Author: Mark

Jun 28, 2025Ravie LakshmananPrivacy / Data Protection

Facebook, the social network platform owned by Meta, is asking for users to upload pictures from their phones to suggest collages, recaps, and other ideas using artificial intelligence (AI), including those that have not been directly uploaded to the service.

According to TechCrunch, which first reported the feature, users are being served a new pop-up message asking for permission to “allow cloud processing” when they are attempting to create a new Story on Facebook.

“To create ideas for you, we’ll select media from your camera roll and upload it to our cloud on an ongoing basis, based on info like time, location or themes,” the company notes in the pop-up. “Only you can see suggestions. Your media won’t be used for ads targeting. We’ll check it for safety and integrity purposes.”

Should users consent to their photos being processed on the cloud, Meta also states that they are agreeing to its AI terms, which allow it to analyze their media and facial features.

On a help page, Meta says “this feature isn’t yet available for everyone,” and that it’s limited to users in the United States and Canada. It also pointed out to TechCrunch that these AI suggestions are opt-in and can be disabled at any time.

The development is yet another example of how companies are racing to integrate AI features into their products, oftentimes at the cost of user privacy.

Meta says its new AI feature won’t be used for targeted ads, but experts still have concerns. When people upload personal photos or videos—even if they agree to it—it’s unclear how long that data is kept or who can see it. Since the processing happens in the cloud, there are risks, especially with things like facial recognition and hidden details such as time or location.

Even if it’s not used for ads, this kind of data could still end up in training datasets or be used to build user profiles. It’s a bit like handing your photo album to an algorithm that quietly learns your habits, preferences, and patterns over time.

Last month, Meta began to train its AI models using public data shared by adults across its platforms in the European Union after it received approval from the Irish Data Protection Commission (DPC). The company suspended the use of generative AI tools in Brazil in July 2024 in response to privacy concerns raised by the government.

The social media giant has also added AI features to WhatsApp, the most recent being the ability to summarize unread messages in chats using a privacy-focused approach it calls Private Processing.

This change is part of a bigger trend in generative AI, where tech companies mix convenience with tracking. Features like auto-made collages or smart story suggestions may seem helpful, but they rely on AI that watches how you use your devices—not just the app. That’s why privacy settings, clear consent, and limiting data collection are more important than ever.

Facebook’s AI feature also comes as one of Germany’s data protection watchdogs called on Apple and Google to remove DeepSeek’s apps from their respective app stores due to unlawful user data transfers to China, following similar concerns raised by several countries at the start of the year.

“The service processes extensive personal data of the users, including all text entries, chat histories and uploaded files as well as information about the location, the devices used and networks,” according to a statement released by the Berlin Commissioner for Data Protection and Freedom of Information. “The service transmits the collected personal data of the users to Chinese processors and stores it on servers in China.”

These transfers violate the General Data Protection Regulation (GDPR) of the European Union, given the lack of guarantees that the data of German users in China are protected at a level equivalent to the bloc.

Earlier this week, Reuters reported that the Chinese AI company is assisting the country’s military and intelligence operations, and that it’s sharing user information with Beijing, citing an anonymous U.S. Department of State official.

A couple of weeks ago, OpenAI also landed a $200 million with the U.S. Department of Defense (DoD) to “develop prototype frontier AI capabilities to address critical national security challenges in both warfighting and enterprise domains.”

The company said it will help the Pentagon “identify and prototype how frontier AI can transform its administrative operations, from improving how service members and their families get health care, to streamlining how they look at program and acquisition data, to supporting proactive cyber defense.”

Jun 27, 2025Ravie LakshmananThreat Hunting / Vulnerability

Threat hunters have discovered a network of more than 1,000 compromised small office and home office (SOHO) devices that have been used to facilitate a prolonged cyber espionage infrastructure campaign for China-nexus hacking groups.

The Operational Relay Box (ORB) network has been codenamed LapDogs by SecurityScorecard’s STRIKE team.

“The LapDogs network has a high concentration of victims across the United States and Southeast Asia, and is slowly but steadily growing in size,” the cybersecurity company said in a technical report published this week.

Other regions where the infections are prevalent include Japan, South Korea, Hong Kong, and Taiwan, with victims spanning IT, networking, real estate, and media sectors. Active infections span devices and services from Ruckus Wireless, ASUS, Buffalo Technology, Cisco-Linksys, Cross DVR, D-Link, Microsoft, Panasonic, and Synology.

LapDogs’ beating heart is a custom backdoor called ShortLeash that’s engineered to enlist infected devices in the network. Once installed, it sets up a fake Nginx web server and generates a unique, self-signed TLS certificate with the issuer name “LAPD” in an attempt to impersonate the Los Angeles Police Department. It’s this reference that has given the ORB network its name.

ShortLeash is assessed to be delivered by means of a shell script to primarily penetrate Linux-based SOHO devices, although artifacts serving a Windows version of the backdoor have also been found. The attacks themselves weaponize N-day security vulnerabilities (e.g., CVE-2015-1548 and CVE-2017-17663) to obtain initial access.

First signs of activity related to LapDogs have been detected as far back as September 6, 2023, in Taiwan, with the second attack recorded four months later, on January 19, 2024. There is evidence to suggest that the campaigns are launched in batches, each of which infects no more than 60 devices. A total of 162 distinct intrusion sets have been identified to date.

The ORB has been found to share some similarities with another cluster referred to as PolarEdge, which was documented by Sekoia earlier this February as exploiting known security flaws in routers and other IoT devices to corral them into a network since late 2023 for an as-yet-undetermined purpose.

The overlaps aside, LapDogs and PolarEdge are assessed as two separate entities, given the differences in the infection process, the persistence methods used, and the former’s ability to also target virtual private servers (VPSs) and Windows systems.

“While PolarEdge backdoor replaces the CGI script of the devices with the operator’s designated webshell, ShortLeash merely inserts itself into the system directory as a .service file, ensuring the persistence of the service upon reboot, with root-level privileges,” SecurityScorecard noted.

What’s more, it has been gauged with medium confidence that the China-linked hacking crew tracked as UAT-5918 used LapDogs in at least one of its operations aimed at Taiwan. It’s currently not known if UAT-5918 is behind the network or is just a client.

Chinese threat actors’ use of ORB networks as a means of obfuscation has been previously documented by Google Mandiant, Sygnia and SentinelOne, indicating that they are being increasingly adopted into their playbooks for highly targeted operations.

“While both ORBs and botnets commonly consist of a large set of compromised, legitimate internet-facing devices or virtual services, ORB networks are more like Swiss Army knives, and can contribute to any stage of the intrusion lifecycle, from reconnaissance, anonymized actor browsing, and netflow collection to port and vulnerability scanning, initiating intrusion cycles by reconfiguring nodes into staging or even C2 servers, and relaying exfiltrated data up the stream,” SecurityScorecard said.

Jun 27, 2025Ravie LakshmananVulnerability / Cyber Espionage

A China-linked threat actor known as Mustang Panda has been attributed to a new cyber espionage campaign directed against the Tibetan community.

The spear-phishing attacks leveraged topics related to Tibet, such as the 9th World Parliamentarians’ Convention on Tibet (WPCT), China’s education policy in the Tibet Autonomous Region (TAR), and a recently published book by the 14th Dalai Lama, according to IBM X-Force.

The cybersecurity division of the technology company said it observed the campaign earlier this month, with the attacks leading to the deployment of a known Mustang Panda malware called PUBLOAD. It’s tracking the threat actor under the name Hive0154.

The attack chains employ Tibet-themed lures to distribute a malicious archive containing a benign Microsoft Word file, along with articles reproduced by Tibetan websites and photos from WPCT, into opening an executable that’s disguised as a document.

The executable, as observed in prior Mustang Panda attacks, leverages DLL side-loading to launch a malicious DLL dubbed Claimloader that’s then used to deploy PUBLOAD, a downloader malware that’s responsible for contacting a remote server and fetching a next-stage payload dubbed Pubshell.

Pubshell is a “light-weight backdoor facilitating immediate access to the machine via a reverse shell,” security researchers Golo Mühr and Joshua Chung said in an analysis published this week.

At this stage, it’s worth mentioning some of the nomenclature differences: IBM has given the name Claimloader to the custom stager first documented by Cisco Talos in May 2022 and PUBLOAD to the first-stage shellcode downloader, whereas Trend Micro identifies both the stager and the downloader as PUBLOAD. Team T5, similarly, tracks the two components collectively as NoFive.

The development comes weeks after IBM’s activity which it said is the work of a Hive0154 sub-cluster targeting the United States, Philippines, Pakistan, and Taiwan from late 2024 to early 2025.

This activity, like in the case of those targeting Tibet, utilizes weaponized archives originating from spear-phishing emails to target government, military, and diplomatic entities.

The digital missives contain links to Google Drive URLs that download the booby-trapped ZIP or RAR archives upon clicking, ultimately resulting in the deployment of TONESHELL in 2024 and PUBLOAD starting this year via Claimloader.

TONESHELL, another oft-used Mustang Panda malware, functions similarly to Pubshell in that it’s also used to create a reverse shell and execute commands on the compromised host.

“The Pubshell implementation of the reverse shell via anonymous pipes is almost identical to TONESHELL,” the researchers said. “However, instead of running a new thread to immediately return any results, Pubshell requires an additional command to return command results. It also only supports running ‘cmd.exe’ as a shell.”

“In several ways, Pubload and Pubshell appear to be an independently developed ‘lite version’ of TONESHELL, with less sophistication and clear code overlaps.”

The attacks targeted Taiwan have been characterized by the use of a USB worm called HIUPAN (aka MISTCLOAK or U2DiskWatch), which is then leveraged to spread Claimloader and PUBLOAD through USB devices.

“Hive0154 remains a highly capable threat actor with multiple active sub-clusters and frequent development cycles,” the researchers said.

“China-aligned groups like Hive0154 will continue to refine their large malware arsenal and retain a focus on East Asia-based organizations in the private and public sectors. Their wide array of tooling, frequent development cycles, and USB worm-based malware distribution highlights them as a sophisticated threat actor.”

Security operations centers (SOCs) are under pressure from both sides: threats are growing more complex and frequent, while security budgets are no longer keeping pace. Today’s security leaders are expected to reduce risk and deliver results without relying on larger teams or increased spending.

At the same time, SOC inefficiencies are draining resources. Studies show that up to half of all alerts are false positives, with some reports citing false positive rates as high as 99 percent. This means highly trained analysts spend a disproportionate amount of time chasing down harmless activity, wasting effort, increasing fatigue, and raising the chance of missing real threats.

In this environment, the business imperative is clear: maximize the impact of every analyst and every dollar by making security operations faster, smarter, and more focused.

Enter the Agentic AI SOC Analyst

The agentic AI SOC Analyst is a force multiplier that enables organizations to do more with the team and technology they already have. By automating repetitive investigations and reducing time wasted on false positives, Agentic AI helps organizations redirect human expertise to the threats and initiatives that matter most, aligning security operations with core business goals of resilience, efficiency, and growth.

Addressing the Skilled Analyst Shortage

A key driver behind the business case for agentic AI in the SOC is the acute shortage of skilled security analysts. The global cybersecurity workforce gap is now estimated at 4 million professionals, but the real bottleneck for most organizations is the scarcity of experienced analysts with the expertise to triage, investigate, and respond to modern threats. One ISC2 survey report from 2024 shows that 60% of organizations worldwide reported staff shortages significantly impacting their ability to secure the organizations, with another report from the World Economic Forum showing that just 15% of organizations believe they have the right people with the right skills to properly respond to a cybersecurity incident.

Given these realities, simply adding more headcount is neither feasible nor sustainable. Instead, organizations must focus on maximizing the impact of their existing skilled staff. The AI SOC Analyst addresses this by automating routine Tier 1 tasks, filtering out noise, and surfacing the alerts that truly require human judgment. This not only drives faster investigations and incident response, but also helps retain top talent by reducing burnout and enabling more meaningful, strategic work.

AI SOC Analysts enable security teams to reduce risk, control cost, and deliver more with less. By automating triage, investigation, and even remediation, they directly improve operational efficiency, reduce the burden on human analysts, and ensure threats are handled before they escalate.

Reducing noise, focusing on what matters

AI SOC Analysts apply context and behavioral analysis to understand the threat level of an alert, suppressing low-value alerts and elevating high-risk activity. This drastically reduces alert fatigue and ensures analyst time is spent on real threats, not redundant noise. The result: stronger coverage and faster action, without scaling headcount. Organizations that deploy agentic AI SOC Analysts can see upwards of a 90% reduction in false positive alerts that need analyst review.

Increasing analyst efficiency and throughput

Traditional investigation workflows are filled with repetitive, time-consuming tasks: pulling logs, linking evidence, and writing summaries. AI SOC Analysts automate this work, mirroring how experienced analysts think and investigate. The result is a dramatic increase in productivity. Teams can process more cases faster, and focus on strategic tasks like threat hunting and tuning detections.

Learning and adapting over time

AI-driven systems do not remain static. Unlike SOAR playbooks, agentic AI continuously improves based on analyst feedback, historical data, and threat intelligence. This means investigation accuracy increases, false positives are reduced, and the SOC becomes more efficient over time. What starts as an automation tool becomes a compounding asset that grows more effective with use. They can even surface insights for detection engineers to create new rules or tune existing ones.

Metrics that matter to SOC leaders

AI SOC Analysts drive improvements in the key metrics used to evaluate SOC performance and business impact:

• Mean time to investigate and mean time to respond: Automated investigations reduce the time from hours to minutes, limiting exposure and enabling faster containment.
• Dwell time: Faster triage and detection shrinks the window in which attackers can move, steal data, or escalate.
• Alert closure rates: Higher rates of resolution reflect stronger SOC throughput and fewer ignored alerts.
• Analyst productivity: When analysts spend less time on repetitive tasks and more time on proactive work, team value increases without growing headcount.

Unlocking value from your existing stack and team

AI SOC Analysts enhance the ROI of your existing security stack. By ingesting data from your SIEM, EDR, cloud, and identity platforms, AI ensures every signal is investigated. This closes the loop on alerts that would otherwise be ignored, turning your existing stack into a higher-value investment.

AI also helps develop internal talent. Clear, consistent investigations act as on-the-job training for junior analysts. They gain exposure to advanced investigative methods without needing years of experience. The result is a more capable team, built faster and at lower cost.

How Prophet Security Aligns Security with Business Outcomes

Prophet Security helps organizations move beyond manual investigations and alert fatigue by delivering an agentic AI SOC platform that automates triage, accelerates investigations, and ensures every alert gets the attention it deserves. By integrating across your existing stack, Prophet AI improves analyst efficiency, reduces incident dwell time, and drives faster, more consistent security outcomes.

Security leaders use Prophet AI to get more value from the people and tools they already have, improve their security posture, and turn day-to-day SOC operations into measurable business results. Visit Prophet Security today to request a demo and see firsthand how Prophet AI can elevate your SOC operations.

Jun 27, 2025Ravie LakshmananMalware / Cyber Attack

A new campaign has been observed leveraging fake websites advertising popular software such as WPS Office, Sogou, and DeepSeek to deliver Sainbox RAT and the open-source Hidden rootkit.

The activity has been attributed with medium confidence to a Chinese hacking group called Silver Fox (aka Void Arachne), citing similarities in tradecraft with previous campaigns attributed to the threat actor.

The phishing websites (“wpsice[.]com”) have been found to distribute malicious MSI installers in the Chinese language, indicating that the targets of the campaign are Chinese speakers.

“The malware payloads include the Sainbox RAT, a variant of Gh0st RAT, and a variant of the open-source Hidden rootkit,” Netskope Threat Labs researcher Leandro Fróes said.

This is not the first time the threat actor has resorted to this modus operandi. In July 2024, eSentire detailed a campaign that targeted Chinese-speaking Windows users with fake Google Chrome sites to deliver Gh0st RAT.

Then earlier this February, Morphisec disclosed another campaign that also leveraged bogus sites advertising the web browser that distributed ValleyRAT (aka Winos 4.0), a different version of Gh0st RAT.

ValleyRAT was first documented by Proofpoint in September 2023 as part of a campaign that also singled out Chinese-speaking users with Sainbox RAT and Purple Fox.

In the latest attack wave spotted by Netskope, the malicious MSI installers downloaded from the websites are designed to launch a legitimate executable named “shine.exe,” which sideloads a rogue DLL “libcef.dll” using DLL side-loading techniques.

The DLL’s primary objective is to extract shellcode from a text file (“1.txt”) present in the installer and then run it, ultimately resulting in the execution of another DLL payload, a remote access trojan called Sainbox.

“The .data section of the analyzed payload contains another PE binary that may be executed, depending on the malware’s configuration,” Fróes explained. “The embedded file is a rootkit driver based on the open-source project Hidden.”

While Sainbox comes fitted with capabilities to download additional payloads and steal data, Hidden offers attackers an array of stealthy features to hide malware-related processes and Windows Registry keys on compromised hosts.

“Using variants of commodity RATs, such as Gh0st RAT, and open-source kernel rootkits, such as Hidden, gives the attackers control and stealth without requiring a lot of custom development,” Netskope said.

Jun 27, 2025Ravie LakshmananNetwork Security / Vulnerability

Threat intelligence firm GreyNoise is warning of a “notable surge” in scanning activity targeting Progress MOVEit Transfer systems starting May 27, 2025—suggesting that attackers may be preparing for another mass exploitation campaign or probing for unpatched systems.

MOVEit Transfer is a popular managed file transfer solution used by businesses and government agencies to share sensitive data securely. Because it often handles high-value information, it has become a favorite target for attackers.

“Prior to this date, scanning was minimal — typically fewer than 10 IPs observed per day,” the company said. “But on May 27, that number spiked to over 100 unique IPs, followed by 319 IPs on May 28.”

Since then, daily scanner IP volume has remained intermittently elevated between 200 to 300 IPs per day, GreyNoise added, stating it marks a “significant deviation” from usual behavior.

As many as 682 unique IPs have been flagged in connection with the activity over the past 90 days, with 449 IP addresses observed in the past 24 hours alone. Of the 449 IPs, 344 have been categorized as suspicious and 77 have been marked malicious.

A majority of the IP addresses geolocate to the United States, followed by Germany, Japan, Singapore, Brazil, the Netherlands, South Korea, Hong Kong, and Indonesia.

GreyNoise also said it detected low-volume exploitation attempts to weaponize two known MOVEit Transfer flaws (CVE-2023-34362 and CVE-2023-36934) on June 12, 2025. It’s worth noting that CVE-2023-34362 was abused by Cl0p ransomware actors as part of a widespread campaign in 2023, impacting more than 2,770 organizations.

The spike in scanning activity is an indication that MOVEit Transfer instances are once again under the threat actor’s scanner, making it essential that users block the offending IP addresses, make sure the software is up-to-date, and avoid publicly exposing them over the internet.

Cybersecurity researchers have detailed a new campaign dubbed OneClik that leverages Microsoft’s ClickOnce software deployment technology and bespoke Golang backdoors to compromise organizations within the energy, oil, and gas sectors.

“The campaign exhibits characteristics aligned with Chinese-affiliated threat actors, though attribution remains cautious,” Trellix researchers Nico Paulo Yturriaga and Pham Duy Phuc said in a technical write-up.

“Its methods reflect a broader shift toward ‘living-off-the-land’ tactics, blending malicious operations within cloud and enterprise tooling to evade traditional detection mechanisms.”

The phishing attacks, in a nutshell, make use of a .NET-based loader called OneClikNet to deploy a sophisticated Go-based backdoor codenamed RunnerBeacon that’s designed to communicate with attacker-controlled infrastructure that’s obscured using Amazon Web Services (AWS) cloud services.

ClickOnce is offered by Microsoft as a way to install and update Windows-based applications with minimal user interaction. It was introduced in .NET Framework 2.0. However, the technology can be an attractive means for threat actors looking to execute their malicious payloads without raising any red flags.

As noted in the MITRE ATT&CK framework, ClickOnce applications can be used to run malicious code through a trusted Windows binary, “dfsvc.exe,” that’s responsible for installing, launching, and updating the apps. The apps are launched as a child process of “dfsvc.exe.”

“Because ClickOnce applications receive only limited permissions, they do not require administrative permissions to install,” MITRE explains. “As such, adversaries may abuse ClickOnce to proxy execution of malicious code without needing to escalate privileges.”

Trellix said the attack chains begin with phishing emails containing a link to a fake hardware analysis website that serves as a conduit for delivering a ClickOnce application, which, in turn, runs an executable using dfsvc.exe.

The binary is a ClickOnce loader that’s launched by injecting the malicious code via another technique known as AppDomainManager injection, ultimately resulting in the execution of an encrypted shellcode in memory to load the RunnerBeacon backdoor.

The Golang implant can communicate with a command-and-control (C2) server over HTTP(s), WebSockets, raw TCP, and SMB named pipes, allowing it to perform file operations, enumerate and terminate running processes, execute shell commands, escalate privileges using token theft and impersonation, and achieve lateral movement.

Additionally, the backdoor incorporates anti-analysis features to evade detection, and supports network operations like port scanning, port forwarding, and SOCKS5 protocol to facilitate proxy and routing features.

“RunnerBeacon’s design closely parallels known Go-based Cobalt Strike beacons (e.g. the Geacon/Geacon plus/Geacon Pro family),” the researchers said.

“Like Geacon, the set of commands (shell, process enumeration, file I/O, proxying, etc.) and use of cross-protocol C2 are very similar. These structural and functional similarities suggest RunnerBeacon may be an evolved fork or a privately modified variant of Geacon, tailored for stealthier, and cloud-friendly operations.”

Three different variants of OneClick have been observed in March 2025 alone: v1a, BPI-MDM, and v1d, with each iteration demonstrating progressively improved capabilities to fly under the radar. That said, a variant of RunnerBeacon was identified in September 2023 at a company in the Middle East in the oil and gas sector.

Although techniques like AppDomainManager injection have been used by China– and North Korea-linked threat actors in the past, the activity has not benefited formally attributed to any known threat actor or group.

The development comes as QiAnXin detailed a campaign mounted by a threat actor it tracks as APT-Q-14 that has also employed ClickOnce apps to propagate malware by exploiting a zero-day cross-site scripting (XSS) flaw in the web version of an unnamed email platform. The vulnerability, it said, has since been patched.

The XSS flaw is automatically triggered when a victim opens a phishing email, causing the download of the ClickOne app. “The body of the phishing email comes from Yahoo News, which coincides with the victim industry,” QiAnXin noted.

The intrusion sequence serves a mailbox instruction manual as a decoy, while a malicious trojan is stealthily installed on the Windows host to collect and exfiltrate system information to a C2 server and receive unknown next-stage payloads.

The Chinese cybersecurity company said APT-Q-14 also focuses on zero-day vulnerabilities in email software for the Android platform.

APT-Q-14 has been described by QiAnXin as originating from Northeast Asia and having overlaps with other clusters dubbed APT-Q-12 (aka Pseudo Hunter) and APT-Q-15, which are assessed to be sub-groups within a South Korea-aligned threat group known as DarkHotel (aka APT-C-06).

Earlier this week, Beijing-based 360 Threat Intelligence Center disclosed DarkHotel’s use of the Bring Your Own Vulnerable Driver (BYOVD) technique to terminate Microsoft Defender Antivirus and deploy malware as part of a phishing attack that delivered fake MSI installation packages in February 2025.

The malware is engineered to establish communication with a remote server to download, decrypt, and execute unspecified shellcode.

“In general, the [hacking group’s] tactics have tended to be ‘simple’ in recent years: Different from the previous use of heavy-weight vulnerabilities, it has adopted flexible and novel delivery methods and attack techniques,” the company said. “In terms of attack targets, APT-C-06 still focuses on North Korean-related traders, and the number of targets attacked in the same period is greater.”

Jun 26, 2025Ravie LakshmananOpen Source / Vulnerability

Cybersecurity researchers have disclosed a critical vulnerability in the Open VSX Registry (“open-vsx[.]org”) that, if successfully exploited, could have enabled attackers to take control of the entire Visual Studio Code extensions marketplace, posing a severe supply chain risk.

“This vulnerability provides attackers full control over the entire extensions marketplace, and in turn, full control over millions of developer machines,” Koi Security researcher Oren Yomtov said. “By exploiting a CI issue a malicious actor could publish malicious updates to every extension on Open VSX.”

Following responsible disclosure on May 4, 2025, the multiple rounds of fixes were proposed by the maintainers, before it was finally deployed on June 25.

Open VSX Registry is an open-source project and alternative to the Visual Studio Marketplace. It’s maintained by the Eclipse Foundation. Several code editors like Cursor, Windsurf, Google Cloud Shell Editor, Gitpod, and others integrate it into their services.

“This widespread adoption means that a compromise of Open VSX is a supply-chain nightmare scenario,” Yomtov said. “Every single time an extension is installed, or an extension update fetched silently in the background, these actions go through Open VSX.”

The vulnerability discovered by Koi Security is rooted in the publish-extensions repository, which includes scripts to publish open-source VS Code extensions to open-vsx.org.

Developers can request their extension to be auto-published by submitting a pull request to add it to the extensions.json file present in the repository, after which it’s approved and merged.

In the backend, this plays out in the form of a GitHub Actions workflow that’s daily run at 03:03 a.m. UTC that takes as input a list of comma-separated extensions from the JSON file and publishes them to the registry using the vsce npm package.

“This workflow runs with privileged credentials including a secret token (OVSX_PAT) of the @open-vsx service account that has the power to publish (or overwrite) any extension in the marketplace,” Yomtov said. “In theory, only trusted code should ever see that token.”

“The root of the vulnerability is that npm install runs the arbitrary build scripts of all the auto-published extensions, and their dependencies, while providing them with access to the OVSX_PAT environment variable.”

This means that it’s possible to obtain access to the @open-vsx account’s token, enabling privileged access to the Open VSX Registry, and providing an attacker with the ability to publish new extensions and tamper with existing ones to insert malicious code.

The risk posed by extensions has not gone unnoticed by MITRE, which has introduced a new “IDE Extensions” technique in its ATT&CK framework as of April 2025, stating it could be abused by malicious actors to establish persistent access to victim systems.

“Every marketplace item is a potential backdoor,” Yomtov said. “They’re unvetted software dependencies with privileged access, and they deserve the same diligence as any package from PyPI, npm, Hugginface, or GitHub. If left unchecked, they create a sprawling, invisible supply chain that attackers are increasingly exploiting.”

Jun 26, 2025Ravie LakshmananCyber Attack / Malware Analysis

The ClickFix social engineering tactic as an initial access vector using fake CAPTCHA verifications increased by 517% between the second half of 2024 and the first half of this year, according to data from ESET.

“The list of threats that ClickFix attacks lead to is growing by the day, including infostealers, ransomware, remote access trojans, cryptominers, post-exploitation tools, and even custom malware from nation-state-aligned threat actors,” Jiří Kropáč, Director of Threat Prevention Labs at ESET, said.

ClickFix has become a widely popular and deceptive method that employs bogus error messages or CAPTCHA verification checks to deceive victims into copying and pasting a malicious script into either the Windows Run dialog or the Apple macOS Terminal app, and running it.

The Slovak cybersecurity company said the highest volume of ClickFix detections is concentrated around Japan, Peru, Poland, Spain, and Slovakia.

The prevalence and effectiveness of this attack method have led to threat actors advertising builders that provide other attackers with ClickFix-weaponized landing pages, ESET added.

From ClickFix to FileFix

The development comes as security researcher mrd0x demonstrated a proof-of-concept (PoC) alternative to ClickFix named FileFix that works by tricking users into copying and pasting a file path into Windows File Explorer.

The technique essentially involves achieving the same as ClickFix but in a different manner by combining File Explorer’s ability to execute operating system commands through the address bar with a web browser’s file upload feature.

In the attack scenario devised by the researcher, a threat actor may devise a phishing page that, instead of displaying a fake CAPTCHA check to the prospective target, presents a message stating a document has been shared with them and that they need to copy and paste the file path on the address bar by pressing CTRL + L.

The phishing page also includes a prominent “Open File Explorer” that, upon clicking, opens the File Explorer and copies a malicious PowerShell command to the user’s clipboard. Thus, when the victim pastes the “file path,” the attacker’s command is executed instead.

This, in turn, is achieved by altering the copied file path to prepend the PowerShell command before it followed by adding spaces to hide it from view and a pound sign (“#”) to treat the fake file path as a comment: “Powershell.exe -c ping example.com<space># C:\<path_to_file>\decoy.doc“

“Additionally, our PowerShell command will concatenate the dummy file path after a comment in order to hide the command and show the file path instead,” mrd0x said.

Phishing Campaigns Galore

The surge in ClickFix campaigns also coincides with the discovery of various phishing campaigns that –

• Leverage a .gov domain to send phishing emails that masquerade as unpaid toll to take users to bogus pages that are designed to collect their personal and financial information
• Make use of long-lived domains (LLDs), a technique called strategic domain aging, to either host or use them to redirect users to custom CAPTCHA check pages, completing which they are led to spoofed Microsoft Teams pages to steal their Microsoft account credentials
• Distribute malicious Windows shortcut (LNK) files within ZIP archives to launch PowerShell code responsible for deploying Remcos RAT
• Employ lures which supposedly warn users that their mailbox is almost full and that they need to “clear storage” by clicking a button embedded in the message, performing which takes the user to a phishing page hosted on IPFS that steals users email credentials. Interestingly, the emails also include a RAR archive attachment that, once extracted and executed, drops the XWorm malware.
• Incorporate a URL that lets to a PDF document, which, in turn, contains another URL that drops a ZIP archive, which includes an executable responsible for launching an AutoIT-based Lumma Stealer
• Weaponize a legitimate front-end platform called Vercel to host bogus sites that propagate a malicious version of LogMeIn to gain full control over victims’ machines
• Impersonate U.S. state Departments of Motor Vehicles (DMVs) to send SMS messages about unpaid toll violations and redirect recipients to deceptive sites that harvest personal information and credit card details
• Utilize SharePoint-themed emails to redirect users to credential harvesting pages hosted on “*.sharepoint[.]com” domains that siphon users’ Microsoft account passwords.

“Emails containing SharePoint links are less likely to be flagged as malicious or phishing by EDR or antivirus software. Users also tend to be less suspicious, believing Microsoft links are inherently safer,” CyberProof said.

“Since phishing pages are hosted on SharePoint, they are often dynamic and accessible only through a specific link for a limited time, making them harder for automated crawlers, scanners, and sandboxes to detect.”

Jun 26, 2025Ravie LakshmananVulnerability, Network Security

Cisco has released updates to address two maximum-severity security flaws in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that could permit an unauthenticated attacker to execute arbitrary commands as the root user.

The vulnerabilities, assigned the CVE identifiers CVE-2025-20281 and CVE-2025-20282, carry a CVSS score of 10.0 each. A description of the defects is below –

• CVE-2025-20281 – An unauthenticated remote code execution vulnerability affecting Cisco ISE and ISE-PIC releases 3.3 and later that could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root
• CVE-2025-20282 – An unauthenticated remote code execution vulnerability affecting Cisco ISE and ISE-PIC release 3.4 that could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device and execute those files on the underlying operating system as root

Cisco said CVE-2025-20281 is the result of insufficient validation of user-supplied input, which an attacker could exploit by sending a crafted API request to obtain elevated privileges and run commands.

In contrast, CVE-2025-20282 stems from a lack of file validation checks that would otherwise prevent the uploaded files from being placed in privileged directories.

“A successful exploit could allow the attacker to store malicious files on the affected system and then execute arbitrary code or obtain root privileges on the system,” Cisco said.

The networking equipment vendor said there are no workarounds that address the issues. The shortcomings have been addressed in the below versions –

• CVE-2025-20281 – Cisco ISE or ISE-PIC 3.3 Patch 6 (ise-apply-CSCwo99449_3.3.0.430_patch4-SPA.tar.gz), 3.4 Patch 2 (ise-apply-CSCwo99449_3.4.0.608_patch1-SPA.tar.gz)
• CVE-2025-20282 – Cisco ISE or ISE-PIC 3.4 Patch 2 (ise-apply-CSCwo99449_3.4.0.608_patch1-SPA.tar.gz)

The company credited Bobby Gould of Trend Micro Zero Day Initiative and Kentaro Kawane of GMO Cybersecurity for reporting CVE-2025-20281. Kawane, who previously reported CVE-2025-20286 (CVSS score: 9.9), has also been acknowledged for reporting CVE-2025-20282.

While there is no evidence that the vulnerabilities have been exploited in the wild, it’s essential that users move quickly to apply the fixes to safeguard against potential threats.