Author: Mark

Nov 20, 2025Ravie LakshmananMalware / Mobile Security

Cybersecurity researchers have disclosed details of a new Android banking trojan called Sturnus that enables credential theft and full device takeover to conduct financial fraud.

“A key differentiator is its ability to bypass encrypted messaging,” ThreatFabric said in a report shared with The Hacker News. “By capturing content directly from the device screen after decryption, Sturnus can monitor communications via WhatsApp, Telegram, and Signal.”

Another notable feature is its ability to stage overlay attacks by serving fake login screens atop banking apps to capture victims’ credentials. According to the Dutch mobile security company, Sturnus is privately operated and is currently assessed to be in the evaluation stage. Artifacts distributing the banking malware are listed below –

• Google Chrome (“com.klivkfbky.izaybebnx”)
• Preemix Box (“com.uvxuthoq.noscjahae”)

The malware has been designed to specifically single out financial institutions across Southern and Central Europe with region-specific overlays.

The name Sturnus is a nod to its use of a mixed communication pattern blending plaintext, AES, and RSA, with ThreatFabric likening it to the European starling (binomial name: Sturnus vulgaris), which incorporates a variety of whistles and is known to be a vocal mimic.

The trojan, once launched, contacts a remote server over WebSocket and HTTP channels to register the device and receive encrypted payloads in return. It also establishes a WebSocket channel to allow the threat actors to interact with the compromised Android device during Virtual Network Computing (VNC) sessions.

Besides serving fake overlays for banking apps, Sturnus is also capable of abusing Android’s accessibility services to capture keystrokes and record user interface (UI) interactions. As soon as an overlay for a bank is served to the victim and the credentials are harvested, the overlay for that specific target is disabled so as not to arouse the user’s suspicion.

Furthermore, it can display a full-screen overlay that blocks all visual feedback and mimics the Android operating system update screen to give the impression to the user that software updates are in progress, when, in reality, it allows malicious actions to be carried out in the background.

Some of the malware’s other features include support for monitoring device activity, as well as leveraging accessibility services to gather chat contents from Signal, Telegram, and WhatsApp, as well as send details about every visible interface element on the screen.

This allows the attackers to reconstruct the layout at their end and remotely issue actions related to clicks, text input, scrolling, app launches, permission confirmations, and even enable a black screen overlay. An alternate remote control mechanism packed into Sturnus uses the system’s display-capture framework to mirror the device screen in real-time.

“Whenever the user navigates to settings screens that could disable its administrator status, the malware detects the attempt through accessibility monitoring, identifies relevant controls, and automatically navigates away from the page to interrupt the user,” ThreatFabric said.

“Until its administrator rights are manually revoked, both ordinary uninstallation and removal through tools like ADB are blocked, giving the malware strong protection against cleanup attempts.”

The extensive environment monitoring capabilities make it possible to collect sensor information, network conditions, hardware data, and an inventory of installed apps. This device profile serves as a continuous feedback loop, helping attackers adapt their tactics to sidestep detection.

“Although the spread remains limited at this stage, the combination of targeted geography and high-value application focus implies that the attackers are refining their tooling ahead of broader or more coordinated operations,” ThreatFabric said.

Nov 20, 2025The Hacker NewsOnline Fraud / Web Security

CTM360 has identified a rapidly expanding WhatsApp account-hacking campaign targeting users worldwide via a network of deceptive authentication portals and impersonation pages. The campaign, internally dubbed HackOnChat, abuses WhatsApp’s familiar web interface, using social engineering tactics to trick users into compromising their accounts.

Investigators identified thousands of malicious URLs being hosted on inexpensive top-level domains and rapidly generated through modern website-building platforms, allowing attackers to deploy new pages at scale. The campaign’s activity logs show hundreds of incidents in recent weeks, with a noticeable surge across the Middle East and Asia.

Read the full report here: https://www.ctm360.com/reports/hackonchat-unmasking-the-whatsapp-hacking-scam

The hacking operations and the exploitation techniques

Two techniques dominate these hacking operations. The Session Hijacking, where threat actors misuse the linked-device functionality to hijack active WhatsApp Web sessions, and Account Takeover, which involves deceiving victims into surrendering authentication keys, granting attackers full control of their accounts. Attackers push these links using templates of fake security alerts, WhatsApp Web lookalike portals, and spoofed group-invite messages. These sites are further optimized for global reach, featuring multilingual support and a country-code selector that adapts the interface for users across multiple regions.

Once scammers gain control of a WhatsApp account, they exploit it to target the victim’s contacts, often requesting money or sensitive information under the guise of a trusted source. They may also sift through messages, media, and documents to steal personal, financial, or private data, which can be used for fraud, impersonation, or extortion. Frequently, these attacks extend further as the compromised account is used to send phishing messages to the victim’s contacts, creating a chain of attacks that spreads the scam.

HackOnChat demonstrates that social engineering remains one of the most scalable attack vectors today, especially when attackers exploit trusted and familiar interfaces and the human trust built around them.

Read the full report here and explore all of CTM360’s latest insights and threat intelligence.

Learn more at www.ctm360.com

Nov 20, 2025Ravie LakshmananCyber Warfare / Threat Intelligence

Threat actors with ties to Iran engaged in cyber warfare as part of efforts to facilitate and enhance physical, real-world attacks, a trend that Amazon has called cyber-enabled kinetic targeting.

The development is a sign that the lines between state-sponsored cyber attacks and kinetic warfare are increasingly blurring, necessitating the need for a new category of warfare, the tech giant’s threat intelligence team said in a report shared with The Hacker News.

While traditional cybersecurity frameworks have treated digital and physical threats as separate domains, CJ Moses, CISO of Amazon Integrated Security, said these delineations are artificial and that nation-state threat actors are engaging in cyber reconnaissance activity to enable kinetic targeting.

“These aren’t just cyber attacks that happen to cause physical damage; they are coordinated campaigns where digital operations are specifically designed to support physical military objectives,” Moses added.

As an example, Amazon said it observed Imperial Kitten (aka Tortoiseshell), a hacking group assessed to be affiliated with Iran’s Islamic Revolutionary Guard Corps (IRGC), conducting digital reconnaissance between December 2021 and January 2024, targeting a ship’s Automatic Identification System (AIS) platform with the goal of gaining access to critical shipping infrastructure.

Subsequently, the threat actor was identified as attacking additional maritime vessel platforms, in one case even gaining access to CCTV cameras fitted on a maritime vessel that provided real-time visual intelligence.

The attack progressed to a targeted intelligence gathering phase on January 27, 2024, when Imperial Kitten carried out targeted searches for AIS location data for a specific shipping vessel. Merely days later, that same vessel was targeted by an unsuccessful missile strike carried out by Iranian-backed Houthi militants.

The Houthi forces have been attributed to a string of missile attacks targeting commercial shipping in the Red Sea in support of the Palestinian militant group Hamas in its war with Israel. On February 1, 2024, the Houthi movement in Yemen claimed it had struck a U.S. merchant ship named KOI with “several appropriate naval missiles.”

“This case demonstrates how cyber operations can provide adversaries with the precise intelligence needed to conduct targeted physical attacks against maritime infrastructure – a critical component of global commerce and military logistics,” Moses said.

Another case study concerns MuddyWater, a threat actor linked to Iran’s Ministry of Intelligence and Security (MOIS), that established infrastructure for a cyber network operation in May 2025, and later used that server a month later to access another compromised server containing live CCTV streams from Jerusalem to gather real-time visual intelligence of potential targets.

On June 23, 2025, around the time Iran launched widespread missile attacks against the city, the Israel National Cyber Directorate disclosed that “Iranians have been trying to connect to cameras to understand what happened and where their missiles hit to improve their precision.”

To pull off these multi-layered attacks, the threat actors are said to have routed their traffic through anonymizing VPN services to obscure their true origins and complicate attribution efforts. The findings serve to highlight that espionage-focused attacks can ultimately be a launchpad for kinetic targeting.

“Nation-state actors are recognizing the force multiplier effect of combining digital reconnaissance with physical attacks,” Amazon said. “This trend represents a fundamental evolution in warfare, where the traditional boundaries between cyber and kinetic operations are dissolving.”

Nov 20, 2025Ravie LakshmananMalvertising / Artificial Intelligence

Threat actors are leveraging bogus installers masquerading as popular software to trick users into installing malware as part of a global malvertising campaign dubbed TamperedChef.

The end goal of the attacks is to establish persistence and deliver JavaScript malware that facilitates remote access and control, per a new report from Acronis Threat Research Unit (TRU). The campaign, per the Singapore-headquartered company, is still ongoing, with new artifacts being detected and associated infrastructure remaining active.

“The operator(s) rely on social engineering by using everyday application names, malvertising, Search Engine Optimization (SEO), and abused digital certificates that aim to increase user trust and evade security detection,” researchers Darrel Virtusio and Jozsef Gegeny said.

TamperedChef is the name assigned to a long-running campaign that has leveraged seemingly legitimate installers for various utilities to distribute an information stealer malware of the same name. It’s assessed to be part of a broader set of attacks codenamed EvilAI that uses lures related to artificial intelligence (AI) tools and software for malware propagation.

To lend these counterfeit apps a veneer of legitimacy, the attackers use code-signing certificates issued for shell companies registered in the U.S., Panama, and Malaysia to sign them, and acquire new ones under a different company name as older certificates are revoked.

Acronis described the infrastructure as “industrialized and business-like,” effectively allowing the operators to steadily churn out new certificates and exploit the inherent trust associated with signed applications to disguise the malicious software as legitimate.

It’s worth noting at this stage that the malware tracked as TamperedChef by Truesec and G DATA is also referred to as BaoLoader by Expel, and is different from the original TamperedChef malware that was embedded within a malicious recipe application distributed as part of the EvilAI campaign.

Acronis told The Hacker News that it’s using TamperedChef to refer to the malware family, since it has already been widely adopted by the cybersecurity community. “This helps avoid confusion and stay consistent with existing publications and detection names used by other vendors, which also refer to the malware family as TamperedChef,” it said.

A typical attack plays out as follows: Users who search for PDF editors or product manuals on search engines like Bing are served malicious ads or poisoned URLs, when clicked, take users to booby-trapped domains registered on NameCheap that deceive them into downloading the installers.

Once executing the installer, users are prompted to agree to the program’s licensing terms. It then launches a new browser tab to display a thank you message as soon as the installation is complete in order to keep up the ruse. However, in the background, an XML file is dropped to create a scheduled task that’s designed to launch an obfuscated JavaScript backdoor.

The backdoor, in turn, connects to an external server and sends basic information, such as session ID, machine ID, and other metadata in the form of a JSON string that’s encrypted and Base64-encoded over HTTPS.

That being said, the end goals of the campaign remain nebulous. Some iterations have been found to facilitate advertising fraud, indicating their financial motives. It’s also possible that the threat actors are looking to monetize their access to other cybercriminals, or harvest sensitive data and sell it in underground forums to enable fraud.

Telemetry data shows that a significant concentration of infections has been identified in the U.S., and to a lesser extent in Israel, Spain, Germany, India, and Ireland. Healthcare, construction, and manufacturing are the most affected sectors.

“These industries appear especially vulnerable to this type of campaign, likely due to their reliance on highly specialized and technical equipment, which often prompts users to search online for product manuals – one of the behaviors exploited by the TamperedChef campaign,” the researchers noted.

Nov 19, 2025Ravie LakshmananVulnerability / Threat Intelligence

A recently disclosed security flaw impacting 7-Zip has come under active exploitation in the wild, according to an advisory issued by the U.K. NHS England Digital on Tuesday.

The vulnerability in question is CVE-2025-11001 (CVSS score: 7.0), which allows remote attackers to execute arbitrary code. It has been addressed in 7-Zip version 25.00 released in July 2025.

“The specific flaw exists within the handling of symbolic links in ZIP files. Crafted data in a ZIP file can cause the process to traverse to unintended directories,” Trend Micro’s Zero Day Initiative (ZDI) said in an alert released last month. “An attacker can leverage this vulnerability to execute code in the context of a service account.”

Ryota Shiga of GMO Flatt Security Inc., along with the company’s artificial intelligence (AI)-powered AppSec Auditor Takumi, has been credited with discovering and reporting the vulnerability.

It’s worth noting that 7-Zip 25.00 also resolves another flaw, CVE-2025-11002 (CVSS score: 7.0), that allows for remote code execution by taking advantage of improper handling of symbolic links within ZIP archives, resulting in directory traversal. Both shortcomings were introduced in version 21.02.

“Active exploitation of CVE-2025-11001 has been observed in the wild,” NHS England Digital said. However, there are currently no details available on how it’s being weaponized, by whom, and in what context.

Given that there exists proof-of-concept (PoC) exploits, it’s essential that 7-Zip users move quickly to apply the necessary fixes as soon as possible, if not already, for optimal protection.

“This vulnerability can only be exploited from the context of an elevated user / service account or a machine with developer mode enabled,” security researcher Dominik (aka pacbypass), who released the PoC, said in a post detailing the flaws. “This vulnerability can only be exploited on Windows.”

Cybersecurity researchers have disclosed details of a new campaign that leverages a combination of social engineering and WhatsApp hijacking to distribute a Delphi-based banking trojan named Eternidade Stealer as part of attacks targeting users in Brazil.

“It uses Internet Message Access Protocol (IMAP) to dynamically retrieve command-and-control (C2) addresses, allowing the threat actor to update its C2 server,” Trustwave SpiderLabs researchers Nathaniel Morales, John Basmayor, and Nikita Kazymirskyi said in a technical breakdown of the campaign shared with The Hacker News.

“It is distributed through a WhatsApp worm campaign, with the actor now deploying a Python script, a shift from previous PowerShell-based scripts to hijack WhatsApp and spread malicious attachments.

The findings come close on the heels of another campaign dubbed Water Saci that has targeted Brazilian users with a worm that propagates via WhatsApp Web known as SORVEPOTEL, which then acts as a conduit for Maverick, a .NET banking trojan that’s assessed to be an evolution of a .NET banking malware dubbed Coyote.

The Eternidade Stealer cluster is part of a broader activity that has abused the ubiquity of WhatsApp in the South American country to compromise target victim systems and use the messaging app as a propagation vector to launch large-scale attacks against Brazilian institutions.

Another notable trend is the continued preference for Delphi-based malware for threat actors targeting Latin America, largely driven not only because of its technical efficiency but also by the fact that the programming language was taught and used in software development in the region.

The starting point of the attack is an obfuscated Visual Basic Script, which features comments written mainly in Portuguese. The script, once executed, drops a batch script that’s responsible for delivering two payloads, effectively forking the infection chain into two –

The Python script, similar to SORVEPOTEL, establishes communication with a remote server and leverages the open-source project WPPConnect to automate the sending of messages in hijacked accounts via WhatsApp. To do this, it harvests a victim’s entire contact list, while filtering out groups, business contacts, and broadcast lists.

The malware then proceeds to capture, for each contact, their WhatsApp phone number, name, and information signaling whether they are a saved contact. This information is sent to the attacker-controlled server over an HTTP POST request. In the final stage, a malicious attachment is sent to all the contacts in the form of a malicious attachment by making use of a messaging template and populating certain fields with time-based greetings and contact names.

The second leg of the attack commences with the MSI installer dropping several payloads, including an AutoIt script that checks to see if the compromised system is based in Brazil by inspecting whether the operating system language is Brazilian Portuguese. If not, the malware self-terminates. This indicates a hyper-localized targeting effort on the part of the threat actors.

The script subsequently scans running processes and registry keys to ascertain the presence of installed security products. It also profiles the machine and sends the details to a command-and-control (C2) server. The attack culminates with the malware injecting the Eternidade Stealer payload into “svchost.exe” using process hollowing.

A Delphi-based credential stealer, Eternidade continuously scans active windows and running processes for strings related to banking portals, payment services, and cryptocurrency exchanges and wallets, such as Bradesco, BTG Pactual, MercadoPago, Stripe, Binance, Coinbase, MetaMask, and Trust Wallet, among others.

“Such a behavior reflects a classic banker or overlay-stealer tactic, where malicious components lie dormant until the victim opens a targeted banking or wallet application, ensuring the attack triggers only in relevant contexts and remains invisible to casual users or sandbox environments,” the researchers said.

Once a match is found, it contacts a C2 server, details for which are fetched from an inbox linked to a terra.com[.]br email address, mirroring a tactic recently adopted by Water Saci. This allows the threat actors to update their C2, maintain persistence, and evade detections or takedowns. In the event that the malware is unable to connect to the email account using hard-coded credentials, it uses a fallback C2 address embedded in the source code.

As soon as a successful connection with the server is established, the malware awaits incoming messages that are then processed and executed on the infected hosts, enabling the attackers to record keystrokes, capture screenshots, and steal files. Some of the notable commands are listed below –

• <|OK|>, to collect system information
• <|PING|>, to monitor user activity and report the currently active window
• <|PedidoSenhas|>, to send a custom overlay for credential theft based on the active window

Trustwave said an analysis of threat actor infrastructure led to the discovery of two panels, one for managing the Redirector System and another login panel, likely used to monitor infected hosts. The Redirector System contains logs showing the total number of visits and blocks for connections attempting to reach the C2 address.

While the system only permits access to machines located in Brazil and Argentina, blocked connections are redirected to “google[.]com/error.” Statistics recorded on the panel show that 452 out of 454 visits were blocked due to the geofencing restrictions. Only the remaining two visits are said to have been redirected to the campaign’s targeted domain.

Of the 454 communication records, 196 connections originated from the U.S., followed by the Netherlands (37), Germany (32), the U.K. (23), France (19), and Brazil (3). The Windows operating system accounted for 115 connections, although panel data indicates that connections also came from macOS (94), Linux (45), and Android (18).

“Although the malware family and delivery vectors are primarily Brazilian, the possible operational footprint and victim exposure are far more global,” Trustwave said. “Cybersecurity defenders should remain vigilant for suspicious WhatsApp activity, unexpected MSI or script executions, and indicators linked to this ongoing campaign.”

Nov 19, 2025Ravie LakshmananVulnerability / Threat Intelligence

A newly discovered campaign has compromised tens of thousands of outdated or end-of-life (EoL) ASUS routers worldwide, predominantly in Taiwan, the U.S., and Russia, to rope them into a massive network.

The router hijacking activity has been codenamed Operation WrtHug by SecurityScorecard’s STRIKE team. Southeast Asia and European countries are some of the other regions where infections have been recorded.

The attacks likely involve the exploitation of six known security flaws in end-of-life ASUS WRT routers to take control of susceptible devices. All the infected routers have been found to share a unique self-signed TLS certificate with an expiration date set for 100 years from April 2022.

SecurityScorecard said 99% of the services presenting the certificate are ASUS AiCloud, a proprietary service designed to enable access to local storage via the internet.

“It leverages the proprietary AiCloud service with n-day vulnerabilities in order to gain high privileges on End-Of-Life ASUS WRT routers,” the company said in a report shared with The Hacker News, adding the campaign, while not exactly an Operational Relay Box (ORB), bears similarities with other China-linked ORBs and botnet networks.

The attacks likely exploit vulnerabilities tracked as CVE-2023-41345, CVE-2023-41346, CVE-2023-41347, CVE-2023-41348, CVE-2024-12912, and CVE-2025-2492 for proliferation. Interestingly, the exploitation of CVE-2023-39780 has also been linked to another Chinese-origin botnet dubbed AyySSHush (aka ViciousTrap). Two other ORBs that have targeted routers in recent months are LapDogs and PolarEdge.

Out of all the infected devices, seven IP addresses have been flagged for exhibiting signs of compromise associated with both WrtHug and AyySSHush, potentially raising the possibility that the two clusters could be related. That being said, there is no evidence to back this hypothesis beyond the shared vulnerability.

The list of router models targeted in the attacks is below –

• ASUS Wireless Router 4G-AC55U
• ASUS Wireless Router 4G-AC860U
• ASUS Wireless Router DSL-AC68U
• ASUS Wireless Router GT-AC5300
• ASUS Wireless Router GT-AX11000
• ASUS Wireless Router RT-AC1200HP
• ASUS Wireless Router RT-AC1300GPLUS
• ASUS Wireless Router RT-AC1300UHP

It’s currently not clear who is behind the operation, but the extensive targeting of Taiwan and overlaps with previous tactics observed in ORB campaigns from Chinese hacking groups suggest it could be the work of an unknown China-affiliated actor.

“This research highlights the growing trend of malicious threat actors targeting routers and other network devices in mass infection operations,” SecurityScorecard said. “These are commonly (but not exclusively) linked to China Nexus actors, who execute their campaigns in a careful and calculated manner to expand and deepen their global reach.”

“By chaining command injections and authentication bypasses, threat actors have managed to deploy persistent backdoors via SSH, often abusing legitimate router features to ensure their presence survives reboots or firmware updates.”

The challenge facing security leaders is monumental: Securing environments where failure is not an option. Reliance on traditional security postures, such as Endpoint Detection and Response (EDR) to chase threats after they have already entered the network, is fundamentally risky and contributes significantly to the half-trillion-dollar annual cost of cybercrime.

Zero Trust fundamentally shifts this approach, transitioning from reacting to symptoms to proactively solving the underlying problem. Application Control, the ability to rigorously define what software is allowed to execute, is the foundation of this strategy. However, even once an application is trusted, it can be misused. This is where ThreatLocker Ringfencing™, or granular application containment, becomes indispensable, enforcing the ultimate standard of least privilege on all authorized applications.

Defining Ringfencing: Security Beyond Allowlisting

Ringfencing is an advanced containment strategy applied to applications that have already been approved to run. While allowlisting ensures a fundamental deny-by-default posture for all unknown software, Ringfencing further restricts the capabilities of the permitted software. It operates by dictating precisely what an application can access, including files, registry keys, network resources, and other applications or processes.

This granular control is vital because threat actors frequently bypass security controls by misusing legitimate, approved software, a technique commonly referred to as “living off the land.” Uncontained applications, such as productivity suites or scripting tools, can be weaponized to spawn risky child processes (like PowerShell or Command Prompt) or communicate with unauthorized external servers.

The Security Imperative: Stopping Overreach

Without effective containment, security teams leave wide open attack vectors that lead directly to high-impact incidents.

• Mitigating Lateral Movement: Ringfencing isolates application behaviors, hindering the ability of compromised processes to move across the network. Policies can be set to restrict outbound network traffic, a measure that would have foiled major attacks that relied on servers reaching out to malicious endpoints for instructions.
• Containing High-Risk Applications: A critical use case is reducing the risk associated with legacy files or scripts, such as Office macros. By applying containment, applications like Word or Excel, even if required by departments like Finance, are restricted from launching high-risk script engines like PowerShell or accessing high-risk directories.
• Preventing Data Exfiltration and Encryption: Containment policies can limit an application’s ability to read or write to sensitive monitored paths (such as document folders or backup directories), effectively blocking mass data exfiltration attempts and preventing ransomware from encrypting files outside its designated scope.

Ringfencing inherently supports compliance goals by ensuring that all applications operate strictly with the permissions they truly require, aligning security efforts with best-practice standards such as CIS Controls.

A policy dictates whether an application can access certain files and folders or make changes to the system registry. Most importantly, it governs Inter-Process Communication (IPC), ensuring an approved application cannot interact with or spawn unauthorized child processes. For instance, Ringfencing blocks Word from launching PowerShell or other unauthorized child processes.

Implementing Application Containment

Adopting Ringfencing requires a disciplined, phased implementation focused on avoiding operational disruption and political fallout.

Establishing the Baseline

Implementation starts by deploying a monitoring agent to establish visibility. The agent should be deployed first to a small test group or isolated test organization—often affectionately called the guinea pigs—to monitor activity. In this initial Learning Mode, the system logs all executions, elevations, and network activity without blocking anything.

Simulation and Enforcement

Before any policy is secured, the team should utilize the Unified Audit to run simulations (simulated denies). This preemptive auditing shows precisely what actions would be blocked if the new policy was enforced, allowing security professionals to make necessary exceptions upfront and prevent tanking the IT department’s approval rating.

Ringfencing policies are then typically created and enforced first on applications recognized as high-risk, such as PowerShell, Command Prompt, Registry Editor, and 7-Zip, due to their high potential for weaponization. Teams should ensure that they have been properly tested before moving to a secure, enforcing state.

Scaling and Refinement

Once policies are validated in the test environment, deployment is scaled gradually across the organization, typically starting with easy wins and moving slowly towards the hardest groups. Policies should be continuously reviewed and refined, including regularly removing unused policies to reduce administrative clutter.

Strategic Deployment and Best Practices

To maximize the benefits of application containment while minimizing user friction, leaders should adhere to proven strategies:

• Start Small and Phased: Always apply new Ringfencing policies to a non-critical test group first. Avoid solving all business problems at once; tackle highly dangerous software first (like Russian remote access tools), and delay political decisions (like blocking games) until later phases.
• Continuous Monitoring: Regularly review the Unified Audit and check for simulated denies before securing any policy to ensure legitimate functions are not broken.
• Combine Controls: Ringfencing is most effective when paired with Application Allowlisting (deny-by-default). It should also be combined with Storage Control to protect critical data to prevent mass data loss or exfiltration.
• Prioritize Configuration Checks: Utilize automated tools, like Defense Against Configurations (DAC), to verify that Ringfencing and other security measures are properly configured across all endpoints, highlighting where settings might have lapsed into monitor-only mode.

Outcomes and Organizational Gains

By implementing Ringfencing, organizations transition from a reactive model—where highly paid cybersecurity professionals spend time chasing alerts—to a proactive, hardened architecture.

This approach offers significant value beyond just security:

• Operational Efficiency: Application control significantly reduces Security Operations Center (SOC) alerts—in some cases by up to 90%—resulting in less alert fatigue and substantial savings in time and resources.
• Enhanced Security: It stops the abuse of trusted programs, contains threats, and makes the cybercriminal’s life as difficult as possible.
• Business Value: It minimizes application overreach without breaking business-critical workflows, such as those required by the finance department for legacy macros.

Ultimately, Ringfencing strengthens the Zero Trust mindset, ensuring that every application, user, and device operates strictly within the boundaries of its necessary function, making detection and response truly a backup plan, rather than the primary defense.

Nov 19, 2025Ravie LakshmananAI Security / SaaS Security

Malicious actors can exploit default configurations in ServiceNow’s Now Assist generative artificial intelligence (AI) platform and leverage its agentic capabilities to conduct prompt injection attacks.

The second-order prompt injection, according to AppOmni, makes use of Now Assist’s agent-to-agent discovery to execute unauthorized actions, enabling attackers to copy and exfiltrate sensitive corporate data, modify records, and escalate privileges.

“This discovery is alarming because it isn’t a bug in the AI; it’s expected behavior as defined by certain default configuration options,” said Aaron Costello, chief of SaaS Security Research at AppOmni.

“When agents can discover and recruit each other, a harmless request can quietly turn into an attack, with criminals stealing sensitive data or gaining more access to internal company systems. These settings are easy to overlook.”

The attack is made possible because of agent discovery and agent-to-agent collaboration capabilities within ServiceNow’s Now Assist. With Now Assist offering the ability to automate functions such as help-desk operations, the scenario opens the door to possible security risks.

For instance, a benign agent can parse specially crafted prompts embedded into content it’s allowed access to and recruit a more potent agent to read or change records, copy sensitive data, or send emails, even when built-in prompt injection protections are enabled.

The most significant aspect of this attack is that the actions unfold behind the scenes, unbeknownst to the victim organization. At its core, the cross-agent communication is enabled by controllable configuration settings, including the default LLM to use, tool setup options, and channel-specific defaults where the agents are deployed –

• The underlying large language model (LLM) must support agent discovery (both Azure OpenAI LLM and Now LLM, which is the default choice, support the feature)
• Now Assist agents are automatically grouped into the same team by default to invoke each other
• An agent is marked as being discoverable by default when published

While these defaults can be useful to facilitate communication between agents, the architecture can be susceptible to prompt injections when an agent whose main task is to read data that’s not inserted by the user invoking the agent.

“Through second-order prompt injection, an attacker can redirect a benign task assigned to an innocuous agent into something far more harmful by employing the utility and functionality of other agents on its team,” AppOmni said.

“Critically, Now Assist agents run with the privilege of the user who started the interaction unless otherwise configured, and not the privilege of the user who created the malicious prompt and inserted it into a field.”

Following responsible disclosure, ServiceNow said the behavior is intended to be this way, but the company has since updated its documentation to provide more clarity on the matter. The findings demonstrate the need for strengthening AI agent protection, as enterprises increasingly incorporate AI capabilities into their workflows.

To mitigate such prompt injection threats, it’s advised to configure supervised execution mode for privileged agents, disable the autonomous override property (“sn_aia.enable_usecase_tool_execution_mode_override”), segment agent duties by team, and monitor AI agents for suspicious behavior.

“If organizations using Now Assist’s AI agents aren’t closely examining their configurations, they’re likely already at risk,” Costello added.

Nov 19, 2025Ravie LakshmananCyber Espionage / Malware

The threat actor known as PlushDaemon has been observed using a previously undocumented Go-based network backdoor codenamed EdgeStepper to facilitate adversary-in-the-middle (AitM) attacks.

EdgeStepper “redirects all DNS queries to an external, malicious hijacking node, effectively rerouting the traffic from legitimate infrastructure used for software updates to attacker-controlled infrastructure,” ESET security researcher Facundo Muñoz said in a report shared with The Hacker News.

Known to be active since at least 2018, PlushDaemon is assessed to be a China-aligned group that has attacked entities in the U.S., New Zealand, Cambodia, Hong Kong, Taiwan, South Korea, and mainland China.

It was first documented by the Slovak cybersecurity company earlier this January, detailing a supply chain attack aimed at a South Korean virtual private network (VPN) provider named IPany to target a semiconductor company and an unidentified software development company in South Korea with a feature-rich implant dubbed SlowStepper.

Among the adversary’s victims include a university in Beijing, a Taiwanese company that manufactures electronics, a company in the automotive sector, and a branch of a Japanese company in the manufacturing sector. Earlier this month, ESET also said it observed PlushDaemon targeting two entities in Cambodia this year, a company in the automotive sector and a branch of a Japanese company in the manufacturing sector, with SlowStepper.

The primary initial access mechanism for the threat actor is to leverage AitM poisoning, a technique that has been embraced by an “ever increasing” number of China-affiliated advanced persistent threat (APT) clusters in the last two years, such as LuoYu, Evasive

Panda, BlackTech, TheWizards APT, Blackwood, and FontGoblin. ESET said it’s tracking ten active China-aligned groups that have hijacked software update mechanisms for initial access and lateral movement.

The attack essentially commences with the threat actor compromising an edge network device (e.g., a router) that its target is likely to connect to. This is accomplished by either exploiting a security flaw in the software or through weak credentials, allowing them to deploy caEdgeStepper.

“Then, EdgeStepper begins redirecting DNS queries to a malicious DNS node that verifies whether the domain in the DNS query message is related to software updates, and if so, it replies with the IP address of the hijacking node,” Muñoz explained. “Alternatively, we have also observed that some servers are both the DNS node and the hijacking node; in those cases, the DNS node replies to DNS queries with its own IP address.”

Internally, the malware consists of two moving parts: a Distributor module that resolves the IP address associated with the DNS node domain (“test.dsc.wcsset[.]com”) and invokes the Ruler component responsible for configuring IP packet filter rules using iptables.

The attack specifically checks for several Chinese software, including Sogou Pinyin, to have their update channels hijacked by means of EdgeStepper to deliver a malicious DLL (“popup_4.2.0.2246.dll” aka LittleDaemon) from a threat actor-controlled server. A first-stage deployed through hijacked updates, LittleDaemon is designed to communicate with the attacker node to fetch a downloader referred to as DaemonicLogistics if SlowStepper is not running on the infected system.

The main purpose of DaemonicLogistics is to download the SlowStepper backdoor from the server and execute it. SlowStepper supports an extensive set of features to gather system information, files, browser credentials, extract data from a number of messaging apps, and even uninstall itself.

“These implants give PlushDaemon the capability to compromise targets anywhere in the world,” Muñoz said.