Author: Mark

Cybersecurity researchers have uncovered critical remote code execution vulnerabilities impacting major artificial intelligence (AI) inference engines, including those from Meta, Nvidia, Microsoft, and open-source PyTorch projects such as vLLM and SGLang.

“These vulnerabilities all traced back to the same root cause: the overlooked unsafe use of ZeroMQ (ZMQ) and Python’s pickle deserialization,” Oligo Security researcher Avi Lumelsky said in a report published Thursday.

At its core, the issue stems from what has been described as a pattern called ShadowMQ, in which the insecure deserialization logic has propagated to several projects as a result of code reuse.

The root cause is a vulnerability in Meta’s Llama large language model (LLM) framework (CVE-2024-50050, CVSS score: 6.3/9.3) that was patched by the company last October. Specifically, it involved the use of ZeroMQ’s recv_pyobj() method to deserialize incoming data using Python’s pickle module.

This, coupled with the fact that the framework exposed the ZeroMQ socket over the network, opened the door to a scenario where an attacker can execute arbitrary code by sending malicious data for deserialization. The issue has also been addressed in the pyzmq Python library.

Oligo has since discovered the same pattern recurring in other inference frameworks, such as NVIDIA TensorRT-LLM, Microsoft Sarathi-Serve, Modular Max Server, vLLM, and SGLang.

“All contained nearly identical unsafe patterns: pickle deserialization over unauthenticated ZMQ TCP sockets,” Lumelsky said. “Different maintainers and projects maintained by different companies – all made the same mistake.”

Tracing the origins of the problem, Oligo found that in at least a few cases, it was the result of a direct copy-paste of code. For example, the vulnerable file in SGLang says it’s adapted by vLLM, while Modular Max Server has borrowed the same logic from both vLLM and SGLang, effectively perpetuating the same flaw across codebases.

The issues have been assigned the following identifiers –

• CVE-2025-30165 (CVSS score: 8.0) – vLLM (While the issue is not fixed, it has been addressed by switching to the V1 engine by default)
• CVE-2025-23254 (CVSS score: 8.8) – NVIDIA TensorRT-LLM (Fixed in version 0.18.2)
• CVE-2025-60455 (CVSS score: N/A) – Modular Max Server (Fixed)
• Sarathi-Serve (Remains unpatched)
• SGLang (Implemented incomplete fixes)

With inference engines acting as a crucial component within AI infrastructures, a successful compromise of a single node could permit an attacker to execute arbitrary code on the cluster, escalate privileges, conduct model theft, and even drop malicious payloads like cryptocurrency miners for financial gain.

“Projects are moving at incredible speed, and it’s common to borrow architectural components from peers,” Lumelsky said. “But when code reuse includes unsafe patterns, the consequences ripple outward fast.”

The disclosure comes as a new report from AI security platform Knostic has found that it’s possible to compromise Cursor’s new built-in browser via JavaScript injection techniques, not to mention leverage a malicious extension to facilitate JavaScript injection in order to take control of the developer workstation.

The first attack involves registering a rogue local Model Context Protocol (MCP) server that bypasses Cursor’s controls to allow an attacker to replace the login pages within the browser with a bogus page that harvests credentials and exfiltrates them to a remote server under their control.

“Once a user downloaded the MCP server and ran it, using an mcp.json file within Cursor, it injected code into Cursor’s browser that led the user to a fake login page, which stole their credentials and sent them to a remote server,” security researcher Dor Munis said.

Given that the AI-powered source code editor is essentially a fork of Visual Studio Code, a bad actor could also craft a malicious extension to inject JavaScript into the running IDE to execute arbitrary actions, including marking harmless Open VSX extensions as “malicious.”

“JavaScript running inside the Node.js interpreter, whether introduced by an extension, an MCP server, or a poisoned prompt or rule, immediately inherits the IDE’s privileges: full file-system access, the ability to modify or replace IDE functions (including installed extensions), and the ability to persist code that reattaches after a restart,” the company said.

“Once interpreter-level execution is available, an attacker can turn the IDE into a malware distribution and exfiltration platform.”

To counter these risks, it’s essential that users disable Auto-Run features in their IDEs, vet extensions, install MCP servers from trusted developers and repositories, check what data and APIs the servers access, use API keys with minimal required permissions, and audit MCP server source code for critical integrations.

The Iranian state-sponsored threat actor known as APT42 has been observed targeting individuals and organizations that are of interest to the Islamic Revolutionary Guard Corps (IRGC) as part of a new espionage-focused campaign.

The activity, detected in early September 2025 and assessed to be ongoing, has been codenamed SpearSpecter by the Israel National Digital Agency (INDA).

“The campaign has systematically targeted high-value senior defense and government officials using personalized social engineering tactics,” INDA researchers Shimi Cohen, Adi Pick, Idan Beit-Yosef, Hila David, and Yaniv Goldman said. “These include inviting targets to prestigious conferences or arranging significant meetings.”

What’s notable about the effort is that it also extends to the targets’ family members, creating a broader attack surface that exerts more pressure on the primary targets.

APT42 was first publicly documented in late 2022 by Google Mandiant, detailing its overlaps with another IRGC threat cluster tracked as APT35, CALANQUE, Charming Kitten, CharmingCypress, Cobalt Illusion, Educated Manticore, GreenCharlie, ITG18, Magic Hound, Mint Sandstorm (formerly Phosphorus), TA453, and Yellow Garuda.

One of the group’s hallmarks is its ability to mount convincing social engineering campaigns that can run for days or weeks in an effort build trust with the targets, in some cases masquerading as known contacts to create an illusion of authenticity, before sending a malicious payload or tricking them into clicking on booby-trapped links.

As recently as June 2025, Check Point detailed an attack wave in which the threat actors approached Israeli technology and cyber security professionals by posing as technology executives or researchers in emails and WhatsApp messages.

Goldman told The Hacker News that SpearSpecter and the June 2025 campaign are distinct and have been undertaken by two different sub-groups within APT42.

“While our campaign was carried out by cluster D of APT42 (which focuses more on malware-based operations), the campaign detailed by Check Point was carried out by cluster B of the same group (which focuses more on credential harvesting),” Goldman added.

INDA said SpearSpecter is flexible in that the adversary tweaks its approach based on the value of the target and operational objectives. In one set of attacks, victims are redirected to bogus meeting pages that are designed to capture their credentials. On the other hand, if the end goal is persistent long-term access, the attacks lead to the deployment of a known PowerShell backdoor dubbed TAMECAT that has been repeatedly put to use in recent years.

To that end, the attack chains involve impersonating trusted WhatsApp contacts to send a malicious link to a supposed required document for an upcoming meeting or conference. When the link is clicked, it initiates a redirect chain to serve a WebDAV-hosted Windows shortcut (LNK) masquerading as a PDF file by taking advantage of the “search-ms:” protocol handler.

The LNK file, for its part, establishes contact with a Cloudflare Workers subdomain to retrieve a batch script that functions as a loader for TAMECAT, which, in turn, employs various modular components to facilitate data exfiltration and remote control.

The PowerShell framework uses three distinct channels, viz., HTTPS, Discord, and Telegram, for command-and-control (C2), suggesting the threat actor’s goal of maintaining persistent access to compromised hosts even if one pathway gets detected and blocked.

For Telegram-based C2, TAMECAT listens for incoming commands from an attacker-controlled Telegram bot, based on which it fetches and executes additional PowerShell code from different Cloudflare Workers subdomains. In the case of Discord, a webhook URL is used to send basic system information and get commands in return from a hard-coded channel.

“Analysis of accounts recovered from the actor’s Discord server suggests the command lookup logic relies on messages from a specific user, allowing the actor to deliver unique commands to individual infected hosts while using the same channel to coordinate multiple attacks, effectively creating a collaborative workspace on a single infrastructure,” INDA researchers said.

Furthermore, TAMECAT comes equipped with features to conduct reconnaissance, harvest files matching a certain extensions, steal data from web browsers like Google Chrome and Microsoft Edge, collect Outlook mailboxes, and take screenshots at 15-second intervals. The data is exfiltrated over HTTPS or FTP.

It also adopts a variety of stealthy techniques to evade detection and resist analysis efforts. These include encrypting telemetry and controller payloads, source code obfuscation, using living-off-the-land binaries (LOLBins) to hide malicious activities, and operating mostly in memory, thereby leaving little traces on disk.

“The SpearSpecter campaign’s infrastructure reflects a sophisticated blend of agility, stealth, and operational security designed to sustain prolonged espionage against high-value targets,” INDA said. “operators leverage a multifaceted infrastructure that combines legitimate cloud services with attacker-controlled resources, enabling seamless initial access, persistent command-and-control (C2), and covert data exfiltration.”

Key Takeaways:

• 85 active ransomware and extortion groups observed in Q3 2025, reflecting the most decentralized ransomware ecosystem to date.
• 1,590 victims disclosed across 85 leak sites, showing high, sustained activity despite law-enforcement pressure.
• 14 new ransomware brands launched this quarter, proving how quickly affiliates reconstitute after takedowns.
• LockBit’s reappearance with version 5.0 signals potential re-centralization after months of fragmentation.

In Q3 2025, Check Point Research recorded a record 85 active ransomware and extortion groups, the highest ever observed. What was once a concentrated market dominated by a few ransomware-as-a-service (RaaS) giants has splintered into dozens of smaller, short-lived operations.

This proliferation of leak sites represents a fundamental structural shift. The same enforcement and market pressures that disrupted large RaaS groups have fueled a wave of opportunistic, decentralized actors, many run by former affiliates now operating independently.

Read the full Q3 2025 Ransomware Report

A Record 85 Active Groups

Across more than 85 monitored leak sites, ransomware operators published:

• 1,592 new victims in Q3 2025.
• An average of 535 disclosures per month.
• A major power shift: the top ten groups accounted for just 56% of victims, down from 71% earlier this year.

Smaller actors are now posting fewer than ten victims each, reflecting a rise in independent operations outside traditional RaaS hierarchies. Many emerged from the collapse of RansomHub, 8Base, and BianLian. Fourteen new groups began publishing in Q3 alone, bringing the 2025 total to 45.

Fragmentation at this level erodes predictability, once the cyber security professional’s advantage. When large RaaS brands dominated, security teams could track affiliate behaviors and infrastructure reuse. Now, dozens of ephemeral leak sites make attribution fleeting and reputation-based intelligence far less reliable.

Share of total victims by top 10 ransomware groups, Q1–Q3 2025

Read the full Q3 2025 Ransomware Report.

In September 2025, LockBit 5.0 marked the return of one of cybercrime’s most enduring brands.

Its administrator, LockBitSupp, had teased a comeback for months following the 2024 takedown under Operation Cronos. The new version delivers:

• Updated Windows, Linux, and ESXi variants.
• Faster encryption and improved evasion.
• Unique negotiation portals per victim.

At least a dozen victims were hit in the first month. The campaign demonstrates renewed affiliate confidence and technical maturity.

For attackers, joining a recognizable brand like LockBit brings something smaller crews cannot offer: reputation. Victims are more likely to pay when they believe they will actually receive decryption keys, trust that large RaaS programs carefully maintain.

If LockBit succeeds in attracting affiliates seeking structure and credibility, it could recentralize a significant portion of the ransomware economy. Centralization has a dual effect. It makes tracking easier but increases the potential scale of coordinated attacks.

LockBit 5.0 ransom note from an attack

DragonForce and the Performance of Power

DragonForce illustrates another survival strategy: visibility through branding. In September, the group publicly claimed coalitions with both LockBit and Qilin on underground forums. No shared infrastructure has been verified, and the alliances appear more symbolic than operational.

Still, these moves highlight ransomware’s evolution toward corporate-style marketing. DragonForce promotes itself with:

• Affiliate partnership announcements.
• Data-audit services to analyze stolen data and improve extortion leverage.
• Public relations aimed at projecting strength and reliability.

The group’s messaging reflects a competitive marketplace where image and credibility are as valuable as encryption speed.

DragonForce audit example

Geographic and Industry Trends

Global targeting in Q3 2025 largely mirrored previous quarters but with distinct regional and sector shifts.

• The United States accounted for about half of all reported victims, continuing to be the prime target for financially motivated actors.
• South Korea entered the global top ten for the first time, almost entirely due to Qilin’s focused campaign against financial firms.
• Europe remained highly active, with Germany and the United Kingdom seeing sustained pressure from Safepay and INC Ransom.

Read the full Q3 2025 Ransomware Report

On the industrial side:

• Manufacturing and business services each represented about 10 percent of recorded cases.
• Healthcare held steady at 8 percent, though some groups such as Play avoid the sector to reduce scrutiny.

These shifts show how ransomware is guided by business logic more than ideology. Actors pursue sectors and regions with high-value data and low tolerance for downtime.

The Road Ahead

Q3 2025 confirms ransomware’s structural resilience. Enforcement and market pressure no longer suppress overall volume; they simply reshape the landscape. Each takedown disperses actors who quickly resurface under new names or join emerging collectives.

LockBit’s return adds another layer of complexity, raising the question of whether ransomware is entering a new consolidation cycle. If LockBit re-establishes dominance, it may restore some predictability but also re-enable large-scale, coordinated campaigns that smaller crews cannot execute.

For cyber security professionals, the takeaway is clear. Tracking brands is no longer enough. Analysts must monitor affiliate mobility, infrastructure overlap, and economic incentives — the underlying forces that sustain ransomware even as its faces fragment.

🔗 Read the full Q3 2025 Ransomware Report →

Nov 14, 2025Ravie LakshmananThreat Intelligence / Vulnerability

Cybersecurity researchers are sounding the alert about an authentication bypass vulnerability in Fortinet Fortiweb WAF that could allow an attacker to take over admin accounts and completely compromise a device.

“The watchTowr team is seeing active, indiscriminate in-the-wild exploitation of what appears to be a silently patched vulnerability in Fortinet’s FortiWeb product,” Benjamin Harris, watchTowr CEO and founder, said in a statement.

“Patched in version 8.0.2, the vulnerability allows attackers to perform actions as a privileged user – with in-the-wild exploitation focusing on adding a new administrator account as a basic persistence mechanism for the attackers.”

The cybersecurity company said it was able to successfully reproduce the vulnerability and create a working proof-of-concept (Poc). It has also released an artifact generator tool for the authentication bypass to help identify susceptible devices.

According to details shared by Defused and security researcher Daniel Card of PwnDefend, the threat actor behind the exploitation has been found to send a payload to the “/api/v2.0/cmdb/system/admin%3F/../../../../../cgi-bin/fwbcgi” by means of an HTTP POST request to create an admin account.

Some of the admin usernames and passwords created by the payloads detected in the wild are below –

• Testpoint / AFodIUU3Sszp5
• trader1 / 3eMIXX43
• trader / 3eMIXX43
• test1234point / AFT3$tH4ck
• Testpoint / AFT3$tH4ck
• Testpoint / AFT3$tH4ckmet0d4yaga!n

The origins and identity of the threat actor behind the attacks remain unknown. The exploitation activity was first detected early last month. As of writing, Fortinet has not assigned a CVE identifier or published an advisory on its PSIRT feed.

The Hacker News has reached out to Fortinet for comment, and we will update the story if we hear back.

Rapid7, which is urging organizations running versions of Fortinet FortiWeb that predate 8.0.2 to address the vulnerability on an emergency basis, said it observed an alleged zero-day exploit targeting FortiWeb was published for sale on a popular black hat forum on November 6, 2025. It’s currently not clear if it’s the same exploit.

“While we wait for a comment from Fortinet, users and enterprises are now facing a familiar process now: look for trivial signs of prior compromise, reach out to Fortinet for more information, and apply patches if you haven’t already,” Harris said. “That said, given the indiscriminate exploitation observed […], appliances that remain unpatched are likely already compromised.”

State-sponsored threat actors from China used artificial intelligence (AI) technology developed by Anthropic to orchestrate automated cyber attacks as part of a “highly sophisticated espionage campaign” in mid-September 2025.

“The attackers used AI’s ‘agentic’ capabilities to an unprecedented degree – using AI not just as an advisor, but to execute the cyber attacks themselves,” the AI upstart said.

The activity is assessed to have manipulated Claude Code, Anthropic’s AI coding tool, to attempt to break into about 30 global targets spanning large tech companies, financial institutions, chemical manufacturing companies, and government agencies. A subset of these intrusions succeeded. Anthropic has since banned the relevant accounts and enforced defensive mechanisms to flag such attacks.

The campaign, GTG-1002, marks the first time a threat actor has leveraged AI to conduct a “large-scale cyber attack” without major human intervention and for intelligence collection by striking high-value targets, indicating continued evolution in adversarial use of the technology.

Describing the operation as well-resourced and professionally coordinated, Anthropic said the threat actor turned Claude into an “autonomous cyber attack agent” to support various stages of the attack lifecycle, including reconnaissance, vulnerability discovery, exploitation, lateral movement, credential harvesting, data analysis, and exfiltration.

Specifically, it involved the use of Claude Code and Model Context Protocol (MCP) tools, with the former acting as the central nervous system to process the human operators’ instructions and break down the multi-stage attack into small technical tasks that can be offloaded to sub-agents.

“The human operator tasked instances of Claude Code to operate in groups as autonomous penetration testing orchestrators and agents, with the threat actor able to leverage AI to execute 80-90% of tactical operations independently at physically impossible request rates,” the company added. “Human responsibilities centered on campaign initialization and authorization decisions at critical escalation points.”

Human involvement also occurred at strategic junctures, such as authorizing progression from reconnaissance to active exploitation, approving use of harvested credentials for lateral movement, and making final decisions about data exfiltration scope and retention.

The system is part of an attack framework that accepts as input a target of interest from a human operator and then leverages the power of MCP to conduct reconnaissance and attack surface mapping. In the next phases of the attack, the Claude-based framework facilitates vulnerability discovery and validates discovered flaws by generating tailored attack payloads.

Upon obtaining approval from human operators, the system proceeds to deploy the exploit and obtain a foothold, and initiate a series of post-exploitation activities involving credential harvesting, lateral movement, data collection, and extraction.

În one case targeting an unnamed technology company, the threat actor is said to have instructed Claude to independently query databases and systems and parse results to flag proprietary information and group findings by intelligence value. What’s more, Anthropic said its AI tool generated detailed attack documentation at all phases, allowing the threat actors to likely hand off persistent access to additional teams for long-term operations after the initial wave.

“By presenting these tasks to Claude as routine technical requests through carefully crafted prompts and established personas, the threat actor was able to induce Claude to execute individual components of attack chains without access to the broader malicious context,” per the report.

There is no evidence that the operational infrastructure enabled custom malware development. Rather, it has been found to rely extensively on publicly available network scanners, database exploitation frameworks, password crackers, and binary analysis suites.

However, investigation into the activity has also uncovered a crucial limitation of AI tools: Their tendency to hallucinate and fabricate data during autonomous operations — cooking up fake credentials or presenting publicly available information as critical discoveries – thereby posing major roadblocks to the overall effectiveness of the scheme.

The disclosure comes nearly four months after Anthropic disrupted another sophisticated operation that weaponized Claude to conduct large-scale theft and extortion of personal data in July 2025. Over the past two months, OpenAI and Google have also disclosed attacks mounted by threat actors leveraging ChatGPT and Gemini, respectively.

“This campaign demonstrates that the barriers to performing sophisticated cyberattacks have dropped substantially,” the company said.

“Threat actors can now use agentic AI systems to do the work of entire teams of experienced hackers with the right set up, analyzing target systems, producing exploit code, and scanning vast datasets of stolen information more efficiently than any human operator. Less experienced and less resourced groups can now potentially perform large-scale attacks of this nature.”

Nov 14, 2025Ravie LakshmananThreat Intelligence / Vulnerability

Cybersecurity researchers are sounding the alert about an authentication bypass vulnerability in Fortinet Fortiweb WAF that could allow an attacker to take over admin accounts and completely compromise a device.

“The watchTowr team is seeing active, indiscriminate in-the-wild exploitation of what appears to be a silently patched vulnerability in Fortinet’s FortiWeb product,” Benjamin Harris, watchTowr CEO and founder, said in a statement.

“Patched in version 8.0.2, the vulnerability allows attackers to perform actions as a privileged user – with in-the-wild exploitation focusing on adding a new administrator account as a basic persistence mechanism for the attackers.”

The cybersecurity company said it was able to successfully reproduce the vulnerability and create a working proof-of-concept (Poc). It has also released an artifact generator tool for the authentication bypass to help identify susceptible devices.

According to details shared by Defused and security researcher Daniel Card of PwnDefend, the threat actor behind the exploitation has been found to send a payload to the “/api/v2.0/cmdb/system/admin%3F/../../../../../cgi-bin/fwbcgi” by means of an HTTP POST request to create an admin account.

Some of the admin usernames and passwords created by the payloads detected in the wild are below –

• Testpoint / AFodIUU3Sszp5
• trader1 / 3eMIXX43
• trader / 3eMIXX43
• test1234point / AFT3$tH4ck
• Testpoint / AFT3$tH4ck
• Testpoint / AFT3$tH4ckmet0d4yaga!n

The origins and identity of the threat actor behind the attacks remain unknown. The exploitation activity was first detected early last month. As of writing, Fortinet has not assigned a CVE identifier or published an advisory on its PSIRT feed.

The Hacker News has reached out to Fortinet for comment, and we will update the story if we hear back.

Rapid7, which is urging organizations running versions of Fortinet FortiWeb that predate 8.0.2 to address the vulnerability on an emergency basis, said it observed an alleged zero-day exploit targeting FortiWeb was published for sale on a popular black hat forum on November 6, 2025. It’s currently not clear if it’s the same exploit.

“While we wait for a comment from Fortinet, users and enterprises are now facing a familiar process now: look for trivial signs of prior compromise, reach out to Fortinet for more information, and apply patches if you haven’t already,” Harris said. “That said, given the indiscriminate exploitation observed […], appliances that remain unpatched are likely already compromised.”

A Russian-speaking threat behind an ongoing, mass phishing campaign has registered more than 4,300 domain names since the start of the year.

The activity, per Netcraft security researcher Andrew Brandt, is designed to target customers of the hospitality industry, specifically hotel guests who may have travel reservations with spam emails. The campaign is said to have begun in earnest around February 2025.

Of the 4,344 domains tied to the attack, 685 domains contain the name “Booking”, followed by 18 with “Expedia,” 13 with “Agoda,” and 12 with “Airbnb,” indicating an attempt to target all popular booking and rental platforms.

“The ongoing campaign employs a sophisticated phishing kit that customizes the page presented to the site visitor depending on a unique string in the URL path when the target first visits the website,” Brandt said. “The customizations use the logos from major online travel industry brands, including Airbnb and Booking.com.”

The attack begins with a phishing email urging recipients to click on a link to confirm their booking within the next 24 hours using a credit card. Should they take the bait, the victims are taken to a fake site instead after initiating a chain of redirects. These bogus sites follow consistent naming patterns for their domains, featuring phrases like confirmation, booking, guestcheck, cardverify, or reservation to give them an illusion of legitimacy.

The pages support 43 different languages, allowing the threat actors to cast a wide net. The page then instructs the victim to pay a deposit for their hotel reservation by entering their card information. In the event that any user directly attempts to access the page without a unique identifier called AD_CODE, they are greeted with a blank page. The bogus sites also feature a fake CAPTCHA check that mimics Cloudflare to deceive the target.

“After the initial visit, the AD_CODE value is written to a cookie, which ensures that subsequent pages present the same impersonated branding appearance to the site visitor as they click through pages,” Netcraft said. This also means that changing the “AD_CODE” value in the URL produces a page targeting a different hotel on the same booking platform.

As soon as the card details, along with the expiration data and CVV number, are entered, the page attempts to process a transaction in the background, while an “support chat” window appears on the screen with steps to complete a supposed “3D Secure verification for your credit card” to secure against fake bookings.

The identity of the threat group behind the campaign remains unknown, but the use of Russian for source code comments and debugger output either alludes to their provenance or is an attempt to cater to prospective customers of the phishing kit who may be looking to customize it to suit their needs.

The disclosure comes days after Sekoia warned of a large-scale phishing campaign targeting the hospitality industry that lures hotel managers to ClickFix-style pages and harvest their credentials by deploying malware like PureRAT and then approach hotel customers via WhatsApp or emails with their reservation details and confirm their booking by clicking on a link.

In recent weeks, large-scale phishing campaigns have also impersonated multiple brands like Microsoft, Adobe, WeTransfer, FedEx, and DHL to steal credentials by distributing HTML attachments through email. The embedded HTML files, once launched, display a fake login page while JavaScript code captures credentials entered by the victim and sends them directly to attacker-controlled Telegram bots, Cyble said.

The campaign has mainly targeted a wide range of organizations across Central and Eastern Europe, particularly in the Czech Republic, Slovakia, Hungary, and Germany.

“The attackers distribute phishing emails posing as legitimate customers or business partners, requesting quotations or invoice confirmations,” the company pointed out. “This regional focus is evident through targeted recipient domains belonging to local enterprises, distributors, government-linked entities, and hospitality firms that routinely process RFQs and supplier communications.”

Furthermore, phishing kits have been put to use in a large-scale campaign targeting customers of Aruba S.p.A, one of Italy’s largest web hosting and IT service providers, in a similar attempt to steal sensitive data and payment information.

The phishing kit is a “fully automated, multi-stage platform designed for efficiency and stealth,” Group-IB researchers Ivan Salipur and Federico Marazzi said. “It employs CAPTCHA filtering to evade security scans, pre-fills victim data to increase credibility, and uses Telegram bots to exfiltrate stolen credentials and payment information. Every function serves a single goal: industrial-scale credential theft.”

These findings exemplify the growing demand for phishing-as-a-service (PhaaS) offerings in the underground economy, enabling threat actors with little to no technical expertise to pull off attacks at scale.

“The automation observed in this particular kit exemplifies how phishing has become systematized – faster to deploy, harder to detect, and easier to replicate,” the Singaporean company added. “What once required technical expertise can now be executed at scale through pre-built, automated frameworks.”

Nov 13, 2025Ravie LakshmananBrowser Security / Threat Intelligence

Cybersecurity researchers have uncovered a malicious Chrome extension that poses as a legitimate Ethereum wallet but harbors functionality to exfiltrate users’ seed phrases.

The name of the extension is “Safery: Ethereum Wallet,” with the threat actor describing it as a “secure wallet for managing Ethereum cryptocurrency with flexible settings.” It was uploaded to the Chrome Web Store on September 29, 2025, and was updated as recently as November 12. It’s still available for download as of writing.

“Marketed as a simple, secure Ethereum (ETH) wallet, it contains a backdoor that exfiltrates seed phrases by encoding them into Sui addresses and broadcasting microtransactions from a threat actor-controlled Sui wallet,” Socket security researcher Kirill Boychenko said.

Specifically, the malware present within the browser add-on is designed to steal wallet mnemonic phrases by encoding them as fake Sui wallet addresses and then using micro-transactions to send 0.000001 SUI to those wallets from a hard-coded threat actor-controlled wallet.

The end goal of the malware is to smuggle the seed phrase inside normal looking blockchain transactions without the need for setting up a command-and-control (C2) server to receive the information. Once the transactions are complete, the threat actor can decode the recipient addresses to reconstruct the original seed phrase and ultimately drain assets from it.

“This extension steals wallet seed phrases by encoding them as fake Sui addresses and sending micro-transactions to them from an attacker-controlled wallet, allowing the attacker to monitor the blockchain, decode the addresses back to seed phrases, and drain victims’ funds,” Koi Security notes in an analysis.

To counter the risk posed by the threat, users are advised to stick to trusted wallet extensions. Defenders are recommended to scan extensions for mnemonic encoders, synthetic address generators, and hard-coded seed phrases, as well as block those that write on the chain during wallet import or creation.

“This technique lets threat actors switch chains and RPC endpoints with little effort, so detections that rely on domains, URLs, or specific extension IDs will miss it,” Boychenko said. “Treat unexpected blockchain RPC calls from the browser as high signal, especially when the product claims to be single chain.”

Nov 13, 2025Ravie LakshmananBotnet / Cybercrime

Malware families like Rhadamanthys Stealer, Venom RAT, and the Elysium botnet have been disrupted as part of a coordinated law enforcement operation led by Europol and Eurojust.

The activity, which is taking place between November 10 and 13, 2025, marks the latest phase of Operation Endgame, an ongoing operation designed to take down criminal infrastructures and combat ransomware enablers worldwide.

Besides dismantling the “three large cybercrime enablers,” authorities have also arrested the main suspect behind Venom RAT in Greece on November 3, more than 1,025 servers have been taken down, and 20 domains have been seized.

“The dismantled malware infrastructure consisted of hundreds of thousands of infected computers containing several million stolen credentials,” Europol said in a statement. “Many of the victims were not aware of the infection of their systems.”

It’s currently not clear if the Elysium botnet Europol refers to is the same proxy botnet service RHAD security (aka Mythical Origin Labs), the threat actor associated with Rhadamanthys, was observed advertising as recently as last month.

Europol also noted that the main suspect behind the infostealer had access to no less than 100,000 cryptocurrency wallets belonging to victims, potentially amounting to millions of euros.

A recent analysis published by Check Point revealed that the latest version of Rhadamanthys added support for collecting device and web browser fingerprints, along with incorporating several mechanisms to fly under the radar.

Authorities that participated in the effort included law enforcement agencies from Australia, Canada, Denmark, France, Germany, Greece, Lithuania, the Netherlands, and the U.S.

(This is a developing story. Please check back for more updates.)

The Race for Every New CVE

Based on multiple 2025 industry reports: roughly 50 to 61 percent of newly disclosed vulnerabilities saw exploit code weaponized within 48 hours. Using the CISA Known Exploited Vulnerabilities Catalog as a reference, hundreds of software flaws are now confirmed as actively targeted within days of public disclosure. Each new announcement now triggers a global race between attackers and defenders. Both sides monitor the same feeds, but one moves at machine speed while the other moves at human speed.

Major threat actors have fully industrialized their response. The moment a new vulnerability appears in public databases, automated scripts scrape, parse, and assess it for exploitation potential, and now these efforts are getting ever more streamlined through the use of AI. Meanwhile, IT and security teams often enter triage mode, reading advisories, classifying severity, and queuing updates for the next patch cycle. That delay is precisely the gap the adversaries exploit.

The traditional cadence of quarterly or even monthly patching is no longer sustainable. Attackers now weaponize critical vulnerabilities within hours of disclosure, long before organizations have even analyzed or validated them, and usually well before they have rolled out the fix.

The Exploitation Economy of Speed

Today’s threat ecosystem is built on automation and volume. Exploit brokers and affiliate groups operate as supply chains, each specializing in one part of the attack process. They use vulnerability feeds, open-source scanners, and fingerprinting tools to match new CVEs against exposed software targets. Many of these targets have already been identified, and these systems know in advance which targets are most likely to be susceptible to the impending attack. This is a game of quick draw, the fastest gun wins.

Research from Mandiant shows that exploitation often begins within 48 hours of public disclosure, in many organizations, IT operates on 8 hours a day, leaving the 32 hours in the attackers’ favor. This efficiency in operations illustrates how attackers have stripped almost every manual step from their workflow. Once a working exploit is confirmed, it’s packaged and shared within hours across dark web forums, internal channels, and malware kits.

Failure at Scale is Acceptable

Attackers also enjoy a luxury defenders can’t afford: failure. If they crash a thousand systems on the path to compromising a hundred, the effort is still a success. Their metrics are based on yield, not uptime. Defenders, on the other hand, must achieve near-perfect stability. A single failed update or service interruption can have a widespread impact and cause loss of customer trust. This imbalance allows adversaries to take reckless risks while defenders remain constrained, and that also helps keep the operational gap wide enough for consistent exploitation.

Flatten the Burnout Curve

Automation also reduces fatigue and error. Instead of chasing alerts, security teams define rules once, allowing systems to enforce them continuously. This shift turns cybersecurity into an adaptive, self-sustaining process instead of a cycle of manual triage and stitches. It takes less time to audit and review processes than it does to enact them in almost all cases.

This new class of attack automation systems do not sleep, they do not get tired, they do not care about any consequences of their actions. They are singularly focused on a goal, gain access to as many systems as they can. No matter how many people you throw at this problem, the problem festers between departments, policies, personalities, and egos. If you aim to combat a tireless machine, you need a tireless machine in your corner of the ring.

Changing What Can’t Be Automated

Even the most advanced tools cannot automate everything. Some workloads are too delicate or bound by strict compliance frameworks. But those exceptions should still be examined through a single lens: How can they be made more automatable, if not, at least more efficient?

That may mean standardizing configurations, segmenting legacy systems, or streamlining dependencies that slow patch workflows. Every manual step left in place represents time lost, and time is the one resource attackers exploit most effectively.

We have to look at defense strategies in depth to determine which decisions, policies, or approval processes are creating drag. If the chain of command or change management is slowing remediation, it may be time for sweeping policy changes designed to eliminate those bottlenecks. Defense automation should operate at a pace commensurate with attacker behavior, not for administrative convenience.

Accelerated Defense in Practice

Many forward-thinking enterprises have already adopted the principle of accelerated defense, combining automation, orchestration, and controlled rollback to maintain agility without introducing chaos.

Platforms such as Action1 facilitate this approach by enabling security teams to identify, deploy, and verify patches automatically across entire enterprise environments. This eliminates the manual steps that slow patch deployment and closes the gap between awareness and action. IF your policies are sound, your automation is sound, and your decisions are sound in practice because they are all agreed upon in advance.

By automating remediation and validation, Action1 and similar solutions exemplify what security at machine speed looks like: rapid, governed, and resilient. The objective isn’t simply automation, but policy-driven automation, where human judgment defines boundaries and technology executes instantly.

The Future Is Automated Defense

Both attackers and defenders draw from the same public data, but it is the automation built atop that data that decides who wins the race. Every hour between disclosure and remediation represents a potential compromise. Defenders cannot slow the pace of discovery, but they can close the gap through hardening, orchestration, and systemic automation. The future of cybersecurity belongs to those who make instant, informed action their standard operating mode, because in this race, the slowest responder is already compromised.

Key takeaways:

• No team of humans will ever be able to outpace the sheer speed and efficiency of the automated attack systems being built. More people lead to more decisions, delays, confusion, and margins for error. This is a firefight: you must use equal force, automate or lose.
• Threat actors are building fully automated attack pipelines in which new exploit code is simply fed to the system —or even developed by it —using AI. They work 24/7/365, they do not fatigue, they do not take breaks, they seek and destroy as a reason for existence until turned off or directed otherwise.
• Most mass threat actors operate on body count, not precision shots. They are not looking “for you” as much as they are looking for “Anyone”. Your scale and value mean nothing at the initial compromise phase, which is evaluated AFTER access is gained.
• Threat actors think nothing about using large volumes of their ill-gotten gains on new tech to further their offensive capabilities; to them, it is an investment. At the same time, the industry sees it as a drain on profits. The system attacking you involved many talented devs in its construction and maintenance, and budgets beyond the wildest dream of any defender. These are not hobby crooks, they are highly organized enterprises just as capable, and more willing to invest in the resources than the business sector is.

Here comes 2026. Is your network ready for it?

Note: This article was written and contributed by Gene Moody, Field CTO at Action1.