Author: Mark

Aug 07, 2025Ravie LakshmananMalware / Threat Intelligence

The threat actors behind the SocGholish malware have been observed leveraging Traffic Distribution Systems (TDSs) like Parrot TDS and Keitaro TDS to filter and redirect unsuspecting users to sketchy content.

“The core of their operation is a sophisticated Malware-as-a-Service (MaaS) model, where infected systems are sold as initial access points to other cybercriminal organizations,” Silent Push said in an analysis.

SocGholish, also called FakeUpdates, is a JavaScript loader malware that’s distributed via compromised websites by masquerading as deceptive updates for web browsers like Google Chrome or Mozilla Firefox, as well as other software such as Adobe Flash Player or Microsoft Teams. It’s attributed to a threat actor called TA569, which is also tracked as Gold Prelude, Mustard Tempest, Purple Vallhund, and UNC1543.

Attack chains involve deploying SocGholish to establish initial access and broker that compromised system access to a diverse clientele, including Evil Corp (aka DEV-0243), LockBit, Dridex, and Raspberry Robin (aka Roshtyak). Interestingly, recent campaigns have also leveraged Raspberry Robin as a distribution vector for SocGholish.

“SocGholish infections typically originate from compromised websites that have been infected in multiple different ways,” Silent Push said. “Website infections can involve direct injections, where the SocGholish payload delivery injects JS directly loaded from an infected webpage or via a version of the direct injection that uses an intermediate JS file to load the related injection.”

Besides redirecting to SocGholish domains via compromised websites, another primary source of traffic involves using third-party TDSes like Parrot TDS and Keitaro TDS to direct web traffic to specific websites or to landing pages after performing extensive fingerprinting of the site visitor and determining if they are of interest based on certain predefined criteria.

Keitaro TDS has long been involved in threat activity going beyond malvertising and scams to deliver more sophisticated malware, including exploit kits, loaders, ransomware, and Russian influence operations. Last year, Infoblox revealed how SocGholish, a VexTrio partner, used Keitaro to redirect victims to VexTrio’s TDSes.

“Because Keitaro also has many legitimate applications, it is frequently difficult or impossible to simply block traffic through the service without generating excessive false positives, although organizations can consider this in their own policies,” Proofpoint noted back in 2019.

Keitaro TDS is believed to be connected to TA2726, which has functioned as a traffic provider for both SocGholish and TA2727 by compromising websites and injecting a Keitaro TDS link, and then selling that to its customers.

“The intermediate C2 [command-and-control] framework dynamically generates payloads that victims download at runtime,” Silent Push noted.

“It is essential to note that across the execution framework, from the initial SocGholish injection to the on-device execution of the Windows implant, the entire process is continuously tracked by SocGholish’s C2 framework. If, at any time, the framework determines that a given victim is not ‘legitimate,’ it will stop the serving of a payload.”

The cybersecurity company has also assessed that there are possibly former members who are involved in Dridex, Raspberry Robin, and SocGholish, given the overlapping nature of the campaigns observed.

The development comes as Zscaler detailed an updated version of Raspberry Robin that features improved obfuscation methods, changes to its network communication process, and embeds pointing to intentionally corrupted TOR C2 domains, signaling continued efforts to avoid detection and hinder reverse engineering efforts.

“The network encryption algorithm has changed from AES (CTR mode) to Chacha-20,” the company said. “Raspberry Robin has added a new local privilege escalation (LPE) exploit (CVE-2024-38196) to gain elevated privileges on targeted systems.”

The disclosure also follows an evolution of DarkCloud Stealer attacks that employ phishing emails to deliver a ConfuserEx-protected version of the stealer payload written in Visual Basic 6, which is launched and executed using a technique called process hollowing.

“DarkCloud Stealer is typical of an evolution in cyberthreats, leveraging obfuscation techniques and intricate payload structures to evade traditional detection mechanisms,” Unit 42 said. “The shift in delivery methods observed in April 2025 indicates an evolving evasion strategy.”

Aug 07, 2025Ravie LakshmananVulnerability / Threat Intelligence

Cybersecurity researchers have disclosed multiple security flaws in video surveillance products from Axis Communications that, if successfully exploited, could expose them to takeover attacks.

“The attack results in pre-authentication remote code execution on Axis Device Manager, a server used to configure and manage fleets of cameras, and the Axis Camera Station, client software used to view camera feeds,” Claroty researcher Noam Moshe said.

“Furthermore, using internet scans of exposed Axis.Remoting services, an attacker can enumerate vulnerable servers and clients, and carry out granular, highly targeted attacks.”

The list of identified flaws is below –

• CVE-2025-30023 (CVSS score: 9.0) – A flaw in the communication protocol used between client and server that could lead to an authenticated user performing a remote code execution attack (Fixed in Camera Station Pro 6.9, Camera Station 5.58, and Device Manager 5.32)
• CVE-2025-30024 (CVSS score: 6.8) – A flaw in the communication protocol used between client and server that could be leveraged to execute an adversary-in-the-middle (AitM) attack (Fixed in Device Manager 5.32)
• CVE-2025-30025 (CVSS score: 4.8) – A flaw in the communication protocol used between the server process and the service control that could lead to a local privilege escalation (Fixed in Camera Station Pro 6.8 and Device Manager 5.32)
• CVE-2025-30026 (CVSS score: 5.3) – A flaw in the Axis Camera Station Server that could lead to an authentication bypass (Fixed in Camera Station Pro 6.9 and Camera Station 5.58)

Successful exploitation of the aforementioned vulnerabilities could allow an attacker to assume an AitM position between the Camera Station and its clients, effectively making it possible to alter requests/responses and execute arbitrary actions on either the server or client systems. There is no evidence that the issues have been exploited in the wild.

Claroty said it found more than 6,500 servers that expose the proprietary Axis.Remoting protocol and its services over the internet, out of which nearly 4,000 of them are located in the U.S.

“Successful exploits give attackers system-level access on the internal network and the ability to control each of the cameras within a specific deployment,” Moshe noted. “Feeds can be hijacked, watched, and/or shut down. Attackers can exploit these security issues to bypass authentication to the cameras and gain pre-authentication remote code execution on the devices.”

Aug 07, 2025Ravie LakshmananVulnerability / Threat Intelligence

Cybersecurity researchers have disclosed multiple security flaws in video surveillance products from Axis Communications that, if successfully exploited, could expose them to takeover attacks.

“The attack results in pre-authentication remote code execution on Axis Device Manager, a server used to configure and manage fleets of cameras, and the Axis Camera Station, client software used to view camera feeds,” Claroty researcher Noam Moshe said.

“Furthermore, using internet scans of exposed Axis.Remoting services, an attacker can enumerate vulnerable servers and clients, and carry out granular, highly targeted attacks.”

The list of identified flaws is below –

• CVE-2025-30023 (CVSS score: 9.0) – A flaw in the communication protocol used between client and server that could lead to an authenticated user performing a remote code execution attack (Fixed in Camera Station Pro 6.9, Camera Station 5.58, and Device Manager 5.32)
• CVE-2025-30024 (CVSS score: 6.8) – A flaw in the communication protocol used between client and server that could be leveraged to execute an adversary-in-the-middle (AitM) attack (Fixed in Device Manager 5.32)
• CVE-2025-30025 (CVSS score: 4.8) – A flaw in the communication protocol used between the server process and the service control that could lead to a local privilege escalation (Fixed in Camera Station Pro 6.8 and Device Manager 5.32)
• CVE-2025-30026 (CVSS score: 5.3) – A flaw in the Axis Camera Station Server that could lead to an authentication bypass (Fixed in Camera Station Pro 6.9 and Camera Station 5.58)

Successful exploitation of the aforementioned vulnerabilities could allow an attacker to assume an AitM position between the Camera Station and its clients, effectively making it possible to alter requests/responses and execute arbitrary actions on either the server or client systems. There is no evidence that the issues have been exploited in the wild.

Claroty said it found more than 6,500 servers that expose the proprietary Axis.Remoting protocol and its services over the internet, out of which nearly 4,000 of them are located in the U.S.

“Successful exploits give attackers system-level access on the internal network and the ability to control each of the cameras within a specific deployment,” Moshe noted. “Feeds can be hijacked, watched, and/or shut down. Attackers can exploit these security issues to bypass authentication to the cameras and gain pre-authentication remote code execution on the devices.”

Aug 07, 2025Ravie LakshmananMalware / Threat Intelligence

Cybersecurity researchers have discovered a set of 11 malicious Go packages that are designed to download additional payloads from remote servers and execute them on both Windows and Linux systems.

“At runtime the code silently spawns a shell, pulls a second-stage payload from an interchangeable set of .icu and .tech command-and-control (C2) endpoints, and executes it in memory,” Socket security researcher Olivia Brown said.

The list of identified packages is below –

• github.com/stripedconsu/linker
• github.com/agitatedleopa/stm
• github.com/expertsandba/opt
• github.com/wetteepee/hcloud-ip-floater
• github.com/weightycine/replika
• github.com/ordinarymea/tnsr_ids
• github.com/ordinarymea/TNSR_IDS
• github.com/cavernouskina/mcp-go
• github.com/lastnymph/gouid
• github.com/sinfulsky/gouid
• github.com/briefinitia/gouid

“Because the second-stage payload delivers a bash-scripted payload for Linux systems and retrieves Windows executables via certutil.exe, both Linux build servers and Windows workstations are susceptible to compromise,” Brown said.

Complicating matters is the decentralized nature of the Go ecosystem, which allows modules to be directly imported from GitHub repositories, causing significant developer confusion when searches for a package on pkg.go.dev can return several similarly named modules, although they may not necessarily be malicious in nature.

“Attackers exploit the confusion, carefully crafting their malicious module namespaces to appear trustworthy at a glance, significantly increasing the likelihood developers inadvertently integrate destructive code into their projects,” Socket said.

It’s assessed that the packages are the work of a single threat actor due to C2 reuse and the format of the code. The findings underscore the continued supply chain risks arising from the cross-platform nature of Go to push malware.

The development coincides with the discovery of two npm packages, naya-flore and nvlore-hsc, that masquerade as WhatsApp socket libraries while incorporating a phone number-based kill switch that can remotely wipe developers’ systems.

The packages, which have been collectively downloaded over 1,110 downloads, continue to remain available on the npm registry as of writing. Both libraries were published by a user named “nayflore” in early July 2025.

Central to their operations is their ability to retrieve a remote database of Indonesian phone numbers from a GitHub repository. Once the package is executed, it first checks if the current phone is in the database, and, if not, proceeds to recursively delete all files using the command “rm -rf *” following a WhatsApp pairing process.

The packages have also been found to contain a function to exfiltrate device information to an external endpoint, but calls to the function have been commented out, suggesting that the threat actor behind the scheme is signaling ongoing development.

“naya-flore also contains a hardcoded GitHub Personal Access Token that provides unauthorized access to private repositories,” security researcher Kush Pandya said. “The purpose of this token remains unclear from the available code.”

“The presence of an unused GitHub token could indicate incomplete development, planned functionality that was never implemented, or usage in other parts of the codebase not included in these packages.”

Open-source repositories continue to be an attractive malware distribution channel in software supply chains, with the packages designed to steal sensitive information and even targeting cryptocurrency wallets in some cases.

“While overall tactics have not evolved significantly, attackers continue to rely on proven techniques, such as minimizing file count, using installation scripts, and employing discreet data exfiltration methods that maximize impact,” Fortinet FortiGuard Labs said.

“A continued rise in obfuscation also further notes the importance of vigilance and ongoing monitoring required by users of these services. And as OSS continues to grow, so too will the attack surface for supply chain threats.”

Now that we are well into 2025, cloud attacks are evolving faster than ever and artificial intelligence (AI) is both a weapon and a shield. As AI rapidly changes how enterprises innovate, security teams are now tasked with a triple burden:

1. Secure AI embedded in every part of the business.
2. Use AI to defend faster and smarter.
3. Fight AI-powered threats that execute in minutes—or seconds.

Security is no longer about balancing speed and safety. In today’s cloud-native world, real-time, context-aware defense is a baseline expectation, not a competitive edge. The recent Sysdig Cloud Defense Report 2025 breaks down this tectonic shift. Below, we unpack its key insights for security practitioners aiming to stay ahead of an accelerating threat landscape.

AI: The Double-Edged Sword of Cloud Security

AI is transforming the security paradigm. It’s both empowering defenders while creating entirely new attack surfaces.

AI for Security: Fighting Fire with Fire

Attackers are automating faster. In campaigns like CRYSTALRAY, adversaries chain together open-source tools to perform reconnaissance, lateral movement, and credential harvesting. These attacks show a level of coordination and speed that would be impossible without automation. Security teams are responding in kind.

Tools like Sysdig Sage™, a fully integrated AI cloud security analyst, are driving mean time to respond down by 76%. More than half of Sysdig customers now use Sysdig Sage, with the software and business services sectors leading adoption.

Key ways security teams are leveraging AI include:

• Contextual enrichment: AI quickly correlates related events and aggregates data that makes alerts understandable.
• Summarization and deduplication: AI links alerts to previous incidents and helps focus on what’s relevant.
• Workflow automation: AI handles repetitive tasks like ticket creation, vulnerability analysis, and escalation logic.
• Decision acceleration: By acting as a tier-one analyst, AI allows human defenders to move faster and make informed decisions.

The lesson is simple: in a cloud world where attacks happen at machine speed, defense must be equally agile.

Security for AI: Protecting the New Digital Crown Jewels

But here’s the flip side: AI itself is now a prime target that needs to be protected. The Sysdig Threat Research Team has been identifying and reporting more attacks against LLMs and other AI tools since mid-2024. Sysdig observed a 500% surge in cloud workloads containing AI/ML packages in 2024, indicating massive adoption. However, a recent 25% decline suggests teams are buckling down on security and improving governance.

Recommendations to secure AI systems include securing APIs by authenticating and restricting access to public endpoints, hardening configurations by disabling open defaults like unauthenticated admin panels, enforcing least privilege to control root access and limit elevated permissions, monitoring for shadow AI through workload audits for unauthorized models and packages, and implementing data guardrails to filter prompts and outputs for sensitive information. The bottom line: AI requires the same level of rigor and protection as any other business-critical system, especially as it becomes deeply embedded across both customer-facing and back-end operations.

Runtime Security: No Longer Optional, But Foundational

Prevention may reign supreme, but in today’s cloud-native, ephemeral world, runtime visibility is your best shot at catching in motion that slips through the cracks.

The Case for Real-Time Threat Detection

Runtime detection isn’t just a defensive layer—it’s a strategic necessity in today’s cloud-native environments. With 60% of containers living for one minute or less and CI/CD pipelines emerging as high-value targets due to misconfigurations and insecure defaults, the window to detect and respond is incredibly narrow. Cloud attacks now unfold in 10 minutes or less, prompting the creation of the 555 Cloud Detection and Response Benchmark: a framework that guides security teams to detect threats in 5 seconds, investigate in 5 minutes, and respond within the next 5 minutes.

Why Runtime Context Matters

Traditional vulnerability scans bury teams under noise. But less than 6% of high and critical vulnerabilities are active in production. That means the rest are distractions.

Runtime insights help security teams:

• Prioritize real risks: Focus remediation on vulnerabilities loaded into memory.
• Reduce noise: Cut vulnerability lists by up to 99%.
• Collaborate better: Provide developers with clear, contextual remediation steps.

The CI/CD Pipeline: A Growing Target

CI/CD workflows sit at the heart of modern DevOps, enabling rapid, automated delivery. But in 2025, they’ve also emerged as an attractive and increasingly exploited attack surface. From repository compromises to misconfigured automation, attackers are finding creative ways to infiltrate build systems—often before code even reaches production.

Several high-impact vulnerabilities uncovered this year reveal just how exposed the CI/CD pipeline can be. These incidents serve as a wake-up call: your build system is part of your attack surface—and without real-time visibility, you might not spot an attack until it’s too late.

Tools like Falco and Falco Actions are helping defenders stay one step ahead by detecting threats as they execute, not after the damage is done.

Open Source: The Heart of Modern Security Innovation

Security has always been about community. Attackers share tools, and defenders must too. Open source tools now power much of the modern cloud defense strategy.

Falco has evolved from a basic intrusion detection system (IDS) into a powerful real-time detection engine, now supporting eBPF for deeper visibility into cloud-native environments, all with the support of the open source community. It integrates with tools like Falco Actions, Falcosidekick, and Falco Talon to provide broader control, automation, and workflow customization. This makes Falco especially valuable in regulated sectors such as finance, health care, and government, where self-hosted deployments and custom detection rules are critical for compliance and control.

The EU Data Act and the Rise of Sovereign Security

With regulations like the EU Data Act taking effect in September 2025, organizations are required to control and localize their data. Open source plays a critical role in meeting these requirements by enabling self-hosted deployments, offering transparent codebases for audit and compliance, and fostering community-driven innovation that supports trust and flexibility.

Aug 07, 2025Ravie LakshmananNetwork Security / Vulnerability

SonicWall has revealed that the recent spike in activity targeting its Gen 7 and newer firewalls with SSL VPN enabled is related to an older, now-patched bug and password reuse.

“We now have high confidence that the recent SSL VPN activity is not connected to a zero-day vulnerability,” the company said. “Instead, there is a significant correlation with threat activity related to CVE-2024-40766.”

CVE-2024-40766 (CVSS score: 9.3) was first disclosed by SonicWall in August 2024, calling it an improper access control issue that could allow malicious actors unauthorized access to the devices.

“An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and, in specific conditions, causing the firewall to crash,” it noted in an advisory at the time.

SonicWall also said it’s investigating less than 40 incidents related to this activity, and that many of the incidents are related to migrations from Gen 6 to Gen 7 firewalls without resetting the local user passwords, a crucial recommendation action as part of CVE-2024-40766.

Furthermore, the company pointed out that SonicOS 7.3 has additional protection against brute-force password and multi-factor authentication (MFA) attacks. The updated guidance offered by the company is below –

• Update firmware to SonicOS version 7.3.0
• Reset all local user account passwords for any accounts with SSLVPN access, particularly those that were carried over during migration from Gen 6 to Gen 7
• Enable Botnet Protection and Geo-IP Filtering
• Enforce MFA and strong password policies
• Remove unused or inactive user accounts

The development comes as multiple security vendors reported observing a surge in attacks exploiting SonicWall SSL VPN appliances for Akira ransomware attacks.

Aug 07, 2025Ravie LakshmananVulnerability / Threat Detection

Microsoft has released an advisory for a high-severity security flaw affecting on-premise versions of Exchange Server that could allow an attacker to gain elevated privileges under certain conditions.

The vulnerability, tracked as CVE-2025-53786, carries a CVSS score of 8.0. Dirk-jan Mollema with Outsider Security has been acknowledged for reporting the bug.

“In an Exchange hybrid deployment, an attacker who first gains administrative access to an on-premises Exchange server could potentially escalate privileges within the organization’s connected cloud environment without leaving easily detectable and auditable traces,” the tech giant said in the alert.

“This risk arises because Exchange Server and Exchange Online share the same service principal in hybrid configurations.”

Successful exploitation of the flaw could allow an attacker to escalate privileges within the organization’s connected cloud environment without leaving easily detectable and auditable traces, the company added. However, the attack hinges on the threat actor already having administrator access to an Exchange Server.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), in a bulletin of its own, said the vulnerability could impact the identity integrity of an organization’s Exchange Online service if left unpatched.

As mitigations, customers are recommended to review Exchange Server security changes for hybrid deployments, install the April 2025 Hot Fix (or newer), and follow the configuration instructions.

“If you’ve previously configured Exchange hybrid or OAuth authentication between Exchange Server and your Exchange Online organization but no longer use it, make sure to reset the service principal’s keyCredentials,” Microsoft said.

The development comes as the Windows maker said it will begin temporarily blocking Exchange Web Services (EWS) traffic using the Exchange Online shared service principal starting this month in an effort to increase the customer adoption of the dedicated Exchange hybrid app and improve the security posture of the hybrid environment.

Microsoft’s advisory for CVE-2025-53786 also coincides with CISA’s analysis of various malicious artifacts deployed following the exploitation of recently disclosed SharePoint flaws, collectively tracked as ToolShell.

This includes two Base64-encoded DLL binaries and four Active Server Page Extended (ASPX) files that are designed to retrieve machine key settings within an ASP.NET application’s configuration and act as a web shell to execute commands and upload files.

“Cyber threat actors could leverage this malware to steal cryptographic keys and execute a Base64-encoded PowerShell command to fingerprint the host system and exfiltrate data,” the agency said.

CISA is also urging entities to disconnect public-facing versions of Exchange Server or SharePoint Server that have reached their end-of-life (EOL) or end-of-service from the internet, not to mention discontinue the use of outdated versions.

Aug 07, 2025The Hacker NewsDevSecOps / Supply Chain Security

Python is everywhere in modern software. From machine learning models to production microservices, chances are your code—and your business—depends on Python packages you didn’t write.

But in 2025, that trust comes with a serious risk.

Every few weeks, we’re seeing fresh headlines about malicious packages uploaded to the Python Package Index (PyPI)—many going undetected until after they’ve caused real harm. One of the most dangerous recent examples? In December 2024, attackers quietly compromised the Ultralytics YOLO package, widely used in computer vision applications. It was downloaded thousands of times before anyone noticed.

This wasn’t an isolated event. This is the new normal.

What’s Really Going On?

Attackers are exploiting weak links in the open-source supply chain. They’re using tricks like:

• Typo-squatting: Uploading fake packages with names like requessts or urlib.
• Repojacking: Hijacking abandoned GitHub repos once linked to trusted packages.
• Slop-squatting: Publishing popular misspellings before a legit maintainer claims them.

Once a developer installs one of these packages—intentionally or not—it’s game over.

And it’s not just rogue packages. Even the official Python container image ships with critical vulnerabilities. At the time of writing, there are over 100 high and critical CVEs in the standard Python base image. Fixing them isn’t easy, either. That’s the “my boss told me to fix Ubuntu” problem—when your app team inherits infra problems no one wants to own.

It’s Time to Treat Python Supply Chain Security Like a First-Class Problem

The traditional approach—”just pip install and move on”—won’t cut it anymore. Whether you’re a developer, a security engineer, or running production systems, you need visibility and control over what you’re pulling in.

And here’s the good news: you can secure your Python environment without breaking your workflow. You just need the right tools, and a clear playbook.

That’s where this webinar comes in.

In this session, we’ll walk through:

• The Anatomy of Modern Python Supply Chain Attacks: What happened in recent PyPI incidents—and why they keep happening.
• What You Can Do Today: From pip install hygiene to using tools like pip-audit, Sigstore, and SBOMs.
• Behind the Scenes: Sigstore & SLSA: How modern signing and provenance frameworks are changing how we trust code.
• How PyPI is Responding: The latest ecosystem-wide changes and what they mean for package consumers.
• Zero-Trust for Your Python Stack: Using Chainguard Containers and Chainguard Libraries to ship secure, CVE-free code out of the box.

The threats are getting smarter. The tooling is getting better. But most teams are stuck somewhere in the middle—relying on default images, no validation, and hoping their dependencies don’t betray them.

You don’t have to become a security expert overnight—but you do need a roadmap. Whether you’re early in your journey or already doing audits and signing, this session will help you take your Python supply chain to the next level.

Watch this Webinar Now

Your application is only as secure as the weakest import. It’s time to stop trusting blindly and start verifying. Join us. Get practical. Get secure.

Aug 06, 2025Ravie LakshmananDevOps / Container Security

Cybersecurity researchers have demonstrated an “end-to-end privilege escalation chain” in Amazon Elastic Container Service (ECS) that could be exploited by an attacker to conduct lateral movement, access sensitive data, and seize control of the cloud environment.

The attack technique has been codenamed ECScape by Sweet Security researcher Naor Haziz, who presented the findings today at the Black Hat USA security conference that’s being held in Las Vegas.

“We identified a way to abuse an undocumented ECS internal protocol to grab AWS credentials belonging to other ECS tasks on the same EC2 instance,” Haziz said in a report shared with The Hacker News. “A malicious container with a low‑privileged IAM [Identity and Access Management] role can obtain the permissions of a higher‑privileged container running on the same host.”

Amazon ECS is a fully-managed container orchestration service that allows users to deploy, manage, and scale containerized applications, while integrating with Amazon Web Services (AWS) to run container workloads in the cloud.

The vulnerability identified by Sweet Security essentially allows for privilege escalation by allowing a low-privileged task running on an ECS instance to hijack the IAM privileges of a higher-privileged container on the same EC2 machine by stealing its credentials.

In other words, a malicious app in an ECS cluster could assume the role of a more privileged task. This is facilitated by taking advantage of a metadata service running at 169.254.170[.]2 that exposes the temporary credentials associated with the task’s IAM role.

While this approach ensures that each task gets credentials for its IAM role and they are delivered at runtime, a leak of the ECS agent’s identity could permit an attacker to impersonate the agent and obtain credentials for any task on the host. The entire sequence is as follows –

Following responsible disclosure, Amazon has emphasized the need for customers to adopt stronger isolation models where applicable, and make it clear in its documentation that there is no task isolation in EC2 and that “containers can potentially access credentials for other tasks on the same container instance.”

As mitigations, it’s advised to avoid deploying high-privilege tasks alongside untrusted or low-privilege tasks on the same instance, use AWS Fargate for true isolation, disable or restrict the instance metadata service (IMDS) access for tasks, limit ECS agent permissions, and set up CloudTrail alerts to detect unusual usage of IAM roles.

“The core lesson is that you should treat each container as potentially compromiseable and rigorously constrain its blast radius,” Haziz said. “AWS’s convenient abstractions (task roles, metadata service, etc.) make life easier for developers, but when multiple tasks with different privilege levels share an underlying host, their security is only as strong as the mechanisms isolating them – mechanisms which can have subtle weaknesses.”

The development comes in the wake of several cloud-related security weaknesses that have been reported in recent weeks –

• A race condition in Google Cloud Build’s GitHub integration that could have allowed an attacker to bypass maintainer review and build un-reviewed code after a “/gcbrun” command is issued by the maintainer
• A remote code execution vulnerability in Oracle Cloud Infrastructure (OCI) Code Editor that an attacker could use to hijack a victim’s Cloud Shell environment and potentially pivot across OCI services by tricking a victim, already logged into Oracle Cloud, to visit a malicious HTML page hosted on a server by means of a drive-by attack
• An attack technique called I SPy that exploits a Microsoft first-party application’s Service principal (SP) in Entra ID for persistence and privilege escalation via federated authentication
• A privilege escalation vulnerability in the Azure Machine Learning service that allows an attacker with only Storage Account access to modify invoker scripts stored in the AML storage account and execute arbitrary code within an AML pipeline, enabling them to extract secrets from Azure Key Vaults, escalate privileges, and gain broader access to cloud resources
• A scope vulnerability in the legacy AmazonGuardDutyFullAccess AWS managed policy that could allow a full organizational takeover from a compromised member account by registering an arbitrary delegated administrator
• An attack technique that abuses Azure Arc for privilege escalation by leveraging the Azure Connected Machine Resource Administrator role and as a persistence mechanism by setting up as command-and-control (C2)
• A case of over-privileged Azure built-in Reader roles and a vulnerability in Azure API that could be chained by an attacker to leak VPN keys and then use the key to gain access to both internal cloud assets and on-premises networks
• A supply chain compromise vulnerability in Google Gerrit called GerriScary that enabled unauthorized code submissions to at least 18 Google projects, including ChromiumOS (CVE-2025-1568, CVSS score: 8.8), Chromium, Dart, and Bazel, by exploiting misconfigurations in the default “addPatchSet” permission, the voting system’s label handling, and a race condition with bot code-submission timings during the code merge process
• A Google Cloud Platform misconfiguration that exposed the subnetworks used for member exchanges at Internet Exchange Points (IXPs), thereby allowing attackers to potentially abuse Google’s cloud infrastructure to gain unauthorized access to internal IXP LANs.
• An extension of a Google Cloud privilege escalation vulnerability called ConfusedFunction that can be adapted to other cloud platforms like AWS and Azure using AWS Lambda and Azure Functions, respectively, in addition to extending it to perform environment enumeration

“The most effective mitigation strategy to protect your environment from similar threat actor behavior is to ensure that all SAs [Service Account] within your cloud environment adhere to the principle of least privilege and that no legacy cloud SAs are still in use,” Talos said. “Ensure that all cloud services and dependencies are up to date with the latest security patches. If legacy SAs are present, replace them with least-privilege SAs.”

The malicious ad tech purveyor known as VexTrio Viper has been observed developing several malicious apps that have been published on Apple and Google’s official app storefronts under the guise of seemingly useful applications.

These apps masquerade as VPNs, device “monitoring” apps, RAM cleaners, dating services, and spam blockers, DNS threat intelligence firm Infoblox said in an exhaustive analysis shared with The Hacker News.

“They released apps under several developer names, including HolaCode, LocoMind, Hugmi, Klover Group, and AlphaScale Media,” the company said. “Available in the Google Play and Apple store, these have been downloaded millions of times in aggregate.”

These fake apps, once installed, deceive users into signing up for subscriptions that are difficult to cancel, flood them with ads, and part with personal information like email addresses. It’s worth noting that LocoMind was previously flagged by Cyjax as part of a phishing campaign serving ads that falsely claim their devices have been damaged.

One such Android app is Spam Shield block, which purports to be a spam blocker for push notifications but, in reality, charges users several times after convincing them to enroll in a subscription.

“Right away it asks for money, and if you don’t, the ads are so disruptive that I uninstalled it before I was even able to try it,” one user said in a review of the app on the Google Play Store.

Another review went: “This app is supposed to be $14.99 a month. During the month of February I have been billed weekly for $14.99 that comes to $70 monthly/$720 a year. NOT WORTH IT. And having problems trying to uninstall it. They tell you one price and then they turn around and charge you something else. They’re probably hoping that you won’t see it. Or it will be too late to get a refund. All I want is this junk off of my phone.”

How threat actors leverage compromised sites and smartlinks to earn money

The new findings lay bare the scale of the multinational criminal enterprise that’s VexTrio Viper, which includes operating traffic distribution services (TDSes) to redirect massive volumes of internet traffic to scams through their advertising networks since 2015, as well as managing payment processors such as Pay Salsa and email validation tools like DataSnap.

“VexTrio and their partners are successful in part because their businesses are obfuscated,” the company said. “But a larger part of their success is likely because they stick to fraud, where they know there is less risk of consequences.”

VexTrio is known for running what’s called a commercial affiliate network, serving as an intermediary between malware distributors who have, for example, compromised a collection of WordPress websites with malicious injects (aka publishing affiliates) and threat actors who advertise various fraudulent schemes ranging from sweepstakes to crypto scams (aka advertising affiliates).

The TDS is assessed to be created by a shell company called AdsPro Group, with key figures behind the organization from Italy, Belarus, and Russia engaging in fraudulent activity since at least 2004, before expanding their operations to Bulgaria, Moldova, Romania, Estonia, and the Czechia around 2015. In all, over 100 companies and brands have been linked to VexTrio.

“Russian organized crime groups began building an empire within ad tech starting in or around 2015,” Dr. Renée Burton, VP of Infoblox Threat Intel, told The Hacker News. “VexTrio is a key group within this industry, but there are other groups. All types of cybercrime, from dating scams to investment fraud and information stealers use malicious adtech, and it goes largely unnoticed.”

But what makes the threat actor notable is that it controls both the publishing and advertising sides of affiliate networks through a vast network of intertwined companies like Teknology, Los Pollos, Taco Loco, and Adtrafico. In May 2024, Los Pollos said it had 200,000 affiliates and over 2 billion unique users every month.

The scams, more broadly, play out in this manner: Unsuspecting users who land on a legitimate-but-infected site are routed through a TDS under VexTrio’s control, which then leads the users to scam landing pages. This is achieved by means of a smartlink that cloaks the final landing page and hinders analysis.

Los Pollos and Adtrafico are both cost-per-action (CPA) networks that allow publishing affiliates to earn a commission when a site visitor performs an intended action. This could be accepting a website notification, providing their personal details, downloading an app, or giving credit card information.

It has also been found to be a major spam distributor that reaches out to millions of potential victims, leveraging lookalike domains of popular mail services like SendGrid (“sendgrid[.]rest”) and MailGun (“mailgun[.]fun”) to facilitate the service.

Another significant aspect is the use of cloaking services like IMKLO to disguise the real domains and evaluate criteria like the user’s location, their device type, their browser, and then determine the exact nature of content to be delivered.

“The security industry, and much of the world, is more focused on malware right now,” Burton said. “This is in some sense victim blaming, in which there is a belief that people who fall for scams somehow deserve to be scammed more.”

“So, stealing your credit card information via malware – even when it requires some ridiculous stroke of keys, like the current fake captcha/ClickFix attacks – is somehow ‘worse’ than if you are conned into giving it up. Cybersecurity education and greater awareness for treating scams with the same severity as malware are two ways to combat malicious adtech.”