Author: Mark

Oct 30, 2025Ravie LakshmananCybersecurity / Hacking News

The comfort zone in cybersecurity is gone. Attackers are scaling down, focusing tighter, and squeezing more value from fewer, high-impact targets. At the same time, defenders face growing blind spots — from spoofed messages to large-scale social engineering.

This week’s findings show how that shrinking margin of safety is redrawing the threat landscape. Here’s what’s making headlines.

Cyber threats are evolving faster than most defenses can adapt, and the line between criminal enterprise and nation-state tactics keeps blurring. Staying ahead now means staying aware — of every small shift in tools, tradecraft, and targeting. Until next ThreatsDay, stay sharp and stay curious.

Oct 29, 2025Ravie LakshmananMachine Learning / AI Safety

Cybersecurity researchers have flagged a new security issue in agentic web browsers like OpenAI ChatGPT Atlas that exposes underlying artificial intelligence (AI) models to context poisoning attacks.

In the attack devised by AI security company SPLX, a bad actor can set up websites that serve different content to browsers and AI crawlers run by ChatGPT and Perplexity. The technique has been codenamed AI-targeted cloaking.

The approach is a variation of search engine cloaking, which refers to the practice of presenting one version of a web page to users and a different version to search engine crawlers with the end goal of manipulating search rankings.

The only difference in this case is that attackers optimize for AI crawlers from various providers by means of a trivial user agent check that leads to content delivery manipulation.

“Because these systems rely on direct retrieval, whatever content is served to them becomes ground truth in AI Overviews, summaries, or autonomous reasoning,” security researchers Ivan Vlahov and Bastien Eymery said. “That means a single conditional rule, ‘if user agent = ChatGPT, serve this page instead,’ can shape what millions of users see as authoritative output.”

SPLX said AI-targeted cloaking, while deceptively simple, can also be turned into a powerful misinformation weapon, undermining trust in AI tools. By instructing AI crawlers to load something else instead of the actual content, it can also introduce bias and influence the outcome of systems leaning on such signals.

“AI crawlers can be deceived just as easily as early search engines, but with far greater downstream impact,” the company said. “As SEO [search engine optimization] increasingly incorporates AIO [artificial intelligence optimization], it manipulates reality.”

The disclosure comes as an analysis of browser agents against 20 of the most common abuse scenarios, ranging from multi-accounting to card testing and support impersonation, discovered that the products attempted nearly every malicious request without the need for any jailbreaking, the hCaptcha Threat Analysis Group (hTAG) said.

Furthermore, the study found that in scenarios where an action was “blocked,” it mostly came down due to the tool missing a technical capability rather than due to safeguards built into them. ChatGPT Atlas, hTAG noted, has been found to carry out risky tasks when they are framed as part of debugging exercises.

Claude Computer Use and Gemini Computer Use, on the other hand, have been identified as capable of executing dangerous account operations like password resets without any constraints, with the latter also demonstrating aggressive behavior when it comes to brute-forcing coupons on e-commerce sites.

hTAG also tested the safety measures of Manus AI, uncovering that it executes account takeovers and session hijacking without any issue, while Perplexity Comet runs unprompted SQL injection to exfiltrate hidden data.

“Agents often went above and beyond, attempting SQL injection without a user request, injecting JavaScript on-page to attempt to circumvent paywalls, and more,” it said. “The near-total lack of safeguards we observed makes it very likely that these same agents will also be rapidly used by attackers against any legitimate users who happen to download them.”

Oct 29, 2025Ravie LakshmananVulnerability / Internet of Things

Cybersecurity researchers are calling attention to a spike in automated attacks targeting PHP servers, IoT devices, and cloud gateways by various botnets such as Mirai, Gafgyt, and Mozi.

“These automated campaigns exploit known CVE vulnerabilities and cloud misconfigurations to gain control over exposed systems and expand botnet networks,” the Qualys Threat Research Unit (TRU) said in a report shared with The Hacker News.

The cybersecurity company said PHP servers have emerged as the most prominent targets of these attacks owing to the widespread use of content management systems like WordPress and Craft CMS. This, in turn, creates a large attack surface as many PHP deployments can suffer from misconfigurations, outdated plugins and themes, and insecure file storage.

Some of the prominent weaknesses in PHP frameworks that have been exploited by threat actors are listed below –

• CVE-2017-9841 – A Remote code execution vulnerability in PHPUnit
• CVE-2021-3129 – A Remote code execution vulnerability in Laravel
• CVE-2022-47945 – A Remote code execution vulnerability in ThinkPHP Framework

Qualys said it has also observed exploitation efforts that involve the use of “/?XDEBUG_SESSION_START=phpstorm” query string in HTTP GET requests to initiate an Xdebug debugging session with an integrated development environment (IDE) like PhpStorm.

“If Xdebug is unintentionally left active in production environments, attackers may use these sessions to gain insight into application behavior or extract sensitive data,” the company said.

Alternatively, threat actors are continuing to look for credentials, API keys, and access tokens in internet-exposed servers to take control of susceptible systems, as well as leverage known security flaws in IoT devices to co-opt them into a botnet. These include –

• CVE-2022-22947 – A Remote code execution vulnerability in Spring Cloud Gateway
• CVE-2024-3721 – A Command injection vulnerability in TBK DVR-4104 and DVR-4216
• A Misconfiguration in MVPower TV-7104HE DVR that allows unauthenticated users to execute arbitrary system commands via an HTTP GET request

The scanning activity, Qualys added, often originates from cloud infrastructures like Amazon Web Services (AWS), Google Cloud, Microsoft Azure, Digital Ocean, and Akamai Cloud, illustrating how threat actors are abusing legitimate services to their advantage while obscuring their true origins.

“Today’s threat actors don’t need to be highly sophisticated to be effective,” it noted. “With widely available exploit kits, botnet frameworks, and scanning tools, even entry-level attackers can cause significant damage.”

To safeguard against the threat, it’s advised that users keep their devices up-to-date, remove development and debug tools in production environments, secure secrets using AWS Secrets Manager or HashiCorp Vault, and restrict public access to cloud infrastructure.

“While botnets have previously been associated with large-scale DDoS attacks and occasional crypto mining scams, in the age of identity security threats, we see them taking on a new role in the threat ecosystem,” James Maude, field CTO at BeyondTrust, said.

“Having access to a vast network of routers and their IP addresses can allow threat actors to perform credential stuffing and password spray attacks a huge scale. Botnets can also evade geolocation controls by stealing a user’s credentials or hijacking a browser session and then using a botnet node close to the victim’s actual location and maybe even using the same ISP as the victim to evade unusual login detections or access policies.”

The disclosure comes as NETSCOUT classified the DDoS-for-hire botnet known as AISURU as a new class of malware dubbed TurboMirai that can launch DDoS attacks that exceed 20 terabits per second (Tbps). The botnet primarily comprises consumer-grade broadband access routers, online CCTV and DVR systems, and other customer premise equipment (CPE).

“These botnets incorporate additional dedicated DDoS attack capabilities and multi-use functions, enabling both DDoS attacks and other illicit activities such as credential stuffing, artificial intelligence (AI)-driven web scraping, spamming, and phishing,” the company said.

“AISURU includes an onboard residential proxy service used to reflect HTTPS application-layer DDoS attacks generated by external attack harnesses.”

Turning compromised devices into a residential proxy allows paying customers to route their traffic through one of the nodes in the botnet, offering anonymity and the ability to blend in with regular network activity. According to independent security journalist Brian Krebs, all of the major proxy services have grown exponentially over the past six months, citing data from spur.us.

Organizations in Ukraine have been targeted by threat actors of Russian origin with an aim to siphon sensitive data and maintain persistent access to compromised networks.

The activity, according to a new report from the Symantec and Carbon Black Threat Hunter Team, targeted a large business services organization for two months and a local government entity in the country for a week.

The attacks mainly leveraged living-off-the-land (LotL) tactics and dual-use tools, coupled with minimal malware, to reduce digital footprints and stay undetected for extended periods of time.

“The attackers gained access to the business services organization by deploying web shells on public-facing servers, most likely by exploiting one or more unpatched vulnerabilities,” the Broadcom-owned cybersecurity teams said in a report shared with The Hacker News.

One of the web shells used in the attack was Localolive, which was previously flagged by Microsoft as put to use by a sub-group of the Russia-linked Sandworm crew as part of a multi-year campaign codenamed BadPilot. LocalOlive is designed to facilitate the delivery of next-stage payloads like Chisel, plink, and rsockstun. It has been utilized since at least late 2021.

Early signs of malicious activity targeting the business services organization date back to June 27, 2025, with the attackers leveraging the foothold to drop a web shell and use it to conduct reconnaissance. The threat actors have also been found to run PowerShell commands to exclude the machine’s Downloads from Microsoft Defender Antivirus scans, as well as set up a scheduled task to perform a memory dump every 30 minutes.

Over the next couple of weeks, the attackers carried out a variety of actions, including –

• Save a copy of the registry hive to a file named 1.log
• Dropping more web shells
• Using the web shell to enumerate all files in the user directory
• Running a command to list all running processes beginning with “kee,” likely with the goal of targeting the KeePass password storage vault
• Listing all active user sessions on a second machine
• Running executables named “service.exe” and “cloud.exe” located in the Downloads folder
• Running reconnaissance commands on a third machine and performing a memory dump using the Microsoft Windows Resource Leak Diagnostic tool (RDRLeakDiag)
• Modifying the registry permits RDP connections to allow inbound RDP connections
• Running a PowerShell command to retrieve information about the Windows configuration on a fourth machine
• Running RDPclip to gain access to the clipboard in remote desktop connections
• Installing OpenSSH to facilitate remote access to the computer
• Running a PowerShell command to allow TCP traffic on port 22 for the OpenSSH server
• Creating a scheduled task to run an unknown PowerShell backdoor (link.ps1) every 30 minutes using a domain account
• Running an unknown Python script
• Deploying a legitimate MikroTik router management application (“winbox64.exe“) in the Downloads folder

Interestingly, the presence of “winbox64.exe” was also documented by CERT-UA in April 2024 in connection with a Sandworm campaign aimed at energy, water, and heating suppliers in Ukraine.

Symantec and Carbon Black said it could not find any evidence in the intrusions to connect it to Sandworm, but said it “did appear to be Russian in origin.” The cybersecurity company also revealed that the attacks were characterized by the deployment of several PowerShell backdoors and suspicious executables that are likely to be malware. However, none of these artifacts have been obtained for analysis.

“While the attackers used a limited amount of malware during the intrusion, much of the malicious activity that took place involved legitimate tools, either Living-off-the-Land or dual-use software introduced by the attackers,” Symantec and Carbon Black said.

“The attackers demonstrated an in-depth knowledge of Windows native tools and showed how a skilled attacker can advance an attack and steal sensitive information, such as credentials, while leaving a minimal footprint on the targeted network.”

The disclosure comes as Gen Threat Labs detailed Gamaredon‘s exploitation of a now-patched security flaw in WinRAR (CVE-2025-8088, CVSS score: 8.8) to strike Ukrainian government agencies.

“Attackers are abusing #CVE-2025-8088 (WinRAR path traversal) to deliver RAR archives that silently drop HTA malware into the Startup folder – no user interaction needed beyond opening the benign PDF inside,” the company said in a post on X. “These lures are crafted to trick victims into opening weaponized archives, continuing a pattern of aggressive targeting seen in previous campaigns.”

The findings also follow a report from Recorded Future, which found that the Russian cybercriminal ecosystem is being actively shaped by international law enforcement campaigns such as Operation Endgame, shifting the Russian government’s ties with e-crime groups from passive tolerance to active management.

Further analysis of leaked chats has uncovered that senior figures within these threat groups often maintain relationships with Russian intelligence services, providing data, performing tasking, or leveraging bribery and political connections for impunity. At the same time, cybercriminal crews are decentralizing operations to sidestep Western and domestic surveillance.

While it’s been long known that Russian cybercriminals could operate freely as long as they do not target businesses or entities operating in the region, Kremlin appears to be now taking a more nuanced approach where they recruit or co-opt talent when necessary, turn a blind eye when attacks align with their interests, and selectively enforce laws when the threat actors become “politically inconvenient or externally embarrassing.”

Viewed in that the “dark covenant” is a combination of several things: a commercial enterprise, tool of influence and information acquisition, and also a liability when it threatens domestic stability or because of Western pressure.

“The Russian cybercriminal underground is fracturing under the dual pressures of state control and internal mistrust, while proprietary forum monitoring and ransomware affiliate chatter show increasing paranoia among operators,” the company noted in its third instalment of the Dark Covenant report.

BeyondTrust’s annual cybersecurity predictions point to a year where old defenses will fail quietly, and new attack vectors will surge.

Introduction

The next major breach won’t be a phished password. It will be the result of a massive, unmanaged identity debt. This debt takes many forms: it’s the “ghost” identity from a 2015 breach lurking in your IAM, the privilege sprawl from thousands of new AI agents bloating your attack surface, or the automated account poisoning that exploits weak identity verification in financial systems. All of these vectors—physical, digital, new, and old—are converging on one single point of failure: identity.

Based on analysis from BeyondTrust’s cybersecurity experts, here are three critical identity-based threats that will define the coming year:

1. Agentic AI Emerges as the Ultimate Attack Vector

By 2026, agentic AI will be connected to nearly every technology we operate, effectively becoming the new middleware for most organizations. The problem is that this integration is driven by a speed-to-market push that leaves cybersecurity as an afterthought.

This rush is creating a massive new attack surface built on a classic vulnerability: the confused deputy problem.

A “deputy” is any program with legitimate privileges. The “confused deputy problem” occurs when a low-privilege entity—like a user, account, or another application—tricks that deputy into misusing its power to gain high privileges. The deputy, lacking the context to see the malicious intent, executes the command or shares results beyond its original design or intentions.

Now, apply this to AI. An agentic AI tool may be granted least privilege access to read a user’s email, access a CI/CD pipeline, or query a production database. If that AI, acting as a trusted deputy, is “confused” by a cleverly crafted prompt from another resource, it can be manipulated into exfiltrating sensitive data, deploying malicious code, or escalating higher privileges on the user’s behalf. The AI is executing tasks it has permission for, but on behalf of an attacker who does not, and can elevate privileges based on the attack vector.

Defender Tip:

This threat requires treating AI agents as potentially privileged machine identities. Security teams must enforce strict least privilege, ensuring AI tools only have the absolute minimum permissions necessary for specific tasks. This includes implementing context-aware access controls, command filtering, and real-time auditing to prevent these trusted agents from becoming malicious actors by proxy.

2. Account Poisoning: The Next Evolution of Financial Fraud

In the coming year, expect a significant rise in “account poisoning”, where threat actors find new ways to insert fraudulent billers and payees into consumer and business financial accounts at scale.

This “poison” is driven by automation that allows for the creation of payees and billers, the requesting of funds, and linking to other online payment processing sources. This attack vector is particularly dangerous because it exploits weaknesses in online financial systems, leverages poor secrets management to attack in bulk, and uses automation to obfuscate the transactions.

Defender Tip:

Security teams must move beyond flagging individual account takeovers and focus on high-velocity, automated changes to payee and biller information. The key is implementing tighter diligence and identity confidence checks for any automated process that requests to modify these financial fields.

3. Ghosts in Your IAM: Historic Identity Compromises Catch Up

Many organizations are finally modernizing their identity and access management (IAM) programs, adopting new tools, like graph-based analytics, to map their complex identity landscapes. In 2026, these efforts will uncover skeletons in the closet: “ghost” identities from long-past solutions and breaches that were never detected.

These “backdated breaches” will reveal rogue accounts—some years old—that remain in active use. Because these compromises are older than most security logs, it may be impossible for teams to determine the full extent of the original breach.

Defender Tip:

This prediction underscores the long-standing failure of basic joiner-mover-leaver (JML) processes. The immediate takeaway is to prioritize identity governance and use modern identity graphing tools to find and eliminate these dormant, high-risk accounts before they are rediscovered by attackers.

Other Trends on the Radar

The Death of the VPN

For years, the VPN was the workhorse of remote access, but in modern remote access, VPN is a critical vulnerability waiting to be exploited. Threat actors have mastered VPN exploitation techniques, using credential harvesting and compromised appliances for persistent access. Using traditional VPNs for privileged access presents a risk that organizations can no longer afford.

The Rise of AI Veganism

As a cultural counterforce, 2026 will witness the rise of “AI veganism”, where employees or customers abstain from using artificial intelligence on principle. This movement, driven by ethical concerns over data sourcing, algorithmic bias, and environmental costs, will challenge the assumption that AI adoption is inevitable. Companies will have to navigate this resistance by offering transparent governance, human-first alternatives, and clear opt-outs. However, when it comes to cybersecurity, opting out of AI-driven defenses may be less of an option and could even shift liability back to the user.

An Identity-First Security Posture is Non-Negotiable

The common thread through these 2026 predictions is identity. The new AI attack surface is an identity-privilege problem, account poisoning is an identity verification problem, while backdated breaches are an identity lifecycle problem. As the perimeter widens, organizations must adopt an identity-first security posture by applying principles of least privilege and zero trust to every human and non-human identity.

Want to get a deeper look at all of BeyondTrust’s 2026 cybersecurity predictions? Read the full report here.

Note: This article was written and contributed by Morey J. Haber, Chief Security Advisor; Christopher Hills, Chief Security Strategist; and James Maude, Field Chief Technology Officer at BeyondTrust.

Oct 29, 2025The Hacker NewsArtificial Intelligence / Compliance

Artificial Intelligence (AI) is rapidly transforming Governance, Risk, and Compliance (GRC). It’s no longer a future concept—it’s here, and it’s already reshaping how teams operate.

AI’s capabilities are profound: it’s speeding up audits, flagging critical risks faster, and drastically cutting down on time-consuming manual work. This leads to greater efficiency, higher accuracy, and a more proactive GRC function.

However, this powerful shift introduces significant new challenges. AI brings its own set of risks, including potential bias, dangerous blind spots, and regulatory gaps that are only beginning to be addressed by governing bodies. Staying ahead of this curve—not just struggling to keep up—requires clear, practical knowledge.

Don’t Just Stay Afloat—Master the Change

To help you navigate this complex landscape, we invite you to our free, high-impact webinar, “The Future of AI in GRC: Opportunities, Risks, and Practical Insights.” This session is designed to deliver clarity and direction for everyone, from those just starting out to teams actively scaling AI in their processes. It’s packed with practical advice—no fluff, no hype.

What You Will Learn

We will dive into the most critical aspects of AI in GRC, providing actionable takeaways you can implement immediately:

• Real-world examples of AI successfully improving compliance workflows.
• Early lessons and best practices from teams leveraging advanced agentic AI.
• The most common risks teams overlook—and concrete strategies to spot and mitigate them.
• A clear view of what’s next in AI for GRC and how to strategically prepare your team.

The speed of AI innovation is immense, and new regulations are struggling to catch up. The growing gap between technological capability and legal framework represents your immediate risk exposure.

This webinar cuts through the complexity by bringing together experts, actionable examples, and real talk. You don’t have to wait until you’re forced to react to a risk; be the leader who is prepared for it.

Ready to confidently move forward and make AI a real competitive advantage in your compliance strategy? Register here—it’s free and filling fast, last call to join live.

Oct 29, 2025Ravie LakshmananMalware / Threat Intelligence

Cybersecurity researchers have discovered a set of 10 malicious npm packages that are designed to deliver an information stealer targeting Windows, Linux, and macOS systems.

“The malware uses four layers of obfuscation to hide its payload, displays a fake CAPTCHA to appear legitimate, fingerprints victims by IP address, and downloads a 24MB PyInstaller-packaged information stealer that harvests credentials from system keyrings, browsers, and authentication services across Windows, Linux, and macOS,” Socket security researcher Kush Pandya said.

The npm packages were uploaded to the registry on July 4, 2025, and accumulated over 9,900 downloads collectively –

• deezcord.js
• dezcord.js
• dizcordjs
• etherdjs
• ethesjs
• ethetsjs
• nodemonjs
• react-router-dom.js
• typescriptjs
• zustand.js

The multi-stage credential theft operation manifested in the form of various typosquatted packages impersonating popular npm libraries such as TypeScript, discord.js, ethers.js, nodemon, react-router-dom, and zustand.

Once installed, the malware serves a fake CAPTCHA prompt and displays authentic-looking output that mimics legitimate package installations to give the impression that the setup process is proceeding along expected lines. However, in the background, the package captures the victim’s IP address, sends it to an external server (“195.133.79[.]43”), and then proceeds to drop the main malware.

In each package, the malicious functionality is automatically triggered upon installation by means of a postinstall hook, launching a script named “install.js” that detects the victim’s operating system and launches an obfuscated payload (“app.js”) in a new Command Prompt (Windows), GNOME Terminal or x-terminal-emulator (Linux), or Terminal (macOS) window.

“By spawning a new terminal window, the malware runs independently of the npm install process,” Pandya noted. “Developers who glance at their terminal during installation see a new window briefly appear, which the malware immediately clears to avoid suspicion.”

The JavaScript contained within “app.js” is hidden through four layers of obfuscation — such as XOR cipher with a dynamically generated key, URL-encoding of the payload string, and using hexadecimal and octal arithmetic to obscure program flow — that are designed to resist analysis.

The end goal of the attack is to fetch and execute a comprehensive information stealer (“data_extracter”) from the same server that’s equipped to thoroughly scan the developer’s machine for secrets, authentication tokens, credentials, and session cookies from web browsers, configuration files, and SSH keys.

The stealer binary also incorporates platform-specific implementations to extract credentials from the system keyring using the keyring npm library. The harvested information is compressed into a ZIP archive and exfiltrated to the server.

“System keyrings store credentials for critical services including email clients (Outlook, Thunderbird), cloud storage sync tools (Dropbox, Google Drive, OneDrive), VPN connections (Cisco AnyConnect, OpenVPN), password managers, SSH passphrases, database connection strings, and other applications that integrate with the OS credential store,” Socket said.

“By targeting the keyring directly, the malware bypasses application-level security and harvests stored credentials in their decrypted form. These credentials provide immediate access to corporate email, file storage, internal networks, and production databases.”

Oct 29, 2025Ravie LakshmananVulnerability / Malware

Threat actors are actively exploiting multiple security flaws impacting Dassault Systèmes DELMIA Apriso and XWiki, according to alerts issued by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and VulnCheck.

The vulnerabilities are listed below –

• CVE-2025-6204 (CVSS score: 8.0) – A code injection vulnerability in Dassault Systèmes DELMIA Apriso that could allow an attacker to execute arbitrary code.
• CVE-2025-6205 (CVSS score: 9.1) – A missing authorization vulnerability in Dassault Systèmes DELMIA Apriso that could allow an attacker to gain privileged access to the application.
• CVE-2025-24893 (CVSS score: 9.8) – An improper neutralization of input in a dynamic evaluation call (aka eval injection) in XWiki that could allow any guest user to perform arbitrary remote code execution through a request to the “/bin/get/Main/SolrSearch” endpoint.

Both CVE-2025-6204 and CVE-2025-6205 affect DELMIA Apriso versions from Release 2020 through Release 2025. They were addressed by Dassault Systèmes in early August.

Interestingly, the addition of the two shortcomings to the Known Exploited Vulnerabilities (KEV) catalog comes a little over a month after CISA flagged the exploitation of another critical flaw in the same product (CVE-2025-5086, CVSS score: 9.0), a week after the SANS Internet Storm Center detected in-the-wild attempts. It’s currently not known if these efforts are related.

VulnCheck, which detected exploitation attempts targeting CVE-2025-24893, said the vulnerability is being abused as part of a two-stage attack chain that delivers a cryptocurrency miner. According to CrowdSec and Cyble, the vulnerability is said to have been weaponized in real-world attacks as far back as March 2025.

“We observed multiple exploit attempts against our XWiki canaries coming from an attacker geolocated in Vietnam,” VulnCheck’s Jacob Baines said. “The exploitation proceeds in a two-pass workflow separated by at least 20 minutes: the first pass stages a downloader (writes a file to disk), and the second pass later executes it.”

The payload uses wget to retrieve a downloader (“x640”) from “193.32.208[.]24:8080” and write it to the “/tmp/11909” location. The downloader, in turn, runs shell commands to fetch two additional payloads from the same server –

• x521, which fetches the cryptocurrency miner located at “193.32.208[.]24:8080/rDuiQRKhs5/tcrond”
• x522, which kills competing miners such as XMRig and Kinsing, and launches the miner with a c3pool.org configuration

The attack traffic, per VulnCheck, originates from an IP address that geolocates to Vietnam (“123.25.249[.]88“) and has been flagged as malicious in AbuseIPDB for engaging in brute-force attempts as recently as October 26, 2025.

In light of active exploitation, users are advised to apply the necessary updates as soon as possible to safeguard against threats. Several Civilian Executive Branch (FCEB) agencies are required to remediate the DELMIA Apriso flaws by November 18, 2025.

Oct 28, 2025Ravie LakshmananEncryption / Hardware Security

A group of academic researchers from Georgia Tech, Purdue University, and Synkhronix have developed a side-channel attack called TEE.Fail that allows for the extraction of secrets from the trusted execution environment (TEE) in a computer’s main processor, including Intel’s Software Guard eXtensions (SGX) and Trust Domain Extensions (TDX) and AMD’s Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP) and Ciphertext Hiding.

The attack, at its core, involves the use of an interposition device built using off-the-shelf electronic equipment that costs under $1,000 and makes it possible to physically inspect all memory traffic inside a DDR5 server.

“This allows us for the first time to extract cryptographic keys from Intel TDX and AMD SEV-SNP with Ciphertext Hiding, including in some cases secret attestation keys from fully updated machines in trusted status,” the researchers noted on an informational site.

“Beyond breaking CPU-based TEEs, we also show how extracted attestation keys can be used to compromise Nvidia’s GPU Confidential Computing, allowing attackers to run AI workloads without any TEE protections.”

The findings come weeks after the release of two other attacks aimed at TEEs, such as Battering RAM and WireTap. Unlike these techniques that target systems using DDR4 memory, TEE.Fail is the first attack to be demonstrated against DDR5, meaning they can be used to undermine the latest hardware security protections from Intel and AMD.

The latest study has found that the AES-XTS encryption mode used by Intel and AMD is deterministic and, therefore, not sufficient to prevent physical memory interposition attacks. In a hypothetical attack scenario, a bad actor could leverage the custom equipment to record the memory traffic flowing between the computer and DRAM, and observe the memory contents during read and write operations, thereby opening the door to a side-channel attack.

This could be ultimately exploited to extract data from confidential virtual machines (CVMs), including ECDSA attestation keys from Intel’s Provisioning Certification Enclave (PCE), necessary in order to break SGX and TDX attestation.

“As attestation is the mechanism used to prove that data and code are actually executed in a CVM, this means that we can pretend that your data and code is running inside a CVM when in reality it is not,” the researchers said. “We can read your data and even provide you with incorrect output, while still faking a successfully completed attestation process.”

The study also pointed out that SEV-SNP with Ciphertext Hiding neither addresses issues with deterministic encryption nor prevents physical bus interposition. As a result, the attack facilitates the extraction of private signing keys from OpenSSL’s ECDSA implementation.

“Importantly, OpenSSL’s cryptographic code is fully constant-time and our machine had Ciphertext Hiding enabled, thus showing these features are not sufficient to mitigate bus interposition attacks,” they added.

While there is no evidence that the attack has been put to use in the wild, the researchers recommend using software countermeasures to mitigate the risks arising as a result of deterministic encryption. However, they are likely to be expensive.

In response to the disclosure, AMD said it has no plans to provide mitigations since physical vector attacks are out of scope for AMD SEV-SNP. Intel, in a similar alert, noted that TEE.fail does not change the company’s previous out-of-scope statement for these types of physical attacks.

Oct 28, 2025Ravie LakshmananMalware / Mobile Security

Cybersecurity researchers have disclosed details of a new Android banking trojan called Herodotus that has been observed in active campaigns targeting Italy and Brazil to conduct device takeover (DTO) attacks.

“Herodotus is designed to perform device takeover while making first attempts to mimic human behaviour and bypass behaviour biometrics detection,” ThreatFabric said in a report shared with The Hacker News.

The Dutch security company said the Trojan was first advertised in underground forums on September 7, 2025, as part of the malware-as-a-service (MaaS) model, touting its ability to run on devices running Android version 9 to 16.

It’s assessed that while the malware is not a direct evolution of another banking malware known as Brokewell, it certainly appears to have taken certain parts of it to put together the new strain. This includes similarities in the obfuscation technique used, as well as direct mentions of Brokewell in Herodotus (e.g., “BRKWL_JAVA”).

Herodotus is also the latest in a long list of Android malware to abuse accessibility services to realize its goals. Distributed via dropper apps masquerading as Google Chrome (package name “com.cd3.app”) through SMS phishing or other social engineering ploys, the malicious program leverages the accessibility feature to interact with the screen, serve opaque overlay screens to hide malicious activity, and conduct credential theft by displaying bogus login screens atop financial apps.

Additionally, it can also steal two-factor authentication (2FA) codes sent via SMS, intercept everything that’s displayed on the screen, grant itself extra permissions as required, grab the lockscreen PIN or pattern, and install remote APK files.

But where the new malware stands out is in its ability to humanize fraud and evade timing-based detections. Specifically, this includes an option to introduce random delays when initiating remote actions such as typing text on the device. This, ThreatFabric said, is an attempt by the threat actors to make it seem like the input is being entered by an actual user.

“The delay specified is in the range of 300 – 3000 milliseconds (0,3 – 3 seconds),” it explained. “Such a randomization of delay between text input events does align with how a user would input text. By consciously delaying the input by random intervals, actors are likely trying to avoid being detected by behaviour-only anti-fraud solutions spotting machine-like speed of text input.”

ThreatFabric said it also obtained overlay pages used by Herodotus targeting financial organisations in the U.S., Turkey, the U.K., and Poland, along with cryptocurrency wallets and exchanges, indicating that the operators are attempting to actively expand their horizons.

“It is under active development, borrows techniques long associated with the Brokewell banking Trojan, and appears purpose-built to persist inside live sessions rather than simply steal static credentials and focus on account takeover,” the company noted.