Author: Mark

Microsoft’s Digital Crimes Unit said it teamed up with Cloudflare to coordinate the seizure of 338 domains used by RaccoonO365, a financially motivated threat group that was behind a phishing-as-a-service (Phaas) toolkit used to steal more than 5,000 Microsoft 365 credentials from 94 countries since July 2024.

“Using a court order granted by the Southern District of New York, the DCU seized 338 websites associated with the popular service, disrupting the operation’s technical infrastructure and cutting off criminals’ access to victims,” Steven Masada, assistant general counsel at DCU, said.

“This case shows that cybercriminals don’t need to be sophisticated to cause widespread harm – simple tools like RaccoonO365 make cybercrime accessible to virtually anyone, putting millions of users at risk.”

The initial phase of the Cloudflare takedown commenced on September 2, 2025, with additional actions occurring on September 3 and September 4. This included banning all identified domains, placing interstitial “phish warning” pages in front of them, terminating the associated Workers scripts, and suspending the user accounts. The efforts were completed on September 8.

Tracked by the Windows maker under the name Storm-2246, RaccoonO365 is marketed to other cybercriminals under a subscription model, allowing them to mount phishing and credential harvesting attacks at scale with little to no technical expertise. A 30-day plan costs $355, and a 90-day plan is priced at $999.

The operators also claim that the tool is hosted on bulletproof virtual private servers with no hidden backdoors (unlike, say, BulletProofLink), and that it’s “built for serious players only – no low-budget freeloaders.”

According to Morado, campaigns using RaccoonO365 have been active since September 2024. These attacks typically mimic trusted brands like Microsoft, DocuSign, SharePoint, Adobe, and Maersk in fraudulent emails, tricking them into clicking on lookalike pages that are designed to capture victims’ Microsoft 365 usernames and passwords. The phishing emails are often a precursor to malware and ransomware.

The most troubling aspect, from a defender’s standpoint, is the use of legitimate tools like Cloudflare Turnstile as a CAPTCHA, as well as implementing bot and automation detection using a Cloudflare Workers script to protect their phishing pages, thereby making sure that only intended targets of the attack can access and interact with them.

Earlier this April, the Redmond-based company warned of several phishing campaigns leveraging tax-related themes to deploy malware such as Latrodectus, AHKBot, GuLoader, and BruteRatel C4 (BRc4). The phishing pages, it added, were delivered via RaccoonO365, with one such campaign attributed to an initial access broker called Storm-0249.

The phishing campaigns have targeted over 2,300 organizations in the United States, including at least 20 U.S. healthcare entities.

“Using RaccoonO365’s services, customers can input up to 9,000 target email addresses per day and employ sophisticated techniques to circumvent multi-factor authentication protections to steal user credentials and gain persistent access to victims’ systems,” Microsoft said.

“Most recently, the group started advertising a new AI-powered service, RaccoonO365 AI-MailCheck, designed to scale operations and increase the sophistication – and effectiveness – of attacks.”

The mastermind behind RaccoonO365 is assessed to be Joshua Ogundipe, an individual based in Nigeria, who, along with his associates, has advertised the tool on an 850-member strong Telegram channel, receiving no less than $100,000 in cryptocurrency payments. The e-crime group is believed to have sold about 100-200 subscriptions, although Microsoft cautioned it’s likely an underestimate.

The tech giant said it was able to make the attribution courtesy of an operational security lapse that inadvertently exposed a secret cryptocurrency wallet. Ogundipe and four other co-conspirators currently remain at large, but Microsoft noted that a criminal referral for Ogundipe has been sent to international law enforcement.

Cloudflare, in its own analysis of the PhaaS service, said the takedown of hundreds of domains and Worker accounts is aimed at increasing operational costs and sending a warning to other malicious actors who may abuse its infrastructure for malicious purposes.

Since the disruption, the threat actors have announced that they are “scrapping all legacy RaccoonO365 links,” urging their customers who paid for a 1-month subscription to switch to a new plan. The group also said it will compensate those affected by offering “one extra week of subscription” following the upgrade.

The “response represents a strategic shift from reactive, single-domain takedowns to a proactive, large-scale disruption aimed at dismantling the actor’s operational infrastructure on our platform,” Cloudflare said.

Sep 17, 2025Ravie LakshmananData Breach / Cybercrime

The U.S. Department of Justice (DoJ) on Tuesday resentenced the former administrator of BreachForums to three years in prison in connection with his role in running the cybercrime forum and possessing child sexual abuse material (CSAM).

Conor Brian Fitzpatrick (aka Pompompurin), 22, of Peekskill, New York, pleaded guilty to one count of access device conspiracy, one count of access device solicitation, and one count of possession of child sexual abuse material. Fitzpatrick was initially arrested in March 2023 and pleaded guilty later that July.

As part of the plea agreement, Fitzpatrick is also said to have agreed to forfeit over 100 domain names used in the operation of BreachForums, over a dozen electronic devices used to execute the scheme, and cryptocurrency that represented the illicit proceeds of the operation.

“Conor Fitzpatrick personally profited from the sale of vast quantities of stolen information, ranging from private personal information to commercial data,” said U.S. Attorney Erik S. Siebert for the Eastern District of Virginia.

“These crimes were so extensive that the damage is difficult to quantify, and the human cost of his collection of child sexual abuse material is incalculable. We will not allow criminals to hide in the darkest corners of the internet and will use all legal means to bring them to justice.”

The resentencing comes after the U.S. Court of Appeals for the Fourth Circuit issued an opinion on January 21, 2025, vacating Fitzpatrick’s prior sentence of 17-day time served and remanding the case for resentencing. Fitzpatrick was previously sentenced to time served and 20 years of supervised release for his role as the creator and administrator of BreachForums in January 2024.

BreachForums, launched in March 2022 following the dismantlement of RaidForums by law enforcement, is a criminal marketplace that allows bad actors to buy, sell, and trade stolen data associated with high-profile companies across the world. The forum is estimated to have had 330,000 members at its peak and held more than 14 billion individual records.

The hacker market has since been relaunched a number of times despite numerous efforts to shut it down, cropping up under a revolving door of new domains. In July 2024, the whole database of the original BreachForums was leaked online, exposing members’ information.

Then last month, ShinyHunters, which took over the reins after Baphomet’s arrest in 2023, claimed that the notorious cybercrime marketplace had been compromised and was under the control of international law enforcement agencies. As of writing, the copycat forum has gone offline on its latest domain, stating they have “decided to go dark” along with 14 other e-crime groups, including LAPSUS$ and Scattered Spider.

Microsoft’s Digital Crimes Unit said it teamed up with Cloudflare to coordinate the seizure of 338 domains used by RaccoonO365, a financially motivated threat group that was behind a phishing-as-a-service (Phaas) toolkit used to steal more than 5,000 Microsoft 365 credentials from 94 countries since July 2024.

“Using a court order granted by the Southern District of New York, the DCU seized 338 websites associated with the popular service, disrupting the operation’s technical infrastructure and cutting off criminals’ access to victims,” Steven Masada, assistant general counsel at DCU, said.

“This case shows that cybercriminals don’t need to be sophisticated to cause widespread harm – simple tools like RaccoonO365 make cybercrime accessible to virtually anyone, putting millions of users at risk.”

The initial phase of the Cloudflare takedown commenced on September 2, 2025, with additional actions occurring on September 3 and September 4. This included banning all identified domains, placing interstitial “phish warning” pages in front of them, terminating the associated Workers scripts, and suspending the user accounts. The efforts were completed on September 8.

Tracked by the Windows maker under the name Storm-2246, RaccoonO365 is marketed to other cybercriminals under a subscription model, allowing them to mount phishing and credential harvesting attacks at scale with little to no technical expertise. A 30-day plan costs $355, and a 90-day plan is priced at $999.

The operators also claim that the tool is hosted on bulletproof virtual private servers with no hidden backdoors (unlike, say, BulletProofLink), and that it’s “built for serious players only – no low-budget freeloaders.”

According to Morado, campaigns using RaccoonO365 have been active since September 2024. These attacks typically mimic trusted brands like Microsoft, DocuSign, SharePoint, Adobe, and Maersk in fraudulent emails, tricking them into clicking on lookalike pages that are designed to capture victims’ Microsoft 365 usernames and passwords. The phishing emails are often a precursor to malware and ransomware.

The most troubling aspect, from a defender’s standpoint, is the use of legitimate tools like Cloudflare Turnstile as a CAPTCHA, as well as implementing bot and automation detection using a Cloudflare Workers script to protect their phishing pages, thereby making sure that only intended targets of the attack can access and interact with them.

Earlier this April, the Redmond-based company warned of several phishing campaigns leveraging tax-related themes to deploy malware such as Latrodectus, AHKBot, GuLoader, and BruteRatel C4 (BRc4). The phishing pages, it added, were delivered via RaccoonO365, with one such campaign attributed to an initial access broker called Storm-0249.

The phishing campaigns have targeted over 2,300 organizations in the United States, including at least 20 U.S. healthcare entities.

“Using RaccoonO365’s services, customers can input up to 9,000 target email addresses per day and employ sophisticated techniques to circumvent multi-factor authentication protections to steal user credentials and gain persistent access to victims’ systems,” Microsoft said.

“Most recently, the group started advertising a new AI-powered service, RaccoonO365 AI-MailCheck, designed to scale operations and increase the sophistication – and effectiveness – of attacks.”

The mastermind behind RaccoonO365 is assessed to be Joshua Ogundipe, an individual based in Nigeria, who, along with his associates, has advertised the tool on an 850-member strong Telegram channel, receiving no less than $100,000 in cryptocurrency payments. The e-crime group is believed to have sold about 100-200 subscriptions, although Microsoft cautioned it’s likely an underestimate.

The tech giant said it was able to make the attribution courtesy of an operational security lapse that inadvertently exposed a secret cryptocurrency wallet. Ogundipe and four other co-conspirators currently remain at large, but Microsoft noted that a criminal referral for Ogundipe has been sent to international law enforcement.

Cloudflare, in its own analysis of the PhaaS service, said the takedown of hundreds of domains and Worker accounts is aimed at increasing operational costs and sending a warning to other malicious actors who may abuse its infrastructure for malicious purposes.

Since the disruption, the threat actors have announced that they are “scrapping all legacy RaccoonO365 links,” urging their customers who paid for a 1-month subscription to switch to a new plan. The group also said it will compensate those affected by offering “one extra week of subscription” following the upgrade.

The “response represents a strategic shift from reactive, single-domain takedowns to a proactive, large-scale disruption aimed at dismantling the actor’s operational infrastructure on our platform,” Cloudflare said.

Cybersecurity researchers have flagged a fresh software supply chain attack targeting the npm registry that has affected more than 40 packages that belong to multiple maintainers.

“The compromised versions include a function (NpmModule.updatePackage) that downloads a package tarball, modifies package.json, injects a local script (bundle.js), repacks the archive, and republishes it, enabling automatic trojanization of downstream packages,” supply chain security company Socket said.

The end goal of the campaign is to search developer machines for secrets using TruffleHog’s credential scanner and transmit them to an external server under the attacker’s control. The attack is capable of targeting both Windows and Linux systems.

The following packages have been identified as impacted by the incident –

• angulartics2@14.1.2
• @ctrl/deluge@7.2.2
• @ctrl/golang-template@1.4.3
• @ctrl/magnet-link@4.0.4
• @ctrl/ngx-codemirror@7.0.2
• @ctrl/ngx-csv@6.0.2
• @ctrl/ngx-emoji-mart@9.2.2
• @ctrl/ngx-rightclick@4.0.2
• @ctrl/qbittorrent@9.7.2
• @ctrl/react-adsense@2.0.2
• @ctrl/shared-torrent@6.3.2
• @ctrl/tinycolor@4.1.1, @4.1.2
• @ctrl/torrent-file@4.1.2
• @ctrl/transmission@7.3.1
• @ctrl/ts-base32@4.0.2
• encounter-playground@0.0.5
• json-rules-engine-simplified@0.2.4, 0.2.1
• koa2-swagger-ui@5.11.2, 5.11.1
• @nativescript-community/gesturehandler@2.0.35
• @nativescript-community/sentry 4.6.43
• @nativescript-community/text@1.6.13
• @nativescript-community/ui-collectionview@6.0.6
• @nativescript-community/ui-drawer@0.1.30
• @nativescript-community/ui-image@4.5.6
• @nativescript-community/ui-material-bottomsheet@7.2.72
• @nativescript-community/ui-material-core@7.2.76
• @nativescript-community/ui-material-core-tabs@7.2.76
• ngx-color@10.0.2
• ngx-toastr@19.0.2
• ngx-trend@8.0.1
• react-complaint-image@0.0.35
• react-jsonschema-form-conditionals@0.3.21
• react-jsonschema-form-extras@1.0.4
• rxnt-authentication@0.0.6
• rxnt-healthchecks-nestjs@1.0.5
• rxnt-kue@1.0.7
• swc-plugin-component-annotate@1.9.2
• ts-gaussian@3.0.6

The malicious JavaScript code (“bundle.js”) injected into each of the trojanized package is designed to download and run TruffleHog, a legitimate secret scanning tool, using it to scan the host for tokens and cloud credentials, such as GITHUB_TOKEN, NPM_TOKEN, AWS_ACCESS_KEY_ID, and AWS_SECRET_ACCESS_KEY.

“It validates npm tokens with the whoami endpoint, and it interacts with GitHub APIs when a token is available,” Socket said. “It also attempts cloud metadata discovery that can leak short-lived credentials inside cloud build agents.”

The script then abuses the developer’s credentials (i.e., the GitHub personal access tokens) to create a GitHub Actions workflow in .github/workflows, and exfiltrates the collected data to a webhook[.]site endpoint.

Developers are advised to audit their environments and rotate npm tokens and other exposed secrets if the aforementioned packages are present with publishing credentials.

“The workflow that it writes to repositories persists beyond the initial host,” the company noted. “Once committed, any future CI run can trigger the exfiltration step from within the pipeline where sensitive secrets and artifacts are available by design.”

StepSecurity, which also shared details of the campaign, said the attack demonstrates a concerning evolution in supply chain threats, given that the malware includes a self-propagating mechanism enabling automatic infection of downstream packages. This behavior creates a “cascading compromise across the ecosystem.”

More Packages Impacted

The ongoing npm supply chain incident, codenamed Shai-Hulud attack, has also leveraged the “crowdstrike-publisher” npm account to publish several trojanized packages –

• @crowdstrike/commitlint@8.1.1, 8.1.2
• @crowdstrike/falcon-shoelace@0.4.2
• @crowdstrike/foundry-js@0.19.2
• @crowdstrike/glide-core@0.34.2, 0.34.3
• @crowdstrike/logscale-dashboard@1.205.2
• @crowdstrike/logscale-file-editor@1.205.2
• @crowdstrike/logscale-parser-edit@1.205.1, 1.205.2
• @crowdstrike/logscale-search@1.205.2
• @crowdstrike/tailwind-toucan-base@5.0.2
• browser-webdriver-downloader@3.0.8
• ember-browser-services@5.0.3
• ember-headless-form-yup@1.0.1
• ember-headless-form@1.1.3
• ember-headless-table@2.1.6
• ember-url-hash-polyfill@1.0.13
• ember-velcro@2.2.2
• eslint-config-crowdstrike-node@4.0.4
• eslint-config-crowdstrike@11.0.3
• monorepo-next@13.0.2
• remark-preset-lint-crowdstrike@4.0.2
• verror-extra@6.0.1
• yargs-help-output@5.0.3

“After detecting several malicious Node Package Manager (npm) packages in the public npm registry, a third-party open source repository, we swiftly removed them and proactively rotated our keys in public registries,” a CrowdStrike spokesperson told The Hacker News.

“These packages are not used in the Falcon sensor, the platform is not impacted and customers remain protected. We are working with npm and conducting a thorough investigation.”

The OX Security team, in its own analysis said, it found 34 compromised GitHub accounts which contain the ‘Shai-Hulud’ repository, within which there is a “data.json” file containing an encoded JSON with the compromised information the attacker uploaded to the victim’s GitHub account.

Supply chain security company ReversingLabs characterized the incident as a “first of its kind self-replicating worm” compromising npm packages with cloud token stealing malware. The starting point is believed to be rxnt-authentication, a malicious version of which was published on npm on September 14, 2025, at 17:58:50 UTC.

“As a result, the npm maintainer ‘techsupportrxnt’ can be considered Patient Zero for this campaign,” security researcher Karlo Zanki said. “Once infected by Shai-Hulud, npm packages spawn attacks of their own by unknowingly allowing the worm to self-propagate through the packages they maintain.”

“Given the large number of package inter-dependencies in the npm ecosystem, it is difficult to predict who will get compromised next and how far Shai-Hulud could spread. As of this writing, RL has identified hundreds of npm packages that have been compromised by the Shai-Hulud malware.”

Exactly how the “techsupportrxnt” npm account was compromised is key to unlocking the attack’s origin, although the possibility of a phishing email or the exploitation of a vulnerable GitHub action cannot be ruled out, ReversingLabs said.

Besides compromising an npm developer account to trojanize other packages by creating a new versions after injecting the malware into them, the worm-like malware tries to create a public copy of all private repositories belonging to the compromised user in a likely attempt to gain access to secrets hard-coded in those repositories and steal source code.

The newly created repositories get a suffix -migration to their original name, reminiscent of the s1ngularity attack targeting the nx build system late last month.

“The design and functional overlap of the nx campaign with the Shai-Hulud worm we detected is lsignificant,” Zanki said. “What is even more concerning is the automated spreading of malware to the packages maintained by the compromised npm accounts.”

Cloud security firm Wiz has also drawn parallels between the two activity clusters, assessing the latest campaign to be “directly downstream” of the s1ngularity attack. Stating it to be “one of the most severe JavaScript supply chain attacks observed to date,” the company is urging immediate action to remove malicious versions of the packages and upgrade to a clean release.

“One of the most striking features of this attack is that it behaves like a true worm,” Aikido researcher Charlie Eriksen said. “This cycle allows the malware to continuously infect every package a maintainer has access to.”

“Each published package becomes a new distribution vector: as soon as someone installs it, the worm executes, replicates, and pushes itself further into the ecosystem. Once a single environment is compromised, the worm automates the spread by piggybacking on the maintainer’s own publishing rights.”

crates.io Phishing Campaign

The disclosure comes as the Rust Security Response Working Group is warning of phishing emails from a typosquatted domain, rustfoundation[.]dev, targeting crates.io users.

The messages, which originate from security@rustfoundation[.]dev, warn recipients of an alleged compromise of the crates.io infrastructure and instruct them to click on an embedded link to rotate their login information so as to “ensure that the attacker cannot modify any packages published by you.”

The rogue link, github.rustfoundation[.]dev, mimics a GitHub login page, indicating a clear attempt on the part of the attackers to capture victims’ credentials. The phishing page is currently inaccessible.

“These emails are malicious and come from a domain name not controlled by the Rust Foundation (nor the Rust Project), seemingly with the purpose of stealing your GitHub credentials,” the Rust Security Response WG said. “We have no evidence of a compromise of the crates.io infrastructure.”

The Rust team also said they are taking steps to monitor any suspicious activity on crates.io, in addition to getting the phishing domain taken down.

Sep 16, 2025Ravie LakshmananVulnerability / Cloud Security

Cybersecurity researchers have disclosed multiple critical security vulnerabilities in Chaos Mesh that, if successfully exploited, could lead to cluster takeover in Kubernetes environments.

“Attackers need only minimal in-cluster network access to exploit these vulnerabilities, execute the platform’s fault injections (such as shutting down pods or disrupting network communications), and perform further malicious actions, including stealing privileged service account tokens,” JFrog said in a report shared with The Hacker News.

Chaos Mesh is an open-source cloud-native Chaos Engineering platform that offers various types of fault simulation and simulates various abnormalities that might occur during the software development lifecycle.

The issues, collectively called Chaotic Deputy, are listed below –

• CVE-2025-59358 (CVSS score: 7.5) – The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster, which provides an API to kill arbitrary processes in any Kubernetes pod, leading to cluster-wide denial-of-service
• CVE-2025-59359 (CVSS score: 9.8) – The cleanTcs mutation in Chaos Controller Manager is vulnerable to operating system command injection
• CVE-2025-59360 (CVSS score: 9.8) – The killProcesses mutation in Chaos Controller Manager is vulnerable to operating system command injection
• CVE-2025-59361 (CVSS score: 9.8) – The cleanIptables mutation in Chaos Controller Manager is vulnerable to operating system command injection

An in-cluster attacker, i.e., a threat actor with initial access to the cluster’s network, could chain CVE-2025-59359, CVE-2025-59360, CVE-2025-59361, or with CVE-2025-59358 to perform remote code execution across the cluster, even in the default configuration of Chaos Mesh.

JFrog said the vulnerabilities stem from insufficient authentication mechanisms within the Chaos Controller Manager’s GraphQL server, allowing unauthenticated attackers to run arbitrary commands on the Chaos Daemon, resulting in cluster takeover.

Threat actors could then leverage the access to potentially exfiltrate sensitive data, disrupt critical services, or even move laterally across the cluster to escalate privileges.

Following responsible disclosure on May 6, 2025, all the identified shortcomings were addressed by Chaos Mesh with the release of version 2.7.3 on August 21.

Users are advised to update their installations to the latest version as soon as possible. If immediate patching is not an option, it’s recommended to restrict network traffic to the Chaos Mesh daemon and API server, and avoid running Chaos Mesh in open or loosely secured environments.

Cybersecurity researchers have flagged a fresh software supply chain attack targeting the npm registry that has affected more than 40 packages that belong to multiple maintainers.

“The compromised versions include a function (NpmModule.updatePackage) that downloads a package tarball, modifies package.json, injects a local script (bundle.js), repacks the archive, and republishes it, enabling automatic trojanization of downstream packages,” supply chain security company Socket said.

The end goal of the campaign is to search developer machines for secrets using TruffleHog’s credential scanner and transmit them to an external server under the attacker’s control. The attack is capable of targeting both Windows and Linux systems.

The following packages have been identified as impacted by the incident –

• angulartics2@14.1.2
• @ctrl/deluge@7.2.2
• @ctrl/golang-template@1.4.3
• @ctrl/magnet-link@4.0.4
• @ctrl/ngx-codemirror@7.0.2
• @ctrl/ngx-csv@6.0.2
• @ctrl/ngx-emoji-mart@9.2.2
• @ctrl/ngx-rightclick@4.0.2
• @ctrl/qbittorrent@9.7.2
• @ctrl/react-adsense@2.0.2
• @ctrl/shared-torrent@6.3.2
• @ctrl/tinycolor@4.1.1, @4.1.2
• @ctrl/torrent-file@4.1.2
• @ctrl/transmission@7.3.1
• @ctrl/ts-base32@4.0.2
• encounter-playground@0.0.5
• json-rules-engine-simplified@0.2.4, 0.2.1
• koa2-swagger-ui@5.11.2, 5.11.1
• @nativescript-community/gesturehandler@2.0.35
• @nativescript-community/sentry 4.6.43
• @nativescript-community/text@1.6.13
• @nativescript-community/ui-collectionview@6.0.6
• @nativescript-community/ui-drawer@0.1.30
• @nativescript-community/ui-image@4.5.6
• @nativescript-community/ui-material-bottomsheet@7.2.72
• @nativescript-community/ui-material-core@7.2.76
• @nativescript-community/ui-material-core-tabs@7.2.76
• ngx-color@10.0.2
• ngx-toastr@19.0.2
• ngx-trend@8.0.1
• react-complaint-image@0.0.35
• react-jsonschema-form-conditionals@0.3.21
• react-jsonschema-form-extras@1.0.4
• rxnt-authentication@0.0.6
• rxnt-healthchecks-nestjs@1.0.5
• rxnt-kue@1.0.7
• swc-plugin-component-annotate@1.9.2
• ts-gaussian@3.0.6

The malicious JavaScript code (“bundle.js”) injected into each of the trojanized package is designed to download and run TruffleHog, a legitimate secret scanning tool, using it to scan the host for tokens and cloud credentials, such as GITHUB_TOKEN, NPM_TOKEN, AWS_ACCESS_KEY_ID, and AWS_SECRET_ACCESS_KEY.

“It validates npm tokens with the whoami endpoint, and it interacts with GitHub APIs when a token is available,” Socket said. “It also attempts cloud metadata discovery that can leak short-lived credentials inside cloud build agents.”

The script then abuses the developer’s credentials (i.e., the GitHub personal access tokens) to create a GitHub Actions workflow in .github/workflows, and exfiltrates the collected data to a webhook[.]site endpoint.

Developers are advised to audit their environments and rotate npm tokens and other exposed secrets if the aforementioned packages are present with publishing credentials.

“The workflow that it writes to repositories persists beyond the initial host,” the company noted. “Once committed, any future CI run can trigger the exfiltration step from within the pipeline where sensitive secrets and artifacts are available by design.”

StepSecurity, which also shared details of the campaign, said the attack demonstrates a concerning evolution in supply chain threats, given that the malware includes a self-propagating mechanism enabling automatic infection of downstream packages. This behavior creates a “cascading compromise across the ecosystem.”

More Packages Impacted

The ongoing npm supply chain incident, codenamed Shai-Hulud attack, has also leveraged the “crowdstrike-publisher” npm account to publish several trojanized packages –

• @crowdstrike/commitlint@8.1.1, 8.1.2
• @crowdstrike/falcon-shoelace@0.4.2
• @crowdstrike/foundry-js@0.19.2
• @crowdstrike/glide-core@0.34.2, 0.34.3
• @crowdstrike/logscale-dashboard@1.205.2
• @crowdstrike/logscale-file-editor@1.205.2
• @crowdstrike/logscale-parser-edit@1.205.1, 1.205.2
• @crowdstrike/logscale-search@1.205.2
• @crowdstrike/tailwind-toucan-base@5.0.2
• browser-webdriver-downloader@3.0.8
• ember-browser-services@5.0.3
• ember-headless-form-yup@1.0.1
• ember-headless-form@1.1.3
• ember-headless-table@2.1.6
• ember-url-hash-polyfill@1.0.13
• ember-velcro@2.2.2
• eslint-config-crowdstrike-node@4.0.4
• eslint-config-crowdstrike@11.0.3
• monorepo-next@13.0.2
• remark-preset-lint-crowdstrike@4.0.2
• verror-extra@6.0.1
• yargs-help-output@5.0.3

“After detecting several malicious Node Package Manager (npm) packages in the public npm registry, a third-party open source repository, we swiftly removed them and proactively rotated our keys in public registries,” a CrowdStrike spokesperson told The Hacker News.

“These packages are not used in the Falcon sensor, the platform is not impacted and customers remain protected. We are working with npm and conducting a thorough investigation.”

The OX Security team, in its own analysis said, it found 34 compromised GitHub accounts which contain the ‘Shai-Hulud’ repository, within which there is a “data.json” file containing an encoded JSON with the compromised information the attacker uploaded to the victim’s GitHub account.

Supply chain security company ReversingLabs characterized the incident as a “first of its kind self-replicating worm” compromising npm packages with cloud token stealing malware. The starting point is believed to be rxnt-authentication, a malicious version of which was published on npm on September 14, 2025, at 17:58:50 UTC.

“As a result, the npm maintainer ‘techsupportrxnt’ can be considered Patient Zero for this campaign,” security researcher Karlo Zanki said. “Once infected by Shai-Hulud, npm packages spawn attacks of their own by unknowingly allowing the worm to self-propagate through the packages they maintain.”

“Given the large number of package inter-dependencies in the npm ecosystem, it is difficult to predict who will get compromised next and how far Shai-Hulud could spread. As of this writing, RL has identified hundreds of npm packages that have been compromised by the Shai-Hulud malware.”

Exactly how the “techsupportrxnt” npm account was compromised is key to unlocking the attack’s origin, although the possibility of a phishing email or the exploitation of a vulnerable GitHub action cannot be ruled out, ReversingLabs said.

Besides compromising an npm developer account to trojanize other packages by creating a new versions after injecting the malware into them, the worm-like malware tries to create a public copy of all private repositories belonging to the compromised user in a likely attempt to gain access to secrets hard-coded in those repositories and steal source code.

The newly created repositories get a suffix -migration to their original name, reminiscent of the s1ngularity attack targeting the nx build system late last month.

“The design and functional overlap of the nx campaign with the Shai-Hulud worm we detected is lsignificant,” Zanki said. “What is even more concerning is the automated spreading of malware to the packages maintained by the compromised npm accounts.”

Cloud security firm Wiz has also drawn parallels between the two activity clusters, assessing the latest campaign to be “directly downstream” of the s1ngularity attack. Stating it to be “one of the most severe JavaScript supply chain attacks observed to date,” the company is urging immediate action to remove malicious versions of the packages and upgrade to a clean release.

crates.io Phishing Campaign

The disclosure comes as the Rust Security Response Working Group is warning of phishing emails from a typosquatted domain, rustfoundation[.]dev, targeting crates.io users.

The messages, which originate from security@rustfoundation[.]dev, warn recipients of an alleged compromise of the crates.io infrastructure and instruct them to click on an embedded link to rotate their login information so as to “ensure that the attacker cannot modify any packages published by you.”

The rogue link, github.rustfoundation[.]dev, mimics a GitHub login page, indicating a clear attempt on the part of the attackers to capture victims’ credentials. The phishing page is currently inaccessible.

“These emails are malicious and come from a domain name not controlled by the Rust Foundation (nor the Rust Project), seemingly with the purpose of stealing your GitHub credentials,” the Rust Security Response WG said. “We have no evidence of a compromise of the crates.io infrastructure.”

The Rust team also said they are taking steps to monitor any suspicious activity on crates.io, in addition to getting the phishing domain taken down.

Sep 16, 2025Ravie LakshmananAd Fraud / Mobile Security

A massive ad fraud and click fraud operation dubbed SlopAds ran a cluster of 224 apps, collectively attracting 38 million downloads across 228 countries and territories.

“These apps deliver their fraud payload using steganography and create hidden WebViews to navigate to threat actor-owned cashout sites, generating fraudulent ad impressions and clicks,” HUMAN’s Satori Threat Intelligence and Research Team said in a report shared with The Hacker News.

The name “SlopAds” is a nod to the likely mass-produced nature of the apps and the use of artificial intelligence (AI)-themed services like StableDiffusion, AIGuide, and ChatGLM hosted by the threat actor on the command-and-control (C2) server.

The company said the campaign accounted for 2.3 billion bid requests a day at its peak, with traffic from SlopAds apps mainly originating from the U.S. (30%), India (10%), and Brazil (7%). Google has since removed all the offending apps from the Play Store, effectively disrupting the threat.

What makes the activity stand out is that when a SlopAds-associated app is downloaded, it queries a mobile marketing attribution SDK to check if it was downloaded directly from the Play Store (i.e., organically) or if it was the result of a user clicking on an ad that redirected them to the Play Store listing (i.e., non-organically).

The fraudulent behavior is initiated only in scenarios where the app was downloaded following an ad click, causing it to download the ad fraud module, FatModule, from the C2 server. On the other hand, if it was originally installed, the app behaves as advertised on the app store page.

“From developing and publishing apps that only commit fraud under certain circumstances to adding layer upon layer of obfuscation, SlopAds reinforces the notion that threats to the digital advertising ecosystem are only growing in sophistication,” HUMAN researchers said.

“This tactic creates a more complete feedback loop for the threat actors, triggering fraud only if they have reason to believe the device isn’t being examined by security researchers. It blends malicious traffic into legitimate campaign data, complicating detection.”

The FatModule is delivered by means of four PNG image files that conceal the APK, which is then decrypted and reassembled to gather device and browser information, as well as conduct ad fraud using hidden WebViews.

“One cashout mechanism for SlopAds is through HTML5 (H5) game and news websites owned by the threat actors,” HUMAN researchers said. “These game sites show ads frequently, and since the WebView in which the sites are loaded is hidden, the sites can monetize numerous ad impressions and clicks before the WebView closes.”

Domains promoting SlopAds apps have been found to link back to another domain, ad2[.]cc, which serves as the Tier-2 C2 server. In all, an estimated 300 domains advertising such apps have been identified.

The development comes a little over two months after HUMAN flagged another set of 352 Android apps as part of an ad fraud scheme codenamed IconAds.

“SlopAds highlights the evolving sophistication of mobile ad fraud, including stealthy, conditional fraud execution and rapid scaling capabilities,” Gavin Reid, CISO at HUMAN, said.

Sep 16, 2025Ravie LakshmananMalware / Social Engineering

Cybersecurity researchers have warned of a new campaign that’s leveraging a variant of the FileFix social engineering tactic to deliver the StealC information stealer malware.

“The observed campaign uses a highly convincing, multilingual phishing site (e.g., fake Facebook Security page), with anti-analysis techniques and advanced obfuscation to evade detection,” Acronis security researcher Eliad Kimhy said in a report shared with The Hacker News.

At a high level, the attack chain involves the use of FileFix to entice users into launching an initial payload that then proceeds to download seemingly innocuous images containing the malicious components from a Bitbucket repository. This allows the attackers to abuse the trust associated with a legitimate source code hosting platform to bypass detection.

FileFix, first documented by security researcher mrd0x as a proof-of-concept (PoC) in June 2025, is a little different from ClickFix in that it eschews the need for users to launch the Windows Run dialog and paste an already copied obfuscated command to complete bogus CAPTCHA verification checks on phishing pages set up for this purpose.

Instead, it leverages a web browser’s file upload feature to deceive users into copying and pasting a command on the File Explorer’s address bar, causing it to be executed locally on the victim’s machine.

The attack commences with a phishing site to which the victim is likely redirected from an email message that warns recipients of potential suspension of their Facebook accounts after a week, claiming the shared posts or messages violate its policies. Users are then asked to appeal the decision by clicking on a button.

The phishing page is not only heavily obfuscated, but also resorts to techniques like junk code and fragmentation to hinder analysis efforts.

The FileFix attack comes into play once the button is clicked, at which point the victim is displayed a message stating they can access a PDF version of the supposed policy violation by copying and pasting a path to the document in the File Explorer’s address bar.

While the path provided in the instruction is completely harmless, a malicious command is surreptitiously copied to the user’s clipboard when they click on the button in the page to open File Explorer. This command is a multi-stage PowerShell script that downloads the aforementioned image, decodes it into the next-stage payload, and ultimately runs a Go-based loader that unpacks shellcode responsible for launching StealC.

FileFix also offers a crucial advantage over ClickFix, as it abuses a widely used browser feature as opposed to opening the Run dialog (or the Terminal app in case of Apple macOS), which could be blocked by a system administrator as a security measure.

“On the other hand, one of the things that makes ClickFix so challenging to detect in the first place is that it is spawned from Explorer.exe via the run dialog, or directly from a terminal, whereas with FileFix, the payload is executed by the web browser used by the victim, which is far more likely to stand out in an investigation or to a security product,” Acronis said.

“The adversary behind this attack demonstrated significant investment in tradecraft, carefully engineering the phishing infrastructure, payload delivery and supporting elements to maximize both evasion and impact.”

The disclosure comes as Doppel detailed another campaign that has been observed using a combination of fake support portals, Cloudflare CAPTCHA error pages, and clipboard hijacking — i.e., ClickFix — to socially engineer victims into running malicious PowerShell code that downloads and runs an AutoHotkey (AHK) script.

The script is designed to profile the compromised host and deliver additional payloads, including AnyDesk, TeamViewer, information stealers, and clipper malware.

The cybersecurity company said it also observed other variants of the activity where victims are guided to run an MSHTA command pointing to a lookalike Google domain (“wl.google-587262[.]com”), which then retrieves and executes a remote malicious script.

“AHK is a Windows-based scripting language originally designed for automating repetitive tasks like keystrokes and mouse clicks,” Doppel security researcher Aarsh Jawa noted.

“While it’s long been popular among power users and system admins for its simplicity and flexibility, threat actors began weaponizing AHK around 2019 to create lightweight malware droppers and info-stealers. These malicious scripts often masquerade as benign automation tools or support utilities.”

Sep 16, 2025The Hacker NewsAI Security / Enterprise Security

AI agents are rapidly becoming a core part of the enterprise, being embedded across enterprise workflows, operating with autonomy, and making decisions about which systems to access and how to use them. But as agents grow in power and autonomy, so do the risks and threats.

Recent studies show 80% of companies have already experienced unintended AI agent actions, from unauthorized system access to data leaks. These incidents aren’t edge cases. They are the inevitable outcome of deploying AI agents at scale without purpose-built security mechanisms. Traditional IAM wasn’t designed for this. Agents move too fast, operate 24/7, while relying on non-human identities (NHIs) to define precisely what they can and can’t do.

How can organizations possibly secure what they cannot see or control? To address this challenge, a new approach is needed—one that enables secure-by-design AI agent deployment across the enterprise.

Enter: Astrix’s Agent Control Plane (ACP)

Astrix’s AI Agent Control Plane (ACP), is the industry’s first solution designed to deploy secure-by-design AI agents across the enterprise. With ACP, every AI agent receives short-lived, precisely scoped credentials and just-in-time access based on least privilege principles, eliminating access chaos and reducing compliance risk.

ACP delivers three core benefits:

1. Audits are fast and predictable – Clear ownership and tracked activity trails ensure every agent action is governed and easy to validate.
2. Secure access for AI agents – Least-privilege, just-in-time credentials from day one keep access tight and risk low.
3. Developer productivity – Policy-driven, pre-approved access lets developers spin up agents quickly, with streamlined approvals to cut delays and keep work moving.

How it works

• Pre-define policies: Security admins create granular, least-privilege permission profiles tailored to specific AI agent use cases.

• Deploy agents: Developers launch AI agents from their preferred tools, applying the appropriate pre-approved permission profile.

• Centralize control: Once deployed, every agent is visible in Astrix’s inventory with its policies attached, enabling real-time monitoring, management, and adjustments.

What changes when you adopt an ACP

• For security teams: Central visibility of every agent, every permission, and every action. Instant revoke. Evidence on demand.
• For developers: A straightforward API or CLI to request policy-compliant access. Guardrails that keep velocity high and risk low.
• For leadership: Faster time from idea to safely deployed agent, shorter audit cycles, and measurable reduction in incident blast radius.

Discover, Secure, and Deploy AI Agents Responsibly

With the introduction of ACP, Astrix now delivers the industry’s first end-to-end enterprise solution for AI agent security. Our Discover–Secure–Deploy framework enables you to gain visibility, establish security guardrails, and confidently deploy agents at scale.

• Discover: Gain visibility into every AI agent along with its associated NHIs and machine credentials — including API keys, service accounts, secrets, and more.

• Secure: Identify and remediate excessive privileges, vulnerable configurations, abnormal activity, and policy violations.

• Deploy: Safely roll out secure-by-design AI agents with Zero Trust access policies, just-in-time credentials, and audit trails enforced through ACP.

This Discover–Secure–Deploy framework helps ensure organizations can unlock the full value of agentic AI — without introducing uncontrolled risk.

Conclusion

AI agents and NHIs are the fastest-growing blind spot, outnumbering employees 100:1 and falling outside traditional IAM. Astrix enables enterprises to discover every AI agent and NHI, secure excessive privileges and real-time threats, and deploy agentic AI safely with secure-by-design guardrails like just-in-time access — allowing organizations to unlock the full value of agentic AI.

Ready to see how you can adopt AI securely and at scale? Schedule a demo to see Astrix in action.

Sep 16, 2025Ravie LakshmananVulnerability / Spyware

Apple on Monday backported fixes for a recently patched security flaw that has been actively exploited in the wild.

The vulnerability in question is CVE-2025-43300 (CVSS score: 8.8), an out-of-bounds write issue in the ImageIO component that could result in memory corruption when processing a malicious image file.

“Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals,” the company said.

Since then, WhatsApp has acknowledged that a vulnerability in its messaging apps for Apple iOS and macOS (CVE-2025-55177, CVSS score: 5.4) had been chained with CVE-2025-43300 as part of highly-targeted spyware attacks aimed at less than 200 individuals.

While the shortcoming was first addressed by the iPhone maker late last month with the release of iOS 18.6.2 and iPadOS 18.6.2, iPadOS 17.7.10, macOS Ventura 13.7.8, macOS Sonoma 14.7.8, and macOS Sequoia 15.6.1, it has also been released for the following older versions –

• iOS 16.7.12 and iPadOS 16.7.12 – iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation
• iOS 15.8.5 and iPadOS 15.8.5 – iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

The updates have been rolled out alongside iOS 26, iPadOS 26, iOS 18.7, iPadOS 18.7, macOS Tahoe 26, macOS Sequoia 15.7, macOS Sonoma 14.8, tvOS 26, visionOS 26, watchOS 26, Safari 26, and Xcode 26, which also address a number of other security flaws –

• CVE-2025-31255 – An authorization vulnerability in IOKit that could allow an app to access sensitive data
• CVE-2025-43362 – A vulnerability in LaunchServices that could allow an app to monitor keystrokes without user permission
• CVE-2025-43329 – A permissions vulnerability in Sandbox that could allow an app to break out of its sandbox
• CVE-2025-31254 – A vulnerability in Safari that could result in unexpected URL redirection when processing maliciously crafted web content
• CVE-2025-43272 – A vulnerability in WebKit that could result in unexpected Safari crash when processing maliciously crafted web content
• CVE-2025-43285 – A permissions vulnerability in AppSandbox that could allow an app to access protected user data
• CVE-2025-43349 – An out-of-bounds write issue in CoreAudio that could result in unexpected app termination when processing a maliciously crafted video file
• CVE-2025-43316 – A permissions vulnerability in DiskArbitration that could allow an app to gain root privileges
• CVE-2025-43297 – A type confusion vulnerability in Power Management that could result in a denial-of-service
• CVE-2025-43204 – A vulnerability in RemoteViewServices that could allow an app to break out of its sandbox
• CVE-2025-43358 – A permissions vulnerability in Shortcuts that could allow a shortcut to bypass sandbox restrictions
• CVE-2025-43333 – A permissions vulnerability in Spotlight that could allow an app to gain root privileges
• CVE-2025-43304 – A race condition vulnerability in StorageKit that could allow an app to gain root privileges
• CVE-2025-48384 – A Git vulnerability in Xcode that could result in remote code execution when cloning a maliciously crafted repository

While there is no evidence that any of the aforementioned flaws have been weaponized in real-world attacks, it’s always a good practice to keep systems up-to-date for optimal protection.