Author: Mark

Cybersecurity researchers have flagged a fresh software supply chain attack targeting the npm registry that has affected more than 40 packages that belong to multiple maintainers.

“The compromised versions include a function (NpmModule.updatePackage) that downloads a package tarball, modifies package.json, injects a local script (bundle.js), repacks the archive, and republishes it, enabling automatic trojanization of downstream packages,” supply chain security company Socket said.

The end goal of the campaign is to search developer machines for secrets using TruffleHog’s credential scanner and transmit them to an external server under the attacker’s control. The attack is capable of targeting both Windows and Linux systems.

The following packages have been identified as impacted by the incident –

• angulartics2@14.1.2
• @ctrl/deluge@7.2.2
• @ctrl/golang-template@1.4.3
• @ctrl/magnet-link@4.0.4
• @ctrl/ngx-codemirror@7.0.2
• @ctrl/ngx-csv@6.0.2
• @ctrl/ngx-emoji-mart@9.2.2
• @ctrl/ngx-rightclick@4.0.2
• @ctrl/qbittorrent@9.7.2
• @ctrl/react-adsense@2.0.2
• @ctrl/shared-torrent@6.3.2
• @ctrl/tinycolor@4.1.1, @4.1.2
• @ctrl/torrent-file@4.1.2
• @ctrl/transmission@7.3.1
• @ctrl/ts-base32@4.0.2
• encounter-playground@0.0.5
• json-rules-engine-simplified@0.2.4, 0.2.1
• koa2-swagger-ui@5.11.2, 5.11.1
• @nativescript-community/gesturehandler@2.0.35
• @nativescript-community/sentry 4.6.43
• @nativescript-community/text@1.6.13
• @nativescript-community/ui-collectionview@6.0.6
• @nativescript-community/ui-drawer@0.1.30
• @nativescript-community/ui-image@4.5.6
• @nativescript-community/ui-material-bottomsheet@7.2.72
• @nativescript-community/ui-material-core@7.2.76
• @nativescript-community/ui-material-core-tabs@7.2.76
• ngx-color@10.0.2
• ngx-toastr@19.0.2
• ngx-trend@8.0.1
• react-complaint-image@0.0.35
• react-jsonschema-form-conditionals@0.3.21
• react-jsonschema-form-extras@1.0.4
• rxnt-authentication@0.0.6
• rxnt-healthchecks-nestjs@1.0.5
• rxnt-kue@1.0.7
• swc-plugin-component-annotate@1.9.2
• ts-gaussian@3.0.6

The malicious JavaScript code (“bundle.js”) injected into each of the trojanized package is designed to download and run TruffleHog, a legitimate secret scanning tool, using it to scan the host for tokens and cloud credentials, such as GITHUB_TOKEN, NPM_TOKEN, AWS_ACCESS_KEY_ID, and AWS_SECRET_ACCESS_KEY.

“It validates npm tokens with the whoami endpoint, and it interacts with GitHub APIs when a token is available,” Socket said. “It also attempts cloud metadata discovery that can leak short-lived credentials inside cloud build agents.”

The script then abuses the developer’s credentials (i.e., the GitHub personal access tokens) to create a GitHub Actions workflow in .github/workflows, and exfiltrates the collected data to a webhook[.]site endpoint.

Developers are advised to audit their environments and rotate npm tokens and other exposed secrets if the aforementioned packages are present with publishing credentials.

“The workflow that it writes to repositories persists beyond the initial host,” the company noted. “Once committed, any future CI run can trigger the exfiltration step from within the pipeline where sensitive secrets and artifacts are available by design.”

StepSecurity, which also shared details of the campaign, said the attack demonstrates a concerning evolution in supply chain threats, given that the malware includes a self-propagating mechanism enabling automatic infection of downstream packages. This behavior creates a “cascading compromise across the ecosystem.”

More Packages Impacted

The ongoing npm supply chain incident, codenamed Shai-Hulud attack, has also leveraged the “crowdstrike-publisher” npm account to publish several trojanized packages –

• @crowdstrike/commitlint@8.1.1, 8.1.2
• @crowdstrike/falcon-shoelace@0.4.2
• @crowdstrike/foundry-js@0.19.2
• @crowdstrike/glide-core@0.34.2, 0.34.3
• @crowdstrike/logscale-dashboard@1.205.2
• @crowdstrike/logscale-file-editor@1.205.2
• @crowdstrike/logscale-parser-edit@1.205.1, 1.205.2
• @crowdstrike/logscale-search@1.205.2
• @crowdstrike/tailwind-toucan-base@5.0.2
• browser-webdriver-downloader@3.0.8
• ember-browser-services@5.0.3
• ember-headless-form-yup@1.0.1
• ember-headless-form@1.1.3
• ember-headless-table@2.1.6
• ember-url-hash-polyfill@1.0.13
• ember-velcro@2.2.2
• eslint-config-crowdstrike-node@4.0.4
• eslint-config-crowdstrike@11.0.3
• monorepo-next@13.0.2
• remark-preset-lint-crowdstrike@4.0.2
• verror-extra@6.0.1
• yargs-help-output@5.0.3

“After detecting several malicious Node Package Manager (npm) packages in the public npm registry, a third-party open source repository, we swiftly removed them and proactively rotated our keys in public registries,” a CrowdStrike spokesperson told The Hacker News.

“These packages are not used in the Falcon sensor, the platform is not impacted and customers remain protected. We are working with npm and conducting a thorough investigation.”

The OX Security team, in its own analysis said, it found 34 compromised GitHub accounts which contain the ‘Shai-Hulud’ repository, within which there is a “data.json” file containing an encoded JSON with the compromised information the attacker uploaded to the victim’s GitHub account.

Supply chain security company ReversingLabs characterized the incident as a “first of its kind self-replicating worm” compromising npm packages with cloud token stealing malware. The starting point is believed to be rxnt-authentication, a malicious version of which was published on npm on September 14, 2025, at 17:58:50 UTC.

“As a result, the npm maintainer ‘techsupportrxnt’ can be considered Patient Zero for this campaign,” security researcher Karlo Zanki said. “Once infected by Shai-Hulud, npm packages spawn attacks of their own by unknowingly allowing the worm to self-propagate through the packages they maintain.”

“Given the large number of package inter-dependencies in the npm ecosystem, it is difficult to predict who will get compromised next and how far Shai-Hulud could spread. As of this writing, RL has identified hundreds of npm packages that have been compromised by the Shai-Hulud malware.”

Exactly how the “techsupportrxnt” npm account was compromised is key to unlocking the attack’s origin, although the possibility of a phishing email or the exploitation of a vulnerable GitHub action cannot be ruled out, ReversingLabs said.

Besides compromising an npm developer account to trojanize other packages by creating a new versions after injecting the malware into them, the worm-like malware tries to create a public copy of all private repositories belonging to the compromised user in a likely attempt to gain access to secrets hard-coded in those repositories and steal source code.

The newly created repositories get a suffix -migration to their original name, reminiscent of the s1ngularity attack targeting the nx build system late last month.

“The design and functional overlap of the nx campaign with the Shai-Hulud worm we detected is lsignificant,” Zanki said. “What is even more concerning is the automated spreading of malware to the packages maintained by the compromised npm accounts.”

Cloud security firm Wiz has also drawn parallels between the two activity clusters, assessing the latest campaign to be “directly downstream” of the s1ngularity attack. Stating it to be “one of the most severe JavaScript supply chain attacks observed to date,” the company is urging immediate action to remove malicious versions of the packages and upgrade to a clean release.

crates.io Phishing Campaign

The disclosure comes as the Rust Security Response Working Group is warning of phishing emails from a typosquatted domain, rustfoundation[.]dev, targeting crates.io users.

The messages, which originate from security@rustfoundation[.]dev, warn recipients of an alleged compromise of the crates.io infrastructure and instruct them to click on an embedded link to rotate their login information so as to “ensure that the attacker cannot modify any packages published by you.”

The rogue link, github.rustfoundation[.]dev, mimics a GitHub login page, indicating a clear attempt on the part of the attackers to capture victims’ credentials. The phishing page is currently inaccessible.

“These emails are malicious and come from a domain name not controlled by the Rust Foundation (nor the Rust Project), seemingly with the purpose of stealing your GitHub credentials,” the Rust Security Response WG said. “We have no evidence of a compromise of the crates.io infrastructure.”

The Rust team also said they are taking steps to monitor any suspicious activity on crates.io, in addition to getting the phishing domain taken down.

Sep 16, 2025Ravie LakshmananAd Fraud / Mobile Security

A massive ad fraud and click fraud operation dubbed SlopAds ran a cluster of 224 apps, collectively attracting 38 million downloads across 228 countries and territories.

“These apps deliver their fraud payload using steganography and create hidden WebViews to navigate to threat actor-owned cashout sites, generating fraudulent ad impressions and clicks,” HUMAN’s Satori Threat Intelligence and Research Team said in a report shared with The Hacker News.

The name “SlopAds” is a nod to the likely mass-produced nature of the apps and the use of artificial intelligence (AI)-themed services like StableDiffusion, AIGuide, and ChatGLM hosted by the threat actor on the command-and-control (C2) server.

The company said the campaign accounted for 2.3 billion bid requests a day at its peak, with traffic from SlopAds apps mainly originating from the U.S. (30%), India (10%), and Brazil (7%). Google has since removed all the offending apps from the Play Store, effectively disrupting the threat.

What makes the activity stand out is that when a SlopAds-associated app is downloaded, it queries a mobile marketing attribution SDK to check if it was downloaded directly from the Play Store (i.e., organically) or if it was the result of a user clicking on an ad that redirected them to the Play Store listing (i.e., non-organically).

The fraudulent behavior is initiated only in scenarios where the app was downloaded following an ad click, causing it to download the ad fraud module, FatModule, from the C2 server. On the other hand, if it was originally installed, the app behaves as advertised on the app store page.

“From developing and publishing apps that only commit fraud under certain circumstances to adding layer upon layer of obfuscation, SlopAds reinforces the notion that threats to the digital advertising ecosystem are only growing in sophistication,” HUMAN researchers said.

“This tactic creates a more complete feedback loop for the threat actors, triggering fraud only if they have reason to believe the device isn’t being examined by security researchers. It blends malicious traffic into legitimate campaign data, complicating detection.”

The FatModule is delivered by means of four PNG image files that conceal the APK, which is then decrypted and reassembled to gather device and browser information, as well as conduct ad fraud using hidden WebViews.

“One cashout mechanism for SlopAds is through HTML5 (H5) game and news websites owned by the threat actors,” HUMAN researchers said. “These game sites show ads frequently, and since the WebView in which the sites are loaded is hidden, the sites can monetize numerous ad impressions and clicks before the WebView closes.”

Domains promoting SlopAds apps have been found to link back to another domain, ad2[.]cc, which serves as the Tier-2 C2 server. In all, an estimated 300 domains advertising such apps have been identified.

The development comes a little over two months after HUMAN flagged another set of 352 Android apps as part of an ad fraud scheme codenamed IconAds.

“SlopAds highlights the evolving sophistication of mobile ad fraud, including stealthy, conditional fraud execution and rapid scaling capabilities,” Gavin Reid, CISO at HUMAN, said.

Sep 16, 2025Ravie LakshmananMalware / Social Engineering

Cybersecurity researchers have warned of a new campaign that’s leveraging a variant of the FileFix social engineering tactic to deliver the StealC information stealer malware.

“The observed campaign uses a highly convincing, multilingual phishing site (e.g., fake Facebook Security page), with anti-analysis techniques and advanced obfuscation to evade detection,” Acronis security researcher Eliad Kimhy said in a report shared with The Hacker News.

At a high level, the attack chain involves the use of FileFix to entice users into launching an initial payload that then proceeds to download seemingly innocuous images containing the malicious components from a Bitbucket repository. This allows the attackers to abuse the trust associated with a legitimate source code hosting platform to bypass detection.

FileFix, first documented by security researcher mrd0x as a proof-of-concept (PoC) in June 2025, is a little different from ClickFix in that it eschews the need for users to launch the Windows Run dialog and paste an already copied obfuscated command to complete bogus CAPTCHA verification checks on phishing pages set up for this purpose.

Instead, it leverages a web browser’s file upload feature to deceive users into copying and pasting a command on the File Explorer’s address bar, causing it to be executed locally on the victim’s machine.

The attack commences with a phishing site to which the victim is likely redirected from an email message that warns recipients of potential suspension of their Facebook accounts after a week, claiming the shared posts or messages violate its policies. Users are then asked to appeal the decision by clicking on a button.

The phishing page is not only heavily obfuscated, but also resorts to techniques like junk code and fragmentation to hinder analysis efforts.

The FileFix attack comes into play once the button is clicked, at which point the victim is displayed a message stating they can access a PDF version of the supposed policy violation by copying and pasting a path to the document in the File Explorer’s address bar.

While the path provided in the instruction is completely harmless, a malicious command is surreptitiously copied to the user’s clipboard when they click on the button in the page to open File Explorer. This command is a multi-stage PowerShell script that downloads the aforementioned image, decodes it into the next-stage payload, and ultimately runs a Go-based loader that unpacks shellcode responsible for launching StealC.

FileFix also offers a crucial advantage over ClickFix, as it abuses a widely used browser feature as opposed to opening the Run dialog (or the Terminal app in case of Apple macOS), which could be blocked by a system administrator as a security measure.

“On the other hand, one of the things that makes ClickFix so challenging to detect in the first place is that it is spawned from Explorer.exe via the run dialog, or directly from a terminal, whereas with FileFix, the payload is executed by the web browser used by the victim, which is far more likely to stand out in an investigation or to a security product,” Acronis said.

“The adversary behind this attack demonstrated significant investment in tradecraft, carefully engineering the phishing infrastructure, payload delivery and supporting elements to maximize both evasion and impact.”

The disclosure comes as Doppel detailed another campaign that has been observed using a combination of fake support portals, Cloudflare CAPTCHA error pages, and clipboard hijacking — i.e., ClickFix — to socially engineer victims into running malicious PowerShell code that downloads and runs an AutoHotkey (AHK) script.

The script is designed to profile the compromised host and deliver additional payloads, including AnyDesk, TeamViewer, information stealers, and clipper malware.

The cybersecurity company said it also observed other variants of the activity where victims are guided to run an MSHTA command pointing to a lookalike Google domain (“wl.google-587262[.]com”), which then retrieves and executes a remote malicious script.

“AHK is a Windows-based scripting language originally designed for automating repetitive tasks like keystrokes and mouse clicks,” Doppel security researcher Aarsh Jawa noted.

“While it’s long been popular among power users and system admins for its simplicity and flexibility, threat actors began weaponizing AHK around 2019 to create lightweight malware droppers and info-stealers. These malicious scripts often masquerade as benign automation tools or support utilities.”

Sep 16, 2025The Hacker NewsAI Security / Enterprise Security

AI agents are rapidly becoming a core part of the enterprise, being embedded across enterprise workflows, operating with autonomy, and making decisions about which systems to access and how to use them. But as agents grow in power and autonomy, so do the risks and threats.

Recent studies show 80% of companies have already experienced unintended AI agent actions, from unauthorized system access to data leaks. These incidents aren’t edge cases. They are the inevitable outcome of deploying AI agents at scale without purpose-built security mechanisms. Traditional IAM wasn’t designed for this. Agents move too fast, operate 24/7, while relying on non-human identities (NHIs) to define precisely what they can and can’t do.

How can organizations possibly secure what they cannot see or control? To address this challenge, a new approach is needed—one that enables secure-by-design AI agent deployment across the enterprise.

Enter: Astrix’s Agent Control Plane (ACP)

Astrix’s AI Agent Control Plane (ACP), is the industry’s first solution designed to deploy secure-by-design AI agents across the enterprise. With ACP, every AI agent receives short-lived, precisely scoped credentials and just-in-time access based on least privilege principles, eliminating access chaos and reducing compliance risk.

ACP delivers three core benefits:

1. Audits are fast and predictable – Clear ownership and tracked activity trails ensure every agent action is governed and easy to validate.
2. Secure access for AI agents – Least-privilege, just-in-time credentials from day one keep access tight and risk low.
3. Developer productivity – Policy-driven, pre-approved access lets developers spin up agents quickly, with streamlined approvals to cut delays and keep work moving.

How it works

• Pre-define policies: Security admins create granular, least-privilege permission profiles tailored to specific AI agent use cases.

• Deploy agents: Developers launch AI agents from their preferred tools, applying the appropriate pre-approved permission profile.

• Centralize control: Once deployed, every agent is visible in Astrix’s inventory with its policies attached, enabling real-time monitoring, management, and adjustments.

What changes when you adopt an ACP

• For security teams: Central visibility of every agent, every permission, and every action. Instant revoke. Evidence on demand.
• For developers: A straightforward API or CLI to request policy-compliant access. Guardrails that keep velocity high and risk low.
• For leadership: Faster time from idea to safely deployed agent, shorter audit cycles, and measurable reduction in incident blast radius.

Discover, Secure, and Deploy AI Agents Responsibly

With the introduction of ACP, Astrix now delivers the industry’s first end-to-end enterprise solution for AI agent security. Our Discover–Secure–Deploy framework enables you to gain visibility, establish security guardrails, and confidently deploy agents at scale.

• Discover: Gain visibility into every AI agent along with its associated NHIs and machine credentials — including API keys, service accounts, secrets, and more.

• Secure: Identify and remediate excessive privileges, vulnerable configurations, abnormal activity, and policy violations.

• Deploy: Safely roll out secure-by-design AI agents with Zero Trust access policies, just-in-time credentials, and audit trails enforced through ACP.

This Discover–Secure–Deploy framework helps ensure organizations can unlock the full value of agentic AI — without introducing uncontrolled risk.

Conclusion

AI agents and NHIs are the fastest-growing blind spot, outnumbering employees 100:1 and falling outside traditional IAM. Astrix enables enterprises to discover every AI agent and NHI, secure excessive privileges and real-time threats, and deploy agentic AI safely with secure-by-design guardrails like just-in-time access — allowing organizations to unlock the full value of agentic AI.

Ready to see how you can adopt AI securely and at scale? Schedule a demo to see Astrix in action.

Sep 16, 2025Ravie LakshmananVulnerability / Spyware

Apple on Monday backported fixes for a recently patched security flaw that has been actively exploited in the wild.

The vulnerability in question is CVE-2025-43300 (CVSS score: 8.8), an out-of-bounds write issue in the ImageIO component that could result in memory corruption when processing a malicious image file.

“Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals,” the company said.

Since then, WhatsApp has acknowledged that a vulnerability in its messaging apps for Apple iOS and macOS (CVE-2025-55177, CVSS score: 5.4) had been chained with CVE-2025-43300 as part of highly-targeted spyware attacks aimed at less than 200 individuals.

While the shortcoming was first addressed by the iPhone maker late last month with the release of iOS 18.6.2 and iPadOS 18.6.2, iPadOS 17.7.10, macOS Ventura 13.7.8, macOS Sonoma 14.7.8, and macOS Sequoia 15.6.1, it has also been released for the following older versions –

• iOS 16.7.12 and iPadOS 16.7.12 – iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation
• iOS 15.8.5 and iPadOS 15.8.5 – iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

The updates have been rolled out alongside iOS 26, iPadOS 26, iOS 18.7, iPadOS 18.7, macOS Tahoe 26, macOS Sequoia 15.7, macOS Sonoma 14.8, tvOS 26, visionOS 26, watchOS 26, Safari 26, and Xcode 26, which also address a number of other security flaws –

• CVE-2025-31255 – An authorization vulnerability in IOKit that could allow an app to access sensitive data
• CVE-2025-43362 – A vulnerability in LaunchServices that could allow an app to monitor keystrokes without user permission
• CVE-2025-43329 – A permissions vulnerability in Sandbox that could allow an app to break out of its sandbox
• CVE-2025-31254 – A vulnerability in Safari that could result in unexpected URL redirection when processing maliciously crafted web content
• CVE-2025-43272 – A vulnerability in WebKit that could result in unexpected Safari crash when processing maliciously crafted web content
• CVE-2025-43285 – A permissions vulnerability in AppSandbox that could allow an app to access protected user data
• CVE-2025-43349 – An out-of-bounds write issue in CoreAudio that could result in unexpected app termination when processing a maliciously crafted video file
• CVE-2025-43316 – A permissions vulnerability in DiskArbitration that could allow an app to gain root privileges
• CVE-2025-43297 – A type confusion vulnerability in Power Management that could result in a denial-of-service
• CVE-2025-43204 – A vulnerability in RemoteViewServices that could allow an app to break out of its sandbox
• CVE-2025-43358 – A permissions vulnerability in Shortcuts that could allow a shortcut to bypass sandbox restrictions
• CVE-2025-43333 – A permissions vulnerability in Spotlight that could allow an app to gain root privileges
• CVE-2025-43304 – A race condition vulnerability in StorageKit that could allow an app to gain root privileges
• CVE-2025-48384 – A Git vulnerability in Xcode that could result in remote code execution when cloning a maliciously crafted repository

While there is no evidence that any of the aforementioned flaws have been weaponized in real-world attacks, it’s always a good practice to keep systems up-to-date for optimal protection.

Sep 16, 2025Ravie LakshmananHardware Security / Vulnerability

A team of academics from ETH Zürich and Google has discovered a new variant of a RowHammer attack targeting Double Data Rate 5 (DDR5) memory chips from South Korean semiconductor vendor SK Hynix.

The RowHammer attack variant, codenamed Phoenix (CVE-2025-6202, CVSS score: 7.1), is capable of bypassing sophisticated protection mechanisms put in place to resist the attack.

“We have proven that reliably triggering RowHammer bit flips on DDR5 devices from SK Hynix is possible on a larger scale,” ETH Zürich said. “We also proved that on-die ECC does not stop RowHammer, and RowHammer end-to-end attacks are still possible with DDR5.”

RowHammer refers to a hardware vulnerability where repeated access of a row of memory in a DRAM chip can trigger bit flips in adjacent rows, resulting in data corruption. This can be subsequently weaponized by bad actors to gain unauthorized access to data, escalate privileges, or even cause a denial-of-service.

Although first demonstrated in 2014, future DRAM chips are more likely to be susceptible to RowHammer attacks as DRAM manufacturers depend on density scaling to increase DRAM capacity.

In a study published by ETH Zürich researchers in 2020, it was found that “newer DRAM chips are more vulnerable to RowHammer: as device feature size reduces, the number of activations needed to induce a RowHammer bit flip also reduces.”

Further research into the subject has demonstrated that the vulnerability has several dimensions to it and that it’s sensitive to several variables, including environmental conditions (temperature and voltage), process variation, stored data patterns, memory access patterns, and memory control policies.

Some of the primary mitigations for RowHammer attacks include Error Correction Code (ECC) and Target Row Refresh (TRR). However, these countermeasures have been proven to be ineffective against more sophisticated attacks like TRRespass, SMASH, Half-Double, and Blacksmith.

The latest findings from ETH Zürich and Google show that it’s possible to bypass advanced TRR defenses on DDR5 memory, opening the door for what the researchers call the “first-ever RowHammer privilege escalation exploit on a standard, production-grade desktop system equipped with DDR5 memory.”

In other words, the end result is a privilege escalation exploit that obtains root on a DDR5 system with default settings in as little as 109 seconds. Specifically, the attack takes advantage of the fact that mitigation does not sample certain refresh intervals to flip bits on all 15 DDR5 memory chips in the test pool that were produced between 2021 and 2024.

Potential exploitation scenarios involving these bit flips allow for targeting RSA-2048 keys of a co-located virtual machine to break SSH authentication, as well as using the sudo binary to escalate local privileges to the root user.

“As DRAM devices in the wild cannot be updated, they will remain vulnerable for many years,” the researchers said. “We recommend increasing the refresh rate to 3x, which stopped Phoenix from triggering bit flips on our test systems.”

The disclosure comes weeks after research teams from George Mason University and Georgia Institute of Technology detailed two different RowHammer attacks called OneFlip and ECC.fail, respectively.

While OneFlip revolves around triggering a single bit flip to alter Deep Neural Network (DNN) model weights and activate unintended behavior, ECC.fail is described as the first end-to-end RowHammer attack that’s effective against DDR4 server machines with ECC memory.

“Unlike their PC counterparts, servers have extra protections against memory data corruptions (e.g., RowHammer or cosmic ray bit flips), in the form of error correcting codes,” the researchers said. “These can detect bit flips in memory, and even potentially correct them. ECC.fail bypasses these protections by carefully inducing RowHammer bit flips at certain memory locations.”

Sep 16, 2025Ravie LakshmananMalware / Cyber Attack

Cybersecurity researchers have flagged a fresh software supply chain attack targeting the npm registry that has affected more than 40 packages that belong to multiple maintainers.

“The compromised versions include a function (NpmModule.updatePackage) that downloads a package tarball, modifies package.json, injects a local script (bundle.js), repacks the archive, and republishes it, enabling automatic trojanization of downstream packages,” supply chain security company Socket said.

The end goal of the campaign is to search developer machines for secrets using TruffleHog’s credential scanner and transmit them to an external server under the attacker’s control. The attack is capable of targeting both Windows and Linux systems.

The following packages have been identified as impacted by the incident –

• angulartics2@14.1.2
• @ctrl/deluge@7.2.2
• @ctrl/golang-template@1.4.3
• @ctrl/magnet-link@4.0.4
• @ctrl/ngx-codemirror@7.0.2
• @ctrl/ngx-csv@6.0.2
• @ctrl/ngx-emoji-mart@9.2.2
• @ctrl/ngx-rightclick@4.0.2
• @ctrl/qbittorrent@9.7.2
• @ctrl/react-adsense@2.0.2
• @ctrl/shared-torrent@6.3.2
• @ctrl/tinycolor@4.1.1, @4.1.2
• @ctrl/torrent-file@4.1.2
• @ctrl/transmission@7.3.1
• @ctrl/ts-base32@4.0.2
• encounter-playground@0.0.5
• json-rules-engine-simplified@0.2.4, 0.2.1
• koa2-swagger-ui@5.11.2, 5.11.1
• @nativescript-community/gesturehandler@2.0.35
• @nativescript-community/sentry 4.6.43
• @nativescript-community/text@1.6.13
• @nativescript-community/ui-collectionview@6.0.6
• @nativescript-community/ui-drawer@0.1.30
• @nativescript-community/ui-image@4.5.6
• @nativescript-community/ui-material-bottomsheet@7.2.72
• @nativescript-community/ui-material-core@7.2.76
• @nativescript-community/ui-material-core-tabs@7.2.76
• ngx-color@10.0.2
• ngx-toastr@19.0.2
• ngx-trend@8.0.1
• react-complaint-image@0.0.35
• react-jsonschema-form-conditionals@0.3.21
• react-jsonschema-form-extras@1.0.4
• rxnt-authentication@0.0.6
• rxnt-healthchecks-nestjs@1.0.5
• rxnt-kue@1.0.7
• swc-plugin-component-annotate@1.9.2
• ts-gaussian@3.0.6

The malicious JavaScript code (“bundle.js”) injected into each of the trojanized package is designed to download and run TruffleHog, a legitimate secret scanning tool, using it to scan the host for tokens and cloud credentials, such as GITHUB_TOKEN, NPM_TOKEN, AWS_ACCESS_KEY_ID, and AWS_SECRET_ACCESS_KEY.

The messages, which originate from security@rustfoundation[.]dev, warn recipients of an alleged compromise of the crates.io infrastructure and instruct them to click on an embedded link to rotate their login information so as to “ensure that the attacker cannot modify any packages published by you.”

The rogue link, github.rustfoundation[.]dev, mimics a GitHub login page, indicating a clear attempt on the part of the attackers to capture victims’ credentials. The phishing page is currently inaccessible.

“These emails are malicious and come from a domain name not controlled by the Rust Foundation (nor the Rust Project), seemingly with the purpose of stealing your GitHub credentials,” the Rust Security Response WG said. “We have no evidence of a compromise of the crates.io infrastructure.”

The Rust team also said they are taking steps to monitor any suspicious activity on crates.io, in addition to getting the phishing domain taken down.

Sep 15, 2025Ravie LakshmananMalware / Network Security

The China-aligned threat actor known as Mustang Panda has been observed using an updated version of a backdoor called TONESHELL and a previously undocumented USB worm called SnakeDisk.

“The worm only executes on devices with Thailand-based IP addresses and drops the Yokai backdoor,” IBM X-Force researchers Golo Mühr and Joshua Chung said in an analysis published last week.

The tech giant’s cybersecurity division is tracking the cluster under the name Hive0154, which is also broadly referred to as BASIN, Bronze President, Camaro Dragon, Earth Preta, HoneyMyte, Polaris, RedDelta, Stately Taurus, and Twill Typhoon. The state-sponsored threat actor is believed to have been active since at least 2012.

TONESHELL was first publicly documented by Trend Micro way back in November 2022 as part of cyber attacks targeting Myanmar, Australia, the Philippines, Japan, and Taiwan between May and October. Typically executed via DLL side-loading, its primary responsibility is to download next-stage payloads on the infected host.

Typical attack chains involve the use of spear-phishing emails to drop malware families like PUBLOAD or TONESHELL. PUBLOAD, which also functions similarly to TONESHELL, is also capable of downloading shellcode payloads via HTTP POST requests from a command-and-control (C2) server.

The newly identified TONESHELL variants, named TONESHELL8 and TONESHELL9 by IBM X-Force, support C2 communication through locally configured proxy servers to blend in with enterprise network traffic and facilitate two active reverse shells in parallel. It also incorporates junk code copied from OpenAI’s ChatGPT website within the malware’s functions to evade static detection and resist analysis.

Also launched using DLL side-loading is a new USB worm called SnakeDisk that shares overlaps with TONEDISK (aka WispRider), another USB worm framework under the TONESHELL family. It’s mainly used to detect new and existing USB devices connected to the host, using it as a means of propagation.

Specifically, it moves the existing files on the USB into a new sub-directory, effectively tricking the victim to click on the malicious payload on a new machine by setting its name to the volume name of the USB device, or “USB.exe.” Once the malware is launched, the files are copied back to their original location.

A notable aspect of the malware is that it’s geofenced to execute only on public IP addresses geolocated to Thailand. SnakeDisk also serves as a conduit to drop Yokai, a backdoor that sets up a reverse shell to execute arbitrary commands. It was previously detailed by Netskope in December 2024 in intrusions targeting Thai officials.

“Yokai shows overlaps with other backdoor families attributed to Hive0154, such as PUBLOAD/PUBSHELL and TONESHELL,” IBM said. “Although those families are clearly separate pieces of malware, they roughly follow the same structure and use similar techniques to establish a reverse shell with their C2 server.”

The use of SnakeDisk and Yokai likely points to a sub-group within Mustang Panda that’s hyper-focused on Thailand, while also underscoring the continued evolution and refinement of the threat actor’s arsenal.

“Hive0154 remains a highly capable threat actor with multiple active subclusters and frequent development cycles,” the company concluded. “This group appears to maintain a considerably large malware ecosystem with frequent overlaps in both malicious code, techniques used during attacks, as well as targeting.”

Sep 15, 2025Ravie LakshmananCybersecurity / Hacking News

In a world where threats are persistent, the modern CISO’s real job isn’t just to secure technology—it’s to preserve institutional trust and ensure business continuity.

This week, we saw a clear pattern: adversaries are targeting the complex relationships that hold businesses together, from supply chains to strategic partnerships. With new regulations and the rise of AI-driven attacks, the decisions you make now will shape your organization’s resilience for years to come.

This isn’t just a threat roundup; it’s the strategic context you need to lead effectively. Here’s your full weekly recap, packed with the intelligence to keep you ahead.

⚡ Threat of the Week

New HybridPetya Ransomware Bypasses UEFI Secure Boot — A copycat version of the infamous Petya/NotPetya malware dubbed HybridPetya has been spotted. But no telemetry exists to suggest HybridPetya has been deployed in the wild yet. It also differs in one key respect: It can compromise the secure boot feature of Unified Extensible Firmware Interface (UEFI) by installing a malicious application. Attackers prize bootkits since malware installed at that level can evade detection by antivirus applications and survive operating system reinstalls. With access to the UEFI, hackers can deploy their own kernel-mode payloads. ESET said it found HybridPetya samples uploaded to Google’s VirusTotal platform in February 2025.

• Samsung Patches Actively Exploited Flaw — Samsung has released a fix for a security vulnerability that it said has been exploited in zero-day attacks. The vulnerability, CVE-2025-21043 (CVSS score: 8.8), concerns an out-of-bounds write that could result in arbitrary code execution. The critical-rated issue, per the South Korean electronics giant, affects Android versions 13, 14, 15, and 16. The vulnerability was privately disclosed to the company on August 13, 2025. Samsung did not share any specifics on how the vulnerability is being exploited in attacks and who may be behind these efforts. However, it acknowledged that “an exploit for this issue has existed in the wild.”
• Google Pixel 10 Adds Support for C2PA Standard — Google announced that its new Google Pixel 10 phones support the Coalition for Content Provenance and Authenticity (C2PA) standard out of the box to verify the origin and history of digital content. Support for C2PA’s Content Credentials has been added to Pixel Camera and Google Photos apps for Android. The move, Google said, is designed to further digital media transparency. “Pixel 10 phones support on-device trusted time-stamps, which ensures images captured with your native camera app can be trusted after the certificate expires, even if they were captured when your device was offline,” Google said.
• Chinese APT Deploys EggStreme Malware in Attack Targeting Philippines — A novel malware framework called EggStreme has been put to use in a cyber attack on a Philippine military company attributed to a government-backed hacking group from China. EggStreme framework is a tightly integrated set of malicious components that, unlike traditional malware, operates “with a clear, multi-stage flow designed to establish a resilient foothold on compromised systems.” The backdoor offers a wide range of capabilities, allowing hackers to inject other payloads, move around a victim’s network and more. The activity was observed between April 9, 2024, and June 13, 2025, indicating a year-long effort. The attackers leveraged legitimate Windows services to blend into the system’s normal operations and maintain access.
• New RatOn Malware Targets Android — A new Android malware called RatOn has evolved from a basic tool capable of conducting Near Field Communication (NFC) relay attacks to a sophisticated remote access trojan with Automated Transfer System (ATS) capabilities to conduct device fraud. The trojan fuses NFC relay techniques, ransomware overlays, and ATS capabilities, making it a potent tool with dual-pronged objectives: initiate unauthorized fund transfers and compromise cryptocurrency wallet accounts associated with MetaMask, Trust, Blockchain.com, and Phantom.
• Apple Debuts Memory Integrity Enforcement in iPhone Air and 17 — Apple unveiled a comprehensive security system called Memory Integrity Enforcement (MIE) that represents a culmination of a five-year engineering effort to combat sophisticated cyber attacks targeting individual users through memory corruption vulnerabilities. The technology is built into Apple’s new iPhone 17 and iPhone Air devices, which feature the A19 and A19 Pro chips. It combines custom-designed hardware with changes to the operating system to deliver what Apple describes as “industry-first, always-on” memory safety protection. MIE works by allocating each piece of a newer iPhone’s memory with a secret tag. This means only apps with that secret tag can access that memory in the future. If the secret doesn’t match, the security protections are triggered to block the request, terminate the process, and log the event. With memory corruption vulnerabilities accounting for some of the most pervasive threats to operating system security, the initiative is primarily designed to defend against sophisticated attacks, particularly from so-called mercenary spyware vendors who leverage them to deliver spyware to targeted devices via zero-click attacks that require no user interaction. Unlike Google Pixel devices, where it’s an optional developer feature, MIE will be on by default system-wide. But third-party apps, including social media and messaging applications, will have to implement MIE on their own to improve protections for their users. While no technology is hack-proof, MIE is expected to raise the cost of developing surveillance technologies, forcing companies that have working exploits to go back to the drawing board, as they will stop working on the new iPhones.
• Open-Source Community Rallies Against npm Supply Chain Attack — A software supply chain attack that compromised several npm packages with over 2 billion weekly downloads was mitigated swiftly, leaving attackers with little profits off the cryptocurrency heist scheme. The incident occurred after some of the developers fell for an npm password reset phishing attack, allowing the threat actors to gain access to their accounts and publish trojanized packages with malicious code to steal cryptocurrency by redirecting transactions to wallets under their control. Specifically, the malware replaces legitimate wallet addresses with attacker-controlled ones, using the Levenshtein distance algorithm to pick the most visually similar address, making the swap nearly undetectable to the naked eye. “The attackers poorly used a widely known obfuscator, which led to immediate detection shortly after the malicious versions were published,” JFrog said. According to data from Arkham, the attackers managed to steal about $1,087. During the two-hour window they were available for download, the compromised packages were pulled by roughly 10% of cloud environments, per cloud security firm Wiz, which characterized the impact of the campaign as a “denial-of-service” attack on the industry that wasted “countless hours of work” in order to ensure the risk has been mitigated. “In the case of npm, I think the big answer is trusted publishing, which includes the use of attestation and provenance,” Aikido Security’s lead malware researcher Charlie Eriksen told The Hacker News. “Once a package becomes popular enough, it should not be possible to publish new versions of it without the use of this, in my opinion. Using trusted publishing, maintainers can configure it so that the only source that can publish new versions is through GitHub or GitLab. This requires all the normal workflows and controls that source repositories provide – like requiring multiple people to review a Pull Request before it can be merged into the main branch and cause a new release to be published.”

🔥 Trending CVEs

Hackers don’t wait. They exploit newly disclosed vulnerabilities within hours, transforming a missed patch or a hidden bug into a critical point of failure. One unpatched CVE is all it takes to open the door to a full-scale compromise. Below are this week’s most critical vulnerabilities, making waves across the industry. Review the list, prioritize patching, and close the window of opportunity before attackers do.

This week’s list includes — CVE-2025-21043 (Samsung), CVE-2025-5086 (Dassault Systèmes DELMIA Apriso), CVE-2025-54236 (Adobe Commerce), CVE-2025-42944, CVE-2025-42922, CVE-2025-42958 (SAP NetWeaver), CVE-2025-9636 (pgAdmin), CVE-2025-7388 (Progress OpenEdge), CVE-2025-57783, CVE-2025-57784, CVE-2025-57785 (Hiawatha), CVE-2025-9994 (Amp’ed RF BT-AP 111), CVE-2024-45325 (Fortinet FortiDDoS-F CLI), CVE-2025-9712, CVE-2025-9872 (Ivanti Endpoint Manager), CVE-2025-10200, CVE-2025-10201 (Google Chrome), CVE-2025-49459 (Zoom Workplace for Windows on Arm), CVE-2025-10198, CVE-2025-10199 (Sunshine for Windows), CVE-2025-4235 (Palo Alto Networks User-ID Credential Agent for Windows), CVE-2025-58063 (CoreDNS etcd plugin), CVE-2025-20340 (Cisco IOS XR), CVE-2025-9556 (Langchaingo), and CVE-2025-24293 (Ruby on Rails).

📰 Around the Cyber World

• VS Code, Cursor, and Windsurf Users Targeted by WhiteCobra — A threat actor known as WhiteCobra is targeting Visual Studio Code, Cursor, and Windsurf Users with 24 malicious extensions in the Visual Studio marketplace and the Open VSX registry. The same threat actor is believed to be behind other VS Code extensions that masqueraded as the Solidity programming language to deliver stealer malware, leading to the theft of around $500,000 in crypto assets from a Russian developer. The end goal of the campaign is to promote the extensions on social media platforms like X, trick developers into installing them, and exfiltrate cryptocurrency wallet phrases for profit using Lumma Stealer. According to a leaked internal playbook, the threat actors, cybercriminals, set revenue projections between $10,000 and $500,000, provide command-and-control (C2) infrastructure setup guides, and describe social engineering and marketing promotion strategies. The activity also involves running automated scripts to generate 50,000 fake downloads for social proof. “By faking massive numbers of downloads, they continue to trick developers, and sometimes even marketplace review systems, into thinking their extensions are safe, popular, and vetted,” Koi Security said. “To a casual observer, 100K installs signals legitimacy. That’s exactly what they’re counting on.”

• Mamont Banking Trojan Prominent in Q2 2025 — Kaspersky said it detected a total of 42,220 installation packages associated with mobile banking trojans in Q2 2025, down from 49,273 in Q1 2025. “The bulk of mobile banking Trojan installation packages still consists of various modifications of Mamont, which account for 57.7%,” the Russian cybersecurity vendor said. Also prevalent were Coper, which targeted users in Türkiye, Rewardsteal, which was active in India, and Pylcasa, a new type of dropper distributed in Brazil. “They infiltrate Google Play by masquerading as simple apps, such as calculators, but once launched, they open a URL provided by malicious actors – similar to Trojans of the Fakemoney family,” it added. “These URLs may lead to illegal casino websites or phishing pages.”
• WhatsApp Former Security Chief Files Lawsuit — Attaullah Baig, WhatsApp’s former head of security, filed a lawsuit accusing the company of ignoring systemic privacy and security issues that allegedly endangered users’ information, per The New York Times. The WhatsApp suit alleges that approximately 1,500 WhatsApp engineers had unrestricted access to user data, including sensitive personal information, and that the employees “could move or steal such data without detection or audit trail.” Baig also allegedly notified senior management of data scraping concerns on the platform that allows pictures and names of some 400 million user profiles to be scraped, often for use in account impersonation scams. Meta has disputed the allegations, stating this is a case of a former employee who “goes public with distorted claims that misrepresent the ongoing hard work of our team” after being dismissed for poor performance.
• Spyware Found on Phones Belonging to Kenyan Filmmakers — Kenyan authorities have been accused of installing spyware on the phones of two filmmakers, Bryan Adagala and Nicholas Wambugu, who helped produce a documentary about the country’s youth uprising. The filmmakers were arrested back in May 2025 and released a day later, but their phones were confiscated and not returned until July 10. It’s believed that Kenyan authorities installed a commercial spyware app called FlexiSPY, which can record calls, track locations, listen through microphones, download photos, and capture emails and text messages.
• Massive DDoS Attacks Averted — A DDoS mitigation service provider in Europe was targeted in a massive distributed denial-of-service attack that reached 1.5 billion packets per second. According to FastNetMon, the attack originated from thousands of IoTs and MikroTik routers. “The attack reached 1.5 billion packets per second (1.5 Gpps) — one of the largest packet-rate floods publicly disclosed,” it said. “The malicious traffic was primarily a UDP flood launched from compromised customer-premises equipment (CPE), including IoT devices and routers, across more than 11,000 unique networks worldwide.” In a related development, Qrator said it detected and blocked on September 1, 2025, a large-scale attack carried out by what it described as the “largest L7 DDoS botnet observed to date.” The attack targeted an unnamed entity in the government sector. The botnet, compromising 5.76 million IP addresses, has been around since March 26, 2025, when it had about 1.33 million IP addresses. “The largest share of malicious traffic still came from Brazil (1.41M), Vietnam (661K), the United States (647K), India (408K), and Argentina (162K),” it said.
• SafePay Ransomware Detailed — SafePay has been described as a highly discreet ransomware operation that does not work as a ransomware-as-a-service (RaaS) operation. “Excluding a data leak site (DLS) that names victims, there is no evidence of an external forum or community that enables the group to broaden its interactions beyond victim contact,” Bitdefender said. “There appears to be no correspondence with the public or other threat actors and potential recruits.” Since the start of the year, the group has claimed 253 victims, with most of them located in the U.S., Germany, Great Britain, and Canada.
• DoJ Charges Tymoshchuk for Ransomware Attacks — The U.S. Department of Justice (DoJ) charged Ukrainian national Volodymyr Viktorovich Tymoshchuk (aka deadforz, Boba, msfv, and farnetwork) for his role as the administrator of the LockerGoga, MegaCortex, and Nefilim ransomware operations between December 2018 and October 2021. “Volodymyr Tymoshchuk is charged for his role in ransomware schemes that extorted more than 250 companies across the United States and hundreds more around the world,” the DoJ said. “Tymoshchuk and the other Nefilim administrators provided other Nefilim ransomware affiliates, including co‑defendant Artem Stryzhak, who was extradited from Spain and faces charges in the Eastern District of New York, with access to the Nefilim ransomware in exchange for 20 percent of the ransom proceeds extorted from Nefilim victims.” Tymoshchuk is charged with two counts of conspiracy to commit fraud and related activity in connection with computers, three counts of intentional damage to a protected computer, one count of unauthorized access to a protected computer, and one count of transmitting a threat to disclose confidential information. In 2023, Group-IB also linked Tymoshchuk to JSWORM, Karma, Nokoyawa, and Nemty ransomware gangs. Tymoshchuk, described as a “serial ransomware criminal,” remains a fugitive, with the U.S. State Department offering an $11 million reward for information leading to his arrest or other key co-conspirators. Tymoshchuk has also been placed on Europe’s Most Wanted fugitives list by France, which alleged that his group’s activities led to $18 billion worth of damages, branding him “dangerous.”
• Kosovo National Pleads Guilty to Running BlackDB.cc — Liridon Masurica, a Kosovo national who was arrested in December 2024 and extradited to the U.S. back in May, has pleaded guilty to running BlackDB.cc, a cybercrime marketplace that has been active since 2018. “The marketplace illegally offered for sale compromised account and server credentials, credit card information, and other personally identifiable information of individuals primarily located in the United States, including those located within the Middle District of Florida,” the DoJ said. “Once purchased, cybercriminals used the items purchased on BlackDB.cc to facilitate a wide range of illegal activity, including tax fraud, credit card fraud, and identity theft.” He faces up to 10 years in prison. A sentencing date has not yet been set.
• DoJ Seeks Forfeiture of $5M Stolen in SIM Swapping Scams — The DoJ filed a civil forfeiture complaint against over $5 million in bitcoin (BTC), which are alleged to be ill-gotten gains from multiple SIM swap attacks targeting five victims across the U.S. between October 29, 2022, and March 21, 2023. “The perpetrators of these thefts utilized a SIM swapping technique that allowed the perpetrators to authenticate their unauthorized access to the victims’ cryptocurrency accounts and transfer the victim’s funds to perpetrator-controlled accounts,” the DoJ noted. “After each of the five thefts occurred, the perpetrators moved the stolen funds through multiple cryptocurrency wallets and ultimately consolidated them into one wallet that funded an account at Stake.com, an online casino. Many of these transactions were circular in that they eventually returned funds to their original source, and consistent with money laundering utilized to ‘clean’ proceeds of criminal activity.”
• New Phishing Campaign Targets Google Workspace — Researchers have uncovered a new phishing campaign targeting Google Workspace organizations through fraudulent AppSheet-branded emails. The attack illustrates how traditional security controls become useless when attackers abuse legitimate infrastructure to deliver malicious content that sails past every deployed security filter. “The reliance on commonly used or well-known brands in social engineering attacks is nothing new, however, these attacks still remain quite effective,” Erich Kron, security awareness advocate at KnowBe4, said. “Leveraging brands that are known to potential victims exploits the trust that these brands have worked so hard to establish. These types of attacks are meant to blend in with normal day-to-day activities, further increasing the trust level of the potential victim. By using a platform that sends from a known and trusted source, many technical filters and controls are bypassed, and a key red flag is taken away from the potential victim.”
• ToolShell SharePoint Exploit Chain Detailed — Cybersecurity researchers shared technical insights into the SharePoint flaws known as ToolShell that came under active exploitation in July 2025. Some of these attacks have led to the deployment of Warlock, a customized derivative of LockBit 3.0. The group made its public debut on the Russian-language RAMP forum in early June 2025. “In a short period of time, the threat actor behind Warlock evolved from a bold forum announcement into a rapidly growing global ransomware threat, setting the stage for even more sophisticated campaigns — including those leveraging the SharePoint ToolShell vulnerability that would bring the group into the spotlight,” Trend Micro said. The vulnerabilities impact self-hosted SharePoint Server 2016, 2019, and Subscription Edition, enabling unauthenticated remote code execution and security bypasses. “The ToolShell vulnerability chain represents one of the most critical SharePoint security threats observed in recent years,” Trellix said. “The combination of unauthenticated remote code execution and cryptographic key theft creates a perfect storm for persistent compromise and lateral movement.”
• New PoisonSeed Domains Flagged — New domains have been identified as linked to PoisonSeed, a financially motivated threat actor known for its phishing operations. “These domains primarily spoof the email platform SendGrid and are likely attempting to compromise enterprise credentials of SendGrid customers,” DomainTools said. “They display fake Cloudflare CAPTCHA interstitials to add legitimacy to malicious domains before redirecting targeted users to phishing pages.”
• Salat Stealer Spotted — A new information stealer called Salat Stealer (aka WEB_RAT or WebRAT) has been detected in the wild. Written in Go, the stealer is offered under a malware-as-a-service (MaaS) model by Russian-speaking actors. “The malware exfiltrates browser credentials, cryptocurrency wallet data, and session information while employing advanced evasion techniques, including UPX packing, process masquerading, registry run keys, and scheduled tasks,” CYFIRMA said. The malware is assessed to be the work of a threat actor known as NyashTeam, which is also known for selling DCRat, per Russian cybersecurity company F6.
• Plex Urges Password Change After Breach — Plex urged users to change their password, enable two-factor authentication, and sign out of any connected devices that might already be logged in the wake of a security incident where a database was accessed by “an unauthorized third-party” exposing emails, usernames, and hashed passwords for a “limited subset” of customers. The company said no financial data was exposed.
• TOR Project Releases Official Android VPN App — The maintainers of the TOR Project have released an official VPN app that allows Android users to route all their traffic through the Tor network.
• Flaws in Viidure App — Police-issued body cameras have become prevalent tools for recording law enforcement encounters. But a recent study has unearthed troubling design choices in a budget-friendly system that compromise both privacy and data integrity. The Viidure mobile application, designed to transfer video evidence from the camera’s onboard Wi-Fi hotspot to cloud servers, was found to communicate over a nonstandard TLS port, directing sensitive information to cloud servers based in China. “This traffic interception would be concerning for any mobile application, but it’s especially worrying given the sensitive nature of the video data being handled in this case,” Brown Fine Security said.
• Microsoft Announces Plans to Phase Out VBScript — Microsoft has officially announced a multi-phase plan to deprecate Visual Basic Script (aka VBScript) in Windows, a move that signals a significant shift for developers, particularly those working with Visual Basic for Applications (VBA). The change, first detailed in May 2024, will gradually phase out the legacy scripting language, requiring developers to adapt their projects to ensure future compatibility.
• SpamGPT Sold on Cybercrime Forums — A new AI-based email attack automation toolkit dubbed SpamGPT is being advertised on underground forums as a game-changer for cybercriminals. “This platform is designed to compromise email servers, bypass spam filters, and orchestrate mass phishing campaigns with unprecedented ease,” Varonis said. “SpamGPT combines the power of generative AI with a full suite of email campaign tools, lowering the barrier for launching spam and phishing attacks at scale.” The discovery of SpamGPT is the latest evidence of threat actors embracing large language models (LLMs) and other AI tools to craft more effective attacks.
• ArgoCD Attack to Exfiltrate Git Credentials — A newly disclosed attack technique allows authenticated users within the popular GitOps tool Argo CD to exfiltrate Git credentials. The method, according to Future Sight, exploits Kubernetes’ internal DNS resolution to intercept credentials in transit, posing a significant risk to organizations relying on the continuous delivery tool. The issue is being tracked as CVE-2025-55190. It has been addressed in versions v3.1.2, v3.0.14, v2.14.16, and v2.13.9. “API tokens with basic project permissions can retrieve all repository credentials associated with a project through the detailed project API endpoint,” ArgoCD said in an advisory.

• NASA Cuts Off Access to Chinese Nationals — U.S. space agency NASA has cut off Chinese nationals from accessing its premises and assets, including those who hold visas that permit them to reside in the USA. The agency said it “has taken internal action pertaining to Chinese nationals, including restricting physical and cybersecurity access to our facilities, materials, and network to ensure the security of our work.”
• Mr Hamza Releases Abyssal DDoS Tool — The anti-Israel and pro-Palestinian hacktivist group known as Mr Hamza has developed a Python-based DDoS attack tool called Abyssal DDoS. The tool offers 32 attack methods, targeting various layers of the network and application stack, per Radware. “Beyond the various attack methods, Abyssal DDoS also includes features aimed at increasing the tool’s effectiveness and usability,” it said. “The tool generates randomized HTTP request headers, such as User-Agent, Accept and Referrer, which adds a layer of obfuscation and may help avoid simple header-based classification.”
• Vidar Stealer Bounces Back — Threat hunters have observed a fresh malware campaign distributing Vidar Stealer in recent weeks using new obfuscation techniques. The malware adopts a multi-pronged strategy using phishing emails, compromised or fake sites, and malvertising campaigns, allowing it to reach a broader audience while bypassing defenses. Besides attempting to sidestep AMSI and setting up persistence using scheduled tasks, it uses Telegram profiles to retrieve its command-and-control (C2) server details using a dead drop resolver mechanism. “The malware blends stealth with persistence by disguising its traffic as ‘PowerShell’ to appear legitimate while using exponential backoff with jitter to make repeated connections less noticeable,” Aryaka said. Errors during communication are quietly suppressed, reducing logs and avoiding attention from defenders. To guarantee reliability, it persistently retries downloads several times even in unstable environments. At the same time, it randomizes directories and filenames, ensuring each instance looks different and making signature-based detection more difficult.”
• Kaspersky Warns of Dual-Purpose Groups Targeting Russia — Kaspersky has warned of dual-purpose groups in the Russian threat landscape that exhibit traits associated with hacktivists and financially motivated entities. “They use the same tools, techniques, and tactics, and even share common infrastructure and resources,” Kaspersky said. “Depending on the victim, they may pursue a variety of goals: demanding a ransom to decrypt data, causing irreparable damage, or leaking stolen data to the media. This suggests that these attackers belong to a single complex cluster.”
• Microsoft Teams Gains Support for Phishing Link Alerts — Microsoft Teams will automatically alert users when they send or receive a private message containing links that are tagged as malicious. “Teams automatically scans the URL against threat intelligence databases to identify potentially malicious links,” Microsoft said. “If a harmful link is detected, Teams displays clear warnings to both the sender and all recipients in the conversation.”
• Microsoft Fixes Copilot Audit Log Bug — Microsoft patched a vulnerability that could have been exploited to prevent Copilot interactions from being logged in audit logs. When Copilot was prompted to summarize a file, the action would be logged. But if the AI assistant was explicitly asked not to link to the document and not to include it as a reference, the action would not get logged, Pistachio reported.
• Flaws in Carmaker Dealership Portal — Severe vulnerabilities have been uncovered in the online dealership portal of a major carmaker. Security researcher Eaton Zveare said the bugs could have allowed attackers to create their own admin accounts, leak the private information and vehicle data of its customers, and remotely break into their vehicles. The vulnerabilities resided in the portal’s login system and were patched in February. Zveare has previously found flaws in Honda and Toyota systems.
• Remote Access Software Abuse a Common Pre-Ransomware Indicator — Abuses of remote access software (AnyDesk, Atera, Microsoft Quick Assist, and Splashtop) and services (RDP, PsExec, and PowerShell) are the most common ‘pre-ransomware’ indicators, according to new research from Cisco Talos.
• Finnish Hacker Released from Jail — Finnish hacker Aleksanteri Kivimäki has been released from prison following an appeal. Kivimäki broke into the psychotherapy centre Vastaamo in 2020 and released highly sensitive patient files. He was arrested in 2023 and subsequently sentenced last year to six years in prison. The court released him, given that he was a first-time offender and had already served almost half of his sentence.
• Electron Framework Flaw Can be Used to Bypass Integrity Checks — A newly discovered vulnerability (CVE-2025-55305) in the Electron framework could allow attackers to bypass code integrity checks by tampering with V8 heap snapshot files, enabling local backdoors in applications like Signal, 1Password, and Slack. “A majority of Electron applications leave integrity checking disabled by default, and most that do enable it are vulnerable to snapshot tampering,” Trail of Bits said. “However, snapshot-based backdoors pose a risk not just to the Electron ecosystem, but to Chromium-based applications as a whole.”
• Nulled Plugins Target WordPress Sites — A new campaign is using “nulled” WordPress plugins to backdoor websites with rogue admin accounts. “This campaign is particularly concerning because it doesn’t just infect websites: it enables attackers to bypass existing security defenses while achieving persistent access, effectively turning developers or site owners into unwitting collaborators in weakening their own site’s defences,” Wordfence said.
• China Mulls Severe Penalties for Security Failures — The Chinese government is proposing a draft amendment to its cybersecurity law that would increase fines for data breaches and introduce certification requirements for technology products. Critical infrastructure operators could face fines of up to $1.4 million (¥10 million). Individuals responsible for a breach could also face personal fines of up to $14,000 (¥100,000). The amendment also threatens harsher penalties for companies storing “important” data overseas.
• U.K. Elections Watchdog Says it Took 3 Years to Recover from 2021 Breach — The U.K. Electoral Commission said it’s taken three years and at least a quarter of a million pounds to fully recover from an August 2021 hack that saw the private details of 40 million voters accessed by Chinese threat actors. The attack was attributed to a hacking group named APT31. Last July, the Electoral Commission was reprimanded by the Information Commissioner’s Office over the security lapse. “Since the attack, we have made changes to our approach, systems, and processes to strengthen the security and resilience of our systems and will continue to invest in this area,” the commission said.
• New TONESHELL Variant Detected — A new version of the TONESHELL backdoor has been observed being deployed in cyber attacks targeting Myanmar. While this variant does not introduce any new “revolutionary” features, it employs several stalling and anti-sandboxing tricks designed to waste time, pollute control flow, confuse automated analysis, and evade lightweight sandboxes. The malware has been historically used by a Chinese espionage nexus known as Mustang Panda. “The continuous refinement of these evasion methods, coupled with the geopolitical significance of the targeted region, reinforces the need for ongoing research and threat hunting to counter cyber operations,” Intezer said.
• New Exploit Allows Firewall Bypass — A new exploit devised by Ethiack has been found to bypass the web application firewalls (WAFs) of nine vendors by abusing HTTP parameter pollution techniques to facilitate JavaScript injection attacks. “With bypass success rates escalating from 17.6% for simple payloads to 70.6% for complex parameter pollution payloads, the data clearly demonstrates that WAFs relying on pattern matching struggle to defend against attacks that exploit fundamental differences in parsing between WAFs and web applications,” the company said.
• U.S. Treasury Sanctions 19 People and Entities in Connection with Scam Operations — The U.S. Treasury Department on Monday sanctioned multiple people and businesses associated with cyber scam centers across Myanmar and Cambodia. The sanctions take aim at the Burmese, Cambodian and Chinese nationals running entities controlling and supporting scam centers that have led to more than $10 billion in losses from Americans. The sanctions target nine people and companies involved in running Shwe Kokko — a hub for scam centers in Myanmar — as well as four individuals and six entities for their roles operating forced labor compounds in Cambodia under the protection of the already-sanctioned Karen National Army (KNA). Scam centers in Southeast Asia are run by cybercrime organizations that recruit workers under false pretenses and use violence and threats of forced prostitution to coerce them to scam strangers online via messaging apps or text messages. “These sanctions protect Americans from the pervasive threat of online scam operations by disrupting the ability of criminal networks to perpetuate industrial-scale fraud, forced labor, physical and sexual abuse, and theft of Americans’ hard-earned savings,” U.S. Secretary of State Marco Rubio said. In a related development, a 39-year-old California man, Shengsheng He, was sentenced to 51 months in prison for laundering more than $36.9 million in crypto assets linked to scam compounds operating out of Cambodia. The court also ordered him to pay $26,867,242.44 in restitution to victims. “The defendant was part of a group of co-conspirators that preyed on American investors by promising them high returns on supposed digital asset investments when, in fact, they stole nearly $37 million from U.S. victims using Cambodian scam centers,” the DoJ said. “Foreign scam centers, purporting to offer investments in digital assets have, unfortunately, proliferated.” Eight co-conspirators have pleaded guilty so far, including Daren Li and Lu Zhang.

🎥 Cybersecurity Webinars

• Stop AppSec Blind Spots: Map Every Risk From Code to Cloud → Join our live webinar to see how code-to-cloud visibility closes hidden security gaps before attackers strike. You’ll discover how connecting code and cloud risks creates one clear view for developers, DevOps, and security teams—so you can cut noise, fix issues faster, and keep your critical apps safe.
• Proven Steps to Build AI Agents with Strong Security Controls → Discover how to protect your AI agents while unlocking their full business potential. This webinar explains what AI agents are, the new cyber risks they introduce, and the practical security steps that keep your data and customers safe. Gain simple, proven strategies from Auth0 experts to build AI solutions that stay secure and trusted as they scale.
• Who’s Behind the Shadow AI Agents? Expose the Identities Before They Strike → Shadow AI agents are spreading fast across clouds and workflows—often unseen. Join our webinar to learn how to spot these rogue agents, uncover the hidden identities behind them, and take simple steps to keep your AI operations secure and under control.

🔧 Cybersecurity Tools

• Inboxfuscation → It is a new free tool that shows how hackers could hide harmful email rules in Microsoft Exchange. It uses special Unicode tricks—like invisible spaces and look-alike letters—to slip past normal security checks. It helps security teams and email admins spot these hidden rules and improve their defenses.
• Azure AppHunter → A free PowerShell tool that helps spot risky permissions in Azure. It finds service principals or managed identities with powerful roles—like Global Admin or subscription Owner—that could let attackers escalate access. It’s useful for security teams, red teamers, and defenders to quickly check Azure apps and tighten permissions before they’re abused.

Disclaimer: The tools featured here are provided strictly for educational and research purposes. They have not undergone full security audits, and their behavior may introduce risks if misused. Before experimenting, carefully review the source code, test only in controlled environments, and apply appropriate safeguards. Always ensure your usage aligns with ethical guidelines, legal requirements, and organizational policies.

🔒 Tip of the Week

Build a Truly Anonymous Burner Mail System — Standard burner emails are a risk. Reusing a single inbox for research creates a digital fingerprint, and temporary services often leak your real identity. For true anonymity, you need to build your own system that’s private, untraceable, and fully under your control.

Here’s how to architect it like a pro:

1. Own Your Infrastructure: Get a new, neutral domain and use it exclusively for your burner mail. Host your mail server (like Postfix) on separate, anonymous infrastructure. Use DNSSEC to secure your domain and set up strict SPF, DKIM, and DMARC policies to prove your emails are legitimate and can’t be spoofed.
2. Automate Everything: Create a unique email address for every single website or sign-up. This prevents sites from linking to your activity. Set up your system to automatically create these addresses, and build in rules to instantly delete any alias that starts receiving spam.
3. Lock Down Your Data: Forward all mail to your real inbox using end-to-end encryption (like OpenPGP). This ensures no one can read your mail, even if your server is compromised. Also, configure your system to strip out all identifying information from email headers, such as your timezone or mail client, so your digital trail goes cold.
4. Leave No Trace: The last step is to get rid of your logs. A key rule of good security is not to collect data you don’t need. Log only the bare minimum for monitoring, and then automatically purge everything on a regular schedule. This makes it impossible for an attacker to piece together your past activity.

Following this approach turns a simple burner email into a forensically resilient identity service, keeping you in control and your online actions truly private.

Conclusion

As we close the book on this week, consider this: the most dangerous threats aren’t the ones you patch, but the ones you don’t yet see. The patterns we’ve discussed—from supply chain exploits to the weaponization of AI—aren’t isolated events; they are glimpses into a future where defense demands more than just technical fixes. It requires a fundamental shift in strategy, focusing on resilience, trust, and the human element. The real work begins now.

Attacks that target users in their web browsers have seen an unprecedented rise in recent years. In this article, we’ll explore what a “browser-based attack” is, and why they’re proving to be so effective.

What is a browser-based attack?

First, it’s important to establish what a browser-based attack is.

In most scenarios, attackers don’t think of themselves as attacking your web browser. Their end-goal is to compromise your business apps and data. That means going after the third-party services that are now the backbone of business IT.

The most common attack path today sees attackers log into third-party services, dump the data, and monetize it through extortion. You need only look at last year’s Snowflake customer breaches or the still-ongoing Salesforce attacks to see the impact.

The most logical way to do this is by targeting users of those apps. And because of the changes to working practices, your users are more accessible than ever to external attackers — and exposed to a broader range of possible attack techniques.

Browser-based attacks like AITM phishing, ClickFix, and consent phishing have seen an unprecedented rise in recent years.

Once upon a time, email was the primary communication channel with the wider world, and work happened locally — on your device, and inside your locked-down network environment. This made email and the endpoint the highest priority from a security perspective.

But now, with modern work happening across a network of decentralized internet apps, and more varied communication channels outside of email, it’s harder to stop users from interacting with malicious content (at least, without significantly impeding their ability to do their jobs).

Given that the browser is the place where business apps are accessed and used, it makes sense that attacks are increasingly playing out there too.

The 6 key browser-based attacks that security teams need to know about

1. Phishing for credentials and sessions

The most direct way for an attacker to compromise a business application is to phish a user of that app. You might not necessarily think of phishing as a browser-based attack, but that’s exactly what it is today.

Phishing tooling and infrastructure have evolved a lot in the past decade, while the changes to business IT mean there are both many more vectors for phishing attack delivery, and apps and identities to target.

Attackers can deliver links over instant messenger apps, social media, SMS, malicious ads, and use in-app messenger functionality, as well as send emails directly from SaaS services to bypass email-based checks. Likewise, there are now hundreds of apps per enterprise to target, with varying levels of account security configuration.

Phishing is now multi- and cross-channel, targeting a vast range of cloud and SaaS apps using flexible AitM toolkits — but all roads inevitably lead to the browser.

Today, phishing operates on an industrial scale, using an array of obfuscation and detection evasion techniques. The latest generation of fully customized MFA-bypassing phishing kits are dynamically obfuscating the code that loads the web page, implementing custom bot protection (e.g. CAPTCHA or Cloudflare Turnstile), using runtime anti-analysis features, and using legitimate SaaS and cloud services to host and deliver phishing links to cover their tracks. You can read more about the ways that modern phishing attacks are bypassing detection controls here.

These changes make phishing more effective than ever, and increasingly difficult to detect and block using email and network-based anti-phishing tools.

2. Malicious copy & paste (aka. ClickFix, FileFix, etc.)

One of the biggest security trends in the past year has been the emergence of the attack technique known as ClickFix.

Originally known as “Fake CAPTCHA”, these attacks attempt to trick users into running malicious commands on their device — typically by solving some form of verification challenge in the browser.

In reality, by solving the challenge, the victim is actually copying malicious code from the page clipboard and running it on their device. It typically gives the victim instructions that involve clicking prompts and copying, pasting, and running commands directly in the Windows Run dialog box, Terminal, or PowerShell. Variants such as FileFix have also emerged, which instead uses the File Explorer Address Bar to execute OS commands, while recent examples have seen this attack branch out to Mac via the macOS terminal.

Most commonly, these attacks are used to deliver infostealer malware, using stolen session cookies and credentials to access business apps and services.

Like modern credential and session phishing, links to malicious pages are distributed over various delivery channels and using a variety of lures, including impersonating CAPTCHA, Cloudflare Turnstile, simulating an error loading a webpage, and many more. Many of the same protections being used to obfuscate and prevent analysis of phishing pages also apply to ClickFix pages, making it equally challenging to detect and block them.

Examples of ClickFix lures used by attackers in the wild.

3. Malicious OAuth integrations

Malicious OAuth integrations are another way for attackers to compromise an app by tricking a user into authorizing an integration with a malicious, attacker-controlled app. This is also known as consent phishing.

Consent phishing examples, where an attacker tricks the victim into authorizing an attacker-controlled app with risky permissions.

This is an effective way for attackers to bypass hardened authentication and access controls by sidestepping the typical login process to take over an account. This includes phishing-resistant MFA methods like passkeys, since the standard login process does not apply.

A variant of this attack has dominated the headlines recently with the ongoing Salesforce breaches. In this scenario, the attacker tricked the victim into authorizing an attacker-controlled OAuth app via the device code authorization flow in Salesforce, which requires the user to enter an 8-digit code in place of a password or MFA factor.

The ongoing Salesforce attacks involve malicious OAuth apps being granted access to the victim’s Salesforce tenant.

Preventing malicious OAuth grants from being authorized requires tight in-app management of user permissions and tenant security settings. This is no mean feat when considering the 100s of apps in use across the modern enterprise, many of which are not centrally managed by IT and security teams (or in some cases, are completely unknown to them). Even then, you’re limited by the controls made available by the app vendor.

In this case, Salesforce has announced planned changes to OAuth app authorization in order to improve security prompted by these attacks — but many more apps with insecure configs exist for attackers to take advantage of in the future.

4. Malicious browser extensions

Malicious browser extensions are another way for attackers to compromise your business apps by observing and capturing logins as they happen, and/or extracting session cookies and credentials saved in the browser cache and password manager.

Attackers do this by creating their own malicious extension and tricking your users into installing it, or taking over an existing extension to gain access to browsers where it is already installed. It’s surprisingly easy for attackers to buy and add malicious updates to existing extensions, easily passing extension web store security checks.

The news around extension-based compromises has been on the rise since the Cyberhaven extension was hacked in December 2024, along with at least 35 other extensions. Since then, 100s of malicious extensions have been identified, with millions of installs.

Generally, your employees should not be randomly installing browser extensions unless pre-approved by your security team. The reality, however, is that many organizations have very little visibility of the extensions their employees are using, and the potential risk they’re exposed to as a result.

5. Malicious file delivery

Malicious files have been a core part of malware delivery and credential theft for many years. Just as non-email channels like malvertising and drive-by attacks are used to deliver phishing and ClickFix lures, malicious files are also distributed through similar means — leaving malicious file detection to basic known-bad checks, sandbox analysis using a proxy (not that useful in the context of sandbox-aware malware) or runtime analysis on the endpoint.

This doesn’t just have to be malicious executables directly dropping malware onto the device. File downloads can also contain additional links that take the user to malicious content. In fact, one of the most common types of downloadable content is HTML Applications (HTAs), commonly used to spawn local phishing pages to stealthily capture credentials. More recently, attackers have been weaponizing SVG files for a similar purpose, running as self-contained phishing pages that render fake login portals entirely client-side.

Even if malicious content cannot always be flagged from surface-level inspection of a file, recording file downloads in the browser is a useful addition to endpoint-based malware protection, and provides another layer of defense against file downloads that perform client-side attacks, or redirect the user to malicious web-based content.

6. Stolen credentials and MFA gaps

This last one isn’t so much a browser-based attack, but it is a product of them. When credentials are stolen through phishing or infostealer malware they can be used to take over accounts missing MFA.

This isn’t the most sophisticated attack, but it’s very effective. You need only look at last year’s Snowflake account compromises or the Jira attacks earlier this year to see how attackers harness stolen credentials at scale.

With the modern enterprise using hundreds of apps, the likelihood that an app hasn’t been configured for mandatory MFA (if possible) is high. And even when an app has been configured for SSO and connected to your primary corporate identity, local “ghost logins” can continue to exist, accepting passwords with no MFA required.

Logins can also be observed in the browser — in fact, it’s as close to a universal source of truth as you’re going to get about how your employees are actually logging in, which apps they’re using, and whether MFA is present, enabling security teams to find and fix vulnerable logins before they can be exploited by attackers.

Conclusion

Attacks are increasingly happening in the browser. That makes it the perfect place to detect and respond to these attacks. But right now, the browser is a blind-spot for most security teams.

Push Security’s browser-based security platform provides comprehensive detection and response capabilities against the leading cause of breaches. Push blocks browser-based attacks like AiTM phishing, credential stuffing, password spraying and session hijacking using stolen session tokens. You can also use Push to find and fix vulnerabilities across the apps that your employees use, like ghost logins, SSO coverage gaps, MFA gaps, vulnerable passwords, risky OAuth integrations, and more to harden your identity attack surface.

If you want to learn more about how Push helps you to detect and stop attacks in the browser, check out our latest product overview or book some time with one of our team for a live demo.