Author: Mark

Generative AI is not arriving with a bang, it’s slowly creeping into the software that companies already use on a daily basis. Whether it is video conferencing or CRM, vendors are scrambling to integrate AI copilots and assistants into their SaaS applications. Slack can now provide AI summaries of chat threads, Zoom can provide meeting summaries, and office suites such as Microsoft 365 contain AI assistance in writing and analysis. This trend of AI usage implies that the majority of businesses are awakening to a new reality: AI capabilities have spread across their SaaS stack overnight, with no centralized control.

A recent survey found 95% of U.S. companies are now using generative AI, up massively in just one year. Yet this unprecedented usage comes tempered by growing anxiety. Business leaders have begun to worry about where all this unseen AI activity might lead. Data security and privacy have quickly emerged as top concerns, with many fearing that sensitive information could leak or be misused if AI usage remains unchecked. We’ve already seen some cautionary examples: global banks and tech firms have banned or restricted tools like ChatGPT internally after incidents of confidential data being shared inadvertently.

Why SaaS AI Governance Matters

With AI woven into everything from messaging apps to customer databases, governance is the only way to harness the benefits without inviting new risks.

What do we mean by AI governance?

In simple terms, it basically refers to the policies, processes, and controls that ensure AI is used responsibly and securely within an organization. Done right, AI governance keeps these tools from becoming a free-for-all and instead aligns them with a company’s security requirements, compliance obligations, and ethical standards.

This is especially important in the SaaS context, where data is constantly flowing to third-party cloud services.

1. Data exposure is the most immediate worry. AI features often need access to large swaths of information – think of a sales AI that reads through customer records, or an AI assistant that combs your calendar and call transcripts. Without oversight, an unsanctioned AI integration could tap into confidential customer data or intellectual property and send it off to an external model. In one survey, over 27% of organizations said they banned generative AI tools outright after privacy scares. Clearly, nobody wants to be the next company in the headlines because an employee fed sensitive data to a chatbot.

2. Compliance violations are another concern. When employees use AI tools without approval, it creates blind spots that can lead to breaches of laws like GDPR or HIPAA. For example, uploading a client’s personal information into an AI translation service might violate privacy regulations – but if it’s done without IT’s knowledge, the company may have no idea it happened until an audit or breach occurs. Regulators worldwide are expanding laws around AI use, from the EU’s new AI Act to sector-specific guidance. Companies need governance to ensure they can prove what AI is doing with their data, or face penalties down the line.

3. Operational reasons are another reason to rein in AI sprawl. AI systems can introduce biases or make poor decisions (hallucinations) that impact real people. A hiring algorithm might inadvertently discriminate, or a finance AI might give inconsistent results over time as its model changes. Without guidelines, these issues go unchecked. Business leaders recognize that managing AI risks isn’t just about avoiding harm, it can also be a competitive advantage. Those who start to use AI ethically and transparently can generally build greater trust with customers and regulators.

The Challenges of Managing AI in the SaaS World

Unfortunately, the very nature of AI adoption in companies today makes it hard to pin down. One big challenge is visibility. Often, IT and security teams simply don’t know how many AI tools or features are in use across the organization. Employees eager to boost productivity can enable a new AI-based feature or sign up for a clever AI app in seconds, without any approval. These shadow AI instances fly under the radar, creating pockets of unchecked data usage. It’s the classic shadow IT problem amplified: you can’t secure what you don’t even realize is there.

Compounding the problem is the fragmented ownership of AI tools. Different departments might each introduce their own AI solutions to solve local problems – Marketing tries an AI copywriter, engineering experiments with an AI code assistant, customer support integrates an AI chatbot – all without coordinating with each other. With no real centralized strategy, each of these tools might apply different (or nonexistent) security controls. There’s no single point of accountability, and important questions start to fall through the cracks:

1. Who vetted the AI vendor’s security?

2. Where is the data going?

3. Did anyone set usage boundaries?

The end result is an organization using AI in a dozen different ways, with loads of gaps that an attacker could potentially exploit.

Perhaps the most serious problem is the lack of data provenance with AI interactions. An employee could copy proprietary text and paste it into an AI writing assistant, get a polished result back, and use that in a client presentation – all outside normal IT monitoring. From the company’s perspective, that sensitive data just left their environment without a trace. Traditional security tools might not catch it because no firewall was breached and no abnormal download occurred; the data was voluntarily given away to an AI service. This black box effect, where prompts and outputs aren’t logged, makes it extremely hard for organizations to ensure compliance or investigate incidents.

Despite these hurdles, companies can’t afford to throw up their hands.

The answer is to bring the same rigor to AI that’s applied to other technology – without stifling innovation. It’s a delicate balance: security teams don’t want to become the department of no that bans every useful AI tool. The goal of SaaS AI governance is to enable safe adoption. That means putting protection in place so employees can leverage AI’s benefits while minimizing the downsides.

5 Best Practices for AI Governance in SaaS

Establishing AI governance might sound daunting, but it becomes manageable by breaking it into a few concrete steps. Here are some best practices that leading organizations are using to get control of AI in their SaaS environment:

1. Inventory Your AI Usage

Start by shining a light on the shadow. You can’t govern what you don’t know exists. Take an audit of all AI-related tools, features, and integrations in use. This includes obvious standalone AI apps and less obvious things like AI features within standard software (for example, that new AI meeting notes feature in your video platform). Don’t forget browser extensions or unofficial tools employees might be using. A lot of companies are surprised by how long the list is once they look. Create a centralized registry of these AI assets noting what they do, which business units use them, and what data they touch. This living inventory becomes the foundation for all other governance efforts.

2. Define Clear AI Usage Policies

Just as you likely have an acceptable use policy for IT, make one specifically for AI. Employees need to know what’s allowed and what’s off-limits when it comes to AI tools. For instance, you might permit using an AI coding assistant on open-source projects but forbid feeding any customer data into an external AI service. Specify guidelines for handling data (e.g. “no sensitive personal info in any generative AI app unless approved by security”) and require that new AI solutions be vetted before use. Educate your staff on these rules and the reasons behind them. A little clarity up front can prevent a lot of risky experimentation.

3. Monitor and Limit Access

Once AI tools are in play, keep tabs on their behavior and access. Principle of least privilege applies here: if an AI integration only needs read access to a calendar, don’t give it permission to modify or delete events. Regularly review what data each AI tool can reach. Many SaaS platforms provide admin consoles or logs – use them to see how often an AI integration is being invoked and whether it’s pulling unusually large amounts of data. If something looks off or outside policy, be ready to intervene. It’s also wise to set up alerts for certain triggers, like an employee attempting to connect a corporate app to a new external AI service.

4. Continuous Risk Assessment

AI governance is not a set and forget task. AI changes too quickly. Establish a process to re-evaluate risks on a regular schedule – say monthly or quarterly. This could involve rescanning the environment for any newly introduced AI tools, reviewing updates or new features released by your SaaS vendors, and staying up to date on AI vulnerabilities. Make adjustments to your policies as needed (for example, if research exposes a new vulnerability like a prompt injection attack, update your controls to address it). Some organizations form an AI governance committee with stakeholders from security, IT, legal, and compliance to review AI use cases and approvals on an ongoing basis.

5. Cross-Functional Collaboration

Finally, governance isn’t solely an IT or security responsibility. Make AI a team sport. Bring in legal and compliance officers to help interpret new regulations and ensure your policies meet them. Include business unit leaders so that governance measures align with business needs (and so they act as champions for responsible AI use in their teams). Involve data privacy experts to assess how data is being used by AI. When everyone understands the shared goal – to use AI in ways that are innovative and safe – it creates a culture where following the governance process is seen as enabling success, not hindering it.

To translate theory into practice, use this checklist to track your progress:

By taking these foundational steps, organizations can use AI to increase productivity while ensuring security, privacy, and compliance are protected.

How Reco Simplifies AI Governance

While establishing AI governance frameworks is critical, the manual effort required to track, monitor, and manage AI across hundreds of SaaS applications can quickly overwhelm security teams. This is where specialized platforms like Reco’s Dynamic SaaS Security solution can make the difference between theoretical policies and practical protection.

👉 Get a demo of Reco to assess the AI-related risks in your SaaS apps.

A high-severity security flaw has been disclosed in ServiceNow’s platform that, if successfully exploited, could result in data exposure and exfiltration.

The vulnerability, tracked as CVE-2025-3648 (CVSS score: 8.2), has been described as a case of data inference in Now Platform through conditional access control list (ACL) rules. It has been codenamed Count(er) Strike.

“A vulnerability has been identified in the Now Platform that could result in data being inferred without authorization,” ServiceNow said in a bulletin. “Under certain conditional access control list (ACL) configurations, this vulnerability could enable unauthenticated and authenticated users to use range query requests to infer instance data that is not intended to be accessible to them.”

Cybersecurity company Varonis, which discovered and reported the flaw in February 2024, said it could have been exploited by malicious actors to obtain unauthorized access to sensitive information, including personally identifiable information (PII) and credentials.

At its core, the shortcoming impacts the record count UI element on list pages, which could be trivially abused to infer and expose confidential data from various tables within ServiceNow.

“This vulnerability could have potentially affected all ServiceNow instances, impacting hundreds of tables,” Varonis researcher Neta Armon said in Wednesday’s analysis.

“Most concerning, this vulnerability was relatively simple to exploit and required only minimal table access, such as a weak user account within the instance or even a self-registered anonymous user, which could bypass the need for privilege elevation and resulted in sensitive data exposure.”

Specifically, the company found that access to ServiceNow tables, while governed by ACL configurations, could be used to glean information, even in scenarios where access is denied due to a failed “Data Condition” or “Script Condition” — which makes it possible to conditionally provide access based on an evaluation of certain data-related criteria or custom logic.

In these cases, users are displayed a message, stating “Number of rows removed from this list by Security constraints” along with the count. However, when access to a resource is blocked due to “Required Roles” or “Security Attribute Condition,” users are displayed a blank page with the message “Security constraints prevent access to the requested page.”

It’s worth mentioning that the four ACL conditions are evaluated in a particular order, starting with roles, followed by security attributes, data condition, and lastly, script condition. For a user to gain access to a resource, all of these conditions must be satisfied. Any condition that’s left empty is considered as not having any kind of restriction.

To make matters worse, a threat actor could expand the blast radius of the flaw using techniques like dot-walking and self-registration to access additional data from referenced tables, create accounts and gain access to an instance without requiring prior approval from an administrator.

ServiceNow, in response to the findings, has introduced new security mechanisms, such as Query ACLs, Security Data Filters, and Deny-Unless ACLs, to counter the risk posed by the data inference blind query attack. While there is no evidence that the issue was ever exploited in the wild, all ServiceNow customers are urged to apply the necessary guardrails on sensitive tables.

“ServiceNow customers should also be aware that query range Query ACLs will soon be set to default deny, so they should create exclusions to maintain authorized user ability to perform such actions,” Armon said.

DLL Hijacking Flaw in Lenovo’s TrackPoint Quick Menu Software

The development comes as TrustedSec detailed a privilege escalation flaw (CVE-2025-1729) in TrackPoint Quick Menu software (“TPQMAssistant.exe”) present in Lenovo computers that could permit a local attacker to escalate privileges by means of a DLL hijacking vulnerability.

The flaw has been addressed in version 1.12.54.0 released on July 8, 2025, following responsible disclosure earlier this January.

“The directory housing ‘TPQMAssistant.exe’ is writable by standard users, which is already a red flag,” security researcher Oddvar Moe said. “The folder’s permission allows the CREATOR OWNER to write files, meaning any local user can drop files into this location.”

“When the scheduled task (or the binary itself) is triggered, it attempts to load ‘hostfxr.dll’ from its working directory but fails, resulting in a NAME NOT FOUND event. This tells us the binary is looking for a dependency that doesn’t exist in its own directory – a perfect opportunity for sideloading.”

As a result, an attacker can place a malicious version of ‘hostfxr.dll’ in the directory “C: ProgramDatalLenovolTPQMAssistant” to hijack control flow when the binary is launched, resulting in the execution of arbitrary code.

Microsoft Addresses Kerberos DoS Bug

The findings also follow the public disclosure of an out-of-bounds read flaw in Windows Kerberos’ Netlogon protocol (CVE-2025-47978, CVSS score: 6.5) that could permit an authorized attacker to deny service over a network. The vulnerability was addressed by Microsoft as part of its Patch Tuesday updates for July 2025.

Silverfort, which has assigned the name NOTLogon to CVE-2025-47978, said it permits any “domain-joined machine with minimal privileges to send a specially-crafted authentication request that will crash a domain controller and cause a full reboot.”

“This vulnerability does not require elevated privileges — only standard network access and a weak machine account are needed. In typical enterprise environments, any low-privileged user can create such accounts by default,” security researcher Dor Segal said.

The cybersecurity company also noted that the crash primarily affected Local Security Authority Subsystem Service (LSASS), a critical security process in Windows that’s responsible for enforcing security policies and handling user authentication. Successful exploitation of CVE-2025-47978 could therefore destabilize or disrupt Active Directory services.

“With only a valid machine account and a crafted RPC message, an attacker can remotely crash a domain controller – a system responsible for the core functionalities of Active Directory, including authentication, authorization, Group Policy enforcement, and service ticket issuance,” Segal said.

Jul 09, 2025Ravie LakshmananCyber Threat / Malware

The Initial Access Broker (IAB) known as Gold Melody has been attributed to a campaign that exploits leaked ASP.NET machine keys to obtain unauthorized access to organizations and peddle that access to other threat actors.

The activity is being tracked by Palo Alto Networks Unit 42 under the moniker TGR-CRI-0045, where “TGR” stands for “temporary group” and “CRI” refers to criminal motivation. The hacking group is also known as Prophet Spider and UNC961, with one of its tools also used by an initial access broker called ToyMaker.

“The group seems to follow an opportunistic approach but has attacked organizations in Europe and the U.S. in the following industries: financial services, manufacturing, wholesale and retail, high technology, and transportation and logistics,” researchers Tom Marsden and Chema Garcia said.

The abuse of ASP.NET machine keys in the wild was first documented by Microsoft in February 2025, with the company noting that it had identified over 3,000 such publicly disclosed keys that could be weaponized for ViewState code injection attacks, ultimately leading to arbitrary code execution.

The first sign of these attacks was detected by the Windows maker in December 2024, when an unknown adversary leveraged a publicly available, static ASP.NET machine key to inject malicious code and deliver the Godzilla post-exploitation framework.

Unit 42’s analysis shows that the TGR-CRI-0045 is following a similar modus operandi, employing the leaked keys to sign malicious payloads that provide unauthorized access to targeted servers, a technique known as ASP.NET ViewState deserialization.

“This technique enabled the IAB to execute malicious payloads directly in server memory, minimizing their on-disk presence and leaving few forensic artifacts, making detection more challenging,” the cybersecurity company said, adding it found evidence of earliest exploitation in October 2024.

Unlike traditional web shell implants or file-based payloads, this memory-resident approach bypasses many legacy EDR solutions that rely on file system or process tree artifacts. Organizations relying solely on file integrity monitoring or antivirus signatures may completely miss the intrusion, making it critical to implement behavioral detections based on anomalous IIS request patterns, child processes spawned by w3wp.exe, or sudden changes in .NET application behavior.

A significant spike in activity is said to have been detected between late January and March 2025, during which period the attacks led to the deployment of post-exploitation tools such as open-source port scanners and bespoke C# programs like updf for local privilege escalation.

In at least two incidents observed by Unit 42, the attacks are characterized by command shell execution originating from Internet Information Services (IIS) web servers. Another notable aspect is the likely use of an open-source .NET deserialization payload generator called ysoserial.net and ViewState plugin to build the payloads.

These payloads bypass ViewState protections and trigger the execution of a .NET assembly in memory. Five different IIS modules have been identified as loaded into memory so far –

• Cmd /c, which is used to passing a command to be executed to the system’s command shell and execute arbitrary instructions on the server
• File upload, which allows for uploading files to the server by specifying a target file path and a byte buffer containing the file’s contents
• Winner, which is likely a check for successful exploitation
• File download (not recovered), which appears to be a downloader that allows an attacker to retrieve sensitive data from the compromised server
• Reflective loader (not recovered), which seemingly acts as a reflective loader to dynamically load and execute additional .NET assemblies in memory without leaving a trail

“Between October 2024 and January 2025, the threat actor’s activity primarily focused on exploiting systems, deploying modules — like the exploit checker — and performing basic shell reconnaissance,” Unit 42 said. “Post-exploitation activity has primarily involved reconnaissance of the compromised host and surrounding network.”

Some of the other tools downloaded onto the systems include an ELF binary named atm from an external server (“195.123.240[.]233:443”) and a Golang port scanner called TXPortMap to map out the internal network and identify potential exploitation targets.

“TGR-CRI-0045 uses a simplistic approach to ViewState exploitation, loading a single, stateless assembly directly,” the researchers noted. “Each command execution requires re-exploitation and re-uploading the assembly (e.g., running the file upload assembly multiple times).”

“Exploiting ASP.NET View State deserialization vulnerabilities via exposed Machine Keys allows minimal on-disk presence and enables long-term access. The group’s opportunistic targeting and ongoing tool development highlight the need for organizations to prioritize identifying and remediating compromised Machine Keys.”

This campaign also highlights a broader category of cryptographic key exposure threats, including weak machineKey generation policies, missing MAC validation, and insecure defaults in older ASP.NET applications. Expanding internal threat models to include cryptographic integrity risks, ViewState MAC tampering, and IIS middleware abuse can help organizations build more resilient AppSec and identity protection strategies.

Jul 09, 2025Ravie LakshmananMalware / Cyber Espionage

A threat actor with suspected ties to India has been observed targeting a European foreign affairs ministry with malware capable of harvesting sensitive data from compromised hosts.

The activity has been attributed by Trellix Advanced Research Center to an advanced persistent threat (APT) group called DoNot Team, which is also known as APT-C-35, Mint Tempest, Origami Elephant, SECTOR02, and Viceroy Tiger. It’s been assessed to be active since 2016.

“DoNot APT is known for using custom-built Windows malware, including backdoors like YTY and GEdit, often delivered through spear-phishing emails or malicious documents,” Trellix researchers Aniket Choukde, Aparna Aripirala, Alisha Kadam, Akhil Reddy, Pham Duy Phuc, and Alex Lanstein said.

“This threat group typically targets government entities, foreign ministries, defense organizations, and NGOs especially those in South Asia and Europe.”

The attack chain commences with phishing emails that aim to trick recipients into clicking on a Google Drive link to trigger the download of a RAR archive, which then paves the way for the deployment of a malware dubbed LoptikMod, which is exclusively put to use by the group as far back as 2018.

The messages, per Trellix, originate from a Gmail address and impersonate defense officials, with a subject line that references an Italian Defense Attaché’s visit to Dhaka, Bangladesh.

“The email used HTML formatting with UTF-8 encoding to properly display special characters like ‘é’ in ‘Attaché,’ demonstrating attention to detail to increase legitimacy,” Trellix noted in its deconstruction of the infection sequence.

The RAR archive distributed via the emails contains a malicious executable that mimics a PDF document, opening which causes the execution of the LoptikMod remote access trojan that can establish persistence on the host via scheduled tasks and connect to a remote server to send system information, receive further commands, download additional modules, and exfiltrate data.

It also employs anti-VM techniques and ASCII obfuscation to hinder execution in virtual environments and evade analysis, thereby making it a lot more challenging to determine the tool’s purpose. Furthermore, the attack makes sure that only one instance of the malware is actively running on the compromised system to avoid potential interference.

Trellix said the command-and-control (C2) server used in the campaign is currently inactive, meaning the infrastructure has been either temporarily disabled or no longer functional, or that the threat actors have moved to a completely different server.

The inactive state of the C2 server also means that it’s currently not feasible to determine the exact set of commands that are transmitted to infected endpoints and the kinds of data that are sent back as responses.

“Their operations are marked by persistent surveillance, data exfiltration, and long-term access, suggesting a strong cyber espionage motive,” the researchers said. “While historically focused on South Asia, this incident targeting South Asian embassies in Europe, indicates a clear expansion of their interests towards European diplomatic communications and intelligence.”

Jul 09, 2025The Hacker NewsSecurity Operations / Automation

Run by the team at workflow orchestration and AI platform Tines, the Tines library features over 1,000 pre-built workflows shared by security practitioners from across the community – all free to import and deploy through the platform’s Community Edition.

A recent standout is a workflow that handles malware alerts with CrowdStrike, Oomnitza, GitHub, and PagerDuty. Developed by Lucas Cantor at Intercom, the creators of fin.ai, the workflow makes it easier to determine the severity of a security alert and escalate it seamlessly, depending on the device owner’s response. “It’s a great way to reduce noise and add context to security issues that are added on our endpoints as well,” Lucas explains.

In this guide, we’ll share an overview of the workflow, plus step-by-step instructions for getting it up and running.

The problem – lack of integration between security tools

For security teams, responding to malware threats, analyzing their severity, and identifying the device owner so they can be contacted to resolve the threat, can take up a lot of time.

From a workflow perspective, teams often have to:

• Manually respond to CrowdStrike events
• Enrich the alert with additional metadata
• Document and alert the device owner in Slack
• Notify on call teams via PagerDuty

Going through this process manually can result in delays and increase the chances of human error.

The solution – automated ticket creation, device identification, and threat triage

Lucas’s prebuilt workflow automates the process of taking the malware alert and creating the case – while crucially notifying the device owner and the on-call team. This workflow helps security teams accurately identify the level of threat faster by:

• Detecting new alerts from Crowdstrike
• Identifying and notifying the device owner
• Escalating critical issues

The result is streamlined response to malware security alerts that ensures they are dealt with quickly, no matter what the severity.

Key benefits of this workflow:

• Reduced remediation time
• Device owner is kept informed
• Clear remediation and escalation pathways
• Centralized management system

Workflow overview

Tools used:

• Tines – workflow orchestration and AI platform (free Community Edition available)
• Crowdstrike – threat intelligence and EDR platform
• Oomnitza – IT asset management platform
• Github – developer platform
• PagerDuty – incident management platform
• Slack – team collaboration platform

How it works

Part 1

• Get a security alert from CrowdStrike
• Find the device that the alert was triggered and look up its details
• Create a ticket in GitHub for the alert and raise the issue in a Slack message
• If the device is owned by a user and it is a low priority,
  • Send the owner a message requesting escalation
• If the device is owned by a user and it is a high priority,
  • Create a PagerDuty Event to notify the on-call analyst
  • Informing the owner of the ongoing issue

Part 2

• Get a user interaction with the Slack message
• Enrich the GitHub issue with the users response
• If the owner escalates the issue
  • Create a PagerDuty Event to notify the on-call analyst

Configuring the workflow – step-by-step guide

1. Log into Tines or create a new account.

2. Navigate to the pre-built workflow in the library. Select import. This should take you straight to your new pre-built workflow.

3. Set up your credentials

You’ll need five credentials added to your Tines tenant:

• CrowdStrike
• Oomnitza
• Github
• PagerDuty
• Slack

Note that similar services to the ones listed above can also be used, with some adjustments to the workflow.

From the credentials page, select New credential, scroll down to the relevant credential and complete the required fields. Follow the CrowdStrike, Oomnitza, Github, PagerDuty, and Slack credential guides at explained.tines.com if you need help.

4. Configure your actions.

• Set your environment variables. This includes your:
  • Slack IT channel alerting webhook (`slack_channel_webhook_urls_prod`)
  • CrowdStrike/GitHub severity priority mapping (`crowdstrike_to_github_priority_map`)
• Configure CrowdStrike to alert the New CrowdStrike Detection webhook when a detection is created
• Configure your SlackBot interactivity URL to the Receive Slack Button Push webhook

5. Test the workflow.

6. Publish and operationalize

Once tested, publish the workflow.

If you’d like to test this workflow, you can sign up for a free Tines account.

Jul 09, 2025Ravie LakshmananMalware / Cyber Crime

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) on Tuesday sanctioned a member of a North Korean hacking group called Andariel for their role in the infamous remote information technology (IT) worker scheme.

The Treasury said Song Kum Hyok, a 38-year-old North Korean national with an address in the Chinese province of Jilin, enabled the fraudulent operation by using foreign-hired IT workers to seek remote employment with U.S. companies and planning to split income with them.

Between 2022 and 2023, Song is alleged to have used the identities of U.S. people, including their names, addresses, and Social Security numbers, to craft aliases for the hired workers, who then used these personas to pose as U.S. nationals looking for remote jobs in the country.

The development comes days after the U.S. Department of Justice (DoJ) announced sweeping actions targeting the North Korean information technology (IT) worker scheme, leading to the arrest of one individual and the seizure of 29 financial accounts, 21 fraudulent websites, and nearly 200 computers.

Sanctions have also been levied against a Russian national and four entities involved in a Russia-based IT worker scheme that contracted and hosted North Koreans to pull off the malicious operation. This includes –

• Gayk Asatryan, who used his Russia-based companies Asatryan LLC and Fortuna LLC to employ North Korean IT workers
• Korea Songkwang Trading General Corporation, which signed a deal with Asatryan to dispatch up to 30 IT workers to work in Russia for Asatryan LLC
• Korea Saenal Trading Corporation, which signed a deal with Asatryan to dispatch up to 50 IT workers to work in Russia for Fortuna LLC

The sanctions mark the first time a threat actor linked to Andariel, a sub-cluster within the Lazarus Group, has been tied to the IT worker scheme, which has become a crucial illicit revenue stream for the sanctions-hit nation. The Lazarus Group is assessed to be affiliated with the Democratic People’s Republic of Korea (DPRK) Reconnaissance General Bureau (RGB).

The action “underscores the importance of vigilance on the DPRK’s continued efforts to clandestinely fund its WMD and ballistic missile programs,” said Deputy Secretary of the Treasury Michael Faulkender.

“Treasury remains committed to using all available tools to disrupt the Kim [Jong Un] regime’s efforts to circumvent sanctions through its digital asset theft, attempted impersonation of Americans, and malicious cyber attacks”

The IT worker scheme, also tracked as Nickel Tapestry, Wagemole, and UNC5267, involves North Korean actors using a mix of stolen and fictitious identities to gain employment with U.S. companies as remote IT workers with the goal of drawing a regular salary that’s then funneled back to the regime through intricate cryptocurrency transactions.

Data compiled by TRM Labs shows that North Korea is behind approximately $1.6 billion out of the total $2.1 billion stolen as a result of 75 cryptocurrency hacks and exploits in the first half of 2025 alone — mainly driven by the blockbuster heist of Bybit earlier this year.

A majority of steps taken to counter the threat has ostensibly come from U.S. authorities, but Michael “Barni” Barnhart, Principal i3 Insider Risk Investigator at DTEX, told The Hacker News that other countries are also stepping up and taking similar actions and driving awareness to a broader audience.

“This is a complex, transnational issue with many moving parts, so international collaboration and open communication are extremely useful,” Barnhart said.

“For an example of some of the complexities with this issue, a North Korean IT worker may be physically located in China, employed by a front company posing as a Singapore-based firm, contracted to a European vendor delivering services to clients in the United States. That level of operational layering highlights just how important joint investigations and intelligence sharing are in effectively countering this activity.”

“The good news is that awareness has grown significantly in recent years, and we’re now seeing the fruits of that labor. These initial awareness steps are part of a broader global shift toward recognizing and actively disrupting these threats.”

News of the sanctions dovetail with reports that the North Korea-aligned group tracked as Kimsuky (aka APT-C-55) is using a backdoor called HappyDoor in attacks targeting South Korean entities. HappyDoor, according to AhnLab, has been put to use as far back as 2021.

Typically distributed via spear-phishing email attacks, the malware has witnessed steady improvements over the years, allowing it to harvest sensitive information; execute commands, PowerShell code, and batch scripts; and upload files of interest.

“Mainly taking on the disguise of a professor or an academic institution, the threat actor has been using social engineering techniques like spear-phishing to distribute emails with attachments that, once run, install a backdoor and may also install additional malware,” AhnLab noted.

Jul 09, 2025Ravie LakshmananCyber Espionage / Threat Intelligence

A Chinese national has been arrested in Milan, Italy, for his alleged links to a state-sponsored hacking group known as Silk Typhoon and for carrying out cyber attacks against American organizations and government agencies.

The 33-year-old, Xu Zewei, has been charged with nine counts of wire fraud and conspiracy to cause damage to and obtain information by unauthorized access to protected computers, as well as committing aggravated identity theft. Details of the arrest were first reported by Italian media.

Xu is alleged to have been involved in the U.S. computer intrusions between February 2020 and June 2021, including a mass attack spree that leveraged then-zero-day flaws in Microsoft Exchange Server, a cluster of activity the Windows maker designed as Hafnium.

The suspect is also accused of participating in China’s espionage efforts during the COVID-19 pandemic, attempting to gain access to vaccine research at various U.S. universities, including the University of Texas.

Xu, alongside co-defendant and Chinese national Zhang Yu, are believed to have undertaken the attacks based on directions given by the Ministry of State Security’s (MSS) Shanghai State Security Bureau (SSSB).

“Beginning in late 2020, Xu and his co-conspirators exploited certain vulnerabilities in Microsoft Exchange Server, a widely used Microsoft product for sending, receiving and storing email messages,” the Justice Department said. “Their exploitation of Microsoft Exchange Server was allegedly at the forefront of a massive campaign targeting thousands of computers worldwide and known publicly as ‘Hafnium.’”

Silk Typhoon, which overlaps with UNC5221, is known for its use of zero-day vulnerabilities and successful compromises of technology firms in supply chain attacks. The group is said to have targeted over 60,000 U.S. entities, successfully victimizing more than 12,700 in order to steal sensitive information through the Hafnium campaign.

The Justice Department has also claimed that Zewei worked for a company named Shanghai Powerock Network Co. Ltd. when the attacks were carried out, lending further credence to other reports that China is leveraging an array of contractors and private firms to launch state-sponsored espionage campaigns in an effort to obscure the government’s involvement.

According to a report from Reuters, Xu has opposed the extradition request, claiming a case of mistaken identity. Xu’s lawyer added his surname is quite common in China and that his mobile phone had been stolen from him in 2020.

“Unfortunately, the impact of this arrest won’t be felt immediately. There are several teams composed of dozens of operators who are going to continue to carry out cyber espionage,” John Hultquist, Chief Analyst, Google Threat Intelligence Group (GTIG), said in a statement shared with The Hacker News.

“Government sponsors are not going to be deterred. The arrest is unlikely to bring operations to a halt or even significantly slow them, but it may give some of these talented young hackers a reason to think twice before getting involved in this work.”

For the first time in 2025, Microsoft’s Patch Tuesday updates did not bundle fixes for exploited security vulnerabilities, but acknowledged one of the addressed flaws had been publicly known.

The patches resolve a whopping 130 vulnerabilities, along with 10 other non-Microsoft CVEs that affect Visual Studio, AMD, and its Chromium-based Edge browser. Of these 10 are rated Critical and the remaining are all rated Important in severity.

“The 11-month streak of patching at least one zero-day that was exploited in the wild ended this month,” Satnam Narang, Senior Staff Research Engineer at Tenable, said.

Fifty-three of these shortcomings are classified as privilege escalation bugs followed by 42 as remote code execution, 17 as information disclosure, and 8 as security feature bypasses. These patches are in addition to two other flaws addressed by the company in the Edge browser since the release of last month’s Patch Tuesday update.

The vulnerability that’s listed as publicly known is an information disclosure flaw in Microsoft SQL Server (CVE-2025-49719, CVSS score: 7.5) that could permit an unauthorized attacker to leak uninitialized memory.

“An attacker might well learn nothing of any value, but with luck, persistence, or some very crafty massaging of the exploit, the prize could be cryptographic key material or other crown jewels from the SQL Server,” Adam Barnett, Lead Software Engineer at Rapid7, said in a statement.

Mike Walters, President and Co-Founder of Action1, said the flaw likely is the result of improper input validation in SQL Server’s memory management, allowing access to uninitialized memory.

“As a result, attackers could retrieve remnants of sensitive data, such as credentials or connection strings,” Walters added. “It affects both the SQL Server engine and applications using OLE DB drivers.”

The most critical flaw patched by Microsoft as part of this month’s updates concerns a case of remote code execution impacting SPNEGO Extended Negotiation (NEGOEX). Tracked as CVE-2025-47981, it carries a CVSS score of 9.8 out of 10.0.

“Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a network,” Microsoft said in an advisory. “An attacker could exploit this vulnerability by sending a malicious message to the server, potentially leading to remote code execution.”

An anonymous researcher and Yuki Chen have been credited with discovering and repairing the flaw. Microsoft noted that the issue only impacts Windows client machines running Windows 10, version 1607 and above due to the “Network security: Allow PKU2U authentication requests to this computer to use online identities” Group Policy Object (GPO) being enabled by default.

“As always, Remote Code Execution is bad, but early analysis is suggesting that this vulnerability may be ‘wormable’ – the sort of vulnerability that could be leveraged in self-propagating malware and make many revisit trauma from the WannaCry incident,” watchTowr founder and CEO Benjamin Harris said.

“Microsoft is clear on pre-requisites here: no authentication required, just network access, and Microsoft themselves believe exploitation is ‘More Likely.’ We shouldn’t fool ourselves – if the private industry has noticed this vulnerability, it is certainly already on the radar of every attacker with an ounce of malice. Defenders need to drop everything, patch rapidly, and hunt down exposed systems.”

Other vulnerabilities of importance include remote code execution flaws impacting Windows KDC Proxy Service (CVE-2025-49735, CVSS score: 8.1), Windows Hyper-V (CVE-2025-48822, CVSS score: 8.6), and Microsoft Office (CVE-2025-49695, CVE-2025-496966, and CVE-2025-49697, CVSS scores: 8.4).

“What makes CVE-2025-49735 significant is the network exposure combined with no required privileges or user interaction. Despite its high attack complexity, the vulnerability opens the door to pre-auth remote compromise, particularly attractive to APTs and nation-state actors,” Ben McCarthy, Lead Cyber Security Engineer at Immersive, said.

“The attacker must win a race condition – a timing flaw where memory is freed and reallocated in a specific window – meaning reliability is low for now. Still, such issues can be weaponized with techniques like heap grooming, making eventual exploitation feasible.”

Elsewhere, the update closes out five security feature bypasses in Bitlocker (CVE-2025-48001, CVE-2025-48003, CVE-2025-48800, CVE-2025-48804, and CVE-2025-48818, CVSS scores: 6.8) that could allow an attacker with physical access the device to get hold of encrypted data.

“An attacker could exploit this vulnerability by loading a WinRE.wim file while the OS volume is unlocked, granting access to BitLocker encrypted data,” Microsoft said about CVE-2025-48804.

Researchers Netanel Ben Simon and Alon Leviev with Microsoft Offensive Research and Security Engineering (MORSE) have been acknowledged for reporting the five issues in the built-in disk encryption tool.

“If exploited, these flaws could expose sensitive files, credentials, or allow tampering with system integrity,” Jacob Ashdown, Cyber Security Engineer at Immersive, said. “This poses a particular risk, especially for organizations where devices may be lost or stolen, as attackers with hands-on access could potentially bypass encryption and extract sensitive data.”

It’s also worth noting that July 8, 2025, officially marks the end of the road for SQL Server 2012, which will no longer receive any future security patches in the list of the Extended Security Update (ESU) program coming to a close.

Software Patches from Other Vendors

In addition to Microsoft, security updates have also been released by other vendors over the past couple of weeks to rectify several vulnerabilities, including —

• Adobe
• AMD
• Atlassian
• Bitdefender
• Broadcom (including VMware)
• Cisco
• Citrix
• D-Link
• Dell
• Drupal
• F5
• Fortinet
• Fortra
• Gigabyte
• GitLab
• Google Chrome
• Google Cloud
• Grafana
• Hikvision
• Hitachi Energy
• HP
• HP Enterprise (including Aruba Networking)
• IBM
• Intel
• Ivanti
• Jenkins
• Juniper Networks
• Lenovo
• Linux distributions AlmaLinux, Alpine Linux, Amazon Linux, Arch Linux, Debian, Gentoo, Oracle Linux, Mageia, Red Hat, Rocky Linux, SUSE, and Ubuntu
• MediaTek
• Mitsubishi Electric
• MongoDB
• Moxa
• Mozilla Thunderbird
• NVIDIA
• OPPO
• Palo Alto Networks
• Progress Software
• Qualcomm
• Ricoh
• Rsync
• Ruckus Wireless
• Samsung
• SAP
• Schneider Electric
• Siemens
• Splunk
• Supermicro
• Veeam
• WordPress
• Zimbra, and
• Zoom

Jul 08, 2025Ravie LakshmananMalware / Cybercrime

In yet another instance of threat actors repurposing legitimate tools for malicious purposes, it has been discovered that hackers are exploiting a popular red teaming tool called Shellter to distribute stealer malware.

The company behind the software said a company that had recently purchased Shellter Elite licenses leaked their copy, prompting malicious actors to weaponize the tool for infostealer campaigns. An update has since been released to plug the issue.

“Despite our rigorous vetting process – which has successfully prevented such incidents since the launch of Shellter Pro Plus in February 2023 – we now find ourselves addressing this unfortunate situation,” the Shellter Project Team said in a statement.

The response comes shortly after Elastic Security Labs released a report about how the commercial evasion framework is being abused in the wild since April 2025 to propagate Lumma Stealer, Rhadamanthys Stealer, and SectopRAT (aka ArechClient2).

Shellter is a potent tool that allows offensive security teams to bypass antivirus and endpoint detection and response (EDR) software installed on endpoints.

Elastic said it identified multiple financially motivated infostealer campaigns using SHELLTER to package payloads beginning late April 2025, with the activity leveraging Shellter Elite version 11.0 released on April 16, 2025.

“Shellter-protected samples commonly employ self-modifying shellcode with polymorphic obfuscation to embed themselves within legitimate programs,” the company said. “This combination of legitimate instructions and polymorphic code helps these files evade static detection and signatures, allowing them to remain undetected.”

It’s believed that some of the campaigns, including those delivering SectopRAT and Rhadamanthys Stealer, adopted the tool after version 11 went up for sale on a popular cybercrime forum in mid-May, using lures related to sponsorship opportunities targeting content creators as well as through YouTube videos claiming to offer gaming mods like Fortnite cheats.

The Lumma Stealer attack chains leveraging Shellter, on the other hand, are said to have been disseminated via payloads hosted on MediaFire in late April 2025.

With cracked versions of Cobalt Strike and Brute Ratel C4 previously finding their way to the hands of cybercriminals and nation-state actors, it wouldn’t be entirely a surprise if Shellter follows a similar trajectory.

“Despite the commercial OST community’s best efforts to retain their tools for legitimate purposes, mitigation methods are imperfect,” Elastic said. “Although the Shellter Project is a victim in this case through intellectual property loss and future development time, other participants in the security space must now contend with real threats wielding more capable tools.”

The Shellter Project, however, criticized Elastic for “prioritizing publicity over public safety” and for acting in a manner that it said was “reckless and unprofessional” by not notifying them quickly.

Jul 08, 2025Ravie LakshmananMalware / Mobile Security

Cybersecurity researchers have discovered an Android banking malware campaign that has leveraged a trojan named Anatsa to target users in North America using malicious apps published on Google’s official app marketplace.

The malware, disguised as a “PDF Update” to a document viewer app, has been caught serving a deceptive overlay when users attempt to access their banking application, claiming the service has been temporarily suspended as part of scheduled maintenance.

“This marks at least the third instance of Anatsa focusing its operations on mobile banking customers in the United States and Canada,” Dutch mobile security company ThreatFabric said in a report shared with The Hacker News. “As with previous campaigns, Anatsa is being distributed via the official Google Play Store.”

Anatsa, also referred to as TeaBot and Toddler, has been known to be active since at least 2020, typically delivered to victims via dropper apps.

Early last year, Anatsa was found to have targeted Android device users in Slovakia, Slovenia, and Czechia by first uploading benign apps masquerading as PDF readers and phone cleaners to the Play Store and then introducing malicious code a week after release.

Like other Android banking trojans, Anatsa is capable of providing its operators with features designed to steal credentials through overlay and keylogging attacks, and conduct Device-Takeover Fraud (DTO) to initiate fraudulent transactions from victim’s devices.

ThreatFabric said Anatsa campaigns follow a predictable, but well-oiled, process that involves establishing a developer profile on the app store and then publishing a legitimate app that works as advertised.

“Once the application gains a substantial user base – often in the thousands or tens of thousands of downloads – an update is deployed, embedding malicious code into the app,” the company said. “This embedded code downloads and installs Anatsa on the device as a separate application.”

The malware then receives a dynamic list of targeted financial and banking institutions from an external server, enabling the attackers to perform credential theft for account takeover, keylogging, or fully automated transactions using DTO.

A crucial factor that allows Anatsa to evade detection as well as maintain a high success rate is its cyclical nature where the attacks are interspersed by periods of no activity.

The newly discovered app targeting North American audiences masquerades as a Document Viewer (APK package name: “com.stellarastra.maintainer.astracontrol_managerreadercleaner”) and is published by a developer named “Hybrid Cars Simulator, Drift & Racing.” Both the app and the associated developer account are no longer accessible on the Play Store.

Statistics from Sensor Tower show that the app was first published on May 7, 2025, reaching the fourth spot in the “Top Free – Tools” category on June 29, 2025. It’s estimated to have been downloaded around 90,000 times.

“This dropper followed Anatsa’s established modus operandi: initially launched as a legitimate app, it was transformed into a malicious one approximately six weeks after release,” ThreatFabric said. “The distribution window for this campaign was short yet impactful, running from 24 to 30 June.”

The Anatsa variant, per the company, is also configured to target a broader set of banking apps in the United States, reflective of the malware’s increasing focus on exploiting financial entities in the region.

Another clever feature incorporated into the malware is its ability to display a fake maintenance notice when trying to access the target banking application. This tactic not only conceals the malicious activity occurring within the app, but also prevents customers from contacting the bank’s support team, thereby delaying detection of financial fraud.

“The latest operation not only broadened its reach but also relied on well-established tactics aimed at financial institutions in the region,” ThreatFabric said. “Organizations in the financial sector are encouraged to review the provided intelligence and assess any potential risks or impacts on their customers and systems.”