The Zero-CVE Mirage: Hardening Software in the Age of AI Attacks

SUMMARY: How software development is rapidly evolving in the age of AI and automation. Matt Moore shares how his team is rethinking secure software supply chains, scaling infrastructure, and safely integrating AI agents into development workflows.

GUEST: Matt Moore, CTO at Chainguard 

SHOW: 1022

SHOW TRANSCRIPT: The Reasoning Show #1022 Transcript

SHOW VIDEO: https://youtu.be/9Q0kWkTYRs8

SHOW SPONSORS:

• ShareGate - ShareGate Protect. Microsoft 365 Governance, we got this!
• Nasuni - Activate your data for AI and request a demo

SHOW NOTES:

• Chainguard Factory 2.0
• DriftlessAF

Scaling Challenges & “Factory” Evolution

• Early automation relied on tools like GitHub Actions
• At scale, simple systems broke due to:
  • Massive event volumes
  • API rate limits (e.g., GitHub quotas)
  • Exponential fan-out effects
• Key innovation: custom work queue + reconciliation model
  • ~90% event deduplication
  • Controlled throughput and backpressure
  • Improved reliability and system stability
• Introduced Driftless 
• Built on reconciliation principles (inspired by Kubernetes):
  • Compare desired vs. actual state
  • Continuously reconcile differences
• Benefits:
  • Resilience to missed events
  • Automatic retries and recovery
  • Scales better than purely event-driven systems

AI Agents in Software Development

• AI is dramatically accelerating development workflows
• Chainguard uses agents to:
  • Remediate vulnerabilities (CVEs)
  • Update dependencies
  • Fix failing tests and adapt to upstream changes

Key Design Philosophy

• Least privilege → “least tool call”
  • Avoid giving agents full system access
  • Provide narrowly scoped tools for specific tasks
• Delegate execution to sandboxed systems (e.g., CI pipelines)
• Focus on safe, controlled automation

Industry Shift: Velocity vs. Security

• Explosion of AI-driven tools (e.g., autonomous PR generation)
• Massive increase in development velocity
• New risks:
  • Poorly secured agent frameworks
  • Malicious or unsafe automation patterns

Key Takeaways

1. Scale changes everything
   • Simple systems break under massive workloads
   • Purpose-built infrastructure becomes necessary
2. Reconciliation > pure event-driven systems at scale
   • More resilient, predictable, and controllable
3. AI is a force multiplier—but requires guardrails
   • Unrestricted agents introduce serious risk
   • Constrained, purpose-built agents are safer and more effective
4. Continuous learning is mandatory
   • AI tooling is evolving too fast for static skillsets
   • Teams must actively experiment and adapt

FEEDBACK?

• Email: show @ reasoning dot show
• Bluesky: @reasoningshow.bsky.social
• Twitter/X: @ReasoningShow
• Instagram: @reasoningshow
• TikTok: @reasoningshow

from The Cloudcast (.NET) https://ift.tt/IKWV5Cu
via IFTTT

Researchers Uncover Pre-Stuxnet ‘fast16’ Malware Targeting Engineering Software

Cybersecurity researchers have discovered a new Lua-based malware created years before the notorious Stuxnet worm that aimed to sabotage Iran's nuclear program by destroying uranium enrichment centrifuges.

According to a new report published by SentinelOne, the previously undocumented cyber sabotage framework dates back to 2005, primarily targeting high-precision calculation software to tamper with results. It has been codenamed fast16.

"By combining this payload with self-propagation mechanisms, the attackers aim to produce equivalent inaccurate calculations across an entire facility," researchers Vitaly Kamluk and Juan Andrés Guerrero-Saade said in an exhaustive report published this week.

Fast16 is assessed to predate Stuxnet, the first known digital weapon engineered for disruptive actions, and which served as the basis for the Duqu information stealer rootkit, by at least five years. Stuxnet is widely believed to have been developed by the U.S. and Israel.

It also precedes the earliest known samples of Flame (aka Flamer and Skywiper), another sophisticated malware that was discovered in 2012, incorporating a Lua virtual machine to realize its goals. The discovery makes fast16 the first strain of Windows malware to embed a Lua engine.

SentinelOne said it made the discovery after it identified an artifact named "svcmgmt.exe" that, at first blush, appeared to be a generic console‑mode service wrapper. The sample has a file creation timestamp of August 30, 2005, per VirusTotal, to which it was uploaded more than a decade later on October 8, 2016.

However, a deeper investigation has revealed an embedded Lua 5.0 virtual machine and an encrypted bytecode container, along with various other modules that bind directly into Windows NT file system, registry, service control, and network APIs.

The implant's core logic resides in the Lua bytecode, with the binary also referencing a kernel driver ("fast16.sys") via a PDB path – a file with a creation date of July 19, 2005 – that's responsible for intercepting and modifying executable code as it's read from disk. That said, it's worth noting that the driver will not run on systems with Windows 7 or later.

In what's a finding that could give an indication of the tool's origins, SentinelOne said it uncovered a reference to the string "fast16" in a text file called "drv_list.txt" that included a list of drivers designed for use in advanced persistent threat (APT) attacks. The nearly 250KB file was leaked by a mysterious hacking group nine years ago.

In 2016 and 2017, the collective – calling itself The Shadow Brokers – published vast troves of data allegedly stolen from the Equation Group, an advanced persistent threat group with suspected ties to the U.S. National Security Agency (NSA). This included a bevy of hacking tools and exploits under the nickname "Lost in Translation." The text file was one of them.

"The string inside svcmgmt.exe provided the key forensic link in this investigation," SentinelOne said. "The PDB path connects the 2017 leak of deconfliction signatures used by NSA operators with a multi-modal Lua‑powered 'carrier' module compiled in 2005, and ultimately its stealthy payload: a kernel driver designed for precision sabotage."

"Svcmgmt.exe" has been described as a "highly adaptable carrier module" that can alter its behavior based on the command-line arguments passed to it, enabling it to run as a Windows service or execute Lua code. It comes with three distinct payloads: Lua bytecode to handle configuration and propagation and coordination logic, an auxiliary ConnotifyDLL ("svcmgmt.dll"), and the "fast16.sys" kernel driver.

Specifically, it's designed to parse the configuration, escalate itself as a service, optionally deploy the kernel implant, and launch a Service Control Manager (SCM) wormlet that scans for network servers and propagates the malware to other Windows 2000/XP environments with weak or default credentials.

An important aspect worth mentioning here is that the propagation only occurs when it's manually forced, or common security products aren't found on the system by scanning the Windows Registry database for associated registry keys. Some of the security tools it explicitly checks belong to Agnitum, F-Secure, Kaspersky, McAfee, Microsoft, Symantec, Sygate Technologies, and Trend Micro.

The presence of Sygate Technologies is another indicator that the sample was developed in the mid-2000s, as the company was acquired by Symantec, now part of Broadcom, in August 2025, and sales and support for its products were formally discontinued by November.

"For tooling of this age, that level of environmental awareness is notable," SentinelOne said. "While the list of products may not seem comprehensive, it likely reflects the products the operators expected to be present in their target networks whose detection technology would threaten the stealthiness of a covert operation."

The ConnotifyDLL, on the other hand, is invoked each time the system establishes a new network connection using the Remote Access Service (RAS), and writes the remote and local connection names to a named pipe ("\\.\pipe\p577").

However, it's the driver that's responsible for the precision sabotage, targeting executables compiled with the Intel C/C++ compiler to perform rule-based patching and hijack execution flow through malicious code injections. One such block is capable of corrupting mathematical calculations, specifically going after tools used in civil engineering, physics, and physical process simulations.

"By introducing small but systematic errors into physical‑world calculations, the framework could undermine or slow scientific research programs, degrade engineered systems over time, or even contribute to catastrophic damage," SentinelOne explained.

"By separating a relatively stable execution wrapper from encrypted, task-specific payloads, the developers created a reusable, compartmentalized framework that they could adapt to different target environments and operational objectives while leaving the outer carrier binary largely unchanged across campaigns."

Based on an analysis of the 101 rules defined in the patching engine and matching them against software used in the mid-2000s, it's assessed that three high-precision engineering and simulation suites may have been the targets: LS-DYNA 970, PKPM, and the MOHID hydrodynamic modeling platform.

LS-DYNA, now part of the Ansys Suite, is a general-purpose multi physics simulation software package that's used for simulating crashes, impacts, and explosions. In September 2024, the Institute for Science and International Security (ISIS) released a report detailing Iran's likely use of computer modeling software like LS-DYNA related to nuclear weapons development based on an examination of 157 academic publications found in open-source scientific and engineering literature.

This chain of evidence assumes significance considering Iran's nuclear program is said to have suffered substantial damage after its uranium enrichment facility in Natanz was targeted by the Stuxnet worm in June 2010. What's more, Symantec revealed in February 2013 an earlier version of Student that was used to attack Iran's nuclear program in November 2007, with evidence indicating it was under development as early as November 2005.

"Stuxnet 0.5 is the oldest known Stuxnet version to be analyzed," Symantec noted at the time. "Stuxnet 0.5 contains an alternative attack strategy, closing valves within the uranium enrichment facility at Natanz, Iran, which would have caused serious damage to the centrifuges and uranium enrichment system as a whole."

Taken together, the latest finding "forces a re‑evaluation" of the historical timeline of development for clandestine cyber sabotage operations, SentinelOne said, adding it shows state-backed cyber sabotage tooling against physical targets had been fully developed and deployed by the mid‑2000s.

"In the broader picture of APT evolution, fast16 bridges the gap between early, largely invisible development programs and later, more widely documented Lua‑ and LuaJIT‑based toolkits," the researchers concluded. "It is a reference point for understanding how advanced actors think about long‑term implants, sabotage, and a state’s ability to reshape the physical world through software. fast16 was the silent harbinger of a new form of statecraft, successful in its covertness until today."

from The Hacker News https://ift.tt/Ot7KBqA
via IFTTT

TGR-STA-1030: New Activity in Central and South America

Unit 42 research reports that TGR-STA-1030 remains an active threat, particularly in Central and South America.

The post TGR-STA-1030: New Activity in Central and South America appeared first on Unit 42.

from Unit 42 https://ift.tt/wFXpCKL
via IFTTT

FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has revealed that an unnamed federal civilian agency's Cisco Firepower device running Adaptive Security Appliance (ASA) software was compromised in September 2025 with malware called FIRESTARTER.

FIRESTARTER, per CISA and the U.K.'s National Cyber Security Centre (NCSC), is assessed to be a backdoor designed for remote access and control. It's believed to be deployed as part of a "widespread" campaign orchestrated by an advanced persistent threat (APT) actor to obtain access to Cisco Adaptive Security Appliance (ASA) firmware by exploiting now-patched security flaws such as -

• CVE-2025-20333 (CVSS score: 9.9) - An improper validation of user-supplied input vulnerability that could allow an authenticated, remote attacker with valid VPN user credentials to execute arbitrary code as root on an affected device by sending crafted HTTP requests.
• CVE-2025-20362 (CVSS score: 6.5) - An improper validation of user-supplied input vulnerability that could allow an unauthenticated, remote attacker to access restricted URL endpoints without authentication by sending crafted HTTP requests.

"FIRESTARTER can persist as an active threat on Cisco devices running ASA or Firepower Threat Defense (FTD) software, maintaining post-patching persistence and enabling threat actors to re-access compromised devices without re-exploiting vulnerabilities," the agencies said.

In the investigated incident, the threat actors have been found to deploy a post-exploitation toolkit called LINE VIPER that can execute CLI commands, perform packet captures, bypass VPN Authentication, Authorization, and Accounting (AAA) for actor devices, suppress syslog messages, harvest user CLI commands, and force a delayed reboot.

The elevated access afforded by LINE VIPER served as a conduit for FIRESTARTER, which was deployed on the Firepower device before September 25, 2025, allowing the threat actors to maintain continued access and return to the compromised appliance as recently as last month.

A Linux ELF binary, FIRESTARTER can set up persistence on the device, and survive firmware updates and device reboots unless a hard power cycle occurs. The malware lodges itself into the device's boot sequence by manipulating a startup mount list, ensuring it automatically reactivates every time the device reboots normally. The resilience aside, it also shares some level of overlap with a previously documented bootkit referred to as RayInitiator.

"FIRESTARTER attempts to install a hook – a way to intercept and modify normal operations – within LINA, the device’s core engine for network processing and security functions," according to the advisory. "This hook enables the execution of arbitrary shell code provided by the APT actors, including the deployment of LINE VIPER."

"Although Cisco's patches addressed CVE-2025-20333 and CVE-2025-20362, devices compromised prior to patching may remain vulnerable because FIRESTARTER is not removed by firmware updates."

Cisco, which is tracking the exploitation activity associated with the two vulnerabilities under the moniker UAT4356 (aka Storm-1849), described FIRESTARTER as a backdoor that facilitates the execution of arbitrary shellcode received by the LINA process by parsing specially crafted WebVPN authentication requests containing a "magic packet."

The exact origins of the threat activity are not known, although an analysis from attack surface management platform Censys in May 2024 suggested links to China. UAT4356 was first attributed to a campaign called ArcaneDoor that exploited two zero-day flaws in Cisco networking gear to deliver bespoke malware capable of capturing network traffic and reconnaissance.

"To fully remove the persistence mechanism, Cisco strongly recommends reimaging and upgrading the device," Cisco said. "In cases of confirmed compromise on any Cisco Secure ASA or FTD platforms, all configuration elements of the device should be considered untrusted."

As mitigations until reimaging can be performed, the company is recommending that customers perform a cold restart to remove the FIRESTARTER implant. "The shutdown, reboot, and reload CLI commands will not clear the malicious persistent implant, the power cord must be pulled out and plugged back in the device," it added.

Chinese Hackers Shift From Individually Procured Infrastructure to Covert Networks

The disclosure comes as the U.S., the U.K., and various international partners released a joint advisory about large-scale networks of compromised SOHO routers and IoT devices commandeered by China-nexus threat actors to disguise their espionage attacks and complicate attribution efforts.

State-sponsored groups like Volt Typhoon and Flax Typhoon have been using these botnets, consisting of home routers, security cameras, video recorders, and other IoT devices, to target critical infrastructure sectors and conduct cyber espionage in a "low-cost, low-risk, deniable way," per the alert. 

Complicating matters further is the fact that the networks are constantly updated, not to mention multiple China-affiliated threat groups might use the same botnet at the same time, making it challenging for defenders to identify and block them using static IP blocklists.

"Covert networks mostly consist of compromised SOHO routers, but they also pull in any vulnerable device they can exploit at scale," the agencies said. "Their traffic will be forwarded through multiple compromised devices, used as traversal nodes, before exiting the network from an exit node, usually in the same geographic region as the target."

The findings underscore a common pattern seen in state-sponsored attacks: the targeting of network perimeter devices belonging to residential, enterprise, and government networks with an aim to either turn them into a proxy node or intercept sensitive data and communications.

from The Hacker News https://ift.tt/ToKZzna
via IFTTT

NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software

The Office of Inspector General (OIG) of the U.S. National Aeronautics and Space Administration (NASA) has revealed how a Chinese national posed as a U.S. researcher as part of a spear-phishing campaign to obtain sensitive information from the space agency, as well as from government entities, universities, and private companies, in violation of export control laws.

"For years, NASA employees and research collaborators thought they were simply sharing software with colleagues," the OIG said in a Thursday release. "Instead, they were emailing sensitive defense technology to a Chinese national who was impersonating U.S. engineers."

The individual linked to the campaign was outed as Chinese national Song Wu in September 2024, when the U.S. Department of Justice (DoJ) announced charges against him for orchestrating a multi-year campaign that stretched from January 2017 to December 2021 and involved targeting dozens of U.S. professors, researchers, and engineers.

Some of the victims of the campaign were employed at NASA, the Air Force, the Navy, the Army, and the Federal Aviation Administration, while the others worked at major universities and private sector firms.

According to the 2024 indictment, Song was an engineer at the Aviation Industry Corporation of China (AVIC), a Chinese state-owned aerospace and defense conglomerate founded in 2008. In an attempt to obtain modeling software used for aerospace design and weapons development, Song and his co-conspirators are alleged to have conducted extensive research on their targets by masquerading as friends and colleagues to gain access to proprietary software and source code.

The OIG said the scheme was successful in a handful of cases where victims shared the sensitive information with the imposter accounts managed by Song et al without realizing they were violating U.S. export control laws.

Song has been indicted on counts of wire fraud and 14 counts of aggravated identity theft, and faces a maximum sentence of 20 years in prison for each count of wire fraud. He also faces a two-year consecutive sentence if convicted of aggravated identity theft. The 40-year-old remains at large.

Adding Song to the U.S. Most Wanted List, the U.S. Federal Bureau of Investigation (FBI) said the specialized software could be used for industrial and military applications, including the development of advanced tactical missiles and aerodynamic design and assessment of weapons.

"As phishing campaigns continue to become more sophisticated, there are common clues that can betray scammers and expose their export fraud schemes," the OIG said. "In Song's case, he made multiple requests for the same software and did not justify why he needed it."

"Export control scammers also often suggest unusual payment methods (such as suspicious wire transfers); abruptly change the terms or source of payment; and use unconventional transfer methods to mask their identity and evade shipping restrictions."

from The Hacker News https://ift.tt/5DdMrgv
via IFTTT

From zero trust to continuous trust: Securing autonomous AI systems

Zero trust changed how we think about security. It replaced implicit trust with a simple principle: never trust, always verify. 

The traditional zero trust at model works well in environments where behavior is relatively predictable. Identities are authenticated, access is granted based on policy, and systems assume trust must be evaluated continuously at defined points. 

Agentic AI introduces a different operating model. Agents don’t authenticate once and operate within fixed boundaries. They act continuously, make decisions in real time, and request access as part of completing tasks. In this environment, the assumptions behind traditional zero trust begin to break down. 

The next phase of security isn’t about replacing zero trust. It’s about the evolution of zero trust for agentic environments. 

Agentic AI – Why traditional zero trust isn’t enough 

Zero trust works when systems follow predictable patterns. A user logs in. A service authenticates. A token is issued. Access is granted within a defined scope. At each step, there is a clear moment where trust is evaluated. 

Even in distributed systems, these checkpoints still exist. They may be automated, but they remain discrete events where identity is verified and access is decided. 

Agentic systems don’t follow that pattern. An agent begins with a task and then interacts with the environment continuously, calling APIs, requesting access, generating credentials, and moving from one step to the next. Each action introduces a new context, permissions, and dependencies. 

Access is no longer provisioned and then used. It is created and consumed at the same time. 

A credential may be issued for a specific step, used immediately, and replaced as the workflow evolves. Systems built around static roles or long-lived permissions struggle to keep up. 

This is where dynamically issued credentials become critical. Systems like HashiCorp Vault issue short-lived, scoped credentials as part of the workflow, aligning access with what the agent is doing in that moment. 

There is no pause to re-evaluate trust. The system continues. Over time, what begins as a single task becomes a chain of actions across multiple systems. The path becomes harder to predict and harder to control.  

Zero trust assumes there are natural points to re-evaluate trust. Agentic systems remove those boundaries. The system is always in motion, and trust must move with it. 

When access and behavior diverge 

In traditional systems, access and behavior are loosely coupled: 

Access is granted → actions follow 

In agentic systems, they evolve together: 

Access, identity, and behavior are continuously intertwined 

An agent might: 

• Request elevated permissions 

• Generate a credential 

• Call a downstream service 

• Modify infrastructure 

All within fractions of seconds. 

Over time, this creates access paths that were never explicitly designed or reviewed. In some instances, like in the case of Anthropic Mythos, these systems begin to exhibit behaviors that weren’t explicitly programmed but rather adapted workflows, chaining actions in new ways, or pursuing intermediate steps that weren’t anticipated at design time. While these behaviors can improve outcomes, they also introduce new uncertainty in how access is used and expanded across systems. Permissions accumulate. Credentials persist longer than intended. Actions become harder to trace. The challenge isn’t just verifying identity, but rather keeping trust aligned with what the system is actually doing. 

Without dynamic access controls, systems tend to fall back on broader, longer-lived permissions simply to keep workflows moving, which is a pattern dynamic secrets platforms like Vault are designed to avoid. 

This is where traditional zero trust models begin to fall short. They assume trust can be evaluated at defined checkpoints. In agentic systems, those checkpoints don’t exist. 

The result is a growing gap between what was approved and what is happening and allowing access to expand, actions to compound, and risk to accumulate over time. 

Closing that gap requires zero trust to evolve into a continuous trust model, where identity, access, and authorization are evaluated at the moment each action occurs. This means: 

• Identity must be continuously verified in context 

• Access must be issued dynamically and expire automatically 

• Enforcement must happen at the point of interaction 

In practice, this requires coordinating identity systems, dynamic credential management, and controlled access pathways as part of a runtime model. 

The evolution of zero trust to continuous trust 

Zero trust was developed with the assumption that trust would be evaluated at defined checkpoints, login, token issuance, or access approval. Agentic AI has broken that assumption, and security practices needs to evolve. 

When access is granted once but used continuously, systems lose alignment between policy and behavior. Privileges expand. Actions occur outside of intended control. 

Zero trust established an essential principle, trust should never be assumed. but agentic systems require that principle to be applied differently: Trust must be evaluated continuously, immediately upon execution

This is continuous trust.  It shifts security from: 

• Checkpoint-based validation 
  to 

• Runtime, action-level enforcement 

It means: 

• Identity is verified continuously in context 

• Access is dynamic and short-lived 

• Authorization is enforced at each interaction 

Making this model real requires aligning identity, access, and enforcement as part of the same system. 

Continuous identity verification 

Every actor, human or agent, must be validated in context using signals like behavior, device posture, and risk. 

Platforms like IBM Verify extend identity beyond authentication, continuously evaluating whether an actor should still be trusted. 

Dynamic, short-lived access 

Access should exist only as long as it is needed. Credentials must be: 

• Ephemeral 

• Scoped to specific tasks 

• Automatically revoked 

Vault enables this by issuing short-lived credentials aligned to real-time activity rather than static roles. 

Enforcement at the point of action 

Security must be enforced where actions occur. 

Each interaction, API call, system access, workflow step, should be: 

• Evaluated in real time 

• Governed by policy 

• Observable 

HashiCorp Boundary introduce enforcement into the access path itself, brokering connections only as needed so access is controlled and observable as it happens. 

Building a runtime control plane 

The evolution of zero trust into continuous trust is not about adding more policies or extending identity systems, it’s about enforcing trust where actions occur.  

In agentic environments, access and decisions are created and consumed simultaneously. Agents don’t wait for checkpoints; they act, adapt, and continue. If controls are not present at that moment, they are effectively bypassed. This makes runtime the critical control point. 

Without runtime enforcement: 

• Identity is verified too early 

• Access persists longer than intended 

• Actions execute without re-evaluation 

Over time, this creates a disconnect between policy and behavior — systems operate within approved access, but outside intended control. 

A runtime control plane closes this gap by ensuring trust is evaluated at each action. This requires: 

• Continuous identity verification 

• Dynamic credential issuance 

• Enforcement at the point of interaction 

In practice, this means coordinating identity and access as a single system. IBM Verify establishes who or what is acting, Vault issues task-scoped credentials, and Boundary brokers and governs access to target systems. Together, these components shift security from static approval to real-time control, where trust is not assumed, but is continuously proven through action. 

Continuous trust in practice 

In an agentic environment, systems don’t operate within fixed boundaries. They act continuously, adapt in real time, and evolve access as they go. 

Trust is no longer something you establish once and revisit periodically. It is something you evaluate continuously. 

Adopting this model requires rethinking where and how security controls are applied. Identity can no longer be treated as a one-time decision, access can no longer persist beyond the task, and enforcement can no longer sit outside the flow of execution. Instead, these controls need to operate together at runtime and align with system behavior. 

Organizations that continue to rely on static roles, long-lived credentials, and checkpoint-based validation will find it increasingly difficult to maintain control as agentic systems scale.  However, those that move toward continuous identity verification, dynamic access, and real-time enforcement will be better positioned to manage both the speed and complexity of autonomous systems. 

Implementing this model requires bringing identity, credentials, and access enforcement into alignment by adopting platforms like IBM Verify, HashiCorp Vault, and Boundary, which are to provide that support. 

Get more insights on securing AI agents with continuous identity and runtime control. 

from HashiCorp Blog https://ift.tt/ny5qrt0
via IFTTT

26 FakeWallet Apps Found on Apple App Store Targeting Crypto Seed Phrases

Cybersecurity researchers have discovered a set of malicious apps on the Apple App Store that impersonate popular cryptocurrency wallets in an attempt to steal recovery phrases and private keys since at least fall 2025.

"Once launched, these apps redirect users to browser pages designed to look similar to the App Store and distribute trojanized versions of legitimate wallets," Kaspersky researcher Sergey Puzan said. "The infected apps are specifically engineered to hijack recovery phrases and private keys."

The 26 apps, collectively dubbed FakeWallet, mimic various popular wallets like Bitpie, Coinbase, imToken, Ledger, MetaMask, TokenPocket, and Trust Wallet. Many of these apps have since been taken down by Apple following disclosure. There is no evidence that these apps were distributed via the Google Play Store.

While malicious cryptocurrency wallets distributed in the past via bogus websites have abused iOS provisioning profiles to get users to install them, the latest crypto-theft scheme is an improvement in several ways. For starters, the apps are directly available for download from Apple's App Store if a user has their Apple account set to China.

These apps have icons that mirror the original but have intentional typos in their names (e.g., LeddgerNew) so as to trick unsuspecting users into downloading them. In some cases, the app names and icons have no connection to cryptocurrency. Instead, they are used as placeholders to direct users to download the official wallet app through them, claiming they are "unavailable in the App Store" due to regulatory reasons.

Kaspersky said it also identified several similar apps likely linked to the same threat actor that do not have the malicious features enabled, but have been found to mimic a benign service, such as a game, a calculator, or a task planner. Once launched, these apps open a link on the web browser and leverage enterprise provisioning profiles to install the wallet app on the victim's device.

"The attackers have churned out a wide variety of malicious modules, each tailored to a specific wallet," Puzan said. "In most cases, the malware is delivered via a malicious library injection, though we've also come across builds where the app's original source code was modified."

The end goal of these infections is to look for mnemonic phrases from both hot and cold wallets, and exfiltrate them to an external server, allowing the operators to seize control of victims' wallets and drain cryptocurrency assets or initiate fraudulent transactions.

The seed phrases are captured either by hooking the code that's responsible for the screen where the user enters their recovery phrase or serving a phishing page that instructs the victim to enter their mnemonics as part of a supposed verification step.

It's suspected the campaign could be the work of threat actors linked to the SparkKitty trojan campaign last year, given that some of the infected apps also come with a module to steal wallet recovery phrases using optical character recognition (OCR), and that both the campaigns appear to be the work of native Chinese speakers and specifically target cryptocurrency assets.

"The FakeWallet campaign is gaining momentum by employing new tactics, ranging from delivering payloads via phishing apps published in the App Store to embedding themselves into cold wallet apps and using sophisticated phishing notifications to trick users into revealing their mnemonics," Kaspersky said.

MiningDropper Android Malware Framework Emerges

The discovery comes as Cyble sheds light on a sophisticated Android malware delivery framework known as MiningDropper (aka BeatBanker) that combines cryptocurrency mining with information theft, remote access, and banking malware in attacks targeting users in India, as well as in Latin America, Europe, and Asia as part of a BTMOB RAT campaign.

MiningDropper has been distributed via a trojanized version of the open-source Android application project Lumolight, with the campaigns using fake websites impersonating banking institutions and regional transport offices to propagate the malware. Once launched, it activates a multi-stage sequence to extract the miner and the trojan payloads from an encrypted assets archive present within the package.

"MiningDropper employs a multi-stage payload delivery architecture that combines XOR-based native obfuscation, AES-encrypted payload staging, dynamic DEX loading, and anti-emulation techniques," Cyble said. "MiningDropper employs a multi-stage payload delivery architecture that combines XOR-based native obfuscation, AES-encrypted payload staging, dynamic DEX loading, and anti-emulation techniques."

"MiningDropper demonstrates a layered, modular Android malware architecture designed to make static analysis difficult while giving threat actors flexibility in final payload delivery. This design allows the threat actor to reuse the same distribution and installation framework across hundreds of samples while adapting the final monetization objective to operational needs."

from The Hacker News https://ift.tt/1lBCAUc
via IFTTT

Tropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy AdaptixC2

Chinese-speaking individuals are the target of a new campaign that uses a trojanized version of SumatraPDF reader to deploy the AdaptixC2 Beacon post-exploitation agent and ultimately facilitate the abuse of Microsoft Visual Studio Code (VS Code) tunnels for remote access.

Zscaler ThreatLabz, which discovered the campaign last month, has attributed it with high confidence to Tropic Trooper (aka APT23, Earth Centaur, KeyBoy, and Pirate Panda), a hacking group known for its targeting of various entities in Taiwan, Hong Kong, and the Philippines. It's assessed to be active since at least 2011.

"The threat actors created a custom AdaptixC2 Beacon listener, leveraging GitHub as their command-and-control (C2) platform," security researcher Yin Hong Chang said in an analysis.

It's believed that Chinese-speaking individuals in Taiwan, and individuals in South Korea and Japan, are the targets of the campaign. The starting point of the attack is a ZIP archive containing military-themed document lures to launch the rogue version of SumatraPDF, which is then used to display a decoy PDF document, while simultaneously retrieving encrypted shellcode from a staging server to launch AdaptixC2 Beacon.

To accomplish this, the backdoored SumatraPDF executable launches a slightly modified version of a loader codenamed TOSHIS, which is a variant of Xiangoop, a malware linked to Tropic Trooper, and has been used in the past to fetch next-stage payloads like Cobalt Strike Beacon or Merlin agent for the Mythic framework.

The loader is responsible for activating the multi-stage attack, dropping both the lure document as a distraction mechanism and the AdaptixC2 Beacon agent in the background.The agent employs GitHub for C2, beaconing out to the attacker-controlled infrastructure to fetch tasks to be executed on the compromised host.

The attack moves to the next stage only when the victim is deemed valuable, at which point the threat actor deploys VS Code and sets up VS Code tunnels for remote access. On select machines, the threat actor has been found to install alternative, trojanized applications, likely in an attemptto better camouflage their actions.

What's more, the staging server involved in the intrusion ("158.247.193[.]100") has been observed hosting a Cobalt Strike Beacon and a custom backdoor called EntryShell, both of which have been put to use by Tropic Trooper in the past.

"Similar to the TAOTH campaign, publicly available backdoors are used as payloads," Zscaler said. "While Cobalt Strike Beacon and Mythic Merlin were previously used, the threat actor has now shifted to AdaptixC2."

from The Hacker News https://ift.tt/vMYNufo
via IFTTT

Six months at Citrix: A reflection

Six months into my role at Citrix, I’ve found myself thinking a lot about where I came from. Not in a nostalgic way, but in a very real, almost day-to-day sense. I spent years as a CIO walking the hospital floor, sitting in rooms where decisions weren’t theoretical. They were decisions that had immediate impact on clinicians, patients, and the people trying to hold everything together behind the scenes. What I didn’t fully expect is how much this role would bring me back into that same energy. Being on-site again, across different health systems, listening more than talking… it’s been grounding. And honestly, it’s been eye-opening in a different way.

What I’m hearing is consistent. Almost to the point where you can finish the sentence of a CIO before they say it.

Health systems are under pressure in ways that feel heavier than even a few years ago. Cost comes up in every conversation, but not in a simple “we need to cut” way. Leaders are trying to make sense of what they already have – what’s redundant, underutilized, or still providing value. There’s a real desire to be smarter about the existing footprint, not just layer on something new. There’s also pressure to do more with less even when the AI train continues to barrel into the doors of hospitals at a faster rate than any other technology I’ve seen.

Security is an assumed topic – every conversation eventually lands there. Not just perimeter security, but what’s happening inside the environment – lateral movement, shadow IT, medical devices that were never really designed to be secured in the first place. There’s an understanding now that it’s not a matter of if something happens, but when, and how prepared you are when it does.

Resiliency comes up right alongside that. And not just uptime in the traditional sense. I’m hearing more about operational continuity and what happens to care delivery when systems are unavailable, even for a short period of time. The tolerance for disruption is basically gone.

Then there’s M&A. It’s moving fast – sometimes faster than the organizations themselves would prefer. Integration strategies are being built while planes are still in the air. IT teams are expected to connect environments quickly, securely, and without adding cost (which is easier said than done).

Layer in governance challenges and increasing regulatory expectations, and you start to see the weight of it all. But the conversations always come back to people. Clinician burnout is still very real. And hovering over all of this is the “Silver Tsunami.” Experienced staff – people who know how these environments actually work – are retiring, and there’s real concern about the knowledge that gets lost when they leave.

What’s interesting is that despite all of this, I don’t hear people asking for more vendors. In fact, it’s usually the opposite. What they’re asking for, in a much more direct way than I remember, is partnership. Not on a slide, not in a contract – in how the work actually gets done.

Coming into this role, I had my own perspective on what that meant from the outside. Six months in, I’ve had the chance to see how teams at Citrix actually show up. And I’ll say this: it’s less about having the perfect answer and more about being willing to sit in the problem with the customer and work through it.

For example, the discussion isn’t just about protecting the edge anymore. It’s about how you reduce risk inside the environment and how you segment that environment in a way that actually reflects how healthcare operates. I’ve watched teams map out approaches that address both macro and micro segmentation, tying together infrastructure and application layers in a way that helps limit lateral movement and better protect things like medical devices and research environments. It’s not theoretical. It’s grounded in what customers are actually dealing with and opening doors to what’s possible – all while reducing the need for sneakernet.

I’ve also been part of situations where things had already gone wrong, such organizations recovering from cyber events and trying to get systems back online while managing the clinical impact in real time. In one case, we helped bring an environment back in about two days. That matters. But what stayed with me more was how much faster that recovery could have been if we had been involved earlier. That’s something I’ve been thinking about a lot—how different the outcome can be when you’re part of the conversation before the crisis. What I’ve learned is that Citrix is a great partner when the team is in the room as decisions are getting made. There’s a lot to consider when it comes to shifting disaster recovery to business resiliency, and modern IT strategy is everything.

It’s no surprise that cost continues to be a thread throughout all the conversations I’m having. But again, it’s not just about reduction. It’s about clarity and allocation. I’ve seen how tools like Citrix uberAgent can help organizations get a better understanding of how applications and user personas are actually being used ahead of major changes or decisions. That data-driven visibility can lead to more thoughtful conversations and decisions around application rationalization, which is a massive spend category in IT budgets. Overall, financial flexibility is going to be a key component of how IT budgets adapt in the years to come. Cloud migration caused a lot of disruption in the name of flexibility in the past.

As we go forward, financial agility will need to also provide financial stability, and how that happens across your workforce and the people engaging with your technology everyday will become more closely aligned. Citrix recognizes the need to enhance user and financial agility without adding unnecessary complexity and will soon provide a new way to address ongoing challenges. Register here to learn more.

Some of the most practical ways that Citrix adds value that I’ve seen are the smaller ones. The things that don’t always make headlines but make a real difference day-to-day. Using session recording and monitoring capabilities to troubleshoot issues in real time, reducing the back-and-forth between support teams and clinicians. It’s simple, but when teams are stretched thin, those gains matter.

If I step back and think about what’s changed for me personally over these last six months, it’s probably that my definition of partnership has gotten more specific. It’s less about what we say and more about when and how we show up. Are we there early enough to help shape the path, or are we being brought in after decisions have already been made? Are we simplifying things, or adding another layer of complexity?

No CIO should be navigating the current healthcare IT landscape without bringing along a few trusted advisors. That said, I don’t think any of us have this completely figured out. The environment is too dynamic for that. But I do believe there’s an opportunity for me to do things differently than what’s been done before for our healthcare customers. And that is to be more connected to what customers are actually experiencing and to respond in a way that reflects that.

Walking the floors again, even in a different role, has reminded me of something I probably already knew but needed to see again. Healthcare doesn’t need more noise. It needs people who understand what’s at stake and are willing to do the work alongside the teams carrying that responsibility every day.

Six months in, I’m still learning. But I’m encouraged by what I’ve seen so far—and even more by what I think is possible if we keep leaning in the right way.

from Citrix Blogs https://ift.tt/QcUPBn1
via IFTTT

Bridging the trust gap: Unified public CA orchestration with IBM Vault

In modern enterprises, security is only as strong as its weakest link. For most organizations, that link is often the manual, fragmented process of managing X.509 certificates. While HashiCorp Vault (now IBM Vault) has long been the gold standard for automating internal PKI (private key infrastructure), a significant hurdle remained: the "public trust" boundary.

Today, we are excited to announce a major expansion of Vault Enterprise’s PKI capabilities. You can now integrate and orchestrate public certificate authorities (CAs) directly within Vault, providing a single, automated workflow for every certificate your organization needs — whether it’s for an internal microservice or a customer-facing website.

The pain of fragmented certificate management

Many organizations have successfully automated their internal workflows using Vault’s private PKI. However, when a service requires a certificate trusted by external browsers or public networks, the automation stops. This creates a "dual-track" management problem that introduces several critical pain points:

• Operational overhead: Without native public CA integration, teams must step outside their automated pipelines to manually request, renew, and revoke certificates via external CA portals. This human intervention is the primary cause of errors and missed renewals.

• The "outage clock": Every manual certificate is a ticking clock. Fragmented management means you lack a central view of expiration dates across different providers, leading to unexpected downtime when a public-facing API or website certificate expires.

• Siloed governance: Organizations are forced to split governance between one tool for private certs and another for public certs. This inconsistency makes it nearly impossible to enforce unified security policies or maintain a complete audit trail for compliance standards like NIST, PCI DSS, or SOC2.

• Limited external utility: Private CAs are excellent for internal trust, but they don't work for customer-facing services. Relying on separate tools for public trust limits Vault’s utility in hybrid and multi-cloud scenarios where external trust is a hard requirement.

A single pane of glass for PKI

Enterprises are looking for a way to centralize the entire certificate lifecycle. Our new public CA integration does exactly that. By acting as a central proxy, Vault now securely manages upstream CA credentials and orchestrates the complex validation challenges required for public issuance.

 This feature allows your development teams to request publicly trusted certificates using the same Vault APIs and workflows they already use for private ones. The result? A centralized, automated approach that removes manual silos and provides a unified "single pane of glass" view of your organization's entire certificate footprint.

How it works: Orchestrating public trust

This new integration leverages the ACME (Automated Certificate Management Environment) protocol to provide a vendor-agnostic interface for public CA orchestration.

Native integration with leading CAs

Vault now supports native integration with the most prominent public certificate authorities, allowing you to centralize credentials and automate workflows for:

●       Let’s Encrypt

●       DigiCert

●       GlobalSign (beta)

●       Sectigo (beta)

Orchestration via Vault agent

The Vault agent has been updated to act as the primary orchestrator. It manages communication between Vault and the public CA, handling the heavy lifting of domain validation.

In this initial release, we are implementing support for the HTTP-01 challenge. This means Vault can automate the process of proving domain ownership by serving a specific token over HTTP. For teams managing diverse infrastructures, we are also working to add DNS-01 challenge support in the very near future to handle wildcard certificates and non-web-accessible environments.

Streamlined workflows

The integration supports both secure CSR-based workflows (where the private key never leaves your infrastructure) and flexible identifier-based workflows for rapid issuance.

What you can do today

With this new feature, your security and platform teams can perform the following tasks directly within the Vault ecosystem:

● Set up integrations: Easily configure secure connections with your desired public CA using native Vault configuration.

● Request and download: Dev teams can request public certificates via the Vault API, CLI, or UI and download them immediately upon issuance.

● Manual renewal: Maintain control by manually triggering renewals for public certificates through the Vault interface.

● Revocation: Instantly revoke public certificates created via Vault if a compromise is suspected, ensuring your external security posture is always up to date.

● Leverage the Terraform Vault provider: Fully automate the setup and management of these public CA integrations using the updated Terraform Vault provider.

Conclusion: Taking control of the lifecycle

The goal of Vault Enterprise has always been to simplify the complex. By bringing public CA management into the Vault ecosystem, we are eliminating the manual friction that has long plagued security teams. You no longer have to choose between automation and public trust —with Vault, you can have both.

Whether you are a technical decision-maker looking to reduce the risk of outages or a practitioner aiming to automate manual portal logins, this new integration provides the tools you need for a truly modern, end-to-end PKI strategy.

To learn more, check out the PKI external CA feature documentation. You can also learn more about great new Vault 2.0 features in the release blog.

from HashiCorp Blog https://ift.tt/Q7AlsT1
via IFTTT

ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories

You scroll past one incident and see another that feels familiar, like it should have been fixed years ago, but it still works with small changes. Same bugs. Same mistakes.

The supply chain is messy. Packages you did not check are stealing data, adding backdoors, and spreading. Attacking the systems behind apps is easier than breaking the apps themselves. The exploits are simple but still work, giving attackers easy access.

AI tools are also part of the problem now. They trust bad input and take real actions, which makes the damage bigger. Then there are quieter issues. Apps take data they should not. Devices behave in strange ways. Attackers keep testing what they can get away with. No noise. Just ongoing damage.

Here is the list for this week’s ThreatsDay Bulletin.

1. State-backed crypto heist

   Inter-blockchain communication protocol LayerZero has revealed that North Korean threat actors tracked TraderTraitor may have been behind the recent hack of decentralized finance (DeFi) project KelpDAO, resulting in the theft of $290 million. "The attack was specifically engineered to manipulate or poison downstream RPC infrastructure by compromising a quorum of the RPCs the LayerZero Labs DVN relied upon to verify transactions," LayerZero said. KelpDAO, in a post on X, said, "Two RPC nodes hosted by LayerZero were compromised. A simultaneous DDoS attack was launched against the third RPC node. This was an attack on LayerZero's infrastructure. Kelp's own systems were not involved in building or operating that infrastructure." Meanwhile, the Arbitrum Security Council has temporarily frozen the 30,766 ETH being held in the address on Arbitrum One that is connected to the KelpDAO exploit. It's worth noting that TraderTraiter was attributed to the mega Bybit hack in early 2025 that led to the theft of $1.5 billion in digital assets. Recently, Lazarus Group was also linked to the $285 million theft from the Drift Protocol.

2. Active RCE exploits

   Separately, VulnCheck has warned of attacks attempting to exploit two flaws in MajorDoMo, a smart home automation platform. While CVE-2026-27175 is a critical command injection vulnerability that started seeing exploitation on April 13, CVE-2026-27174 allows unauthenticated remote code execution via the PHP console in the admin panel and was first detected on April 18. "CVE-2026-27175 was exploited to drop a PHP webshell that delivers persistent backdoor access," VulnCheck said. "CVE-2026-27174 saw exploitation that ended in a Metasploit php/meterpreter/reverse_tcp staged payload." Other vulnerabilities that have witnessed exploitation efforts include CVE-2025-22952, an SSRF in Elestio Memos, and CVE-2024-57046, an authentication bypass in NETGEAR DGN2200 routers.

3. Supply chain malware surge

   A number of malicious packages have been discovered in the npm registry: ixpresso-core, forge-jsx, @genoma-ui/components, @needl-ai/common, rrweb-v1, cjs-biginteger, sjs-biginteger, bjs-biginteger, @fairwords/websocket, @fairwords/loopback-connector-es, @fairwords/encryption, js-logger-pack, and @kindo/selfbot. These packages come with features to steal sensitive data from compromised hosts, perform system reconnaissance, andimplant an SSH backdoor by injecting the attacker's public key into ~/.ssh/authorized_keys, deliver an information stealer, and spread the XWorm remote access trojan (RAT). The packages published under the "@fairwords" scope have also been found to self-propagate to all npm packages using the victim's token and attempt cross-ecosystem propagation to PyPI via .pth file injection. New versions of js-logger-pack have since been found to leverage the Hugging Face repository to poll for updates and use it as a data-theft destination. Also detected was the compromise of @velora-dex/sdk (version 9.4.1) to decode and execute a Base64 payload that fetches a shell script from a remote server that, in turn, downloads and persists a Go-based remote access trojan called minirat on macOS systems. Another legitimate package to be compromised was mgc (versions 1.2.1 through 1.2.4), which was injected with a dropper that detects the operating system and fetches a platform-specific RAT from a GitHub Gist to exfiltrate valuable data.

4. AI prompt injection surge

   Forcepoint has detected 10 new indirect prompt injection (IPI) payloads targeting artificial intelligence (AI) agents with malicious instructions designed to achieve financial fraud, data destruction, API key theft, and AI denial-of-service attacks. "Regardless of the specific payload technique or attacker intent, every case follows the same fundamental sequence: the attacker poisons web content, hides the payload from human view, waits for an AI agent to ingest the page, exploits the LLM's inability to distinguish trusted instructions from attacker-controlled content, and triggers a real-world action with a covert exfiltration return channel back to the attacker," the company said.

5. Covert browser data access

   The Claude desktop app has been found granting itself permission to access web browser data, even if some browsers haven't even been installed on a user's computer, web privacy expert Alexander Hanff said. The app has been spotted placing configuration files in preset locations for Chromium-based browsers like Brave, Google Chrome, Microsoft Edge, and Vivaldi. The Native Messaging manifest files pre-authorize Claude to interact with the browser even before the user installs it. The issue has been described as a case of dark pattern that violates privacy laws in the E.U.

6. Hardware display protection

   The U.K. National Cyber Security Centre (NCSC) has unveiled a new technology called SilentGlass that's designed to protect video connections from cyber attacks. "SilentGlass, a plug-and-play device, actively blocks anything unexpected or malicious between HDMI and Display Port connections and screens," NCSC said. "Already successfully deployed on Government estates, SilentGlass is now available for anyone to buy and use. It has been approved for use in the most high-threat environments."

7. Passkeys replace passwords

   In a related development, the NCSC also endorsed passkeys as the default authentication standard and the "first choice of login" for access to all digital services. "Passkeys are a newer method for logging into online accounts, which do much of the heavy lifting for users, only requiring user approval rather than needing to input a password," NCSC said. "This makes passkeys quicker and easier to use and harder for cyber attackers to compromise." It also said the majority of cyber harms to individuals begin with criminals stealing or compromising login details, which makes passkey adoption a "huge leap" in boosting resilience to phishing attacks. More than 50% of active Google services users in the U.K. are said to be already using passkeys.

8. Backdoor sabotage claims

   Reports from Iranian media have claimed that hardware made by Cisco, Juniper, Fortinet, and MikroTik either rebooted or disconnected during recent attacks on Iran, despite the country being cut off from the global internet. "The most striking and suspicious aspect of this incident is its precise timing and the lack of access to the international internet at that moment," Iranian news website Entekhab said. "This disruption occurred at a time when international gateways were effectively blocked or inaccessible; therefore, attributing this chain collapse to 'a simple cyber attack from beyond the borders' is not only unconvincing but also reveals the traces of deep-seated sabotage embedded within the equipment." The report hypothesizes the presence of hidden firmware backdoors or rogue implants within compromised devices, creating a dormant botnet that's activated when a certain event occurs without the need for internet access. The other possibility is a supply chain compromise. "If the chips or installation files of Cisco and Juniper products are compromised before entering the country, even replacing the operating system will not solve the problem, because the root of the problem is embedded in the hardware and read-only memory (ROM)," the report said. These arguments have found purchase in China, whose state media agency Xinhua called U.S.-made equipment the "real trojan horse." The disclosure comes as DomainTools revealed that the various hacktivist personas adopted by Iran, such as Homeland Justice, Karma, and Handala, "constitute a coordinated, MOIS-aligned cyber influence ecosystem operating under multiple branded identities that serve distinct but complementary operational roles."

9. Ransomware infighting escalates

   The Krybit ransomware group has hacked the website of rival ransom group 0APT after the latter threatened to dox Krybit's members. According to security firm Barricade, 0APT leaked the complete database of the Krybit ransomware operation, including victim records, plaintext credentials, Bitcoin wallets, encryption tokens, and a 56MB exfiltration file inventory. In return, Krybit has hit back by compromising 0APT's server within 48 hours, defacing their data leak site, and publishing source code, bash history, Nginx logs, and system files. To rub salt into the wound, the group listed 0APT as victim #1 on their own leak site.

10. Stealth malware-as-a-service

    There is a new cryptor-as-a-service platform called FUD Crypt (fudcrypt[.]net). "For $800 to $2,000 per month, subscribers upload an arbitrary Windows executable and receive a multi-stage deployment package that attempts automatic DLL sideloading, in-memory AMSI and ETW interference, silent UAC elevation via CMSTPLUA, and Windows Defender tamper via Group Policy on Enterprise builds," Ctrl-Alt-Intel said.

11. Formbook phishing surge

    Two different phishing campaigns targeting Greek, Spanish, Slovenian, Bosnian, Latin, and Central American companies are using different techniques to deliver Formbook malware. "FormBook is a data-stealing malware that targets Windows systems, primarily distributed through phishing emails with malicious attachments," WatchGuard said. “It collects sensitive information like login credentials, browser data, and screenshots, using advanced evasion techniques to avoid detection.”

12. Stealth .NET execution abuse

    A highly sophisticated, multi-stage post-exploitation framework has been observed targeting organizations in the Middle East and EMEA financial sectors. "The threat actor leverages a legitimate, digitally signed Intel utility (IAStorHelp.exe) by abusing the .NET AppDomainManager mechanism, effectively turning a trusted binary into a stealthy execution container," CYFIRMA said. "This approach allows malicious code to be executed within a trusted environment. It bypasses conventional security controls without modifying the original signed binary." Because AppDomainManager hijacking enables stealth execution within a trusted signed binary, it allows malicious code to run without modifying the original executable, effectively bypassing code-signing trust controls. The attack begins with a phishing email containing a ZIP archive, which contains an LNK file masquerading as a PDF document to execute "IAStorHelp.exe." It's currently not known who is behind the campaign, but the level of sophistication, modular design, and operational discipline suggest capabilities consistent with advanced threat actors.

13. RAT plus adware bundle

    A new malware campaign is spreading both a remote access trojan and adware together, allowing attackers to establish persistent access and make financial profits. The attack has been found to leverage a loader to deliver Gh0st RAT trojan and CloverPlus adware, an unwanted software designed to install advertising components and change browser behavior, such as startup pages and pop-up ads, per Splunk.

14. macOS stealth execution abuse

    In a new analysis, Cisco Talos revealed that bad actors can bypass security controls in Apple macOS by repurposing native features like Remote Application Scripting (RAS) for remote execution and abusing Spotlight metadata (Finder comments) to stage payloads in a way that evades static file analysis. "Because Finder is scriptable over RAE, the comment of a file on a remote machine can be set via the “eppc://” protocol. By Base64 encoding a payload locally, a multi-line script can be stored within this single string field. The make new file command handles the creation of the target file, ensuring that no pre-existing file is required," Talos said. "The payload resides entirely within the Spotlight metadata, a location that remains largely unexamined by standard endpoint detection and response (EDR) solutions. This creates a stealthy staging area where malicious code can persist on the disk without triggering alerts associated with suspicious file contents." In addition, attackers can move toolkits and establish persistence using built-in protocols such as SMB, Netcat, Git, TFTP, and SNMP operating entirely outside the visibility of standard SSH-based telemetry. In some cases, adversaries can also bypass built-in restrictions by using Terminal as a proxy for execution, encoding payloads in Base64 and deploying them in stages.

15. LLM agent testing framework

    A group of academics has released a hackable, modular, and configurable open-source framework called Terrarium for studying and evaluating decentralized LLM-based multi-agent systems (MAS). "As the capabilities of agents progress (e.g., tool calling) and their state space expands (e.g., the internet), multi-agent systems will naturally arise in unique and unexpected scenarios," the researchers said, adding it acts as "an isolated playground for studying agent behavior, vulnerabilities, and safety. It enables full customization of the communication protocol, communication proxy, environment, tool usage, and agents."

16. AI data privacy purge

    According to Reuters, AI company Clarifai said it has deleted 3 million profile photos taken from dating site OkCupid in 2014. It follows a settlement reached last month between the U.S. Federal Trade Commission (FTC) and Match Group, OkCupid's owner. Clarifai is said to have certified the data deletion to the FTC on April 7, 2026, and deleted any models that trained on the data. The company also emphasized that it hadn't shared the data with third parties. The FTC opened the investigation in 2019, after The New York Times reported that Clarifai had built a training database using OkCupid dating profile photos. The behavior was a direct violation of OkCupid's privacy policy, although Clarifai was not accused of wrongdoing.

17. Zero-credential RCE chain

    VulnCheck said it's seeing active exploitation of the Apache ActiveMQ Jolokia remote code execution chain that strings together CVE-2026-34197 and CVE-2024-32114. "CVE-2024-32114 removes authentication from the Jolokia endpoint entirely on ActiveMQ versions 6.0.0 through 6.1.1," VulnCheck's Jacob Baines said. "Combined with CVE-2026-34197, that is zero-credential RCE."

18. Stealth phishing lure

    There has been a surge in phishing emails utilizing empty subject lines as a way to lure users to actually click and open the email without the usual warning cues. Known as silent subject or null subject phishing, the technique is designed to exploit blind spots in email defenses, as it allows such emails to bypass security filters that rely on analyzing the subject lines for specific keywords that may indicate potential phishing or scam. "Emails with empty subject lines evade user suspicion by exploiting human curiosity," CyberProof said. "The primary objective of a silent subject campaign is to gain initial access through social engineering, leading to credential compromise, unauthorized access, and potential lateral movement within targeted environments, especially focusing on high-value or VIP users."

19. Industrial-scale SIM farms

    A Belarus-based turnkey solution is assisting SIM farm operators in supporting cybercrime on an industrial scale. Infrawatch said that it identified 87 instances of ProxySmart control panels in 17 countries that are linked to at least 24 commercial proxy providers and 35 cellular providers. The footprint spans 94 phone farm locations, distributed across 19 U.S. states, as well as countries in Europe and South America. ProxySmart provides an end-to-end platform for operating and monetizing mobile proxy infrastructure, including farm management, device control, customer provisioning, retail proxy sales, and payment handling. It's accessible via a web-based control panel that's self-hosted by the farm operator. Devices in the farms are either physical Android phones or USB 4G/5G modems. The phones are enrolled via an unsigned Android APK package downloaded from the ProxySmart website, with SMS send and receive capability included. Modems are managed through ModemManager, an open-source USB dongle management tool. The ProxySmart service is written in Python and obfuscated using PyArmour. "ProxySmart is publicly associated with a Belarus-based vendor footprint and offers an end-to-end stack for operating and monetizing a physical farm, including device management, automated IP rotation, customer provisioning, plan enforcement, and anti-bot countermeasures," the company said. "Technical analysis indicates operator capabilities consistent with large-scale evasion enablement, including automated IP rotation, remote device control, and network fingerprint spoofing." SIM farms enable a range of cybercrime activity such as smishing, premium-rate number fraud, bot sign-ups, and one-time password interception. In response to the findings, ProxySmart disputed its characterization as a SIM farm, stating it's a "data-path proxy management platform" and that its mobile proxy infrastructure "underpins a wide range of legitimate commercial and research activity" including advertising verification, brand protection, price monitoring, and anti-fraud model training, among others.

20. Telegram under CSAM probe

    Ofcom, the U.K.'s independent communications regulator, has launched an investigation into Telegram under the country's Online Safety Act to examine whether the platform is being used to share child sexual abuse material (CSAM) and is doing enough to combat the threat. "We received evidence from the Canadian Centre for Child Protection regarding the alleged presence and sharing of child sexual abuse material on Telegram, and carried out our own assessment of the platform," Ofcom said. "In light of this, we have decided to open an investigation to examine whether Telegram has failed, or is failing, to comply with its duties in relation to illegal content." In a statement shared with The Record, Telegram said it "categorically denies Ofcom's accusations," adding it has "virtually eliminated the public spread of CSAM on its platform through world-class detection algorithms and cooperation with NGOs." Earlier this year, Ofcom also commenced a probe into X to determine whether the service is taking necessary steps to take down illegal content, including non-consensual intimate images and CSAM.

21. EU cracks disinfo ops

    The European Union imposed sanctions on two pro-Russian organizations accused of spreading disinformation and supporting the Kremlin's hybrid influence operations against Europe and Ukraine. The measures target Euromore and the Foundation for the Support and Protection of the Rights of Compatriots Living Abroad (Pravfond). The move is part of the E.U.'s broader effort to counter Russian information and influence operations targeting Europe since the start of Moscow's full-scale invasion of Ukraine in 2022. The E.U. has imposed sanctions on 69 individuals and 19 entities linked to Russian hybrid warfare.

22. Bot farm dismantled

    Ukrainian authorities have dismantled a bot farm that's alleged to have supplied thousands of fake social media accounts to Russian intelligence services for use in disinformation campaigns against Ukraine. The suspected organizer of the network has been detained in the northern city of Zhytomyr, and nearly 20,000 fraudulent online profiles that were used in information operations have been blocked. The suspect is believed to have sold more than 3,000 fake Telegram accounts each month to Russian clients. The accounts were created using Ukrainian mobile phone numbers and then advertised on online platforms used by pro-Russian actors. If convicted, the suspect faces up to six years in prison.

23. Malicious extensions surge

    More than 130,000 users have downloaded and installed malicious Chrome and Edge extensions that, while offering the promised functionality, also implement covert tracking, remote configuration capabilities, and data collection mechanisms.The 12 extensions posed as tools to download TikTok videos and were available through the official Chrome and Edge stores. The activity has been codenamed StealTok. The extensions have been found to use remote configuration to bypass store review. "Beyond privacy concerns, the use of remote configuration endpoints introduces a significant security risk, enabling post-installation behavior changes that bypass marketplace review mechanisms," LayerX said.

24. Joomla SEO spam backdoor

    In a new campaign spotted by Sucuri, threat actors are planting a new PHP-based backdoor on Joomla sites to inject SEO spam. The injected script acts as a remote loader to send information about the infected website and awaits further instructions from an attacker-controlled server. "Attackers inject malicious code that silently serves spam content to visitors and search engines, all without the site owner knowing," Sucuri said. "The goal is simple: abuse the site's reputation to push traffic towards products the attacker wants to promote."

25. Post-exfiltration data trade

    A new service called Leak Bazaar has been promoted on the Russian-speaking TierOne forum that claims to process data stolen from extortion and ransomware attacks and turn it into "something more legible, more selective and precise, and making it marketable for the general population to ingest." It's advertised by a user named Snow, who joined the forum on March 3, 2026. "What Leak Bazaar is really offering is not a DLS or Data or Dedicated Leak Site in the conventional sense, but a post-exfiltration service layer," Flare said. "It is trying to reassure both suppliers and buyers that the platform can solve the most frustrating part of data theft, which is that a large percentage of exfiltrated material is too noisy, too unstructured, or too cumbersome to use without additional labor."

26. RDP scanning concentration

    GreyNoise has disclosed that a small cluster of 21 IP addresses is now responsible for generating nearly half of all the RDP scanning traffic on the public internet. The addresses are registered to ColocaTel (AS213438), a company based in the Seychelles. According to the threat intelligence firm, mass internet scanning activity is now preceding vendor vulnerability disclosures more frequently than before, with 49% of surges arriving within 10 days of disclosure and 78% within 21 days.In a related development, security researcher Morgan Robertson revealed that almost three-quarters of Perforce P4 source code management servers connected to the internet are misconfigured and leaking source code and sensitive files. "The default Perforce settings allow unauthenticated users to create accounts, list existing users, access passwordless accounts, and, until version 2025.1, allowed syncing repositories remotely; potentially exposing intellectual property across more than a dozen sectors, including gaming, healthcare, automotive, finance, and government," Robertson said. "Action is recommended for all Perforce administrators to ensure security hardening, including setting stronger authentication requirements, disabling automatic account creation, and raising security levels."

27. Emerging threat groups surge

    Various new hacktivist, data extortion, and ransomware crews have been spottedin the wild. These include Harakat Ashab al-Yamin al-Islamia, World Leaks, Lamashtu, Payouts King, BravoX, Black Shrantac, NBLOCK, Ndm448, Chip, Ransoomed, and Zollo.

None of this is new. That is the problem. Old paths still open, basic checks still skipped, and trust still given where it should not be. Attackers are not doing anything magical, they are just faster and less careful because they do not need to be.

The fixes are known but ignored. Patch early, check what you install, limit access, and stop trusting inputs by default. Most of the damage comes from things that were easy to prevent. Same story next week.

from The Hacker News https://ift.tt/tfSur7W
via IFTTT