Author: Mark

Oct 01, 2025The Hacker NewsAttack Surface / Artificial Intelligence

Bitdefender’s 2025 Cybersecurity Assessment Report paints a sobering picture of today’s cyber defense landscape: mounting pressure to remain silent after breaches, a gap between leadership and frontline teams, and a growing urgency to shrink the enterprise attack surface.

The annual research combines insights from over 1,200 IT and security professionals across six countries, along with an analysis of 700,000 cyber incidents by Bitdefender Labs. The results reveal hard truths about how organizations are grappling with threats in an increasingly complex environment.

Breaches Swept Under the Rug

This year’s findings spotlight a disturbing trend: 58% of security professionals were told to keep a breach confidential, even when they believed disclosure was necessary. That’s a 38% jump since 2023, suggesting more organizations may be prioritizing optics over transparency.

The pressure is especially acute for CISOs and CIOs, who report higher levels of expectation to remain quiet compared to frontline staff. Such secrecy risks undermining stakeholder trust, compliance obligations, and long-term resilience.

Living-Off-the-Land Attacks Drive Attack Surface Focus

Bitdefender analyzed 700,000 high-severity attacks and found that 84% of high-severity attacks now now leverage legitimate tools already present inside environments — so-called Living Off the Land (LOTL) techniques. These tactics bypass traditional defenses, operate invisibly, and are increasingly used in targeted intrusions.

In response, 68% of surveyed organizations list attack surface reduction as a top priority, with the U.S. (75%) and Singapore (71%) leading adoption. Proactive hardening steps — disabling unnecessary services, eliminating unused applications, and reducing lateral movement paths — are quickly shifting from best practices to business imperatives.

AI: Perception vs. Reality

AI looms large in the minds of defenders, but perceptions don’t always align with on-the-ground reality.

• 67% believe AI-driven attacks are increasing
• 58% cite AI-powered malware as their top concern

Yet, the report shows that while AI-enhanced attacks are growing, fears may be outpacing actual prevalence. This gap underscores the need for a balanced approach: prepare for AI threats without losing sight of today’s highlights the need for a balanced approach: prepare for AI threats without losing sight of prevalent adversary tactics.

Leadership Disconnect Risks Slowdowns

Perhaps most concerning is the misalignment between executives and operational teams:

• 45% of C-level executives report being “very confident” in managing cyber risk
• Only 19% of mid-level managers agree

Strategic focus areas also diverge: executives prioritize AI adoption, while frontline managers place more urgency on cloud security and identity management. These disconnects can slow progress, dilute resources, and create blind spots that attackers exploit.

The Road Ahead

The findings converge on one message: cyber resilience demands preemptive strategies. That means:

• Actively reducing attack surfaces
• Streamlining security tools and complexity
• Addressing team burnout and the skills gap
• Closing the perception differences between leadership and the front-line

To explore additional findings, read the Bitdefender 2025 Cybersecurity Assessment report.

Oct 01, 2025Ravie LakshmananVulnerability / Malware

Unknown threat actors are abusing Milesight industrial cellular routers to send SMS messages as part of a smishing campaign targeting users in European countries since at least February 2022.

French cybersecurity company SEKOIA said the attackers are exploiting the cellular router’s API to send malicious SMS messages containing phishing URLs, with the campaigns primarily targeting Sweden, Italy, and Belgium using typosquatted URLs that impersonate government platforms like CSAM and eBox, as well as banking, postal, and telecom providers.

Of the 18,000 routers of this type accessible on the public internet, no less than 572 are assessed to be potentially vulnerable due to their exposing the inbox/outbox APIs. About half of the identified vulnerable routers are located in Europe.

“Moreover, the API enables retrieval of both incoming and outgoing SMS messages, which indicates that the vulnerability has been actively exploited to disseminate malicious SMS campaigns since at least February 2022,” the company said. “There is no evidence of any attempt to install backdoors or exploit other vulnerabilities on the device. This suggests a targeted approach, aligned specifically with the attacker’s smishing operations.”

It’s believed the attackers are exploiting a now-patched information disclosure flaw impacting Milesight routers (CVE-2023-43261, CVSS score: 7.5), which was disclosed by security researcher Bipin Jitiya exactly two years ago. Weeks later, VulnCheck revealed that the vulnerability may have been weaponized in the wild shortly following public disclosure.

Further investigation has revealed that some of the industrial routers expose SMS-related features, including sending messages or viewing SMS history, without requiring any form of authentication.

The attacks likely involve an initial validation phase where the threat actors attempt to verify whether a given router can send SMS messages by targeting a phone number under their control. SEKOIA further noted that the API could also be publicly accessible due to misconfigurations, given that a couple of routers have been found running more recent firmware versions that are not susceptible to CVE-2023-43261.

The phishing URLs distributed using this method include JavaScript that checks whether the page is being accessed from a mobile device before serving the malicious content, which, in turn, urges users to update their banking information for purported reimbursement.

What’s more, one of the domains used in the campaigns between January and April 2025 – jnsi[.]xyz – feature JavaScript code to disable right-click actions and browser debugging tools in an attempt to hinder analysis efforts. Some of the pages have also been found to log visitor connections to a Telegram bot named GroozaBot, which is operated by an actor named “Gro_oza,” who appears to speak both Arabic and French.

“The smishing campaigns appear to have been conducted through the exploitation of vulnerable cellular routers – a relatively unsophisticated, yet effective, delivery vector,” SEKOIA said. “These devices are particularly appealing to threat actors as they enable decentralised SMS distribution across multiple countries, complicating both detection and takedown efforts.”

A previously undocumented Android banking trojan called Klopatra has compromised over 3,000 devices, with a majority of the infections reported in Spain and Italy.

Italian fraud prevention firm Cleafy, which discovered the sophisticated malware and remote access trojan (RAT) in late August 2025, said it leverages Hidden Virtual Network Computing (VNC) for remote control of infected devices and dynamic overlays for facilitating credential theft, ultimately enabling fraudulent transactions.

“Klopatra represents a significant evolution in mobile malware sophistication,” security researchers Federico Valentini, Alessandro Strino, Simone Mattia, and Michele Roviello said. “It combines extensive use of native libraries with the integration of Virbox, a commercial-grade code protection suite, making it exceptionally difficult to detect and analyze.”

Evidence gathered from the malware’s command-and-control (C2) infrastructure and linguistic clues in the associated artifacts suggests that it is being operated by a Turkish-speaking criminal group as a private botnet, given the absence of a public malware-as-a-service (MaaS) offering. As many as 40 distinct builds have been discovered since March 2025.

Attack chains distributing Klopatra employ social engineering lures to trick victims into downloading dropper apps that masquerade as seemingly harmless tools, such as IPTV applications, allowing the threat actors to bypass security defences and completely take control of their mobile devices.

Offering the ability to access high-quality TV channels as a lure is a deliberate choice, as pirated streaming applications are popular among users, who are often willing to install such apps from untrusted sources, thus unwittingly infecting their phones in the process.

The dropper app, once installed, requests the user to grant it permissions to install packages from unknown sources. Upon obtaining this permission, the dropper extracts and installs the main Klopatra payload from a JSON Packer embedded within it. The banking trojan is no different from other malware of its kind, seeking permission to Android’s accessibility services to realize its goals.

While accessibility services is a legitimate framework designed to assist users with disabilities to interact with the Android device, it can be a potent weapon in the hands of bad actors, who can abuse it to read contents of the screen, record keystrokes, and perform actions on behalf of the user to conduct fraudulent transactions in an autonomous manner.

“What elevates Klopatra above the typical mobile threat is its advanced architecture, built for stealth and resilience,” Cleafy said. “The malware authors have integrated Virbox, a commercial-grade code protection tool rarely seen in the Android threat landscape. This, combined with a strategic shift of core functionalities from Java to native libraries, creates a formidable defensive layer.”

“This design choice drastically reduces its visibility to traditional analysis frameworks and security solutions, applying extensive code obfuscation, anti-debugging mechanisms, and runtime integrity checks to hinder analysis.”

Besides incorporating features to maximize evasion, resilience, and operational effectiveness, the malware provides operators with granular, real-time control over the infected device using VNC features that are capable of serving a black screen to conceal the malicious activity, such as executing banking transactions without their knowledge.

Klopatra also uses the accessibility services to grant itself additional permissions as required to prevent the malware from being terminated, and attempts to uninstall any hard-coded antivirus apps already installed on the device. Furthermore, it can launch fake overlay login screens atop financial and cryptocurrency apps to siphon credentials. These overlays are delivered dynamically from the C2 server when the victim opens one of the targeted apps.

It’s said the human operator actively engages in fraud attempts over what’s described as a “carefully orchestrated sequence” that involves first checking if the device is charging, the screen is off, and is currently not being actively used.

If these conditions are met, a command is issued to reduce the screen brightness to zero and display a black overlay, giving the impression to the victim that the device is inactive and off. In the background, however, the threat actors use the device PIN or pattern previously stolen to gain unauthorized access, launch the targeted banking app, and drain the funds through multiple instant bank transfers.

The findings show that although Klopatra doesn’t try to reinvent the wheel, it poses a serious threat to the financial sector owing to a technically advanced assemblage of features to obfuscate its true nature.

“Klopatra marks a significant step in the professionalization of mobile malware, demonstrating a clear trend of threat actors adopting commercial-grade protections to maximize the lifespan and profitability of their operations,” the company said.

“The operators show a clear preference for conducting their attacks during the night. This timing is strategic: the victim is likely asleep, and their device is often left charging, ensuring it remains powered on and connected. This provides the perfect window for the attacker to operate undetected.”

The development comes a day after ThreatFabric flagged a previously undocumented Android banking trojan called Datzbro that can conduct device takeover (DTO) attacks and perform fraudulent transactions by preying on the elderly.

Oct 01, 2025Ravie LakshmananMalware / Incident Response

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of new targeted cyber attacks in the country using a backdoor called CABINETRAT.

The activity, observed in September 2025, has been attributed to a threat cluster it tracks as UAC-0245. The agency said it spotted the attack following the discovery of software tools taking the form of XLL files, which refer to Microsoft Excel add-ins that are typically used to extend the functionality of Excel with custom functions.

Further investigation has uncovered that the XLL files are distributed within ZIP archives shared on the Signal messaging app, disguised as a document concerning the detention of individuals who had attempted to cross the Ukrainian border.

The XLL, once launched, is designed to create a number of executables on the compromised host, namely an EXE file in the Startup folder, an XLL file named “BasicExcelMath.xll” in the “%APPDATA%MicrosoftExcelXLSTART” directory, and a PNG image named “Office.png.”

Windows Registry modifications are done to ensure persistence of the executable, after which it launches the Excel application (“excel.exe”) with the “/e” (“/embed”) parameter in hidden mode in order to ultimately run the XLL add-in. The main purpose of the XLL is to parse and extract from the PNG file shellcode that’s classified as CABINETRAT.

Both the XLL payload and the shellcode come with a number of anti-VM and anti-analysis procedures to evade detection, including checking for at least two processor cores and at least 3GB of RAM, and the presence of tools like VMware, VirtualBox, Xen, QEMU, Parallels, and Hyper-V.

A full-fledged backdoor written in the C programming language, CABINETRAT is mainly designed to gather system information, a list of installed programs, screenshots, as well as enumerate directory contents, deleting specific files or directories, running commands, and carrying out file uploads/downloads. It communicates with a remote server over a TCP connection.

The disclosure comes days after Fortinet FortiGuard Labs warned of attacks targeting Ukraine by impersonating the National Police of Ukraine in a fileless phishing campaign that delivers Amatera Stealer and PureMiner for harvesting sensitive data and mining cryptocurrency from targeted systems.

A group of academics from KU Leuven and the University of Birmingham has demonstrated a new vulnerability called Battering RAM to bypass the latest defenses on Intel and AMD cloud processors.

“We built a simple, $50 interposer that sits quietly in the memory path, behaving transparently during startup and passing all trust checks,” researchers Jesse De Meulemeester, David Oswald, Ingrid Verbauwhede, and Jo Van Bulck said on a website publicizing the findings. “Later, with just a flip of a switch, our interposer turns malicious and silently redirects protected addresses to attacker-controlled locations, allowing corruption or replay of encrypted memory.”

Battering RAM compromises Intel’s Software Guard Extensions (SGX) and AMD’s Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP) hardware security features, which ensure that customer data remains encrypted in memory and protected during use.

It affects all systems using DDR4 memory, specifically those relying on confidential computing workloads running in public cloud environments to secure data from the cloud service provider using hardware-level access control and memory encryption.

The attack, in a nutshell, involves leveraging a custom-built, low-cost DDR4 interposer hardware hack to stealthily redirect physical addresses and gain unauthorized access to protected memory regions. The interposer makes use of simple analog switches to actively manipulate signals between the processor and memory, and can be built for less than $50.

On Intel platforms, Battering RAM achieves arbitrary read access to victim plaintext or write plaintext into victim enclaves, whereas on AMD systems, the attack can be used to sidestep recent firmware mitigations against BadRAM, which was documented by the researchers back in December 2024, and introduce arbitrary backdoors into the virtual machine without raising any suspicion.

Successful exploitation of the vulnerability can allow a rogue cloud infrastructure provider or insider with limited physical access to compromise remote attestation and enable the insertion of arbitrary backdoors into protected workloads.

The vulnerability was reported to the vendors earlier this year, following which Intel, AMD, and Arm responded that physical attacks are currently considered out of scope. However, defending against Battering RAM would require a fundamental redesign of memory encryption itself, the researchers noted.

“Battering RAM exposes the fundamental limits of the scalable memory encryption designs currently used by Intel and AMD, which omit cryptographic freshness checks in favor of larger protected memory sizes,” they added. “Battering RAM […] is capable of introducing memory aliases dynamically at runtime. As a result, Battering RAM can circumvent Intel’s and AMD’s boot-time alias checks.”

The disclosure comes as AMD released mitigations for attacks dubbed Heracles and Relocate-Vote disclosed by the University of Toronto and ETH Zürich, respectively, that can leak sensitive data from cloud environments and confidential virtual machines that rely on AMD’s SEV-SNP technology by means of a malicious hypervisor.

“The system lets the hypervisor move data around to manage memory efficiently,” David Lie, director of the Schwartz Reisman Institute (SRI) at the University of Toronto, said. “So when data is relocated, AMD’s hardware decrypts it from the old location and re-encrypts it for the new location. But, what we found was that by doing this over and over again, a malicious hypervisor can learn recurring patterns from within the data, which could lead to privacy breaches.”

Last month, ETH Zürich researchers also demonstrated that a CPU optimization known as the stack engine can be abused as a side channel for attacks that lead to information leakage. A proof-of-concept (PoC) has been developed for AMD Zen 5 machines, although it’s believed that all models have this “abusable hardware feature.”

The discovery of Battering RAM also follows a report from Vrije Universiteit Amsterdam researchers about a new, realistic attack technique referred to as L1TF Reloaded that combines L1 Terminal Fault (aka Foreshadow) and Half-Spectre gadgets (aka incomplete Spectre-like code patterns) to leak memory from virtual machines running on public cloud services.

“L1TF is a CPU vulnerability that allows an (attacker) VM to speculatively read any data residing in the (core-local) L1 data cache – including data the VM shouldn’t have access to,” VUSec researchers said. “At a high level, L1TF Reloaded abuses this to obtain an arbitrary RAM read primitive.”

Google, which provided the researchers with a sole-tenant node in order to conduct the research safely without potentially affecting any other customers, awarded a $151,515 bug bounty and “applied fixes to the affected assets.” Amazon said the L1TF Reloaded vulnerability does not impact the guest data of AWS customers running on the AWS Nitro System or Nitro Hypervisor.

Spectre, which first came to light in early 2018, continues to haunt modern CPUs, albeit in the form of different variants. As recently as two weeks ago, academics from ETH Zürich devised a new attack known as VMScape (CVE-2025-40300, CVSS score: 6.5) that breaks virtualization boundaries in AMD Zen CPUs and Intel Coffee Lake processors.

Described as a Spectre branch target injection (Spectre-BTI) attack targeting the cloud, it exploits isolation gaps across host and guest in user and supervisor modes to leak arbitrary memory from an unmodified QEMU process. A software fix has been introduced in the Linux kernel to counter the cross-virtualization BTI (vBTI) attack primitive.

“VMScape can leak the memory of the QEMU process at the rate of 32 B/s on AMD Zen 4,” the authors said in a study. “We use VMScape to find the location of secret data and leak the secret data, all within 772 s, extracting the cryptographic key used for disk encryption/decryption as an example.”

Sep 30, 2025Ravie LakshmananCyber Espionage / Malware

Government and telecommunications organizations across Africa, the Middle East, and Asia have emerged as the target of a previously undocumented China-aligned nation-state actor dubbed Phantom Taurus over the past two-and-a-half years.

“Phantom Taurus’ main focus areas include ministries of foreign affairs, embassies, geopolitical events, and military operations,” Palo Alto Networks Unit 42 researcher Lior Rochberger said. “The group’s primary objective is espionage. Its attacks demonstrate stealth, persistence, and an ability to quickly adapt their tactics, techniques, and procedures (TTPs).”

It’s worth pointing out that the hacking group was first detailed by the cybersecurity company back in June 2023 under the moniker CL-STA-0043. Then last May, the threat cluster was graduated to a temporary group, TGR-STA-0043, following revelations about its sustained cyber espionage efforts aimed at governmental entities since at least late 2022 as part of a campaign codenamed Operation Diplomatic Specter.

Unit 42 said its continued observation of the group yielded enough evidence to classify it as a new threat actor whose primary goal is to enable long-term intelligence collection and obtain confidential data from targets that are of strategic interest to China, both economically and geopolitically.

“The group takes an interest in diplomatic communications, defense-related intelligence and the operations of critical governmental ministries,” the company said. “The timing and scope of the group’s operations frequently coincide with major global events and regional security affairs.”

This aspect is particularly revealing, not least because other Chinese hacking groups have also embraced a similar approach. For instance, a new adversary tracked by Recorded Future as RedNovember is assessed to have targeted entities in Taiwan and Panama in close proximity to “geopolitical and military events of key strategic interest to China.”

Phantom Taurus’ modus operandi also stands out due to the use of custom-developed tools and techniques rarely observed in the threat landscape. This includes a never-before-seen bespoke malware suite dubbed NET-STAR. Developed in .NET, the program is designed to target Internet Information Services (IIS) web servers.

That said, the hacking crew has relied on shared operational infrastructure that has been previously employed by groups like AT27 (aka Iron Taurus), APT41 (aka Starchy Taurus or Winnti), and Mustang Panda (aka Stately Taurus). Conversely, the infrastructure components used by the threat actor have not been detected in operations carried out by others, indicating some sort of “operational compartmentalization” within the shared ecosystem.

The exact initial access vector is not clear, but prior intrusions have weaponized vulnerable on-premises Internet Information Services (IIS) and Microsoft Exchange servers, abusing flaws like ProxyLogon and ProxyShell, to infiltrate target networks.

Another significant facet of the attacks is the shift from gathering emails to the direct targeting of databases using a batch script that makes it possible to connect to an SQL Server database, export the results in the form of a CSV file, and terminate the connection. The script is executed using the Windows Management Instrumentation (WMI) infrastructure.

Unit 42 said the threat actor used this method to methodically search for documents of interest and information related to specific countries such as Afghanistan and Pakistan.

Recent attacks mounted by Phantom Taurus have also leveraged NET-STAR, which consists of three web-based backdoors, each of which performs a specific function while maintaining access to the compromised IIS environment –

• IIServerCore, a fileless modular backdoor loaded by means of an ASPX web shell that supports in-memory execution of command-line arguments, arbitrary commands, and payloads, and transmits the results in an encrypted command-and-control (C2) communication channel
• AssemblyExecuter V1, which loads and executes additional .NET payloads in memory
• AssemblyExecuter V2, an enhanced version of AssemblyExecuter V1 that also comes fitted with the ability to bypass Antimalware Scan Interface (AMSI) and Event Tracing for Windows (ETW)

“The NET-STAR malware suite demonstrates Phantom Taurus’ advanced evasion techniques and a deep understanding of .NET architecture, representing a significant threat to internet-facing servers,” Unit 42 said. “IIServerCore also supports a command called changeLastModified. This suggests that the malware has active timestomping capabilities, designed to confuse security analysts and digital forensics tools.”

Sep 30, 2025The Hacker NewsArtificial Intelligence / Threat Detection

The Problem: Legacy SOCs and Endless Alert Noise

Every SOC leader knows the feeling: hundreds of alerts pouring in, dashboards lighting up like a slot machine, analysts scrambling to keep pace. The harder they try to scale people or buy new tools, the faster the chaos multiplies. The problem is not just volume; it is the model itself. Traditional SOCs start with rules, wait for alerts to fire, and then dump raw signals on analysts. By the time someone pieces together what is really happening, the attacker has already moved on, or moved in. It is a broken loop of noise chasing noise.

Flipping the Model: Context Over Chaos

Instead of drowning in raw events, treat every incoming signal as a potential opening move in a bigger story. Logs from identity systems, endpoints, cloud workloads, and SIEMs do not just land in separate dashboards; they are normalized, connected, and enriched to form a coherent investigation. A brute-force login attempt on its own is easy to dismiss. But when enhanced with user history, IP reputation, and signs of lateral movement, it is no longer background noise. It becomes the first chapter of an unfolding breach.

Context is the difference between ignoring another failed login and stopping an attack in motion.

Enabling Analysts with Story-Driven Workflows

The goal is not to hand analysts a bigger stack of alerts, it is to give them a story that already has shape and meaning. When analysts open a case, they see how the activity fits together, what actors are involved, and what paths the threat has already taken. Instead of starting from scratch with scattered evidence, they begin with a clear picture that guides their judgment. That shift changes the nature of the job itself.

Human-Centric AI That Enhances, Not Replaces

This is not about replacing humans with AI. It is about giving humans the space to actually do security. When technology handles the grind of collecting, correlating, and enriching signals, analysts can focus on what they do best: interpreting meaning, thinking creatively, and applying institutional knowledge.

• Junior analysts can develop investigative reasoning by studying complete cases instead of clicking through endless queues,
• Mid-level analysts gain time to hunt and test new hypotheses
• Senior analysts focus on attacker behavior and strategy, shaping how defenses evolve.

The work stops feeling like endless triage and starts feeling like security again.

Measurable Results: Faster MTTR, Fewer False Positives

The results are measurable and dramatic. False positives drop sharply. Mean time to resolution shrinks from hours to minutes. Quality and accuracy shoot up. Teams finally have the capacity to investigate the subtle, low-level signals where attackers often make their first moves.

That is what happens when SOC teams stop chasing alerts and start building context.

Defining the Cognitive SOC

A SOC that thrives is not the one with the most dashboards or the biggest analyst headcount. It is the one that can learn and adapt, quickly turn signals into stories, make confident decisions, and act before chaos spirals. That is the promise of a “cognitive SOC.” Technology organizes the noise, and analysts deliver the answers.

Moving from Alert Chaos to Contextual Clarity

Conifers helps enterprises and MSSP security business leaders escape the tradeoff between effectiveness and efficiency with CognitiveSOC™, an AI SOC agent platform that scales investigations with intelligence and context. Instead of drowning analysts in noisy alerts or forcing MSSPs to sacrifice margins, Conifers blends agentic AI, advanced data science, and human oversight with an organization’s own institutional knowledge to automate end-to-end, multi-tier investigations with reasoning and intent. By mapping incidents to use cases and dynamically applying the right AI techniques, CognitiveSOC produces contextual, evidence-backed outputs that align with each organization’s risk profile and analyst preferences. This results in faster, higher-quality investigations and decision-making, reduced alert fatigue, and improved SOC outcomes at scale. More context, less chaos.

Visit Conifers.ai to request a demo and experience how CognitiveSOC transforms noisy alerts into contextual investigations that boost efficiency, protect margins, and strengthen security posture.

Sep 30, 2025Ravie LakshmananZero-Day / Vulnerability

A newly patched security flaw impacting Broadcom VMware Tools and VMware Aria Operations has been exploited in the wild as a zero-day since mid-October 2024 by a threat actor called UNC5174, according to NVISO Labs.

The vulnerability in question is CVE-2025-41244 (CVSS score: 7.8), a local privilege escalation bug affecting the following versions –

• VMware Cloud Foundation 4.x and 5.x
• VMware Cloud Foundation 9.x.x.x
• VMware Cloud Foundation 13.x.x.x (Windows, Linux)
• VMware vSphere Foundation 9.x.x.x
• VMware vSphere Foundation 13.x.x.x (Windows, Linux)
• VMware Aria Operations 8.x
• VMware Tools 11.x.x, 12.x.x, and 13.x.x (Windows, Linux)
• VMware Telco Cloud Platform 4.x and 5.x
• VMware Telco Cloud Infrastructure 2.x and 3.x

“A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM,” VMware said in an advisory released Monday.

The fact that it’s a local privilege escalation means that the adversary will have to secure access to the infected device through some other means.

NVISO researcher Maxime Thiebaut has been credited for discovering and reporting the shortcoming on May 19, 2025, during an incident response engagement. The company also said VMware Tools 12.4.9, which is part of VMware Tools 12.5.4, remediates the issue for Windows 32-bit systems, and that a version of open-vm-tools that addresses CVE-2025-41244 will be distributed by Linux vendors.

The vulnerable get_version() function

While Broadcom makes no mention of it being exploited in real-world attacks, NVISO Labs attributed the activity to a China-linked threat actor Google Mandiant tracks as UNC5174 (aka Uteus or Uetus), which has a track record of exploiting various security flaws, including those impacting Ivanti and SAP NetWeaver, to obtain initial access to target environments.

“When successful, exploitation of the local privilege escalation results in unprivileged users achieving code execution in privileged contexts (e.g., root),” Thiebaut said. “We can however not assess whether this exploit was part of UNC5174’s capabilities or whether the zero-day’s usage was merely accidental due to its trivialness.”

NVISO said the vulnerability is rooted in a function called “get_version()” that takes a regular expression (regex) pattern as input for each process with a listening socket, checks whether the binary associated with that process matches the pattern, and, if so, invokes the supported service’s version command.

“While this functionality works as expected for system binaries (e.g., /usr/bin/httpd), the usage of the broad‑matching S character class (matching non‑whitespace characters) in several of the regex patterns also matches non-system binaries (e.g., /tmp/httpd),” Thiebaut explained. “These non-system binaries are located within directories (e.g., /tmp) which are writable to unprivileged users by design.”

As a result, this opens the door to potential abuse by an unprivileged local attacker by staging the malicious binary at “/tmp/httpd,” resulting in privilege escalation when the VMware metrics collection is executed. All a bad actor requires to abuse the flaw is to ensure that the binary is run by an unprivileged user and it opens a random listening socket.

The Brussels-based cybersecurity company noted that it observed UNC5174 using the “/tmp/httpd” location to stage the malicious binary and spawn an elevated root shell and achieve code execution. The exact nature of the payload executed using this method is unclear at this stage.

“The broad practice of mimicking system binaries (e.g., httpd) highlights the real possibility that several other malware strains have accidentally been benefiting from unintended privilege escalations for years,” Thiebaut said.

Sep 30, 2025Ravie LakshmananArtificial Intelligence / Threat Detection

Microsoft on Tuesday unveiled the expansion of its Sentinel Security Incidents and Event Management solution (SIEM) as a unified agentic platform with the general availability of the Sentinel data lake.

In addition, the tech giant said it’s also releasing a public preview of Sentinel Graph and Sentinel Model Context Protocol (MCP) server.

“With graph-based context, semantic access, and agentic orchestration, Sentinel gives defenders a single platform to ingest signals, correlate across domains, and empower AI agents built in Security Copilot, VS Code using GitHub Copilot, or other developer platforms,” Vasu Jakkal, corporate vice president at Microsoft Security, said in a post shared with The Hacker News.

Microsoft released Sentinel data lake in public preview earlier this July as a purpose-built, cloud-native tool to ingest, manage, and analyze security data to provide better visibility and advanced analytics.

With the data lake, the idea is to lay the foundation for an agentic defense by bringing data from diverse sources and enabling artificial intelligence (AI) models like Security Copilot to have the full context necessary to detect subtle patterns, correlate signals, and surface high-fidelity alerts.

The shift, Redmond added, allows security teams to uncover attacker behavior, retroactively hunt over historical data, and trigger detections automatically based on the latest tradecraft.

“Sentinel ingests signals, either structured or semi-structured, and builds a rich, contextual understanding of your digital
estate through vectorized security data and graph-based relationships,” Jakkal said.

“By integrating these insights with Defender and Purview, Sentinel brings graph-powered context to the tools security teams already use, helping defenders trace attack paths, understand impact, and prioritize response — all within familiar workflows.”

Microsoft further noted that Sentinel organizes and enriches security data so as to detect issues faster and better respond to events at scale, shifting cybersecurity from “reactive to predictive.”

In addition, the company said users can build Security Copilot agents in a Sentinel MCP server-enabled coding platform, such as VS Code, using GitHub Copilot, that are tailored to their organizational workflows.

The Windows maker has also emphasized the need for securing AI platforms and implementing guardrails to detect (cross-)prompt injection attacks, stating it intends to roll out new enhancements to Azure AI Foundry that incorporate more protection for AI agents against such risks.

Sep 30, 2025Ravie LakshmananArtificial Intelligence / Vulnerability

Cybersecurity researchers have disclosed three now-patched security vulnerabilities impacting Google’s Gemini artificial intelligence (AI) assistant that, if successfully exploited, could have exposed users to major privacy risks and data theft.

“They made Gemini vulnerable to search-injection attacks on its Search Personalization Model; log-to-prompt injection attacks against Gemini Cloud Assist; and exfiltration of the user’s saved information and location data via the Gemini Browsing Tool,” Tenable security researcher Liv Matan said in a report shared with The Hacker News.

The vulnerabilities have been collectively codenamed the Gemini Trifecta by the cybersecurity company. They reside in three distinct components of the Gemini suite –

• A prompt injection flaw in Gemini Cloud Assist that could allow attackers to exploit cloud-based services and compromise cloud resources by taking advantage of the fact that the tool is capable of summarizing logs pulled directly from raw logs, enabling the threat actor to conceal a prompt within a User-Agent header as part of an HTTP request to a Cloud Function and other services like Cloud Run, App Engine, Compute Engine, Cloud Endpoints, Cloud Asset API, Cloud Monitoring API, and Recommender API
• A search-injection flaw in the Gemini Search Personalization model that could allow attackers to inject prompts and control the AI chatbot’s behavior to leak a user’s saved information and location data by manipulating their Chrome search history using JavaScript and leveraging the model’s inability to differentiate between legitimate user queries and injected prompts from external sources
• An indirect prompt injection flaw in Gemini Browsing Tool that could allow attackers to exfiltrate a user’s saved information and location data to an external server by taking advantage of the internal call Gemini makes to summarize the content of a web page

Tenable said the vulnerability could have been abused to embed the user’s private data inside a request to a malicious server controlled by the attacker without the need for Gemini to render links or images.

“One impactful attack scenario would be an attacker who injects a prompt that instructs Gemini to query all public assets, or to query for IAM misconfigurations, and then creates a hyperlink that contains this sensitive data,” Matan said of the Cloud Assist flaw. “This should be possible since Gemini has the permission to query assets through the Cloud Asset API.”

Following responsible disclosure, Google has since stopped rendering hyperlinks in the responses for all log summarization responses, and has added more hardening measures to safeguard against prompt injections.

“The Gemini Trifecta shows that AI itself can be turned into the attack vehicle, not just the target. As organizations adopt AI, they cannot overlook security,” Matan said. “Protecting AI tools requires visibility into where they exist across the environment and strict enforcement of policies to maintain control.”

The development comes as agentic security platform CodeIntegrity detailed a new attack that abuses Notion’s AI agent for data exfiltration by hiding prompt instructions in a PDF file using white text on a white background that instructs the model to collect confidential data and then send it to the attackers.

“An agent with broad workspace access can chain tasks across documents, databases, and external connectors in ways RBAC never anticipated,” the company said. “This creates a vastly expanded threat surface where sensitive data or actions can be exfiltrated or misused through multi step, automated workflows.”