identified Microsoft Visual Studio Code (VS Code) extension is a near replica of WakaTime, save for a change introduced in a function named "activate()." The extension installs a binary named "win.node" on Windows systems and "mac.node," a universal Mach-O binary if the system is running Apple macOS.
These Node.js native addons are compiled shared libraries that are written in Zig and load directly into Node's runtime and execute outside the JavaScript sandbox with full operating system-level access.
Once loaded, the primary goal of the binary is to find every IDE on the system that supports VS Code extensions. This includes Microsoft VS Code and VS Code Insiders, as well as forks like VSCodium, Positron, and a number of artificial intelligence (AI)-powered coding tools like Cursor and Windsurf.
The binary then downloads a malicious VS Code extension (.VSIX) from an attacker-controlled GitHub account. The extension – called "floktokbok.autoimport" – impersonates "steoates.autoimport," a legitimate extension with more than 5 million installs on the official Visual Studio Marketplace.
In the final step, the downloaded .VSIX file is written to a temporary path and silently installed into every IDE using each editor's CLI installer. The second-stage VS Code extension acts as a dropper that avoids execution on Russian systems, talks to the Solana blockchain to fetch the command-and-control (C2) server, exfiltrates sensitive data, and installs a remote access trojan (RAT), which ultimately deploys an information-stealing Google Chrome extension.
Users who have installed "specstudio.code-wakatime-activity-tracker" or "floktokbok.autoimport" are advised to assume compromise and rotate all secrets.
from The Hacker News https://ift.tt/hXWKomw
via IFTTT
The Good | DoJ Disrupts TP-Link Router Network Run by Russian Spy Org
This week, authorities in the U.S. carried out Operation Masquerade, a court-authorized operation to disrupt a DNS hijacking network run by Russia’s GRU Unit 26165 (APT28). The network involved the compromise of thousands of TP-Link small home and small office routers, spread across more than 23 U.S. states.
Since at least 2024, APT28 operators have been exploiting known vulnerabilities in the devices to steal credentials, gain unauthorized access to router management interfaces, and silently rewrite DNS settings so that queries were redirected to GRU-controlled resolvers instead of the users’ normal providers. The actors then applied automated filtering on the hijacked traffic to pick out DNS requests of intelligence interest.
For selected targets, the resolvers returned forged DNS records for specific domains to insert GRU-controlled infrastructure into encrypted sessions. This allowed operators to collect passwords, authentication tokens, emails, and other sensitive data from devices on the same networks as the compromised routers, including users in government, military, and critical infrastructure sectors.
Russian espionage group APT28 compromised MikroTik and TP-Link routers to redirect traffic for certain authentication operations to AitM phishing kits
Under court supervision, the FBI developed and deployed a series of commands to send to compromised routers. The operation captured evidence of GRU activity and reset the DNS configuration so the devices would obtain legitimate resolvers from their ISPs. It also blocked the original path the actors used for unauthorized access.
According to DOJ, the FBI first tested the command set on the same TP-Link router models and firmware in a controlled environment, with the goal of leaving normal routing functions intact, avoiding access to any user content, and ensuring that owners could reverse the changes via a factory reset or web management interface.
The bureau is now working with U.S. internet service providers to notify customers whose routers fell within the scope of the warrant.
The Bad | Threat Actors Turn to Script Editor to Bypass Apple’s ClickFix Mitigation
SentinelOne researchers have discovered a variant of theClickFixsocial engineering trick targeting macOS users that avoids the need for victims to unwittingly copy-paste commands to the Terminal. Apple recently updated the desktop operating system to include a mitigation for Terminal-driven ClickFix attacks, but threat actors have moved quickly to sidestep Apple’s response.
SentinelOne researchers discovered a campaign in which threat actors used a lure to install the popular AI-Assistant Claude to deliver AMOS malware. The lure leverages the appplescript:// URL scheme to launch the Script Editor from the user’s browser, with the editor pre-populated with malicious commands. The delivery mechanism offers threat actors a smooth, Terminal-free, attack flow that simply asks the user to perform a few clicks, with no copy-paste involved.
Instructions to victimsScript Editor opens with pre-populated malicious commands
Analysis of the payloads shows the technique is being used to deliver AMOS/Atomic Stealer malware that reaches out to hardcoded C2 infrastructure and attempts to exfiltrate browser data, crypto wallets and passsword stores in a single run. SentinelOne customers are protected against AMOS and similar variants of infostealer.
Researchers at JAMF later described a similar campaign using a webpage themed to look like an official Apple help page with instructions on how to reclaim disk space. Taken together, these campaigns suggest that Script Editor–driven ClickFix flows are becoming a reusable pattern rather than a one-off trick.
In the recent macOS Tahoe 26.4 update, Apple added a new security feature to warn users when pasting commands into the Terminal under certain conditions. Threat actors had moved towards the Terminal copy-paste method in response to Apple blocking a previous widely-used method of bypassing Gatekeeper via a Control-click override. However, the new Script Editor-based delivery mechanism entirely sidesteps these efforts and continues the long-running cat-and-mouse game between the operating system vendor and malware authors.
The Ugly | Iranian Hackers Target U.S. PLCs in Critical Infrastructure
Iran-affiliated APT actors are actively exploiting internet-facing operational technology (OT) devices, including Rockwell Automation/Allen-Bradley programmable logic controllers (PLCs), across multiple U.S. critical infrastructure sectors.
According to a joint advisory from CISA and other agencies, this activity has led to PLC disruptions, manipulation of data on HMI/SCADA displays, and in some cases operational disruption and financial loss. The authoring agencies assess that these Iranian-affiliated actors are conducting the campaign to cause disruptive effects inside the United States and note an escalation in activity since at least March 2026.
The campaign focuses on CompactLogix and Micro850 PLCs deployed in government services and facilities, water and wastewater systems, as well as the energy sector. Using leased third-party infrastructure together with configuration tools such as Rockwell’s Studio 5000 Logix Designer, the actors establish apparently legitimate connections to exposed PLCs over common OT ports including 44818, 2222, 102, and 502.
Once connected, they deploy Dropbear SSH on victim endpoints to gain remote access over port 22, extract project files such as .ACD ladder logic and configuration, and alter the process data operators see on HMI and SCADA dashboards. The same port-targeting pattern suggests the actors are also probing protocols used by other vendors, including Siemens S7 PLCs.
Iran-affiliated cyber actors are targeting operational technology devices across US critical infrastructure, including programmable logic controllers (PLCs). These attacks have led to diminished PLC functionality, manipulation of display data and, in some cases, operational… pic.twitter.com/odBD3lBi0l
The advisory places this activity in the context of earlier IRGC-linked operations against U.S. industrial control systems. In late 2023, IRGC-affiliated CyberAv3ngers targeted Unitronics PLCs used across multiple water and wastewater facilities, compromising at least 75 devices. The latest wave extends that playbook to a broader set of PLC vendors and sectors, reinforcing that internet-exposed controllers with weak or missing hardening remain a priority target for disruptive state-linked operations.
During routine security research, we identified a severe intent redirection vulnerability in a widely used third-party Android SDK called EngageSDK. This flaw allows apps on the same device to bypass Android security sandbox and gain unauthorized access to private data. With over 30 million installations of third-party crypto wallet applications alone, the exposure of PII, user credentials and financial data were exposed to risk. All of the detected apps using vulnerable versions have been removed from Google Play.
Following our Coordinated Vulnerability Disclosure practices (via Microsoft Security Vulnerability Research), we notified EngageLab and the Android Security Team. We collaborated with all parties to investigate and validate the issue, which was resolved as of November 3, 2025 in version 5.2.1 of the EngageSDK. This case shows how weaknesses in third‑party SDKs can have large‑scale security implications, especially in high‑value sectors like digital asset management.
As of the time of writing, we are not aware of any evidence indicating that this vulnerability has been exploited in the wild. Nevertheless, we strongly recommend that developers who integrate the affected SDK upgrade to the latest available version. While this is a vulnerability introduced by a third-party SDK, Android’s existing layered security model is capable of providing additional mitigations against exploitation of vulnerabilities through intents. Android has updated these automatic user protections to provide additional mitigation against the specific EngageSDK risks described in this report while developers update to the non-vulnerable version of EngageSDK. Users who previously downloaded a vulnerable app are protected.
In this blog, we provide a technical analysis of a vulnerability that bypasses core Android security mechanisms. We also examine why this issue is significant in the current landscape: apps increasingly rely on third‑party SDKs, creating large and often opaque supply‑chain dependencies.
As mobile wallets and other high‑value apps become more common, even small flaws in upstream libraries can impact millions of devices. These risks increase when integrations expose exported components or rely on trust assumptions that aren’t validated across app boundaries.
Because Android apps frequently depend on external libraries, insecure integrations can introduce attack surfaces into otherwise secure applications. We provide resources for three key audiences:
Developers: In addition to the best practices Android provides its developers, we provide practical guidance on identifying and preventing similar flaws, including how to review dependencies and validate exported components.
Researchers: Insights into how we discovered the issue and the methodology we used to confirm its impact.
General readers: An explanation of the implications of this vulnerability and why ecosystem‑wide vigilance is essential.
This analysis reflects Microsoft’s visibility into cross‑platform security threats. We are committed to safeguarding users, even in environments and applications that Microsoft does not directly build or operate. You can find a detailed set of recommendations, detection guidance and indicators at the end of this post to help you assess exposure and strengthen protections.
Technical details
The Android operating system integrates a variety of security mechanisms, such as memory isolation, filesystem discretionary and mandatory access controls (DAC/MAC), biometric authentication, and network traffic encryption. Each of these components functions according to its own security framework, which may not always align with the others[1].
Unlike many other operating systems where applications run with the user’s privileges, Android assigns each app with a unique user ID and executes it within its own sandboxed environment. Each app has a private directory for storing data that is not meant to be shared. By default, other apps cannot access this private space unless the owning app explicitly exposes data through components known as content providers.
To facilitate communication between applications, Android uses intents[2]. Beyond inter-app messaging, intents also enable interaction among components within the same application as well as data sharing between those components.
It’s worth noting that while any application can send an intent to another app or component, whether that intent is actually delivered—and more broadly, whether the communication is permitted—depends on the identity and permissions of the sending application.
Intent redirection vulnerability
Intent Redirection occurs when a threat actor manipulates the contents of an intent that a vulnerable app sends using its own identity and permissions.
In this scenario, the threat actor leverages the trusted context of the affected app to run a malicious payload with the app’s privileges. This can lead to:
Unauthorized access to protected components
Exposure of sensitive data
Privilege escalation within the Android environment
Figure 1. Visual representation of an intent redirection.
Android Security Team classifies this vulnerability as severe. Apps flagged as vulnerable are subject to enforcement actions, including potential removal from the platform[3].
EngageLab SDK intent redirection
Developers use the EngageLab SDK to manage messaging and push notifications in mobile apps. It functions as a library that developers integrate into Android apps as a dependency. Once included, the SDK provides APIs for handling communication tasks, making it a core component for apps that require real-time engagement.
The vulnerability was identified in an exported activity (MTCommonActivity) that gets added to an application’s Android manifest once the library is imported into a project, after the build process. This activity only appears in the merged manifest, which is generated post-build (see figure below), and therefore is sometimes missed by developers. Consequently, it often escapes detection during development but remains exploitable in the final APK.
Figure 2. The vulnerable MTCommonActivity activity is added to the merged manifest.
When an activity is declared as exported in the Android manifest, it becomes accessible to other applications installed on the same device. This configuration permits any other application to explicitly send an intent to this activity.
The following section outlines the intent handling process from the moment the activity receives an intent to when it dispatches one under the affected application’s identity.
Intent processing in the vulnerable activity
When an activity receives an intent, its response depends on its current lifecycle state:
If the activity is starting for the first time, the onCreate() method runs.
If the activity is already active, the onNewIntent() method runs instead.
In the vulnerable MTCommonActivity, both callbacks invoke the processIntent() method.
Figure 3: Calling the processIntent() method.
This method (see figure below) begins by initializing the uri variable on line 10 using the data provided in the incoming intent. If the uri variable is not empty, then – according to line 16 – it invokes the processPlatformMessage():
Figure 4: The processIntent() method.
The processPlatformMessage() method instantiates a JSON object using the uri string supplied as an argument to this method (see line 32 below):
Figure 5: The processPlatformMessage() method.
Each branch of the if statement checks the JSON object for a field named n_intent_uri. If this field exists, the method performs the following actions:
Creates a NotificationMessage object
Initializes its intentUri field by using the appropriate setter (see line 52).
An examination of the intentUri field in the NotificationMessage class identified the following method as a relevant point of reference:
Figure 6: intentUri usage overview.
On line 353, the method above obtains the intentUri value and attempts to create a new intent from it by calling the method a() on line 360. The returned intent is subsequently dispatched using the startActivity() method on line 365. The a() method is particularly noteworthy, as it serves as the primary mechanism responsible for intent redirection:
Figure 7: Overview of vulnerable code.
This method appears to construct an implicit intent by invoking setComponent(), which clears the target component of the parseUri intent by assigning a null value (line 379). Under normal circumstances, such behavior would result in a standard implicit intent, which poses minimal risk because it does not specify a concrete component and therefore relies on the system’s resolution logic.
However, as observed on line 377, the method also instantiates a second intent variable — its purpose not immediately evident—which incorporates an explicit intent. Crucially, this explicitly targeted intent is the one returned at line 383, rather than the benign parseUri intent.
Another notable point is that the parseUri() method (at line 376) is called with the URI_ALLOW_UNSAFE flag (constant value 4), which can permit access to an application’s content providers [6] (see exploitation example below).
These substitutions fundamentally alter the method’s behavior: instead of returning a non‑directed, system‑resolved implicit intent, it returns an intent with a predefined component, enabling direct invocation of the targeted activity as well as access to the application’s content providers. As noted previously, this vulnerability can, among other consequences, permit access to the application’s private directory by gaining entry through any available content providers, even those that are not exported.
Figure 8: Getting READ/WRITE access to non-exported content providers.
Exploitation starts when a malicious app creates an intent object with a crafted URI in the extra field. The vulnerable app then processes this URI, creating and sending an intent using its own identity and permissions.
Due to the URI_ALLOW_UNSAFE flag, the intent URI may include the following flags;
FLAG_GRANT_PERSISTABLE_URI_PERMISSION
FLAG_GRANT_READ_URI_PERMISSION
FLAG_GRANT_WRITE_URI_PERMISSION
When combined, these flags grant persistent read and write access to the app’s private data.
After the vulnerable app processes the intent and applies these flags, the malicious app is authorized to interact with the target app’s content provider. This authorization remains active until the target app explicitly revokes it [5]. As a result, the internal directories of the vulnerable app are exposed, which allows unauthorized access to sensitive data in its private storage space. The following image illustrates an example of an exploitation intent:
Figure 9: Attacking the MTCommonActivity.
Affected applications
A significant number of apps using this SDK are part of the cryptocurrency and digital‑wallet ecosystem. Because of this, the consequences of this vulnerability are especially serious. Before notifying the vendor, Microsoft confirmed the flaw in multiple apps on the Google Play Store.
The affected wallet applications alone accounted for more than 30 million installations, and when including additional non‑wallet apps built on the same SDK, the total exposure climbed to over 50 million installations.
Disclosure timeline
Microsoft initially identified the vulnerability in version 4.5.4 of the EngageLab SDK. Following Coordinated Vulnerability Disclosure (CVD) practices through Microsoft Security Vulnerability Research (MSVR), the issue was reported to EngageLab in April 2025. Additionally, Microsoft notified the Android Security Team because the affected apps were distributed through the Google Play Store.
EngageLab addressed the vulnerability in version 5.2.1, released on November 3, 2025. In the fixed version, the vulnerable activity is set to non-exported, which prevents it from being invoked by other apps.
Date
Event
April 2025
Vulnerability identified in EngageLab SDK v4.5.4. Issue reported to EngageLab
May 2025
Escalated the issue to the Android Security Team for affected applications distributed through the Google Play Store.
November 3, 2025
EngageLab released v5.2.1, addressing the vulnerability
Mitigation and protection guidance
Android developers utilizing the EngageLab SDK are strongly advised to upgrade to the latest version promptly.
Our research indicates that integrating external libraries can inadvertently introduce features or components that may compromise application security. Specifically, adding an exported component to the merged Android manifest could be unintentionally overlooked, resulting in potential attack surfaces. To keep your apps secure, always review the merged Android manifest, especially when you incorporate third‑party SDKs. This helps you identify any components or permissions that might affect your app’s security or behavior.
Keep your users and applications secure
Strengthening mobile‑app defenses doesn’t end with understanding this vulnerability.
This research is provided by Microsoft Defender Security Research with contributions from Dimitrios Valsamarasand other members of Microsoft Threat Intelligence.
Learn more
Review our documentation to learn more about our real-time protection capabilities and see how to enable them within your organization.
Thursday. Another week, another batch of things that probably should've been caught sooner but weren't.
This one's got some range — old vulnerabilities getting new life, a few "why was that even possible" moments, attackers leaning on platforms and tools you'd normally trust without thinking twice. Quiet escalations more than loud zero-days, but the kind that matter more in practice anyway.
Mix of malware, infrastructure exposure, AI-adjacent weirdness, and some supply chain stuff that's... not great. Let's get into it.
A new variant of the botnet known as Phorpiex (aka Trik) has been observed, using a hybrid communication model that combines traditional C2 HTTP polling with a peer-to-peer (P2P) protocol over both TCP and UDP to ensure operational continuity in the face of server takedowns. The malware acts as a conduit for encrypted payloads, making it challenging for external parties to inject or modify commands. The primary goal of Phorpiex's Twizt variant is to drop a clipper that re-routes cryptocurrency transactions, as well as distribute high-volume sextortion email spam and facilitate ransomware deployment (e.g., LockBit Black, Global). It also exhibits worm-like behavior by propagating through removable and remote drives, and drop modules responsible for exfiltrating mnemonic phrases and scanning for Local File Inclusion (LFI) vulnerabilities. "Phorpiex has consistently demonstrated its capability to evolve, shifting from a pure spam operation to a sophisticated platform," Bitsight said. "The Phorpiex botnet remains a highly adaptive and resilient threat." There are about 125,000 infections daily on average, with the most affected countries being Iran, Uzbekistan, China, Kazakhstan, and Pakistan.
A remote code execution (RCE) vulnerability that lurked in Apache ActiveMQ Classic for 13 years could be chained with an older flaw (CVE-2024-32114) to bypass authentication. Tracked as CVE-2026-34197 (CVSS score: 8.8), the newly identified bug allows attackers to invoke management operations through the Jolokia API and trick the message broker into retrieving a remote configuration file and executing operating system commands. According to Horizon3.ai, the security defect is a bypass for CVE-2022-41678, a bug that allows authenticated attackers to trigger arbitrary code execution and write web shells to disk. "The vulnerability requires credentials, but default credentials (admin:admin) are common in many environments," Horizon3.ai researcher Naveen Sunkavally said. "On some versions (6.0.0 - 6.1.1), no credentials are required at all due to another vulnerability, CVE-2024-32114, which inadvertently exposes the Jolokia API without authentication. In those versions, CVE-2026-34197 is effectively an unauthenticated RCE." The newly discovered security defect was addressed in ActiveMQ Classic versions 5.19.4 and 6.2.3.
Cyber-enabled fraud cost victims over $17.7 billion during 2025, as financial losses to internet-enabled fraud continue to grow. The total loss exceeds $20.87 billion, up 26% from 2024. "Cyber-enabled fraud is responsible for almost 85% of all losses reported to IC3 [Internet Crime Complaint Center] in 2025," the U.S. Federal Bureau of Investigation (FBI) said. "Cryptocurrency investment fraud was the highest source of financial losses to Americans in 2025, with $7.2 billion reported in losses." In all investment scams led the pack with $8.6 billion in reported losses, followed by business email compromise ($3 billion) and tech support scams ($2.1 billion). Sixty-three new ransomware variants were identified last year, leading to more than $32 million in losses. Akira, Qilin, INC./Lynx/Sinobi, BianLian, Play, Ransomhub, Lockbit, Dragonforce, Safepay, and Medusa emerged as the top ten variants to hit critical manufacturing, healthcare, public health, and government entities.
According to data from NETSCOUT, more than 8 million DDoS attacks were recorded across 203 countries and territories between July and December 2025. "The attack count remained stable compared to the first half of the year, but the nature and sophistication of attacks changed dramatically," the company said. "The TurboMirai class of IoT botnets, including AISURU and Eleven11 (RapperBot), emerged as a major force. DDoS-for-hire platforms are now integrating dark-web LLMs and conversational AI, lowering the technical barrier for launching complex, multi-vector attacks. Even unskilled threat actors can now orchestrate sophisticated campaigns using natural-language prompts, increasing risk for all industries."
A former Meta employee in the U.K. is under investigation over allegations that he illegally downloaded about 30,000 private photos from Facebook. According to The Guardian, the accused developed a software program to evade Facebook's internal security systems and access users' private images. Meta uncovered the breach more than a year ago, terminated the employee, and referred the case to law enforcement. The company said it also notified affected users, although it's not clear how many were impacted.
Google said it's tracking a financially motivated threat cluster called UNC6783 that's tied to the "Raccoon" persona and is targeting dozens of high-profile organizations across multiple sectors by compromising business process outsourcing (BPO) providers and help desk staff for later data extortion. "The campaign relies on live chat social engineering to direct employees to spoofed Okta logins using [org].zendesk-support[##].com domains," Austin Larsen, Google Threat Intelligence Group (GITG) principal threat analyst, said. "Their phishing kit steals clipboard contents to bypass MFA and enroll their own devices for persistent access. We also observed them using fake security updates (ClickFix) to drop remote access malware." Organizations are advised to prioritize FIDO2 hardware keys for high-risk roles, monitor live chat for suspicious links, and regularly audit newly enrolled MFA devices.
A large-scale Magecart campaign is using invisible 1x1 pixel SVG elements to inject a fake checkout overlay on 99 Magento e-commerce stores, exfiltrating payment data to six attacker-controlled domains. "In the early hours of April 7th, nearly 100 Magento stores got mass-infected with a 'double-tap' skimmer: a credit card stealer hidden inside an invisible SVG element," Sansec said. "The likely entry vector is the PolyShell vulnerability that continues to affect unprotected Magento stores." Like other attacks of this kind, the skimmer shows victims a convincing "Secure Checkout" overlay, complete with card validation and billing fields. Once the payment details are captured, it silently redirects the shopper to the real checkout page. Adobe has yet to release a security update to address the PolyShell flaw in production versions of Magento.
Cybercriminals are using emojis across illicit communities to signal financial activity, access and account compromise, tooling and service offerings, represent targets or regions, and communicate momentum or importance. Using emojis allows bad actors to bypass security controls. "Emojis provide a shared visual layer that allows actors to communicate core concepts without relying entirely on text," Flashpoint said. "This is particularly valuable in: large Telegram channels with international membership, cross-border fraud operations, [and] decentralized marketplaces. This ability to compress meaning into visual shorthand helps scale operations and coordination across diverse actor networks."
A ClickFix campaign targeting Windows users is leveraging malicious MSI installers to deliver a Node.js-based information stealer. "This Windows payload is a highly adaptable remote access Trojan (RAT) that minimizes its forensic footprint by using dynamic capability loading," Netskope said. "The core stealing modules and communication protocols are never stored on the victim’s disk. Instead, they are delivered in-memory only after a successful C2 connection is established. To further obfuscate the attacker’s infrastructure, the malware routes gRPC streaming traffic over the Tor network, providing a persistent and masked bidirectional channel."
More ClickFix, this time targeting macOS. According to Jamf, a ClickFix-style macOS attack is abusing the "applescript://" URL scheme to launch Script Editor and deliver an Atomic Stealer infostealer payload, thereby bypassing Terminal entirely. The attack leverages fake Apple-themed web pages that include instructions to "reclaim disk space on your Mac" by clicking on an "Execute" button that triggers the "applescript://" URL scheme. The new approach is likely a response to a new security feature introduced by Apple in macOS 26.4 that scans commands pasted into Terminal before they're executed. "It's a meaningful friction point, but as this campaign illustrates, when one door closes, attackers find another," security researcher Thijs Xhaflaire said.
A malicious PyPI package named hermes-px has been advertised as a "Secure AI Inference Proxy" but contains functionality to steal users' prompts. "The package actually hijacks a Tunisian university's private AI endpoint, bundles a stolen and rebranded Anthropic Claude Code system prompt, launders all responses to hide the true upstream source, and exfiltrates every user message directly to the attacker's Supabase database, bypassing the very Tor anonymity it promises," JFrog said.
Data from Censys has revealed that there are 5,219 internet-exposed hosts that self-identify as Rockwell Automation/Allen-Bradley devices. "The United States accounts for 74.6% of global exposure (3,891 hosts), with a disproportionate share on cellular carrier ASNs indicative of field-deployed devices on cellular modems," it said. "Spain (110), Taiwan (78), and Italy (73) represent the largest non-Anglosphere concentrations. Iceland's presence (36 hosts) is disproportionate to its population and warrants attention, given its geothermal energy infrastructure." The disclosure follows a joint advisory from U.S. agencies that warned of ongoing exploitation of internet-facing Rockwell Automation/Allen-Bradley programmable logic controllers (PLCs) by Iranian-affiliated nation-state actors since March 2026 to breach U.S. critical infrastructure sectors, causing operational disruption and financial loss in some cases. The agencies said the attacks are reminiscent of similar attacks on PLCs by Cyber Av3ngers in late 2023.
In late March 2026, Anthropic inadvertently exposed internal Claude Code source material via a misconfigured npm package, which included approximately 512,000 lines of internal TypeScript. While the exposure lasted only about three hours, it triggered rapid mirroring of the source code across GitHub, prompting Anthropic to issue takedown notices (and later a partial retraction). Needless to say, threat actors wasted no time and took advantage of the topical nature of the leak to distribute Vidar Stealer, PureLogs Stealer, and GhostSocks proxy malware through fake leaked Claude Code GitHub repositories. "The campaign abuses GitHub Releases as a trusted malware delivery channel, using large trojanized archives and disposable accounts to repeatedly evade takedowns," Trend Micro said. "The combined functionality of the malware payloads enables credential theft, cryptocurrency wallet exfiltration, session hijacking, and residential proxy abuse across Windows, giving the operators multiple monetization paths from a single infection."
A new 64-bit version of Lumma Stealer called Remus (historically called Tenzor) has emerged in the wild following Lumma's takedown and the doxxing of its alleged core members. "The first Remus campaigns date back to February 2026, with the malware switching from Steam/Telegram dead drop resolvers to EtherHiding and employing new anti-analysis checks," Gen researchers said. Besides using identical code, direct syscalls/sysenters, and the same string obfuscation technique, another detail linking the two is the use of an application-bound encryption method, only observed in Lumma Stealer to date.
In a setback for Anthropic, a Washington, D.C., federal appeals court declined to block the U.S. Department of Defense's national security designation of the AI company as a supply chain risk. The development comes after another appeals court in San Francisco came to the opposite conclusion in a separate legal challenge by Anthropic, granting it a preliminary injunction that bars the Trump administration from enforcing a ban on the use of AI chatbot Claude.The company has said the designation could cost the company billions of dollars in lost business and reputational harm. As Reuters notes, the lawsuit is one of two that Anthropic filed over the Trump administration's unprecedented move to classify it as a supply chain risk after it refused to allow the military to use Claude for domestic mass surveillance or autonomous weapons.
In a new campaign observed by Kaspersky, unwitting users searching for proxy clients like Proxifier on search engines like Google and Yandex are being directed to malicious GitHub repositories that host an executable, which acts as a wrapper around the legitimate Proxifier installer.Once launched, it configures Microsoft Defender Antivirus exclusions, launches the real Proxifier installer, sets up persistence, and runs a PowerShell script that reaches out to Pastebin to retrieve a next-stage payload. The downloaded PowerShell script is responsible for retrieving another script containing the Clipper malware from GitHub. The malware substitutes cryptocurrency wallet addresses copied to the clipboard with an attacker-controlled wallet with the intention of rerouting financial transactions. Since the start of 2025, more than 2,000 Kaspersky users – most of them in India and Vietnam – have encountered the threat.
Threat actors are leveraging notification pipelines in popular collaboration platforms to deliver spam and phishing emails. Because these emails are dispatched from the platform's own infrastructure (e.g., Jira's Invite Customers feature), they are unlikely to be blocked by email security tools. "These emails are transmitted using the legitimate mail delivery infrastructure associated with GitHub and Jira, minimizing the likelihood that they will be blocked in transit to potential victims," Cisco Talos said. "By taking advantage of the built-in notification functionality available within these platforms, adversaries can more effectively circumvent email security and monitoring solutions and facilitate more effective delivery to potential victims." The development coincides with a phishing campaign targeting multiple organizations with invitation lures sent from compromised email accounts that lead to the deployment of legitimate remote monitoring and management (RMM) tools like LogMeIn Resolve. The campaign, tracked as STAC6405, has been ongoing since April 2025. In one case, the threat actor has been found to leverage a pre-existing installation of ScreenConnect to download a HeartCrypt-protected ZIP file that ultimately leads to the installation of malware that's consistent with ValleyRAT. Other campaigns have leveraged procurement-themed emails to direct users to cloud-hosted PDFs containing embedded links that, when clicked, take victims to Dropbox credential harvesting pages. Threat actors have also distributed executable files disguised as copyright violation notices to trick them into installing PureLogs Stealer as part of a multi-stage campaign. What's more, Reddit posts advertising the premium version of TradingView have acted as a conduit for Vidar and Atomic Stealer to steal valuable data from both Windows and macOS systems. "The threat actor actively comments on their own posts with different accounts, creating the illusion of a busy and helpful community," Hexastrike said. "More concerning, any comments from real users pointing out that the downloads are malware get deleted within minutes. The operation is hands-on and closely monitored."
A high-severity security flaw has been disclosed in the Linux kernel's ksmbd SMB3 server. Tracked as CVE-2026-23226 (CVSS score: 8.8), it falls under the same bug class as CVE-2025-40039, which was patched in October 2025. "When two connections share a session over SMB3 multichannel, the kernel can read a freed channel struct – exposing the per-channel AES-128-CMAC signing key and causing a kernel panic," Orca said. "An attacker needs valid SMB credentials and network access to port 445." Alternatively, the vulnerability can be exploited by an attacker to leak the per-channel AES-128-CMAC key used to sign all SMB3 traffic, enabling them to forge signatures, impersonate the server, or bypass signature verification. It has been fixed in the commit "e4a8a96a93d."
New research has demonstrated it's possible to trick Anthropic's vibe coding tool Claude Code into performing a full-scope penetration attack and credential theft by modifying a project's "CLAUDE.md" file to bypass the coding agent's safety guardrails. The instructions explicitly tell Claude Code to help the developer complete a penetration testing assessment against their own website and assist them in their tasks. "Claude Code should scan CLAUDE.md before every session, flagging instructions that would otherwise trigger a refusal if attempted directly within a prompt," LayerX said. "When Claude detects instructions that appear to violate its safety guardrails, it should present a warning and allow the developer to review the file before taking any actions."
Grafana has patched a security vulnerability that could have enabled attackers to trick its artificial intelligence (AI) capabilities into leaking sensitive data by means of an indirect prompt injection and without requiring any user interaction. The attack has been codenamed GrafanaGhost by Noma Security. "By bypassing the client-side protections and security guardrails that restrict external data requests, GrafanaGhost allows an attacker to bridge the gap between your private data environment and an external server," the cybersecurity company said. "Because the exploit ignores model restrictions and operates autonomously, sensitive enterprise data can be leaked silently in the background." GrafanaGhost is stealthy, as it requires no login credentials and does not depend on a user clicking a malicious link. The attack is another example of how AI-assisted features integrated into enterprise environments can be abused to access and extract critical data assets while remaining entirely invisible to defenders.
LSPosed is a powerful framework for rooted Android devices that allows users to modify the behavior of the system and apps in real-time without actually making any modifications to APK files. According to CloudSEK, threat actors are now weaponizing the tool to remotely inject fraudulent SMS messages and spoof user identities in modern payment ecosystems via a malicious module called "Digital Lutera." The attack effectively undermines SIM-binding restrictions applied to banking and instant payment apps in India. However, for this approach to work, the threat actor requires a victim to install a Trojan that can intercept SMS messages sent to/from the device. While the attack previously combined a trojanized mobile device (the victim) and a modified mobile payment APK (on the attacker's device) to trick bank servers into believing the victim's SIM card is physically present in the attacker's phone, the latest iteration leans on LSPosed to achieve the same goals. A key requisite to this attack is that the attacker must have a rooted Android device with the LSPosed module installed. "This new attack vector allows threat actors to hijack legitimate, unmodified payment applications by 'gaslighting' the underlying Android operating system," CloudSEK said. "By using LSPosed, the threat actor ensures the payment app's signature remains valid, making it invisible to many standard integrity checks."
That's the week. A lot of ground covered — old problems with new angles, platforms being abused in ways they weren't designed for, and a few things that are just going to keep getting worse before anyone seriously addresses them.
Patch what you can. Audit what you've trusted by default. And maybe double-check anything that touches AI right now — that space is getting messy fast.
Same time next Thursday.
from The Hacker News https://ift.tt/PsSl7BF
via IFTTT
![[Video] The TTP Ep. 22: The Collapse of the Patch Window](https://storage.ghost.io/c/af/a0/afa04ee3-414f-4481-8d23-7e7c146f192e/content/images/2026/04/YiR2025_cover_2x1-3.jpg)
