Category: Cybersecurity

Aug 28, 2025The Hacker NewsCloud Security / Generative AI

Picture this: Your team rolls out some new code, thinking everything’s fine. But hidden in there is a tiny flaw that explodes into a huge problem once it hits the cloud. Next thing you know, hackers are in, and your company is dealing with a mess that costs millions.

Scary, right? In 2025, the average data breach hits businesses with a whopping $4.44 million bill globally. And guess what? A big chunk of these headaches comes from app security slip-ups, like web attacks that snag credentials and wreak havoc. If you’re in dev, ops, or security, you’ve probably felt that stress—endless alerts, teams arguing over who’s to blame, and fixes that take forever.

But hey, it doesn’t have to be this way. What if you could spot those risks early, from the moment code is written all the way to when it’s running in the cloud? That’s the magic of code-to-cloud visibility, and it’s changing how smart teams handle app security. Our upcoming webinar, “Code-to-Cloud Visibility: The New Foundation for Modern AppSec,” is your chance to learn how. It’s happening on September 18, 2025, at 2 PM EST—just a few weeks away.

This isn’t some boring lecture; it’s real talk from experts who’ve been there, packed with tips you can use right away. Sign up for the Webinar Now and grab your spot before it’s gone!

The Real Headache Hiding in Your Apps

Let’s be honest: As companies grow and push more work onto dev teams, things get messy. Risks pop up in code but only show up later in the cloud, leading to confusion, slow fixes, and attackers getting the jump on you. Recent reports show that inefficient vulnerability handling is a top pain for 32% of organizations, and securing AI tools like GenAI is right behind at 30%. Even worse, 97% of companies are dealing with GenAI-related security issues. Without a clear view from code to cloud, you’re basically guessing—and that leaves doors open for bad guys.

I’ve chatted with folks in the trenches who share war stories: Late nights scrambling to patch holes that could’ve been fixed days earlier. It’s draining, and with breaches costing more than ever, it’s hitting the bottom line hard. The good news? Code-to-cloud visibility connects the dots, giving you full sight into vulnerabilities, secrets, and setup mistakes. It helps teams catch issues early, fix them fast, and work together better—no more finger-pointing.

What You’ll Walk Away With: Simple Steps to Level Up Your Security

In this quick 60-minute chat, our pros will break down why this approach is becoming a must-have for app security programs. Gartner says by 2026, 40% of companies will jump on board with tools like ASPM to handle risks smarter. We’ll keep it straightforward, no tech overload—just practical stuff.

Here’s what you’ll get:

1. Get Everyone on the Same Page: See how linking code risks to cloud behavior creates a simple shared plan. Dev, ops, and security teams can finally team up, cut the noise, and speed up feedback.
2. Focus on What Really Matters: Learn easy ways to map out risks and zero in on your key apps. We’ll share real examples, like tracing a code glitch to its cloud weak spot, so you can plug holes before hackers notice.
3. Fix Things Quicker: Grab step-by-step ideas to automate fixes and slash remediation time—some teams see drops of 30% or more in vulnerabilities and days shaved off fixes. Imagine adding this to your workflow without slowing down your work.
4. Stay Ahead of New Threats: We’ll cover hot topics like safe AI use and rules pushing for better security. Plus, a handy checklist to check your setup and quick wins to try tomorrow.

People who’ve joined similar sessions say it changed how they work: “It connected the dots and stopped us from chasing shadows,” one ops guy told me. Ready to make that change for your team? Sign up for the Webinar Now and start turning those insights into action.

Watch this Webinar Now

Why Jump In Now? Threats Aren’t Waiting

With big attacks making headlines—like the PowerSchool breach hitting millions or ransomware messing with supply chains in 2025—delaying isn’t smart. Code-to-cloud visibility isn’t fancy tech; it’s your shield to bake security in from start to finish. Don’t wait for a crisis—get ahead and make your apps tougher.

Seats are going quickly, so sign up today. You’ll also snag a free ASPM checklist and the recording to watch later. It’s a small time investment for big peace of mind.

Sign Up for the Webinar Now – Can’t wait to see you there!

Every day, businesses, teams, and project managers trust platforms like Trello, Asana, etc., to collaborate and manage tasks. But what happens when that trust is broken? According to a recent report by Statista, the average cost of a data breach worldwide was about $4.88 million. Also, in 2024, the private data of over 15 million Trello user profiles was shared on a popular hacker forum. Yet, most organizations and project managers still assume that their platform’s built-in backups are enough until they are not. The next few paragraphs will expose some risks of relying on these platform tools alone and how to better protect yourself and your organization from data loss with cloud backup and recovery.

Why are project management tools becoming a prime target for data loss?

More than 95% of businesses today rely heavily on project management tools like Trello and Asana to organize tasks, collaborate with teams, and track project milestones. However, as project managers become more deeply integrated into these tools for their daily operations and storing massive data volumes in one place, two major threats arise: human errors and cyber threats.

Tiny human errors that cause massive data disasters

Data is one of the most critical assets of every organization. It helps them understand customer behaviour, market trends, and internal performance. Also, for project managers, it provides insight into project timelines, risk management, resource allocation, and team productivity. When used effectively, it can be used to forecast business sales and revenue.

However, while cyberattacks and natural disasters can lead to data loss, the human element is the most common cause. For example, teams and project managers that juggle multiple tasks and deadlines in a shared workspace create ample room for accidental deletions and mistakes. Also, according to a study conducted by the Computing Technology Industry Association (CompTIA), human error accounts for 52 percent of the root causes of security breaches. Other common human errors include misconfigured user permissions, unintended bulk actions, archiving projects too early, etc.

The growing threat of cyberattacks

Most project management tools today are cloud-based, enabling teams to collaborate remotely. However, they have also become attractive to cybercriminals. Cyberattacks such as phishing and ransomware are targeting these platforms with a lot of sensitive information that might cripple a business if found in the wrong hands.

For instance, data reports by DocuClipper have it that “60% of small businesses that are victims of a Cyber Attack go out of business within six months”. That is why you, as a project manager, need the proper information security to protect your data from such threats.

Are built-in security features enough to protect your project data?

The answer is No! And here is why. While most SaaS-based project management tools like Monday com, Trello, and Asana have basic built-in features such as role-based access control, data encryption, and authentication, they are not fully designed to protect against costly mistakes caused by human error. For project managers, this could mean the difference between staying on schedule and facing expensive delays.

FluentPro Backup is one of the best cloud-based backup and restore tools for project management software. Whether it is Monday.com backups, Asana, Smartsheet, Trello, Microsoft Planner Basic, Planner Premium, Microsoft Dynamics Project Operations, or Microsoft Dataverse database, the backup tool is designed to automate end-to-end data protection without requiring manual intervention from project managers or team leaders. Also, one of the defining strengths of FluentPro Backup is its ability to minimize data loss due to accidental deletion, sync error, or third-party integration failures.

Capabilities of FluentPro Backup for SaaS project management tools

• Automated continuous backup. FluentPro Backup provides 100% automated backup that runs continuously and saves project versions.
• Quick restoration of projects. FluentPro Backup offers quick and automated recovery. For example, if a project was deleted due to human error or a cyber-attack, the software provides a one-click full project restore to minimize downtime and disruption.
• Granular restore. Project managers or teams sometimes don’t need to restore an entire project, just a specific file or task. FluentPro Backup offers granular recovery options that allow you to restore individual items, subtasks, or labels.
• Enterprise-grade security measures. At the core of FluentPro Backup is project management software security. Understanding the importance of data security, the software protects your projects from unauthorized access and breaches. For instance, the software uses Microsoft Azure to store data with full compliance standards.
• Version control and audit trails. Version history is one of the outstanding features of FluentPro Backup software. The solution keeps historical snapshots of project data, which allows you to compare and restore changes between versions. Also, there is an audit trail that logs every backup and restores your SaaS project management tools.

What real-world value does FluentPro Backup bring to businesses?

• Ensures project continuity. Always showing up is the most important thing for all businesses out there. This uninterrupted flow supports better project delivery outcomes and preserves client trust.
• Boosts team confidence and productivity. Project managers and teams can work productively when they know every task and project is backed up securely.
• Minimize operational and financial risk. Some of the most critical risks associated with data loss include costly delays, damaged reputations, and lost contracts. However, with FluentPro Backup, you can minimize this risk to the barest minimum without impacting business operations.
• Enhance stakeholder trust. Stakeholders and clients are the backbone of every business venture. You want to ensure that they are always happy doing business with you. You can assure them by demonstrating your backup and recovery strategies using the FluentPro Backup tool.

Conclusion

While SaaS project management tools like Monday.com, Asana, Trello, and Smartsheet are widely used for collaboration and task tracking, they come with several project management challenges that can compromise project data integrity and availability. However, by taking a proactive approach to project management security, you are well-positioned for any cyber threats or tiny human errors that might cause downtime, financial loss, and reputational damage. So don’t wait until data loss disrupts your project workflow; invest in secure tools like FluentPro Backup to protect your project data and ensure your team and organization peace of mind.

The maintainers of the nx build system have alerted users to a supply chain attack that allowed attackers to publish malicious versions of the popular npm package and other auxiliary plugins with data-gathering capabilities.

“Malicious versions of the nx package, as well as some supporting plugin packages, were published to npm, containing code that scans the file system, collects credentials, and posts them to GitHub as a repo under the user’s accounts,” the maintainers said in an advisory published Wednesday.

Nx is an open-source, technology-agnostic build platform that’s designed to manage codebases. It’s advertised as an “AI-first build platform that connects everything from your editor to CI [continuous integration].” The npm package has over 3.5 million weekly downloads.

The list of affected packages and versions is below. These versions have since been removed from the npm registry. The compromise of the nx package took place on August 26, 2025.

• nx 21.5.0, 20.9.0, 20.10.0, 21.6.0, 20.11.0, 21.7.0, 21.8.0, 20.12.0
• @nx/devkit 21.5.0, 20.9.0
• @nx/enterprise-cloud 3.2.0
• @nx/eslint 21.5.0
• @nx/js 21.5.0, 20.9.0
• @nx/key 3.2.0
• @nx/node 21.5.0, 20.9.0
• @nx/workspace 21.5.0, 20.9.0

The project maintainers said the root cause of the issue stemmed from a vulnerable workflow that introduced the ability to inject executable code using a specially crafted title in a pull request (PR).

“The pull_request_target trigger was used as a way to trigger the action to run whenever a PR was created or modified,” the nx team said. “However, what was missed is the warning that this trigger, unlike the standard pull_request trigger, runs workflows with elevated permissions, including a GITHUB_TOKEN which has read/write repository permission.”

It’s believed the GITHUB_TOKEN was utilized to trigger the “publish.yml” workflow, which is responsible for publishing the Nx packages to the registry using an npm token.

But with the PR validation workflow running with elevated privileges, the “publish.yml workflow” is triggered to run on the “nrwl/nx” repository while also introducing malicious changes that made it possible to exfiltrate the npm token to an attacker-controlled webhook[.]site endpoint.

“As part of the bash injection, the PR validation workflows triggered a run of the publish.yml with this malicious commit and sent our npm token to an unfamiliar webhook,” the nx team explained. “We believe this is how the user got a hold of the npm token used to publish the malicious versions of nx.”

In other words, the injection flaw enabled arbitrary command execution if a malicious PR title was submitted, while the pull_request_target trigger granted elevated permissions by providing a GITHUB_TOKEN with read/write access to the repository.

The rogue versions of the packages have been found to contain a postinstall script that’s activated after package installation to scan a system for text files, collect credentials, and send the details as a Base64-encoded string to a publicly accessible GitHub repository containing the name “s1ngularity-repository” (or “s1ngularity-repository-0” and “s1ngularity-repository-1”) under the user’s account.

“The malicious postinstall script also modified the .zshrc and .bashrc files which are run whenever a terminal is launched to include sudo shutdown -h 0 which prompt users for their system password and if provided, would shut down the machine immediately,” the maintainers added.

While GitHub has since started to archive these repositories, users who encounter the repositories are advised to assume compromise and rotate GitHub and npm credentials and tokens. Users are also recommended to stop using the malicious packages and check .zshrc and .bashrc files for any unfamiliar instructions and remove them.

The nx team said they have also undertaken remedial actions by rotating their npm and GitHub tokens, auditing GitHub and npm activities across the organization for suspicious activities, and updating Publish access for nx to require two-factor authentication (2FA) or automation.

Wiz researchers Merav Bar and Rami McCarthy said 90% of over 1,000 leaked GitHub tokens are still valid, as well as dozens of valid cloud credentials and npm tokens. It’s said the malware was run on developer machines, often via the nx Visual Studio Code extension. As many as 1,346 repositories with the string “s1ngularity-repository” have been detected by GitGuardian.

Among the 2,349 distinct secrets leaked, the vast majority of them account for GitHub OAuth keys and personal access tokens (PATs), followed by API keys and credentials for Google AI, OpenAI, Amazon Web Services, OpenRouter, Anthropic Claude, PostgreSQL, and Datadog.

The cloud security firm found that the payload is capable of running only on Linux and macOS systems, systematically searching for sensitive files and extracting credentials, SSH keys, and .gitconfig files.

“Notably, the campaign weaponized installed AI CLI tools by prompting them with dangerous flags (–dangerously-skip-permissions, –yolo, –trust-all-tools) to steal file system contents, exploiting trusted tools for malicious reconnaissance,” the company said.

StepSecurity said the incident marks the first known case where attackers have turned developer AI assistants like Claude, Google Gemini, and Amazon Q into tools for supply chain exploitation and bypass traditional security boundaries.

“There are a few differences between the malware in the scoped nx packages (i.e. @nx/devkit, @nx/eslint) versus the malware in the nx package,” Socket said. “First, the AI prompt is different. In these packages, the AI prompt is a bit more basic. This LLM prompt is also much less broad in scope, targeting crypto-wallet keys and secret patterns as well as specific directories, whereas the ones in @nx grabs any interesting text file.”

Charlie Eriksen of Aikido said the use of LLM clients as a vector for enumerating secrets on the victim machine is a novel approach, and gives defenders insight into the direction the attackers may be heading in the future.

“Given the popularity of the Nx ecosystem, and the novelty of AI tool abuse, this incident highlights the evolving sophistication of supply chain attacks,” StepSecurity’s Ashish Kurmi said. “Immediate remediation is critical for anyone who installed the compromised versions.”

Aug 28, 2025Ravie LakshmananArtificial Intelligence / Malware

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced a fresh round of sanctions against two individuals and two entities for their role in the North Korean remote information technology (IT) worker scheme to generate illicit revenue for the regime’s weapons of mass destruction and ballistic missile programs.

“The North Korean regime continues to target American businesses through fraud schemes involving its overseas IT workers, who steal data and demand ransom,” said Under Secretary of the Treasury for Terrorism and Financial Intelligence John K. Hurley. “Under President Trump, Treasury is committed to protecting Americans from these schemes and holding the guilty accountable.”

The key players targeted include Vitaliy Sergeyevich Andreyev, Kim Ung Sun, Shenyang Geumpungri Network Technology Co., Ltd, and Korea Sinjin Trading Corporation. The latest effort expands the scope of sanctions imposed against Chinyong Information Technology Cooperation Company in May 2023.

Chinyong, according to insider risk management firm DTEX, is one of the many IT companies that have deployed IT workers for engaging in freelance IT work and cryptocurrency theft. It has offices in China, Laos, and Russia.

The years-long IT worker threat, also tracked as Famous Chollima, Jasper Sleet, UNC5267, and Wagemole, is assessed to be affiliated with the Workers’ Party of Korea. At its core, the scheme works by embedding North Korean IT workers in legitimate companies in the U.S. and elsewhere, securing these jobs using fraudulent documents, stolen identities, and false personas on GitHub, CodeSandbox, Freelancer, Medium, RemoteHub, CrowdWorks, and WorkSpace.ru.

Select cases have also involved the threat actors clandestinely introducing malware into company networks to exfiltrate proprietary and sensitive data, and extort them in return for not leaking the information.

In a report published Wednesday, Anthropic revealed how the employment fraud operation has leaned heavily on artificial intelligence (AI)-powered tools like Claude to create convincing professional backgrounds and technical portfolios, tailor resumes to specific job descriptions, and even deliver actual technical work.

“The most striking finding is the actors’ complete dependency on AI to function in technical roles,” Anthropic said. “These operators do not appear to be able to write code, debug problems, or even communicate professionally without Claude’s assistance. Yet they’re successfully maintaining employment at Fortune 500 companies (according to public reporting), passing technical interviews, and delivering work that satisfies their employers.”

The Treasury Department said Andreyev, a 44-year-old Russian national, has facilitated payments to Chinyong and has worked with Kim Ung Sun, a North Korean economic and trade consular official based in Russia, to conduct multiple financial transfers worth nearly $600,000 by converting cryptocurrency to cash in U.S. dollars since December 2024.

Shenyang Geumpungri, the department added, is a Chinese front company for Chinyong that consists of a delegation of DPRK IT workers, generating over $1 million in profits for Chinyong and Sinjin since 2021.

“Sinjin is a DPRK [Democratic People’s Republic of Korea] company subordinate to the U.S.-sanctioned DPRK Ministry of People’s Armed Forces General Political Bureau,” the Treasury said. “The company has received directives from DPRK government officials regarding the DPRK IT workers that Chinyong deploys internationally.”

The announcement comes a little over a month after the Treasury Department sanctioned a North Korean front company (Korea Sobaeksu Trading Company) and three associated individuals (Kim Se Un, Jo Kyong Hun, and Myong Chol Min) for their involvement in the IT worker scheme. In parallel, an Arizona woman was awarded an eight-year prison sentence for running a laptop farm that enabled the actors to connect remotely to companies’ networks.

Last month, the department also sanctioned Song Kum Hyok, a member of a North Korean hacking group called Andariel, alongside a Russian national (Gayk Asatryan) and four entities (Asatryan LLC, Fortuna LLC, Korea Songkwang Trading General Corporation, and Korea Saenal Trading Corporation) for their participation in the sanctions-evading scheme.

Cybersecurity company ESET has disclosed that it discovered an artificial intelligence (AI)-powered ransomware variant codenamed PromptLock.

Written in Golang, the newly identified strain uses the gpt-oss:20b model from OpenAI locally via the Ollama API to generate malicious Lua scripts in real-time. The open-weight language model was released by OpenAI earlier this month.

“PromptLock leverages Lua scripts generated from hard-coded prompts to enumerate the local filesystem, inspect target files, exfiltrate selected data, and perform encryption,” ESET said. “These Lua scripts are cross-platform compatible, functioning on Windows, Linux, and macOS.”

The ransomware code also embeds instructions to craft a custom note based on the “files affected,” and the infected machine is a personal computer, company server, or a power distribution controller. It’s currently not known who is behind the malware, but ESET told The Hacker News that PromptLoc artifacts were uploaded to VirusTotal from the United States on August 25, 2025.

“PromptLock uses Lua scripts generated by AI, which means that indicators of compromise (IoCs) may vary between executions,” the Slovak cybersecurity company pointed out. “This variability introduces challenges for detection. If properly implemented, such an approach could significantly complicate threat identification and make defenders’ tasks more difficult.”

Assessed to be a proof-of-concept (PoC) rather than a fully operational malware deployed in the wild, PromptLock uses the SPECK 128-bit encryption algorithm to lock files.

Besides encryption, analysis of the ransomware artifact suggests that it could also be used to exfiltrate data or even destroy it, although the functionality to actually perform the erasure appears not yet to be implemented.

“PromptLock does not download the entire model, which could be several gigabytes in size,” ESET clarified. “Instead, the attacker can simply establish a proxy or tunnel from the compromised network to a server running the Ollama API with the gpt-oss-20b model.”

The emergence of PromptLock is another sign that AI has made it easier for cybercriminals, even those who lack technical expertise, to quickly set up new campaigns, develop malware, and create compelling phishing content and malicious sites.

Earlier today, Anthropic revealed that it had banned accounts created by two different threat actors that used its Claude AI chatbot to commit large-scale theft and extortion of personal data targeting at least 17 distinct organizations, and developed several variants of ransomware with advanced evasion capabilities, encryption, and anti-recovery mechanisms.

The development comes as large language models (LLMs) powering various chatbots and AI-focused developer tools, such as Amazon Q Developer, Anthropic Claude Code, AWS Kiro, Butterfly Effect Manus, Google Jules, Lenovo Lena, Microsoft GitHub Copilot, OpenAI ChatGPT Deep Research, OpenHands, Sourcegraph Amp, and Windsurf, have been found susceptible to prompt injection attacks, potentially allowing information disclosure, data exfiltration, and code execution.

Despite incorporating robust security and safety guardrails to avoid undesirable behaviors, AI models have repeatedly fallen prey to novel variants of injections and jailbreaks, underscoring the complexity and evolving nature of the security challenge.

“Prompt injection attacks can cause AIs to delete files, steal data, or make financial transactions,” Anthropic said. “New forms of prompt injection attacks are also constantly being developed by malicious actors.”

What’s more, new research has uncovered a simple yet clever attack called PROMISQROUTE – short for “Prompt-based Router Open-Mode Manipulation Induced via SSRF-like Queries, Reconfiguring Operations Using Trust Evasion” – that abuses ChatGPT’s model routing mechanism to trigger a downgrade and cause the prompt to be sent to an older, less secure model, thus allowing the system to bypass safety filters and produce unintended results.

“Adding phrases like ‘use compatibility mode’ or ‘fast response needed’ bypasses millions of dollars in AI safety research,” Adversa AI said in a report published last week, adding the attack targets the cost-saving model-routing mechanism used by AI vendors.

The financially motivated threat actor known as Storm-0501 has been observed refining its tactics to conduct data exfiltration and extortion attacks targeting cloud environments.

“Unlike traditional on-premises ransomware, where the threat actor typically deploys malware to encrypt critical files across endpoints within the compromised network and then negotiates for a decryption key, cloud-based ransomware introduces a fundamental shift,” the Microsoft Threat Intelligence team said in a report shared with The Hacker News.

“Leveraging cloud-native capabilities, Storm-0501 rapidly exfiltrates large volumes of data, destroys data and backups within the victim environment, and demands ransom — all without relying on traditional malware deployment.”

Storm-0501 was first documented by Microsoft almost a year ago, detailing its hybrid cloud ransomware attacks targeting government, manufacturing, transportation, and law enforcement sectors in the U.S., with the threat actors pivoting from on-premises to cloud for subsequent data exfiltration, credential theft, and ransomware deployment.

Assessed to be active since 2021, the hacking group has evolved into a ransomware-as-a-service (RaaS) affiliate delivering various ransomware payloads over the years, such as Sabbath, Hive, BlackCat (ALPHV), Hunters International, LockBit, and Embargo.

“Storm-0501 has continued to demonstrate proficiency in moving between on-premises and cloud environments, exemplifying how threat actors adapt as hybrid cloud adoption grows,” the company said. “They hunt for unmanaged devices and security gaps in hybrid cloud environments to evade detection and escalate cloud privileges and, in some cases, traverse tenants in multi-tenant setups to achieve their goals.”

Typical attack chains involve the threat actor abusing their initial access to achieve privilege escalation to a domain administrator, followed by on-premises lateral movement and reconnaissance steps that allow the attackers to breach the target’s cloud environment, thereby initiating a multi-stage sequence involving persistence, privilege escalation, data exfiltration, encryption, and extortion.

Initial access, per Microsoft, is achieved through intrusions facilitated by access brokers like Storm-0249 and Storm-0900, taking advantage of stolen, compromised credentials to sign in to the target system, or exploiting various known remote code execution vulnerabilities in unpatched public-facing servers.

In a recent campaign targeting an unnamed large enterprise with multiple subsidiaries, Storm-0501 is said to have conducted reconnaissance before laterally moving across the network using Evil-WinRM. The attackers also carried out what’s called a DCSync Attack to extract credentials from Active Directory by simulating the behavior of a domain controller.

“Leveraging their foothold in the Active Directory environment, they traversed between Active Directory domains and eventually moved laterally to compromise a second Entra Connect server associated with a different Entra ID tenant and Active Directory domain,” Microsoft said.

“The threat actor extracted the Directory Synchronization Account to repeat the reconnaissance process, this time targeting identities and resources in the second tenant.”

These efforts ultimately enabled Storm-0501 to identify a non-human synced identity with a Global Admin role in Microsoft Entra ID on that tenant, and lacking in multi-factor authentication (MFA) protections. This subsequently opened the door to a scenario where the attackers reset the user’s on-premises password, causing it to be synced to the cloud identity of that user using the Entra Connect Sync service.

Armed with the compromised Global Admin account, the digital intruders have been found to access the Azure Portal, registering a threat actor-owned Entra ID tenant as a trusted federated domain to create a backdoor, and then elevate their access to critical Azure resources, before setting the stage for data exfiltration and extortion.

“After completing the exfiltration phase, Storm-0501 initiated the mass-deletion of the Azure resources containing the victim organization data, preventing the victim from taking remediation and mitigation action by restoring the data,” Microsoft said.

“After successfully exfiltrating and destroying the data within the Azure environment, the threat actor initiated the extortion phase, where they contacted the victims using Microsoft Teams using one of the previously compromised users, demanding ransom.”

The company said it has enacted a change in Microsoft Entra ID that prevents threat actors from abusing Directory Synchronization Accounts to escalate privileges. It has also released updates to Microsoft Entra Connect (version 2.5.3.0) to support Modern Authentication to allow customers to configure application-based authentication for enhanced security.

“It is also important to enable Trusted Platform Module (TPM) on the Entra Connect Sync server to securely store sensitive credentials and cryptographic keys, mitigating Storm-0501’s credential extraction techniques,” the tech giant added.

Cybersecurity company ESET has disclosed that it discovered an artificial intelligence (AI)-powered ransomware variant codenamed PromptLock.

Written in Golang, the newly identified strain uses the gpt-oss:20b model from OpenAI locally via the Ollama API to generate malicious Lua scripts in real-time. The open-weight language model was released by OpenAI earlier this month.

“PromptLock leverages Lua scripts generated from hard-coded prompts to enumerate the local filesystem, inspect target files, exfiltrate selected data, and perform encryption,” ESET said. “These Lua scripts are cross-platform compatible, functioning on Windows, Linux, and macOS.”

The ransomware code also embeds instructions to craft a custom note based on the “files affected,” and the infected machine is a personal computer, company server, or a power distribution controller. It’s currently not known who is behind the malware, but ESET told The Hacker News that PromptLoc artifacts were uploaded to VirusTotal from the United States on August 25, 2025.

“PromptLock uses Lua scripts generated by AI, which means that indicators of compromise (IoCs) may vary between executions,” the Slovak cybersecurity company pointed out. “This variability introduces challenges for detection. If properly implemented, such an approach could significantly complicate threat identification and make defenders’ tasks more difficult.”

Assessed to be a proof-of-concept (PoC) rather than a fully operational malware deployed in the wild, PromptLock uses the SPECK 128-bit encryption algorithm to lock files.

Besides encryption, analysis of the ransomware artifact suggests that it could also be used to exfiltrate data or even destroy it, although the functionality to actually perform the erasure appears not yet to be implemented.

“PromptLock does not download the entire model, which could be several gigabytes in size,” ESET clarified. “Instead, the attacker can simply establish a proxy or tunnel from the compromised network to a server running the Ollama API with the gpt-oss-20b model.”

The emergence of PromptLock is another sign that AI has made it easier for cybercriminals, even those who lack technical expertise, to quickly set up new campaigns, develop malware, and create compelling phishing content and malicious sites.

Earlier today, Anthropic revealed that it banned accounts created by two different threat actors that used its Claude AI chatbot to commit large-scale theft and extortion of personal data targeting at least 17 distinct organizations, and developed several variants of ransomware with advanced evasion capabilities, encryption, and anti-recovery mechanisms.

The development comes as large language models (LLMs) powering various chatbots and AI-focused developer tools, such as Amazon Q Developer, Anthropic Claude Code, AWS Kiro, Butterfly Effect Manus, Google Jules, Lenovo Lena, Microsoft GitHub Copilot, OpenAI ChatGPT Deep Research, OpenHands, Sourcegraph Amp, and Windsurf, have been found susceptible to prompt injection attacks, potentially allowing information disclosure, data exfiltration, and code execution.

Despite incorporating robust security and safety guardrails to avoid undesirable behaviors, AI models have repeatedly fallen prey to novel variants of injections and jailbreaks, underscoring the complexity and evolving nature of the security challenge.

“Prompt injection attacks can cause AIs to delete files, steal data, or make financial transactions,” Anthropic said. “New forms of prompt injection attacks are also constantly being developed by malicious actors.”

What’s more, new research has uncovered a simple yet clever attack called PROMISQROUTE – short for “Prompt-based Router Open-Mode Manipulation Induced via SSRF-like Queries, Reconfiguring Operations Using Trust Evasion” – that abuses ChatGPT’s model routing mechanism to trigger a downgrade and cause the prompt to be sent to an older, less secure model, thus allowing the system to bypass safety filters and produce unintended results.

“Adding phrases like ‘use compatibility mode’ or ‘fast response needed’ bypasses millions of dollars in AI safety research,” Adversa AI said in a report published last week, adding the attack targets the cost-saving model-routing mechanism used by AI vendors.

A threat activity cluster known as ShadowSilk has been attributed to a fresh set of attacks targeting government entities within Central Asia and Asia-Pacific (APAC).

According to Group-IB, nearly three dozen victims have been identified, with the intrusions mainly geared towards data exfiltration. The hacking group shares toolset and infrastructural overlaps with campaigns undertaken by threat actors dubbed YoroTrooper, SturgeonPhisher, and Silent Lynx.

Victims of the group’s campaigns span Uzbekistan, Kyrgyzstan, Myanmar, Tajikistan, Pakistan, and Turkmenistan, a majority of which are government organizations, and to a lesser extent, entities in the energy, manufacturing, retail, and transportation sectors.

“The operation is run by a bilingual crew – Russian-speaking developers tied to legacy YoroTrooper code and Chinese-speaking operators spearheading intrusions, resulting in a nimble, multi-regional threat profile,” researchers Nikita Rostovcev and Sergei Turner said. “The exact depth and nature of cooperation of these two sub-groups remains still uncertain.”

YoroTrooper was first publicly documented by Cisco Talos in March 2023, detailing its attacks targeting government, energy, and international organizations across Europe since at least June 2022. The group is believed to be active as far back as 2021, per ESET.

A subsequent analysis later that year revealed that the hacking group likely consists of individuals from Kazakhstan based on their fluency in Kazakh and Russian, as well as what appeared to be deliberate efforts to avoid targeting entities in the country.

Then earlier this January, Seqrite Labs uncovered cyber attacks orchestrated by an adversary dubbed Silent Lynx that singled out various organizations in Kyrgyzstan and Turkmenistan. It also characterized the threat actor as having overlaps with YoroTrooper.

ShadowSilk represents the latest evolution of the threat actor, leveraging spear-phishing emails as the initial access vector to drop password-protected archives to drop a custom loader that hides command-and-control (C2) traffic behind Telegram bots to evade detection and deliver additional payloads. Persistence is achieved by modifying the Windows Registry to run them automatically after a system reboot.

The threat actor also employs public exploits for Drupal (CVE-2018-7600 and CVE-2018-76020 and the WP-Automatic WordPress plugin (CVE-2024-27956), alongside leveraging a diverse toolkit comprising reconnaissance and penetration-testing tools such as FOFA, Fscan, Gobuster, Dirsearch, Metasploit, and Cobalt Strike.

Furthermore, ShadowSilk has incorporated into its arsenal JRAT and Morf Project web panels acquired from darknet forums for managing infected devices, and a bespoke tool for stealing Chrome password storage files and the associated decryption key. Another notable aspect is its compromise of legitimate websites to host malicious payloads.

“Once inside a network, ShadowSilk deploys web shells [like ANTSWORD, Behinder, Godzilla, and FinalShell], Sharp-based post-exploitation tools, and tunneling utilities such as Resocks and Chisel to move laterally, escalate privileges and siphon data,” the researchers said.

The attacks have been observed paving the way for a Python-based remote access trojan (RAT) that can receive commands and exfiltrate data to a Telegram bot, thereby allowing the malicious traffic to be disguised as legitimate messenger activity. Cobalt Strike and Metasploit modules are used to grab screenshots and webcam pictures, while a custom PowerShell script scans for files matching a predefined list of extensions and copies them into a ZIP archive, which is then transmitted to an external server.

The Singaporean company has assessed that the operators of the YoroTrooper group are fluent in Russian, and are likely engaged in malware development and facilitating initial access.

However, a series of screenshots capturing one of the attackers’ workstations — featuring images of the active keyboard layout, automatic translation of Kyrgyzstan government websites into Chinese, and a Chinese language vulnerability scanner — indicates the involvement of a Chinese-speaking operator, it added.

“Recent behavior indicates that the group remains highly active, with new victims identified as recently as July,” Group-IB said. “ShadowSilk continues to focus on the government sector in Central Asia and the broader APAC region, underscoring the importance of monitoring its infrastructure to prevent long-term compromise and data exfiltration.”

Aug 27, 2025Ravie LakshmananCyber Attack / Artificial Intelligence

Anthropic on Wednesday revealed that it disrupted a sophisticated operation that weaponized its artificial intelligence (AI)-powered chatbot Claude to conduct large-scale theft and extortion of personal data in July 2025.

“The actor targeted at least 17 distinct organizations, including in healthcare, the emergency services, and government, and religious institutions,” the company said. “Rather than encrypt the stolen information with traditional ransomware, the actor threatened to expose the data publicly in order to attempt to extort victims into paying ransoms that sometimes exceeded $500,000.”

“The actor employed Claude Code on Kali Linux as a comprehensive attack platform, embedding operational instructions in a CLAUDE.md file that provided persistent context for every interaction.”

The unknown threat actor is said to have used AI to an “unprecedented degree,” using Claude Code, Anthropic’s agentic coding tool, to automate various phases of the attack cycle, including reconnaissance, credential harvesting, and network penetration.

The reconnaissance efforts involved scanning thousands of VPN endpoints to flag susceptible systems, using them to obtain initial access and following up with user enumeration and network discovery steps to extract credentials and set up persistence on the hosts.

Furthermore, the attacker used Claude Code to craft bespoke versions of the Chisel tunneling utility to sidestep detection efforts, and disguise malicious executables as legitimate Microsoft tools – an indication of how AI tools are being used to assist with malware development with defense evasion capabilities.

The activity, codenamed GTG-2002, is notable for employing Claude to make “tactical and strategic decisions” on its own and allowing it to decide which data needs to be exfiltrated from victim networks and craft targeted extortion demands by analyzing the financial data to determine an appropriate ransom amount ranging from $75,000 to $500,000 in Bitcoin.

Claude Code, per Anthropic, was also put to use to organize stolen data for monetization purposes, pulling out thousands of individual records, including personal identifiers, addresses, financial information, and medical records from multiple victims. Subsequently, the tool was employed to create customized ransom notes and multi-tiered extortion strategies based on exfiltrated data analysis.

“Agentic AI tools are now being used to provide both technical advice and active operational support for attacks that would otherwise have required a team of operators,” Anthropic said. “This makes defense and enforcement increasingly difficult, since these tools can adapt to defensive measures, like malware detection systems, in real-time.”

• Use of Claude by North Korean operatives related to the fraudulent remote IT worker scheme in order to create elaborate fictitious personas with persuasive professional backgrounds and project histories, technical and coding assessments during the application process, and assist with their day-to-day work once hired
• Use of Claude by a U.K.-based cybercriminal, codenamed GTG-5004, to develop, market, and distribute several variants of ransomware with advanced evasion capabilities, encryption, and anti-recovery mechanisms, which were then sold on darknet forums such as Dread, CryptBB, and Nulled to other threat actors for $400 to $1,200
• Use of Claude by a Chinese threat actor to enhance cyber operations targeting Vietnamese critical infrastructure, including telecommunications providers, government databases, and agricultural management systems, over the course of a 9-month campaign
• Use of Claude by a Russian-speaking developer to create malware with advanced evasion capabilities
• Use of Model Context Protocol (MCP) and Claude by a threat actor operating on the xss[.]is cybercrime forum with the goal of analyzing stealer logs and build detailed victim profiles
• Use of Claude Code by a Spanish-speaking actor to maintain and improve an invite-only web service geared towards validating and reselling stolen credit cards at scale
• Use of Claude as part of a Telegram bot that offers multimodal AI tools to support romance scam operations, advertising the chatbot as a “high EQ model”
• Use of Claude by an unknown actor to launch an operational synthetic identity service that rotates between three card validation services, aka “card checkers”

The company also said it foiled attempts made by North Korean threat actors linked to the Contagious Interview campaign to create accounts on the platform to enhance their malware toolset, create phishing lures, and generate npm packages, effectively blocking them from issuing any prompts.

The case studies add to growing evidence that AI systems, despite the various guardrails baked into them, are being abused to facilitate sophisticated schemes at speed and at scale.

“Criminals with few technical skills are using AI to conduct complex operations, such as developing ransomware, that would previously have required years of training,” Anthropic’s Alex Moix, Ken Lebedev, and Jacob Klein said, calling out AI’s ability to lower the barriers to cybercrime.

“Cybercriminals and fraudsters have embedded AI throughout all stages of their operations. This includes profiling victims, analyzing stolen data, stealing credit card information, and creating false identities allowing fraud operations to expand their reach to more potential targets.”

A threat activity cluster known as ShadowSilk has been attributed to a fresh set of attacks targeting government entities within Central Asia and Asia-Pacific (APAC).

According to Group-IB, nearly three dozen victims have been identified, with the intrusions mainly geared towards data exfiltration. The hacking group shares toolset and infrastructural overlaps with campaigns undertaken by threat actors dubbed YoroTrooper, SturgeonPhisher, and Silent Lynx.

Victims of the group’s campaigns span Uzbekistan, Kyrgyzstan, Myanmar, Tajikistan, Pakistan, and Turkmenistan, a majority of which are government organizations, and to a lesser extent, entities in the energy, manufacturing, retail, and transportation sectors.

“The operation is run by a bilingual crew – Russian-speaking developers tied to legacy YoroTrooper code and Chinese-speaking operators spearheading intrusions, resulting in a nimble, multi-regional threat profile,” researchers Nikita Rostovcev and Sergei Turner said. “The exact depth and nature of cooperation of these two sub-groups remains still uncertain.”

YoroTrooper was first publicly documented by Cisco Talos in March 2023, detailing its attacks targeting government, energy, and international organizations across Europe since at least June 2022. The group is believed to be active as far back as 2021, per ESET.

A subsequent analysis later that year revealed that the hacking group likely consists of individuals from Kazakhstan based on their fluency in Kazakh and Russian, as well as what appeared to be deliberate efforts to avoid targeting entities in the country.

Then earlier this January, Seqrite Labs uncovered cyber attacks orchestrated by an adversary dubbed Silent Lynx that singled out various organizations in Kyrgyzstan and Turkmenistan. It also characterized the threat actor as having overlaps with YoroTrooper.

ShadowSilk represents the latest evolution of the threat actor, leveraging spear-phishing emails as the initial access vector to drop password-protected archives to drop a custom loader that hides command-and-control (C2) traffic behind Telegram bots to evade detection and deliver additional payloads. Persistence is achieved by modifying the Windows Registry to run them automatically after a system reboot.

The threat actor also employs public exploits for Drupal (CVE-2018-7600 and CVE-2018-76020 and the WP-Automatic WordPress plugin (CVE-2024-27956), alongside leveraging a diverse toolkit comprising reconnaissance and penetration-testing tools such as FOFA, Fscan, Gobuster, Dirsearch, Metasploit, and Cobalt Strike.

Furthermore, ShadowSilk has incorporated into its arsenal JRAT and Morf Project web panels acquired from darknet forums for managing infected devices, and a bespoke tool for stealing Chrome password storage files and the associated decryption key. Another notable aspect is its compromise of legitimate websites to host malicious payloads.

“Once inside a network, ShadowSilk deploys web shells [like ANTSWORD, Behinder, Godzilla, and FinalShell], Sharp-based post-exploitation tools, and tunneling utilities such as Resocks and Chisel to move laterally, escalate privileges and siphon data,” the researchers said.

The attacks have been observed paving the way for a Python-based remote access trojan (RAT) that can receive commands and exfiltrate data to a Telegram bot, thereby allowing the malicious traffic to be disguised as legitimate messenger activity. Cobalt Strike and Metasploit modules are used to grab screenshots and webcam pictures, while a custom PowerShell script scans for files matching a predefined list of extensions and copies them into a ZIP archive, which is then transmitted to an external server.

The Singaporean company has assessed that the operators of the YoroTrooper group are fluent in Russian, and are likely engaged in malware development and facilitating initial access.

However, a series of screenshots capturing one of the attackers’ workstations — featuring images of the active keyboard layout, automatic translation of Kyrgyzstan government websites into Chinese, and a Chinese language vulnerability scanner — indicates the involvement of a Chinese-speaking operator, it added.

“Recent behavior indicates that the group remains highly active, with new victims identified as recently as July,” Group-IB said. “ShadowSilk continues to focus on the government sector in Central Asia and the broader APAC region, underscoring the importance of monitoring its infrastructure to prevent long-term compromise and data exfiltration.”