Author: Mark

Jul 03, 2025Ravie LakshmananThreat Intelligence / Vulnerability

The French cybersecurity agency on Tuesday revealed that a number of entities spanning governmental, telecommunications, media, finance, and transport sectors in the country were impacted by a malicious campaign undertaken by a Chinese hacking group by weaponizing several zero-day vulnerabilities in Ivanti Cloud Services Appliance (CSA) devices.

The campaign, detected at the beginning of September 2024, has been attributed to a distinct intrusion set codenamed Houken, which is assessed to share some level overlaps with a threat cluster tracked by Google Mandiant under the moniker UNC5174 (aka Uteus or Uetus).

“While its operators use zero-day vulnerabilities and a sophisticated rootkit, they also leverage a wide number of open-source tools mostly crafted by Chinese-speaking developers,” the French National Agency for the Security of Information Systems (ANSSI) said. “Houken’s attack infrastructure is made up of diverse elements — including commercial VPNs and dedicated servers.”

The agency theorized that Houken is likely being used by an initial access broker since 2023 with an aim to gain a foothold into target networks and then shared with other threat actors interested in carrying out follow-on post-exploitation activities, reflective of a multi-party approach to vulnerability exploitation, as pointed out by HarfangLab.

“A first party identifies vulnerabilities, a second uses them at scale to create opportunities, then accesses are distributed to third parties which further attempt to develop targets of interest,” the French cybersecurity company noted earlier this February.

“The operators behind the UNC5174 and Houken intrusion sets are likely primarily looking for valuable initial accesses to sell to a state-linked actor seeking insightful intelligence,” the agency added.

In recent months, UNC5174 has been linked to the active exploitation of SAP NetWeaver flaws to deliver GOREVERSE, a variant of GoReShell. The hacking crew has also leveraged vulnerabilities in Palo Alto Networks, Connectwise ScreenConnect, and F5 BIG-IP software in the past to deliver the SNOWLIGHT malware, which is then used to drop a Golang tunneling utility called GOHEAVY.

Another report from SentinelOne attributed the threat actor to an intrusion against a “leading European media organization” in late September 2024.

In the attacks documented by ANSSI, the attackers have been observed exploiting three security defects in Ivanti CSA devices, CVE-2024-8963, CVE-2024-9380, and CVE-2024-8190, as zero-days to obtain credentials and establish persistence using one of the three methods –

• Directly deploying PHP web shells
• Modifying existing PHP scripts to inject web shell capabilities, and
• Installing a kernel module that serves as a rootkit

The attacks are characterized by the use of publicly available web shells like Behinder and neo-reGeorg, followed by the deployment of GOREVERSE to maintain persistence after lateral movements. Also employed is an HTTP proxy tunneling tool called suo5 and a Linux kernel module named “sysinitd.ko” that was documented by Fortinet in October 2024 and January 2025.

“It is composed of a kernel module (sysinitd.ko) and a user-space executable file (sysinitd) installed on the targeted device through the execution of a shell script: install.sh,” ANSSI said. “By hijacking inbound TCP traffic over all ports, and invoking shells, sysinitd.ko and sysinitd allow the remote execution of any command with root privileges.”

That’s not all. Besides conducting reconnaissance and operating in the UTC+8 time zone (which corresponds to China Standard Time), the attackers have been observed attempting to patch the vulnerabilities, likely to prevent exploitation by other unrelated actors, ANSSI added.

It’s suspected that the threat actors have a wide targeting range, comprising governmental and education sectors in Southeast Asia, non-governmental organizations located in China, including Hong Kong and Macau, and governmental, defence, education, media or telecommunication sectors in the West.

On top of that, the tradecraft similarities between Houken and UNC5174 have raised the possibility that they are operated by a common threat actor. That having said, at least in one incident, the threat actors are said to have weaponized the access to deploy cryptocurrency miners, underscoring their financial motivations.

“The threat actor behind the Houken and UNC5174 intrusion sets might correspond to a private entity, selling accesses and worthwhile data to several state-linked bodies while seeking its own interests leading lucrative oriented operations,” ANSSI said.

If you’re evaluating AI-powered SOC platforms, you’ve likely seen bold claims: faster triage, smarter remediation, and less noise. But under the hood, not all AI is created equal. Many solutions rely on pre-trained AI models that are hardwired for a handful of specific use cases. While that might work for yesterday’s SOC, today’s reality is different.

Modern security operations teams face a sprawling and ever-changing landscape of alerts. From cloud to endpoint, identity to OT, insider threats to phishing, network to DLP, and so many more, the list goes on and is continuously growing. CISOs and SOC managers are rightly skeptical. Can this AI actually handle all of my alerts, or is it just another rules engine in disguise?

In this post, we’ll examine the divide between two types of AI SOC platforms. Those built on adaptive AI, which learns to triage and respond to any alert type, and those that rely on pre-trained AI, limited to handling predefined use cases only. Understanding this difference isn’t just academic; it’s the key to building a resilient SOC that is ready for the future.

What is a pre-trained AI model?

Pre-trained AI models in the SOC are typically developed by training machine learning algorithms on historical data from specific security use cases, such as phishing detection, endpoint malware alerts, and the like. Engineers curate large, labeled datasets and tune the models to recognize common patterns and remediation steps associated with those use cases. Once deployed, the model operates like a highly specialized assistant. When it encounters an alert type it was trained on, it can quickly classify the alert, assign a confidence score, and recommend the next action, often with impressive accuracy.

This makes pre-trained AI particularly well-suited for high-volume, repeatable alert categories where the threat behavior is well-understood and relatively consistent over time. It can dramatically reduce triage times, surface clear remediation guidance, and eliminate redundant work by automating common security workflows. For organizations with predictable threat profiles, pre-trained models offer a fast track to operational efficiency, delivering value out-of-the-box without requiring deep customization.

But do such organizations exist? If they do, they are certainly far and few in between, leading us to our next section. The limitations of pre-trained AI.

Limitations of a pre-trained AI model for the SOC

Despite their initial appeal, pre-trained AI models come with significant limitations, especially for organizations seeking broad and adaptable alert coverage. From a business standpoint, the most critical drawback is that pre-trained AI can only triage what it has been explicitly taught, similar to SOARs that can only execute actions based on pre-configured playbooks.

This means that AI SOC vendors relying on the pre-trained approach must develop, test, and deploy new models for each individual use case, an inherently slow and resource-intensive process. As a result, their customers (i.e. SOC teams) are often left waiting for broader coverage of both existing and emerging alert types. This rigid development approach hinders agility and forces SOC teams to fall back on manual workflows for anything not covered.

In fast-changing environments where security signals evolve constantly, pre-trained models struggle to keep pace, quickly becoming outdated or brittle. This can create blind spots, inconsistent triage quality, and increased analyst workload, which undermines the very efficiency gains the AI was meant to deliver.

What is an adaptive AI model?

Adaptive AI: Designed for the unknown

In the context of SOC triage, adaptive AI represents a fundamental shift from the limitations of pre-trained models. Unlike static systems that can only respond to alerts they were trained on, adaptive AI is built to handle any alert, even one it has never seen before. When a new alert is ingested, adaptive AI doesn’t fail silently or defer to a human; instead, it actively researches the new alert. It begins by analyzing the alert’s structure, semantics, and context to determine what it represents and whether it poses a threat. This capability to research novel alerts in real-time (which is what experienced, higher-tier analysts do) is what allows adaptive AI to triage and respond across the entire spectrum of security signals without requiring prior training for each use case.

This capability holds true both for alert types the adaptive AI has never seen before, as well as for new variations of threats (e.g. a new form of malware).

Technically, adaptive AI uses semantic classification to assess how closely a new alert resembles previously seen alerts. If there’s a strong match, it can intelligently reuse an existing triage outline: a structured set of investigative questions and actions tailored to the alert’s characteristics. The AI performs a fresh analysis, which includes verifying the results of each step in the triage outline, assessing these results, identifying additional areas to investigate and finally compiling a conclusion.

But when the alert is novel or unfamiliar, the system shifts into discovery mode. Here, research agents, just like senior SOC analysts, will search vendor docs, threat intelligence feeds, as well as reputable websites and forums. They then analyze all the information and compile a report that defines what the new alert represents, e.g. is it malware or some other threat type. With this, the agents dynamically construct a brand-new triage outline. These outlines are passed to triage agents, which execute the full triage process autonomously. This is possible because adaptive AI isn’t a monolithic model. Rather, it’s a coordinated system of dozens of specialized AI agents, each capable of performing a range of tasks. In complex cases, these agents may collectively perform over 150 inference jobs to fully triage a single alert, from data enrichment to threat validation to remediation planning.

In contrast to pre-trained AI, where all research is front-loaded by human trainers and triage is constrained to static and potentially outdated knowledge, adaptive AI brings continuous learning and execution into the SOC with research agents leveraging up-to-date, online resources and threat intelligence. Once research agents have surfaced fresh insights, they immediately share them with triage agents to complete the triage process. This agent-to-agent collaboration makes the system both flexible and scalable, enabling security teams to confidently automate triage across their entire alert landscape without waiting for vendors to catch up with new use cases or attack patterns.

Why multiple LLMs are better than one for SOC triage

Using multiple large language models (LLMs) in the SOC isn’t just a technical decision—it’s a strategic advantage. Each LLM has its own strengths, whether it’s deep reasoning, concise summarization, code generation, or multilingual understanding. By orchestrating a set of complementary models, an adaptive AI platform assigns the right model to the right task, thereby ensuring more accurate, efficient, and context-aware triage. For example, one model might excel at analyzing structured security logs, another at understanding unstructured ticket narratives or phishing emails, while a third might be optimized for generating remediation scripts or querying cloud infrastructure.

This multi-LLM architecture adds resilience and depth to the triage process. If one model struggles to understand or classify a novel alert, another might offer a better interpretation or route the issue through a different reasoning path. It also reduces single-model bias and error amplification, which are common risks in mono-model systems. Most importantly, it enables the platform to continuously improve by benchmarking model performance on real-world SOC tasks and dynamically switching between them based on quality, latency, or cost.

In essence, the usage of multiple LLMs ensures the SOC gets the best of all worlds: speed, accuracy, flexibility, and robustness, tailored to the complexity and diversity of modern security environments. It’s a design choice rooted in real-world SOC needs, not AI hype.

The business benefits of the adaptive AI model

Adaptive AI delivers transformative value to both the SOC and the broader organization by removing the operational bottlenecks that have traditionally slowed security teams down. From a business perspective, it dramatically accelerates time-to-value by providing immediate triage coverage across all alert types, without waiting for vendor-led model development or manual tuning.

Adaptive AI can handle all alert types and data sources

This means faster detection, faster response, and greater resilience across evolving environments. On the security front, adaptive AI ensures that no alert, no matter how novel or obscure, slips through the cracks due to model limitations. It adapts to new data sources, attack techniques, and threat vectors as they emerge, closing blind spots and improving overall threat coverage.

For human analysts, adaptive AI acts as a powerful force multiplier: it automates the investigative heavy lifting, eliminates alert fatigue, and surfaces high-context, high-confidence insights that allow analysts to focus on the most strategic and high-risk issues. The result is a more agile, efficient, and empowered SOC, one that can scale without compromising quality or coverage.

Other essential features of AI SOC platforms

In addition to an adaptive AI model that can triage any alert type, SOC teams need more to boost end-to-end SOC efficiency and productivity.

Even after all the false positives have been automatically triaged and only real threats escalated to incidents, human analysts still need to come up with and execute response actions.

Furthermore, Tier 3 analysts will frequently want to dig deeper into the underlying logs for threat hunting and forensics. To avoid the “swivel chair” effect, an adaptive AI SOC platform should also provide integrated response and logging capabilities as follows:

Integrated response automation

If an alert has been deemed malicious, the adaptive AI generates custom, recommended actions to remediate the threat. Human analysts can execute the recommended remediation in one click or do so manually with step-by-step guidance.

Additionally, there is no need to configure or maintain any complex playbooks with the AI keeping the response action logic up-to-date and relevant for dynamic environments.

Integrated logging at a fraction of what traditional SIEMs cost

Built-in log management leveraging customer cloud archive storage and modern logging architecture provides rapid querying and visualizations, and the ability to drill down directly from alerts and incidents into the relevant log data.

This approach eliminates vendor lock-in with unlimited storage and retention for a fraction of what traditional log management and SIEMs cost.

Summary

Not all AI SOC platforms are created equal. While pre-trained AI offers narrow, rules-bound automation for familiar alert types, it struggles to keep pace with today’s dynamic and unpredictable threat landscape. Adaptive AI, by contrast, delivers continuous learning, real-time investigation, and full-spectrum triage for any alert. Powered by multiple specialized LLMs and a coordinated system of research and triage agents, adaptive AI empowers security teams to focus on real threats with speed, flexibility, and confidence.

To truly drive efficiency and scale, an AI SOC platform also needs integrated response automation and built-in log management, enabling analysts to quickly remediate threats and seamlessly drill into underlying log data without the overhead or cost associated with legacy SIEMs. With adaptive AI, organizations can finally break free from legacy limitations and operate a SOC that keeps pace with the real world.

About Radiant’s adaptive AI SOC platform

Radiant provides an adaptive AI SOC platform designed for enterprise security teams looking to fully address 100% of the alerts they receive from multiple tools and sensors. Triaging alerts from any security vendor or data source, Radiant ensures real threats are detected in minutes. With integrated response automation, MTTR is slashed from days to minutes, enabling analysts to focus on real incidents and proactive security.

Additionally, Radiant’s integrated and ultra-affordable log management empowers SOC teams to access all relevant data for both forensic and compliance purposes, all without vendor lock-in and the high costs associated with traditional SIEM solutions.

Schedule a demo with one of our friendly and knowledgeable product experts and see how Radiant can work for you!

Jul 03, 2025Ravie LakshmananVulnerability / Network Security

Cisco has released security updates to address a maximum-severity security flaw in Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME) that could permit an attacker to login to a susceptible device as the root user, allowing them to gain elevated privileges.

The vulnerability, tracked as CVE-2025-20309, carries a CVSS score of 10.0.

“This vulnerability is due to the presence of static user credentials for the root account that are reserved for use during development,” Cisco said in an advisory released Wednesday.

“An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user.”

Hardcoded credentials like this usually come from testing or quick fixes during development, but they should never make it into live systems. In tools like Unified CM that handle voice calls and communication across a company, root access can let attackers move deeper into the network, listen in on calls, or change how users log in.

The networking equipment major said it found no evidence of the flaw being exploited in the wild, and that it was discovered during internal security testing.

CVE-2025-20309 affects Unified CM and Unified CM SME versions 15.0.1.13010-1 through 15.0.1.13017-1, irrespective of device configuration.

Cisco has also released indicators of compromise (IoCs) associated with the flaw, stating successful exploitation would result in a log entry to “/var/log/active/syslog/secure” for the root user with root permissions. The log can retrieved by running the below command from the command-line interface –

cucm1# file get activelog syslog/secure

The development comes merely days after the company fixed two security flaws in Identity Services Engine and ISE Passive Identity Connector (CVE-2025-20281 and CVE-2025-20282) that could permit an unauthenticated attacker to execute arbitrary commands as the root user.

Threat actors with ties to North Korea have been observed targeting Web3 and cryptocurrency-related businesses with malware written in the Nim programming language, underscoring a constant evolution of their tactics.

“Unusually for macOS malware, the threat actors employ a process injection technique and remote communications via wss, the TLS-encrypted version of the WebSocket protocol,” SentinelOne researchers Phil Stokes and Raffaele Sabato said in a report shared with The Hacker News.

“A novel persistence mechanism takes advantage of SIGINT/SIGTERM signal handlers to install persistence when the malware is terminated or the system rebooted.”

The cybersecurity company is tracking the malware components collectively under the name NimDoor. It’s worth noting that some aspects of the campaign were previously documented by Huntabil.IT and later by Huntress and Validin, but with differences in the payloads deployed.

The attack chains involve social engineering tactics, approaching targets on messaging platforms like Telegram to schedule a Zoom meeting via Calendly, an appointment scheduling software. The target is then sent an email containing a supposed Zoom meeting link along with instructions to run a Zoom SDK update script to ensure that they are running the latest version of the videoconferencing software.

This step results in the execution of an AppleScript that acts as a delivery vehicle for a second-stage script from a remote server, while ostensibly redirecting the user to a legitimate Zoom redirect link. The newly downloaded script subsequently unpacks ZIP archives containing binaries that are responsible for setting up persistence and launching information stealing bash scripts.

At the heart of the infection sequence is a C++ loader called InjectWithDyldArm64 (aka InjectWithDyld), which decrypts two embedded binaries named Target and trojan1_arm64. InjectWithDyldArm64 launches Target in a suspended state and injects into it the trojan1_arm64’s binary’s code, after which the execution of the suspended process is resumed.

The malware proceeds to establish communication with a remote server and fetch commands that allow it to gather system information, run arbitrary commands, and change or set the current working directory. The results of the execution are sent back to the server.

Trojan1_arm64, for its part, is capable of downloading two more payloads, which come fitted with capabilities to harvest credentials from web browsers like Arc, Brave, Google Chrome, Microsoft Edge, and Mozilla Firefox, as well as extract data from the Telegram application.

Also dropped as part of the attacks is a collection of Nim-based executable that are used as a launchpad for CoreKitAgent, which monitors for user attempts to kill the malware process and ensures persistence.

“This behavior ensures that any user-initiated termination of the malware results in the deployment of the core components, making the code resilient to basic defensive actions,” the researchers said.

The malware also launches an AppleScript that beacons out every 30 seconds to one of two hard-coded command-and-control (C2) servers, while also exfiltrating a snapshot of the list of running processes and executing additional scripts sent by the server.

The findings demonstrate how North Korean threat actors are increasingly training their sights on macOS systems, weaponizing AppleScript to act as a post-exploitation backdoor to meet their data gathering goals.

“North Korean-aligned threat actors have previously experimented with Go and Rust, similarly combining scripts and compiled binaries into multi-stage attack chains,” the researchers said.

“However, Nim’s rather unique ability to execute functions during compile time allows attackers to blend complex behaviour into a binary with less obvious control flow, resulting in compiled binaries in which developer code and Nim runtime code are intermingled even at the function level.”

Kimsuky’s Use of ClickFix Continues

The disclosure comes as South Korean cybersecurity company Genians exposed Kimusky’s continued use of the ClickFix social engineering tactic to deliver a variety of remote access tools as part of a campaign dubbed BabyShark, a known cluster of activity attributed to the North Korean hacking group.

The attacks, first observed in January 2025 and targeting national security experts in South Korea, involve the use of spear-phishing emails masquerading as interview requests for a legitimate German-language business newspaper and trick them into opening a malicious link containing a bogus RAR archive.

Present within the archive is a Visual Basic Script (VBS) file that’s engineered to open a decoy Google Docs file in the user’s web browser, while, in the background, malicious code is executed to establish persistence on the host via scheduled tasks and harvest system information.

Subsequent attacks observed in March 2025 have impersonated a senior U.S. national security official to deceive targets into opening a PDF attachment that included a list of questions related to a meeting during the official’s purported visit to South Korea.

A similar tactic was documented by Proofpoint in April 2025, the difference being that the email message claimed to originate from a Japanese diplomat and urged the recipient to set up a meeting with the Japanese ambassador to the United States.

Once the obfuscated malicious PowerShell command is executed, a decoy Google Docs file is used as a distraction to conceal the execution of malicious code that establishes persistent communication with a C2 server to collect data and deliver additional payloads.

A second variant of the ClickFix strategy entails using a fake website mimicking a legitimate defense research job portal and populating it with bogus listings, causing site visitors who click on these postings to be served with a ClickFix-style pop-up message to open the Windows Run dialog and run a PowerShell command.

The command, for its part, guided users to download and install the Chrome Remote Desktop software on their systems, enabling remote control over SSH via the C2 server “kida.plusdocs.kro[.]kr.” Genians said it discovered a directory listing vulnerability in the C2 server that publicly exposed data likely collected from victims located across South Korea.

The C2 server also included an IP address from China, which has been found to contain a keylogging record for a Proton Drive link hosting a ZIP archive that’s used to drop BabyShark malware on the infected Windows host by means of a multi-stage attack chain.

As recently as last month, Kimsuky is believed to have concocted yet another variant of ClickFix in which the threat actors deploy phony Naver CAPTCHA verification pages to copy and paste PowerShell commands into the Windows Run dialog that launches an AutoIt script to siphon user information.

“The ‘BabyShark’ campaign is known for its swift adoption of new attack techniques, often integrating them with script-based mechanisms,” the company said. “The ‘ClickFix’ tactic discussed in this report appears to be another case of publicly available methods being adapted for malicious use.”

In recent weeks, Kimsuky has also been linked to email phishing campaigns that seemingly originate from academic institutions, but distribute malware under the pretext of reviewing a research paper.

“The email prompted the recipient to open a HWP document file with a malicious OLE object attachment,” AhnLab said. “The document was password-protected, and the recipient had to enter the password provided in the email body to view the document.”

Opening the weaponized document activates the infection process, leading to the execution of a PowerShell script that performs extensive system reconnaissance and the deployment of the legitimate AnyDesk software for persistent remote access.

The prolific threat actor that Kimsuky is, the group is in a constant state of flux regarding its tools, tactics, and techniques for malware delivery, with some of the cyber attacks also leveraging GitHub as a stager for propagating an open-source trojan called Xeno RAT.

“The malware accesses the attacker’s private repositories using a hard-coded Github Personal Access Token (PAT),” ENKI WhiteHat said. “This token was used to download malware from a private repository and upload information collected from victim systems.”

According to the South Korean cybersecurity vendor, the attacks begin with spear-phishing emails with compressed archive attachments containing a Windows shortcut (LNK) file, which, in turn, is likely used to drop a PowerShell script that then downloads and launches the decoy document, as well as executes Xeno RAT and a PowerShell information stealer.

Other attack sequences have been found to utilize a PowerShell-based downloader that fetches a file with an RTF extension from Dropbox to ultimately launch Xeno RAT. The campaign shares infrastructure overlaps with another set of attacks that delivered a variant of Xeno RAT known as MoonPeak.

“The attacker managed not only the malware used in attacks but also uploaded and maintained infected system log files and exfiltrated information in private repositories using GitHub Personal Access Tokens (PATs),” ENKI noted. “This ongoing activity highlights the persistent and evolving nature of Kimsuky’s operations, including their use of both GitHub and Dropbox as part of their infrastructure.”

Kimsuky, per data from NSFOCUS, has been one of the most active threat groups from Korea, alongside Konni, accounting for 5% of all the 44 advanced persistent threat (APT) activities recorded by the Chinese cybersecurity company in May 2025. In comparison, the top three most active APT groups in April were Kimsuky, Sidewinder, and Konni.

Cybersecurity researchers are calling attention to phishing campaigns that impersonate popular brands and trick targets into calling phone numbers operated by threat actors.

“A significant portion of email threats with PDF payloads persuade victims to call adversary-controlled phone numbers, displaying another popular social engineering technique known as Telephone-Oriented Attack Delivery (TOAD), also known as callback phishing,” Cisco Talos researcher Omid Mirzaei said in a report shared with The Hacker News.

An analysis of phishing emails with PDF attachments between May 5 and June 5, 2025, has revealed Microsoft and Docusign to be the most impersonated brands. NortonLifeLock, PayPal, and Geek Squad are among the most impersonated brands in TOAD emails with PDF attachments.

The activity is part of wider phishing attacks that attempt to leverage the trust people have with popular brands to initiate malicious actions. These messages typically incorporate PDF attachments featuring legitimate brands like Adobe and Microsoft to scan malicious QR codes that point to fake Microsoft login pages or click on links that redirect users to phishing pages posing as services like Dropbox.

QR code phishing emails with PDF payloads have also been found to leverage PDF annotations to embed the URLs within a sticky note, comment, or form fields within a PDF attachment, while linking the QR codes to an authentic web page to give the impression that the messages are trustworthy.

In TOAD-based attacks, victims are coaxed into calling a phone number in a purported attempt to resolve an issue or confirm a transaction. During the phone call, the attacker masquerades as a legitimate customer representative and tricks the victim into either disclosing sensitive information or installing malware on their devices.

This technique has been a popular method among threat actors to install banking trojans on Android devices and remote access programs on victim machines to gain persistent access. In May 2025, the U.S. Federal Bureau of Investigation (FBI) warned of such attacks perpetrated by a financially motivated group called Luna Moth to breach target networks by posing as IT department personnel.

“Attackers use direct voice communication to exploit the victim’s trust in phone calls and the perception that phone communication is a secure way to interact with an organization,” Mirzaei said. “Additionally, the live interaction during a phone call enables attackers to manipulate the victim’s emotions and responses by employing social engineering tactics.”

Cisco Talos said most threat actors use Voice over Internet Protocol (VoIP) numbers to remain anonymous and make it harder to trace, with some numbers reused consecutively for as many as four days, allowing the attackers to pull off multi-stage social engineering attacks using the same number.

“Brand impersonation is one of the most popular social engineering techniques, and it is continuously being used by attackers in different types of email threats,” the company said. “Therefore, a brand impersonation detection engine plays a pivotal role in defending against cyber attacks.”

In recent months, phishing campaigns have also capitalized on a legitimate feature in Microsoft 365 (M365) called Direct Send to spoof internal users and deliver phishing emails without the need for compromising an account. The novel method has been employed to target more than 70 organizations since May 2025, per Varonis.

These spoofed messages not only seem to originate from inside the victim organization, they also take advantage of the fact that smart host addresses follow a predictable pattern (“<tenant_name>.mail.protection.outlook.com”) to send the phishing emails without requiring authentication.

In one phishing email sent on June 17, 2025, the message body resembled a voicemail notification and included a PDF attachment that contained a QR code directing the recipients to a Microsoft 365 credentials harvesting page.

“In many of their initial access attempts, the threat actor utilized M365 Direct Send functionality to target an individual organization with phishing messages that were subject to less scrutiny compared to standard inbound email,” security researcher Tom Barnea said. “This simplicity makes Direct Send an attractive and low-effort vector for phishing campaigns.”

The disclosure comes as new research from Netcraft found that asking large language models (LLMs) where to log in to 50 different brands across various sectors like finance, retail, tech, and utilities suggested unrelated hostnames as responses that were not owned by the brands in the first place.

“Two-thirds of the time, the model returned the correct URL,” the company said. “But in the remaining third, the results broke down like this: nearly 30% of the domains were unregistered, parked, or otherwise inactive, leaving them open to takeover. Another 5% pointed users to completely unrelated businesses.”

This also means that users could be likely sent to a fake website just by asking an artificial intelligence (AI) chatbot where to sign in, opening the door for brand impersonation and phishing attacks when threat actors claim control of these unregistered or unrelated domains.

With threat actors already using AI-powered tools to create phishing pages at scale, the latest development marks a new twist where cybercriminals are looking to game an LLM’s response by surfacing malicious URLs as responses to queries.

Netcraft said it has also observed attempts to poison AI coding assistants like Cursor by publishing fake APIs to GitHub that harbor functionality to route transactions on the Solana blockchain to an attacker-controlled wallet.

“The attacker didn’t just publish the code,” security researcher Bilaal Rashid said. “They launched blog tutorials, forum Q&As, and dozens of GitHub repos to promote it. Multiple fake GitHub accounts shared a project called Moonshot-Volume-Bot, seeded across accounts with rich bios, profile images, social media accounts and credible coding activity. These weren’t throwaway accounts – they were crafted to be indexed by AI training pipelines.”

The developments also follow concerted efforts on the part of threat actors to inject reputed websites (e.g., .gov or .edu domains) with JavaScript or HTML designed to influence search engines into prioritizing phishing sites in search results. This is accomplished by an illicit marketplace called Hacklink.

The service “enables cybercriminals to purchase access to thousands of compromised websites and inject malicious code designed to manipulate search engine algorithms,” security researcher Andrew Sebborn said. “Scammers use Hacklink control panels to insert links to phishing or illicit websites into the source code of legitimate but compromised domains.”

These outbound links are associated with specific keywords so that the hacked websites are served in search results when users search for relevant terms. To make matters worse, the actors can alter the text that appears in the search result to match their needs without having to take control of the site in question, impacting brand integrity and user trust.

Jul 02, 2025The Hacker NewsNetwork Security / Threat Detection

With nearly 80% of cyber threats now mimicking legitimate user behavior, how are top SOCs determining what’s legitimate traffic and what is potentially dangerous?

Where do you turn when firewalls and endpoint detection and response (EDR) fall short at detecting the most important threats to your organization? Breaches at edge devices and VPN gateways have risen from 3% to 22%, according to Verizon’s latest Data Breach Investigations report. EDR solutions are struggling to catch zero-day exploits, living-off-the-land techniques, and malware-free attacks. Nearly 80% of detected threats use malware-free techniques that mimic normal user behavior, as highlighted in CrowdStrike’s 2025 Global Threat Report. The stark reality is that conventional detection methods are no longer sufficient as threat actors adapt their strategies, using clever techniques like credential theft or DLL hijacking to avoid discovery.

In response, security operations centers (SOCs) are turning to a multi-layered detection approach that uses network data to expose activity adversaries can’t conceal.

Technologies like network detection and response (NDR) are being adopted to provide visibility that complements EDR by exposing behaviors that are more likely to be missed by endpoint-based solutions. Unlike EDR, NDR operates without agent deployment, so it effectively identifies threats that use common techniques and legitimate tools maliciously. The bottom line is evasive techniques that work against edge devices and EDR are less likely to succeed when NDR is also on the lookout.

Layering up: The faster threat detection strategy

Much like layering for unpredictable weather, elite SOCs boost resilience through a multi-layered detection strategy centered on network insights. By consolidating detections into a single system, NDR streamlines management and empowers teams to focus on high-priority risks and use cases.

Teams can adapt quickly to evolving attack conditions, detect threats faster, and minimize damage. Now, let’s gear up and take a closer look at the layers that make up this dynamic stack:

THE BASE LAYER

Lightweight and quick to apply, these easily catch known threats to form the basis for defense:

• Signature-based network detection serves as the first layer of protection due to its lightweight nature and quick response times. Industry-leading signatures, such as those from Proofpoint ET Pro running on Suricata engines, can rapidly identify known threats and attack patterns.
• Threat intelligence, often composed of indicators of compromise (IOCs), looks for known network entities (e.g., IP addresses, domain names, hashes) observed in actual attacks. As with signatures, IOCs are easy to share, light-weight, and quick to deploy, offering quicker detection.

THE MALWARE LAYER

Think of malware detection as a waterproof barrier, protecting against “drops” of malware payloads by identifying malware families. Detections such as YARA rules — a standard for static file analysis in the malware analysis community — can identify malware families sharing common code structures. It’s crucial for detecting polymorphic malware that alters its signature while retaining core behavioral characteristics.

THE ADAPTIVE LAYER

Built to weather evolving conditions, the most sophisticated layers use behavioral detection and machine learning algorithms that identify known, unknown, and evasive threats:

• Behavioral detection identifies dangerous activities like domain generation algorithms (DGAs), command and control communications, and unusual data exfiltration patterns. It remains effective even when attackers change their IOCs (or even components of the attack), since the underlying behaviors don’t change, enabling quicker detection of unknown threats.
• ML models, both supervised and unsupervised, can detect both known attack patterns and anomalous behaviors that might indicate novel threats. They can target attacks that span greater lengths of time and complexity than behavioral detections.
• Anomaly detection uses unsupervised machine learning to spot deviations from baseline network behavior. This alerts SOCs to anomalies like unexpected services, unusual client software, suspicious logins, and malicious management traffic. It helps organizations uncover threats hiding in normal network activity and minimize attacker dwell time.

THE QUERY LAYER

Finally, in some situations, there is simply no faster way to generate an alert than to query the existing network data. Search-based detection — log search queries that generate alerts and detections — functions like a snap-on layer that’s at the ready for short-term, rapid response.

Unifying threat detection layers with NDR

The true strength in multi-layered detections is how they work together. Top SOCs are deploying Network Detection and Response (NDR) to provide a unified view of threats across the network. NDR correlates detections from multiple engines to deliver a complete threat view, centralized network visibility, and the context that powers real-time incident response.

Beyond layered detections, advanced NDR solutions can also offer several key advantages that enhance overall threat response capabilities:

• Detecting emerging attack vectors and novel techniques that haven’t yet been incorporated into traditional EDR signature-based detection systems.
• Reducing false positive rates by ~25%, according to a 2022 FireEye report
• Cutting incident response times with AI-driven triage and automated workflows
• Comprehensive coverage of MITRE ATT&CK network-based tools, techniques and procedures (TTPs)
• Leveraging shared intelligence and community-driven detections (open-source solutions)

The path forward for modern SOCs

The combination of increasingly sophisticated attacks, expanding attack surfaces, and added resource constraints requires a shift toward multi-layered detection strategies. In an environment where attacks succeed in seconds, the window for maintaining effective cybersecurity without an NDR solution is rapidly closing. Elite SOC teams get this and have already layered up. The question isn’t whether to implement multi-layered detection, it’s how quickly organizations can make this transition.

Corelight Network Detection and Response

Corelight’s integrated Open NDR Platform combines all seven of the network detection types mentioned above and is built on a foundation of open-source software like Zeek®, allowing you to tap into the power of community-driven detection intelligence. For more information: Corelight.

Jul 02, 2025Ravie LakshmananCybercrime / Dark Web

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has levied sanctions against Russia-based bulletproof hosting (BPH) service provider Aeza Group to assist threat actors in their malicious activities and targeting victims in the country and across the world.

The sanctions also extend to its subsidiaries Aeza International Ltd., the U.K. branch of Aeza Group, as well as Aeza Logistic LLC, Cloud Solutions LLC, and four individuals linked to the company –

• Arsenii Aleksandrovich Penzev, CEO and 33% owner of Aeza Group
• Yurii Meruzhanovich Bozoyan, general director and 33% owner of Aeza Group
• Vladimir Vyacheslavovich Gast, technical director who works closely with Penzev and Bozoyan
• Igor Anatolyevich Knyazev, 33% owner of Aeza Group who manages the operations in the absence of Penzev and Bozoyan

It’s worth noting that Penzev was arrested in early April 2025 on charges of leading a criminal organization and enabling large-scale drug trafficking by hosting BlackSprut, an illicit drugs marketplace on the dark web. Bozoyan and two other Aeza employees, Maxim Orel and Tatyana Zubova, were also detained.

“Cybercriminals continue to rely heavily on BPH service providers like Aeza Group to facilitate disruptive ransomware attacks, steal U.S. technology, and sell black-market drugs,” said Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence Bradley T. Smith.

“Treasury, in close coordination with the U.K. and our other international partners, remains resolved to expose the critical nodes, infrastructure, and individuals that underpin this criminal ecosystem.”

BPH services have been godsend for threat actors as they are known to deliberately ignore abuse reports and law enforcement takedown requests, often operating in countries with weak enforcement or intentionally vague legal standards. This makes them a resilient option for attackers to host their malicious infrastructure, including phishing sites, command-and-control (C2) servers, without disruption or consequences.

Headquartered in St. Petersburg, Aeza Group is accused of leasing its services to various ransomware and information stealer families, such as BianLian, RedLine, Meduza, and Lumma, some of which have been used to target U.S. defense industrial base and technology companies and other victims worldwide.

What’s more, a report published by Correctiv and Qurium last July detailed the use of Aeza’s infrastructure by the pro-Russian influence operation dubbed Doppelganger. Another threat actor that has availed the services of Aeza is Void Rabisu, the Russia-aligned threat actor behind RomCom RAT.

The development comes nearly five months after the Treasury sanctioned another Russia-based BPH service provider named Zservers for facilitating ransomware attacks, such as those orchestrated by the LockBit group.

Last week, Qurium also linked a Russian web hosting and proxy provider named Biterika to distributed denial-of-service (DDoS) attacks against two Russian independent media outlets IStories and Verstka.

These sanctions form part of a broader effort to dismantle the ransomware supply chain by targeting critical enablers like malicious hosting, command-and-control servers, and dark web infrastructure. As threat actors shift tactics, monitoring sanctioned entities, IP reputation scores, and abuse-resilient networks is becoming central to modern threat intelligence operations.

Jul 02, 2025Ravie LakshmananAI Security / Phishing

Unknown threat actors have been observed weaponizing v0, a generative artificial intelligence (AI) tool from Vercel, to design fake sign-in pages that impersonate their legitimate counterparts.

“This observation signals a new evolution in the weaponization of Generative AI by threat actors who have demonstrated an ability to generate a functional phishing site from simple text prompts,” Okta Threat Intelligence researchers Houssem Eddine Bordjiba and Paula De la Hoz said.

v0 is an AI-powered offering from Vercel that allows users to create basic landing pages and full-stack apps using natural language prompts.

The identity services provider said it has observed scammers using the technology to develop convincing replicas of login pages associated with multiple brands, including an unnamed customer of its own. Following responsible disclosure, Vercel has blocked access to these phishing sites.

The threat actors behind the campaign have also been found to host other resources such as the impersonated company logos on Vercel’s infrastructure, likely in an effort to abuse the trust associated with the developer platform and evade detection.

Unlike traditional phishing kits that require some amount of effort to set, tools like v0 — and its open-source clones on GitHub — allows attackers spin up fake pages just by typing a prompt. It’s faster, easier, and doesn’t require coding skills. This makes it simple for even low-skilled threat actors to build convincing phishing sites at scale.

“The observed activity confirms that today’s threat actors are actively experimenting with and weaponizing leading GenAI tools to streamline and enhance their phishing capabilities,” the researchers said.

“The use of a platform like Vercel’s v0.dev allows emerging threat actors to rapidly produce high-quality, deceptive phishing pages, increasing the speed and scale of their operations.”

The development comes as bad actors continue to leverage large language models (LLMs) to aid in their criminal activities, building uncensored versions of these models that are explicitly designed for illicit purposes. One such LLM that has gained popularity in the cybercrime landscape is WhiteRabbitNeo, which advertises itself as an “Uncensored AI model for (Dev) SecOps teams.”

“Cybercriminals are increasingly gravitating towards uncensored LLMs, cybercriminal-designed LLMs, and jailbreaking legitimate LLMs,” Cisco Talos researcher Jaeson Schultz said.

“Uncensored LLMs are unaligned models that operate without the constraints of guardrails. These systems happily generate sensitive, controversial, or potentially harmful output in response to user prompts. As a result, uncensored LLMs are perfectly suited for cybercriminal usage.”

This fits a bigger shift we’re seeing: Phishing is being powered by AI in more ways than before. Fake emails, cloned voices, even deepfake videos are showing up in social engineering attacks. These tools help attackers scale up fast, turning small scams into large, automated campaigns. It’s no longer just about tricking users—it’s about building whole systems of deception.

Cybersecurity researchers have discovered a critical security vulnerability in artificial intelligence (AI) company Anthropic’s Model Context Protocol (MCP) Inspector project that could result in remote code execution (RCE) and allow an attacker to gain complete access to the hosts.

The vulnerability, tracked as CVE-2025-49596, carries a CVSS score of 9.4 out of a maximum of 10.0.

“This is one of the first critical RCEs in Anthropic’s MCP ecosystem, exposing a new class of browser-based attacks against AI developer tools,” Oligo Security’s Avi Lumelsky said in a report published last week.

“With code execution on a developer’s machine, attackers can steal data, install backdoors, and move laterally across networks – highlighting serious risks for AI teams, open-source projects, and enterprise adopters relying on MCP.”

MCP, introduced by Anthropic in November 2024, is an open protocol that standardizes the way large language model (LLM) applications integrate and share data with external data sources and tools.

The MCP Inspector is a developer tool for testing and debugging MCP servers, which expose specific capabilities through the protocol and allow an AI system to access and interact with information beyond its training data.

It contains two components, a client that provides an interactive interface for testing and debugging, and a proxy server that bridges the web UI to different MCP servers.

That said, a key security consideration to keep in mind is that the server should not be exposed to any untrusted network as it has permission to spawn local processes and can connect to any specified MCP server.

This aspect, coupled with the fact that the default settings developers use to spin up a local version of the tool come with “significant” security risks, such as missing authentication and encryption, opens up a new attack pathway, per Oligo.

“This misconfiguration creates a significant attack surface, as anyone with access to the local network or public internet can potentially interact with and exploit these servers,” Lumelsky said.

The attack plays out by chaining a known security flaw affecting modern web browsers, dubbed 0.0.0.0 Day, with a cross-site request forgery (CSRF) vulnerability in Inspector (CVE-2025-49596) to run arbitrary code on the host simply upon visiting a malicious website.

“Versions of MCP Inspector below 0.14.1 are vulnerable to remote code execution due to lack of authentication between the Inspector client and proxy, allowing unauthenticated requests to launch MCP commands over stdio,” the developers of MCP Inspector said in an advisory for CVE-2025-49596.

0.0.0.0 Day is a 19-year-old vulnerability in modern web browsers that could enable malicious websites to breach local networks. It takes advantage of the browsers’ inability to securely handle the IP address 0.0.0.0, leading to code execution.

“Attackers can exploit this flaw by crafting a malicious website that sends requests to localhost services running on an MCP server, thereby gaining the ability to execute arbitrary commands on a developer’s machine,” Lumelsky explained.

“The fact that the default configurations expose MCP servers to these kinds of attacks means that many developers may be inadvertently opening a backdoor to their machine.”

Specifically, the proof-of-concept (PoC) makes use of the Server-Sent Events (SSE) endpoint to dispatch a malicious request from an attacker-controlled website to achieve RCE on the machine running the tool even if it’s listening on localhost (127.0.0.1).

This works because the IP address 0.0.0.0 tells the operating system to listen on all IP addresses assigned to the machine, including the local loopback interface (i.e., localhost).

In a hypothetical attack scenario, an attacker could set up a fake web page and trick a developer into visiting it, at which point, the malicious JavaScript embedded in the page would send a request to 0.0.0.0:6277 (the default port on which the proxy runs), instructing the MCP Inspector proxy server to execute arbitrary commands.

The attack can also leverage DNS rebinding techniques to create a forged DNS record that points to 0.0.0.0:6277 or 127.0.0.1:6277 in order to bypass security controls and gain RCE privileges.

Following responsible disclosure in April 2025, the vulnerability was addressed by the project maintainers on June 13 with the release of version 0.14.1. The fixes add a session token to the proxy server and incorporate origin validation to completely plug the attack vector.

“Localhost services may appear safe but are often exposed to the public internet due to network routing capabilities in browsers and MCP clients,” Oligo said.

“The mitigation adds Authorization which was missing in the default prior to the fix, as well as verifying the Host and Origin headers in HTTP, making sure the client is really visiting from a known, trusted domain. Now, by default, the server blocks DNS rebinding and CSRF attacks.”

Cybersecurity researchers have flagged the tactical similarities between the threat actors behind the RomCom RAT and a cluster that has been observed delivering a loader dubbed TransferLoader.

Enterprise security firm Proofpoint is tracking the activity associated with TransferLoader to a group dubbed UNK_GreenSec and the RomCom RAT actors under the moniker TA829. The latter is also known by the names CIGAR, Nebulous Mantis, Storm-0978, Tropical Scorpius, UAC-0180, UAT-5647, UNC2596, and Void Rabisu.

The company said it discovered UNK_GreenSec as part of its investigation into TA829, describing it as using an “unusual amount of similar infrastructure, delivery tactics, landing pages, and email lure themes.”

TA829 is something of an unusual hacking group in the threat landscape given its ability to conduct both espionage as well as financially motivated attacks. The Russia-aligned hybrid group has also been linked to the zero-day exploitation of security flaws in Mozilla Firefox and Microsoft Windows to deliver RomCom RAT in attacks aimed at global targets.

Earlier this year, PRODAFT detailed the threat actors’ use of bulletproof hosting providers, living-off-the-land (LOTL) tactics, and encrypted command-and-control (C2) communications to sidestep detection.

TransferLoader, on the other hand, was first documented by Zscaler ThreatLabz in connection with a February 2025 campaign that delivered the Morpheus ransomware against an unnamed American law firm.

Proofpoint noted that campaigns undertaken by both TA829 and UNK_GreenSec rely on REM Proxy services that are deployed on compromised MikroTik routers for their upstream infrastructure. That said, the exact method used to breach these devices is not known.

“REM Proxy devices are likely rented to users to relay traffic,” the Proofpoint threat research team said. “In observed campaigns, both TA829 and UNK_GreenSec use the service to relay traffic to new accounts at freemail providers to then send to targets. REM Proxy services have also been used by TA829 to initiate similar campaigns via compromised email accounts.”

Given that the format of the sender addresses are similar — e.g., ximajazehox333@gmail.com and hannahsilva1978@ukr.net — it’s believed that the threat actors are likely using some sort of an email builder utility that facilitates the en masse creation and sending of phishing emails via REM Proxy nodes.

The messages act as a conduit to deliver a link, which is either directly embedded in the body or within a PDF attachment. Clicking on the link initiates a series of redirections via Rebrandly that ultimately take the victim to a fake Google Drive or Microsoft OneDrive page, while filtering out machines that have been flagged as sandboxes or deemed not of interest to the attackers.

It’s at this stage that the attack chains splinter into two, as the adversary infrastructure to which the targets are redirected is different, ultimately paving the way for TransferLoader in the case of UNK_GreenSec and a malware strain called SlipScreen in the case of TA829.

“TA829 and UNK_GreenSec have both deployed Putty’s PLINK utility to set up SSH tunnels, and both used IPFS services to host those utilities in follow-on activity,” Proofpoint noted.

SlipScreen is a first-stage loader that’s designed to decrypt and load shellcode directly into memory and initiate communications with a remote server, but only after a Windows Registry check to ensure the targeted computer has at least 55 recent documents based on the “HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerRecentDocs” key.

The infection sequence is then used to deploy a downloader named MeltingClaw (aka DAMASCENED PEACOCK) or RustyClaw, which is then used to drop backdoors like ShadyHammock or DustyHammock, with the former being used to launch SingleCamper (aka SnipBot), an updated version of RomCom RAT.

DustyHammock, besides running reconnaissance commands on an infected system, comes fitted with the ability to download additional payloads hosted on the InterPlanetary File System (IPFS) network.

Campaigns propagating TransferLoader have been found to leverage job opportunity-themed messages to trick victims into clicking on a link that ostensibly leads to a PDF resume, but, in reality, results in the download of TransferLoader from an IPFS webshare.

TransferLoader’s primary objective is to fly under the radar and serve more malware, such as Metasploit and Morpheus ransomware, a rebranded version of HellCat ransomware.

“Unlike the TA829 campaigns, the TransferLoader campaigns’ JavaScript components redirected users to a different PHP endpoint on the same server, which allows the operator to conduct further server-side filtering,” Proofpoint said. “UNK_GreenSec used a dynamic landing page, often irrelevant to the OneDrive spoof, and redirected users to the final payload that was stored on an IPFS webshare.”

The overlapping tradecraft between TA829 and UNK_GreenSec raises one of the four possibilities –

• The threat actors are procuring distribution and infrastructure from the same third-party provider
• TA829 acquires and distributes infrastructure on its own, and has provided these services to UNK_GreenSec
• UNK_GreenSec is the infrastructure provider that typically offers its warez to TA829, but decided to temporarily use it to deliver its own malware, TransferLoader
• TA829 and UNK_GreenSec are one and the same, and TransferLoader is a new addition to their malware arsenal

“In the current threat landscape, the points at which cybercrime and espionage activity overlap continue to increase, removing the distinctive barriers that separate criminal and state actors,” Proofpoint said. “Campaigns, indicators, and threat actor behaviors have converged, making attribution and clustering within the ecosystem more challenging.”

“While there is not sufficient evidence to substantiate the exact nature of the relationship between TA829 and UNK_GreenSec, there is very likely a link between the groups.”