Category: Cybersecurity

Jul 03, 2025Ravie LakshmananVulnerability / Network Security

Cisco has released security updates to address a maximum-severity security flaw in Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME) that could permit an attacker to login to a susceptible device as the root user, allowing them to gain elevated privileges.

The vulnerability, tracked as CVE-2025-20309, carries a CVSS score of 10.0.

“This vulnerability is due to the presence of static user credentials for the root account that are reserved for use during development,” Cisco said in an advisory released Wednesday.

“An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user.”

Hardcoded credentials like this usually come from testing or quick fixes during development, but they should never make it into live systems. In tools like Unified CM that handle voice calls and communication across a company, root access can let attackers move deeper into the network, listen in on calls, or change how users log in.

The networking equipment major said it found no evidence of the flaw being exploited in the wild, and that it was discovered during internal security testing.

CVE-2025-20309 affects Unified CM and Unified CM SME versions 15.0.1.13010-1 through 15.0.1.13017-1, irrespective of device configuration.

Cisco has also released indicators of compromise (IoCs) associated with the flaw, stating successful exploitation would result in a log entry to “/var/log/active/syslog/secure” for the root user with root permissions. The log can retrieved by running the below command from the command-line interface –

cucm1# file get activelog syslog/secure

The development comes merely days after the company fixed two security flaws in Identity Services Engine and ISE Passive Identity Connector (CVE-2025-20281 and CVE-2025-20282) that could permit an unauthenticated attacker to execute arbitrary commands as the root user.

Threat actors with ties to North Korea have been observed targeting Web3 and cryptocurrency-related businesses with malware written in the Nim programming language, underscoring a constant evolution of their tactics.

“Unusually for macOS malware, the threat actors employ a process injection technique and remote communications via wss, the TLS-encrypted version of the WebSocket protocol,” SentinelOne researchers Phil Stokes and Raffaele Sabato said in a report shared with The Hacker News.

“A novel persistence mechanism takes advantage of SIGINT/SIGTERM signal handlers to install persistence when the malware is terminated or the system rebooted.”

The cybersecurity company is tracking the malware components collectively under the name NimDoor. It’s worth noting that some aspects of the campaign were previously documented by Huntabil.IT and later by Huntress and Validin, but with differences in the payloads deployed.

The attack chains involve social engineering tactics, approaching targets on messaging platforms like Telegram to schedule a Zoom meeting via Calendly, an appointment scheduling software. The target is then sent an email containing a supposed Zoom meeting link along with instructions to run a Zoom SDK update script to ensure that they are running the latest version of the videoconferencing software.

This step results in the execution of an AppleScript that acts as a delivery vehicle for a second-stage script from a remote server, while ostensibly redirecting the user to a legitimate Zoom redirect link. The newly downloaded script subsequently unpacks ZIP archives containing binaries that are responsible for setting up persistence and launching information stealing bash scripts.

At the heart of the infection sequence is a C++ loader called InjectWithDyldArm64 (aka InjectWithDyld), which decrypts two embedded binaries named Target and trojan1_arm64. InjectWithDyldArm64 launches Target in a suspended state and injects into it the trojan1_arm64’s binary’s code, after which the execution of the suspended process is resumed.

The malware proceeds to establish communication with a remote server and fetch commands that allow it to gather system information, run arbitrary commands, and change or set the current working directory. The results of the execution are sent back to the server.

Trojan1_arm64, for its part, is capable of downloading two more payloads, which come fitted with capabilities to harvest credentials from web browsers like Arc, Brave, Google Chrome, Microsoft Edge, and Mozilla Firefox, as well as extract data from the Telegram application.

Also dropped as part of the attacks is a collection of Nim-based executable that are used as a launchpad for CoreKitAgent, which monitors for user attempts to kill the malware process and ensures persistence.

“This behavior ensures that any user-initiated termination of the malware results in the deployment of the core components, making the code resilient to basic defensive actions,” the researchers said.

The malware also launches an AppleScript that beacons out every 30 seconds to one of two hard-coded command-and-control (C2) servers, while also exfiltrating a snapshot of the list of running processes and executing additional scripts sent by the server.

The findings demonstrate how North Korean threat actors are increasingly training their sights on macOS systems, weaponizing AppleScript to act as a post-exploitation backdoor to meet their data gathering goals.

“North Korean-aligned threat actors have previously experimented with Go and Rust, similarly combining scripts and compiled binaries into multi-stage attack chains,” the researchers said.

“However, Nim’s rather unique ability to execute functions during compile time allows attackers to blend complex behaviour into a binary with less obvious control flow, resulting in compiled binaries in which developer code and Nim runtime code are intermingled even at the function level.”

Kimsuky’s Use of ClickFix Continues

The disclosure comes as South Korean cybersecurity company Genians exposed Kimusky’s continued use of the ClickFix social engineering tactic to deliver a variety of remote access tools as part of a campaign dubbed BabyShark, a known cluster of activity attributed to the North Korean hacking group.

The attacks, first observed in January 2025 and targeting national security experts in South Korea, involve the use of spear-phishing emails masquerading as interview requests for a legitimate German-language business newspaper and trick them into opening a malicious link containing a bogus RAR archive.

Present within the archive is a Visual Basic Script (VBS) file that’s engineered to open a decoy Google Docs file in the user’s web browser, while, in the background, malicious code is executed to establish persistence on the host via scheduled tasks and harvest system information.

Subsequent attacks observed in March 2025 have impersonated a senior U.S. national security official to deceive targets into opening a PDF attachment that included a list of questions related to a meeting during the official’s purported visit to South Korea.

A similar tactic was documented by Proofpoint in April 2025, the difference being that the email message claimed to originate from a Japanese diplomat and urged the recipient to set up a meeting with the Japanese ambassador to the United States.

Once the obfuscated malicious PowerShell command is executed, a decoy Google Docs file is used as a distraction to conceal the execution of malicious code that establishes persistent communication with a C2 server to collect data and deliver additional payloads.

A second variant of the ClickFix strategy entails using a fake website mimicking a legitimate defense research job portal and populating it with bogus listings, causing site visitors who click on these postings to be served with a ClickFix-style pop-up message to open the Windows Run dialog and run a PowerShell command.

The command, for its part, guided users to download and install the Chrome Remote Desktop software on their systems, enabling remote control over SSH via the C2 server “kida.plusdocs.kro[.]kr.” Genians said it discovered a directory listing vulnerability in the C2 server that publicly exposed data likely collected from victims located across South Korea.

The C2 server also included an IP address from China, which has been found to contain a keylogging record for a Proton Drive link hosting a ZIP archive that’s used to drop BabyShark malware on the infected Windows host by means of a multi-stage attack chain.

As recently as last month, Kimsuky is believed to have concocted yet another variant of ClickFix in which the threat actors deploy phony Naver CAPTCHA verification pages to copy and paste PowerShell commands into the Windows Run dialog that launches an AutoIt script to siphon user information.

“The ‘BabyShark’ campaign is known for its swift adoption of new attack techniques, often integrating them with script-based mechanisms,” the company said. “The ‘ClickFix’ tactic discussed in this report appears to be another case of publicly available methods being adapted for malicious use.”

In recent weeks, Kimsuky has also been linked to email phishing campaigns that seemingly originate from academic institutions, but distribute malware under the pretext of reviewing a research paper.

“The email prompted the recipient to open a HWP document file with a malicious OLE object attachment,” AhnLab said. “The document was password-protected, and the recipient had to enter the password provided in the email body to view the document.”

Opening the weaponized document activates the infection process, leading to the execution of a PowerShell script that performs extensive system reconnaissance and the deployment of the legitimate AnyDesk software for persistent remote access.

The prolific threat actor that Kimsuky is, the group is in a constant state of flux regarding its tools, tactics, and techniques for malware delivery, with some of the cyber attacks also leveraging GitHub as a stager for propagating an open-source trojan called Xeno RAT.

“The malware accesses the attacker’s private repositories using a hard-coded Github Personal Access Token (PAT),” ENKI WhiteHat said. “This token was used to download malware from a private repository and upload information collected from victim systems.”

According to the South Korean cybersecurity vendor, the attacks begin with spear-phishing emails with compressed archive attachments containing a Windows shortcut (LNK) file, which, in turn, is likely used to drop a PowerShell script that then downloads and launches the decoy document, as well as executes Xeno RAT and a PowerShell information stealer.

Other attack sequences have been found to utilize a PowerShell-based downloader that fetches a file with an RTF extension from Dropbox to ultimately launch Xeno RAT. The campaign shares infrastructure overlaps with another set of attacks that delivered a variant of Xeno RAT known as MoonPeak.

“The attacker managed not only the malware used in attacks but also uploaded and maintained infected system log files and exfiltrated information in private repositories using GitHub Personal Access Tokens (PATs),” ENKI noted. “This ongoing activity highlights the persistent and evolving nature of Kimsuky’s operations, including their use of both GitHub and Dropbox as part of their infrastructure.”

Kimsuky, per data from NSFOCUS, has been one of the most active threat groups from Korea, alongside Konni, accounting for 5% of all the 44 advanced persistent threat (APT) activities recorded by the Chinese cybersecurity company in May 2025. In comparison, the top three most active APT groups in April were Kimsuky, Sidewinder, and Konni.

Cybersecurity researchers are calling attention to phishing campaigns that impersonate popular brands and trick targets into calling phone numbers operated by threat actors.

“A significant portion of email threats with PDF payloads persuade victims to call adversary-controlled phone numbers, displaying another popular social engineering technique known as Telephone-Oriented Attack Delivery (TOAD), also known as callback phishing,” Cisco Talos researcher Omid Mirzaei said in a report shared with The Hacker News.

An analysis of phishing emails with PDF attachments between May 5 and June 5, 2025, has revealed Microsoft and Docusign to be the most impersonated brands. NortonLifeLock, PayPal, and Geek Squad are among the most impersonated brands in TOAD emails with PDF attachments.

The activity is part of wider phishing attacks that attempt to leverage the trust people have with popular brands to initiate malicious actions. These messages typically incorporate PDF attachments featuring legitimate brands like Adobe and Microsoft to scan malicious QR codes that point to fake Microsoft login pages or click on links that redirect users to phishing pages posing as services like Dropbox.

QR code phishing emails with PDF payloads have also been found to leverage PDF annotations to embed the URLs within a sticky note, comment, or form fields within a PDF attachment, while linking the QR codes to an authentic web page to give the impression that the messages are trustworthy.

In TOAD-based attacks, victims are coaxed into calling a phone number in a purported attempt to resolve an issue or confirm a transaction. During the phone call, the attacker masquerades as a legitimate customer representative and tricks the victim into either disclosing sensitive information or installing malware on their devices.

This technique has been a popular method among threat actors to install banking trojans on Android devices and remote access programs on victim machines to gain persistent access. In May 2025, the U.S. Federal Bureau of Investigation (FBI) warned of such attacks perpetrated by a financially motivated group called Luna Moth to breach target networks by posing as IT department personnel.

“Attackers use direct voice communication to exploit the victim’s trust in phone calls and the perception that phone communication is a secure way to interact with an organization,” Mirzaei said. “Additionally, the live interaction during a phone call enables attackers to manipulate the victim’s emotions and responses by employing social engineering tactics.”

Cisco Talos said most threat actors use Voice over Internet Protocol (VoIP) numbers to remain anonymous and make it harder to trace, with some numbers reused consecutively for as many as four days, allowing the attackers to pull off multi-stage social engineering attacks using the same number.

“Brand impersonation is one of the most popular social engineering techniques, and it is continuously being used by attackers in different types of email threats,” the company said. “Therefore, a brand impersonation detection engine plays a pivotal role in defending against cyber attacks.”

In recent months, phishing campaigns have also capitalized on a legitimate feature in Microsoft 365 (M365) called Direct Send to spoof internal users and deliver phishing emails without the need for compromising an account. The novel method has been employed to target more than 70 organizations since May 2025, per Varonis.

These spoofed messages not only seem to originate from inside the victim organization, they also take advantage of the fact that smart host addresses follow a predictable pattern (“<tenant_name>.mail.protection.outlook.com”) to send the phishing emails without requiring authentication.

In one phishing email sent on June 17, 2025, the message body resembled a voicemail notification and included a PDF attachment that contained a QR code directing the recipients to a Microsoft 365 credentials harvesting page.

“In many of their initial access attempts, the threat actor utilized M365 Direct Send functionality to target an individual organization with phishing messages that were subject to less scrutiny compared to standard inbound email,” security researcher Tom Barnea said. “This simplicity makes Direct Send an attractive and low-effort vector for phishing campaigns.”

The disclosure comes as new research from Netcraft found that asking large language models (LLMs) where to log in to 50 different brands across various sectors like finance, retail, tech, and utilities suggested unrelated hostnames as responses that were not owned by the brands in the first place.

“Two-thirds of the time, the model returned the correct URL,” the company said. “But in the remaining third, the results broke down like this: nearly 30% of the domains were unregistered, parked, or otherwise inactive, leaving them open to takeover. Another 5% pointed users to completely unrelated businesses.”

This also means that users could be likely sent to a fake website just by asking an artificial intelligence (AI) chatbot where to sign in, opening the door for brand impersonation and phishing attacks when threat actors claim control of these unregistered or unrelated domains.

With threat actors already using AI-powered tools to create phishing pages at scale, the latest development marks a new twist where cybercriminals are looking to game an LLM’s response by surfacing malicious URLs as responses to queries.

Netcraft said it has also observed attempts to poison AI coding assistants like Cursor by publishing fake APIs to GitHub that harbor functionality to route transactions on the Solana blockchain to an attacker-controlled wallet.

“The attacker didn’t just publish the code,” security researcher Bilaal Rashid said. “They launched blog tutorials, forum Q&As, and dozens of GitHub repos to promote it. Multiple fake GitHub accounts shared a project called Moonshot-Volume-Bot, seeded across accounts with rich bios, profile images, social media accounts and credible coding activity. These weren’t throwaway accounts – they were crafted to be indexed by AI training pipelines.”

The developments also follow concerted efforts on the part of threat actors to inject reputed websites (e.g., .gov or .edu domains) with JavaScript or HTML designed to influence search engines into prioritizing phishing sites in search results. This is accomplished by an illicit marketplace called Hacklink.

The service “enables cybercriminals to purchase access to thousands of compromised websites and inject malicious code designed to manipulate search engine algorithms,” security researcher Andrew Sebborn said. “Scammers use Hacklink control panels to insert links to phishing or illicit websites into the source code of legitimate but compromised domains.”

These outbound links are associated with specific keywords so that the hacked websites are served in search results when users search for relevant terms. To make matters worse, the actors can alter the text that appears in the search result to match their needs without having to take control of the site in question, impacting brand integrity and user trust.

Jul 02, 2025The Hacker NewsNetwork Security / Threat Detection

With nearly 80% of cyber threats now mimicking legitimate user behavior, how are top SOCs determining what’s legitimate traffic and what is potentially dangerous?

Where do you turn when firewalls and endpoint detection and response (EDR) fall short at detecting the most important threats to your organization? Breaches at edge devices and VPN gateways have risen from 3% to 22%, according to Verizon’s latest Data Breach Investigations report. EDR solutions are struggling to catch zero-day exploits, living-off-the-land techniques, and malware-free attacks. Nearly 80% of detected threats use malware-free techniques that mimic normal user behavior, as highlighted in CrowdStrike’s 2025 Global Threat Report. The stark reality is that conventional detection methods are no longer sufficient as threat actors adapt their strategies, using clever techniques like credential theft or DLL hijacking to avoid discovery.

In response, security operations centers (SOCs) are turning to a multi-layered detection approach that uses network data to expose activity adversaries can’t conceal.

Technologies like network detection and response (NDR) are being adopted to provide visibility that complements EDR by exposing behaviors that are more likely to be missed by endpoint-based solutions. Unlike EDR, NDR operates without agent deployment, so it effectively identifies threats that use common techniques and legitimate tools maliciously. The bottom line is evasive techniques that work against edge devices and EDR are less likely to succeed when NDR is also on the lookout.

Layering up: The faster threat detection strategy

Much like layering for unpredictable weather, elite SOCs boost resilience through a multi-layered detection strategy centered on network insights. By consolidating detections into a single system, NDR streamlines management and empowers teams to focus on high-priority risks and use cases.

Teams can adapt quickly to evolving attack conditions, detect threats faster, and minimize damage. Now, let’s gear up and take a closer look at the layers that make up this dynamic stack:

THE BASE LAYER

Lightweight and quick to apply, these easily catch known threats to form the basis for defense:

• Signature-based network detection serves as the first layer of protection due to its lightweight nature and quick response times. Industry-leading signatures, such as those from Proofpoint ET Pro running on Suricata engines, can rapidly identify known threats and attack patterns.
• Threat intelligence, often composed of indicators of compromise (IOCs), looks for known network entities (e.g., IP addresses, domain names, hashes) observed in actual attacks. As with signatures, IOCs are easy to share, light-weight, and quick to deploy, offering quicker detection.

THE MALWARE LAYER

Think of malware detection as a waterproof barrier, protecting against “drops” of malware payloads by identifying malware families. Detections such as YARA rules — a standard for static file analysis in the malware analysis community — can identify malware families sharing common code structures. It’s crucial for detecting polymorphic malware that alters its signature while retaining core behavioral characteristics.

THE ADAPTIVE LAYER

Built to weather evolving conditions, the most sophisticated layers use behavioral detection and machine learning algorithms that identify known, unknown, and evasive threats:

• Behavioral detection identifies dangerous activities like domain generation algorithms (DGAs), command and control communications, and unusual data exfiltration patterns. It remains effective even when attackers change their IOCs (or even components of the attack), since the underlying behaviors don’t change, enabling quicker detection of unknown threats.
• ML models, both supervised and unsupervised, can detect both known attack patterns and anomalous behaviors that might indicate novel threats. They can target attacks that span greater lengths of time and complexity than behavioral detections.
• Anomaly detection uses unsupervised machine learning to spot deviations from baseline network behavior. This alerts SOCs to anomalies like unexpected services, unusual client software, suspicious logins, and malicious management traffic. It helps organizations uncover threats hiding in normal network activity and minimize attacker dwell time.

THE QUERY LAYER

Finally, in some situations, there is simply no faster way to generate an alert than to query the existing network data. Search-based detection — log search queries that generate alerts and detections — functions like a snap-on layer that’s at the ready for short-term, rapid response.

Unifying threat detection layers with NDR

The true strength in multi-layered detections is how they work together. Top SOCs are deploying Network Detection and Response (NDR) to provide a unified view of threats across the network. NDR correlates detections from multiple engines to deliver a complete threat view, centralized network visibility, and the context that powers real-time incident response.

Beyond layered detections, advanced NDR solutions can also offer several key advantages that enhance overall threat response capabilities:

• Detecting emerging attack vectors and novel techniques that haven’t yet been incorporated into traditional EDR signature-based detection systems.
• Reducing false positive rates by ~25%, according to a 2022 FireEye report
• Cutting incident response times with AI-driven triage and automated workflows
• Comprehensive coverage of MITRE ATT&CK network-based tools, techniques and procedures (TTPs)
• Leveraging shared intelligence and community-driven detections (open-source solutions)

The path forward for modern SOCs

The combination of increasingly sophisticated attacks, expanding attack surfaces, and added resource constraints requires a shift toward multi-layered detection strategies. In an environment where attacks succeed in seconds, the window for maintaining effective cybersecurity without an NDR solution is rapidly closing. Elite SOC teams get this and have already layered up. The question isn’t whether to implement multi-layered detection, it’s how quickly organizations can make this transition.

Corelight Network Detection and Response

Corelight’s integrated Open NDR Platform combines all seven of the network detection types mentioned above and is built on a foundation of open-source software like Zeek®, allowing you to tap into the power of community-driven detection intelligence. For more information: Corelight.

Jul 02, 2025Ravie LakshmananCybercrime / Dark Web

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has levied sanctions against Russia-based bulletproof hosting (BPH) service provider Aeza Group to assist threat actors in their malicious activities and targeting victims in the country and across the world.

The sanctions also extend to its subsidiaries Aeza International Ltd., the U.K. branch of Aeza Group, as well as Aeza Logistic LLC, Cloud Solutions LLC, and four individuals linked to the company –

• Arsenii Aleksandrovich Penzev, CEO and 33% owner of Aeza Group
• Yurii Meruzhanovich Bozoyan, general director and 33% owner of Aeza Group
• Vladimir Vyacheslavovich Gast, technical director who works closely with Penzev and Bozoyan
• Igor Anatolyevich Knyazev, 33% owner of Aeza Group who manages the operations in the absence of Penzev and Bozoyan

It’s worth noting that Penzev was arrested in early April 2025 on charges of leading a criminal organization and enabling large-scale drug trafficking by hosting BlackSprut, an illicit drugs marketplace on the dark web. Bozoyan and two other Aeza employees, Maxim Orel and Tatyana Zubova, were also detained.

“Cybercriminals continue to rely heavily on BPH service providers like Aeza Group to facilitate disruptive ransomware attacks, steal U.S. technology, and sell black-market drugs,” said Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence Bradley T. Smith.

“Treasury, in close coordination with the U.K. and our other international partners, remains resolved to expose the critical nodes, infrastructure, and individuals that underpin this criminal ecosystem.”

BPH services have been godsend for threat actors as they are known to deliberately ignore abuse reports and law enforcement takedown requests, often operating in countries with weak enforcement or intentionally vague legal standards. This makes them a resilient option for attackers to host their malicious infrastructure, including phishing sites, command-and-control (C2) servers, without disruption or consequences.

Headquartered in St. Petersburg, Aeza Group is accused of leasing its services to various ransomware and information stealer families, such as BianLian, RedLine, Meduza, and Lumma, some of which have been used to target U.S. defense industrial base and technology companies and other victims worldwide.

What’s more, a report published by Correctiv and Qurium last July detailed the use of Aeza’s infrastructure by the pro-Russian influence operation dubbed Doppelganger. Another threat actor that has availed the services of Aeza is Void Rabisu, the Russia-aligned threat actor behind RomCom RAT.

The development comes nearly five months after the Treasury sanctioned another Russia-based BPH service provider named Zservers for facilitating ransomware attacks, such as those orchestrated by the LockBit group.

Last week, Qurium also linked a Russian web hosting and proxy provider named Biterika to distributed denial-of-service (DDoS) attacks against two Russian independent media outlets IStories and Verstka.

These sanctions form part of a broader effort to dismantle the ransomware supply chain by targeting critical enablers like malicious hosting, command-and-control servers, and dark web infrastructure. As threat actors shift tactics, monitoring sanctioned entities, IP reputation scores, and abuse-resilient networks is becoming central to modern threat intelligence operations.

Jul 02, 2025Ravie LakshmananAI Security / Phishing

Unknown threat actors have been observed weaponizing v0, a generative artificial intelligence (AI) tool from Vercel, to design fake sign-in pages that impersonate their legitimate counterparts.

“This observation signals a new evolution in the weaponization of Generative AI by threat actors who have demonstrated an ability to generate a functional phishing site from simple text prompts,” Okta Threat Intelligence researchers Houssem Eddine Bordjiba and Paula De la Hoz said.

v0 is an AI-powered offering from Vercel that allows users to create basic landing pages and full-stack apps using natural language prompts.

The identity services provider said it has observed scammers using the technology to develop convincing replicas of login pages associated with multiple brands, including an unnamed customer of its own. Following responsible disclosure, Vercel has blocked access to these phishing sites.

The threat actors behind the campaign have also been found to host other resources such as the impersonated company logos on Vercel’s infrastructure, likely in an effort to abuse the trust associated with the developer platform and evade detection.

Unlike traditional phishing kits that require some amount of effort to set, tools like v0 — and its open-source clones on GitHub — allows attackers spin up fake pages just by typing a prompt. It’s faster, easier, and doesn’t require coding skills. This makes it simple for even low-skilled threat actors to build convincing phishing sites at scale.

“The observed activity confirms that today’s threat actors are actively experimenting with and weaponizing leading GenAI tools to streamline and enhance their phishing capabilities,” the researchers said.

“The use of a platform like Vercel’s v0.dev allows emerging threat actors to rapidly produce high-quality, deceptive phishing pages, increasing the speed and scale of their operations.”

The development comes as bad actors continue to leverage large language models (LLMs) to aid in their criminal activities, building uncensored versions of these models that are explicitly designed for illicit purposes. One such LLM that has gained popularity in the cybercrime landscape is WhiteRabbitNeo, which advertises itself as an “Uncensored AI model for (Dev) SecOps teams.”

“Cybercriminals are increasingly gravitating towards uncensored LLMs, cybercriminal-designed LLMs, and jailbreaking legitimate LLMs,” Cisco Talos researcher Jaeson Schultz said.

“Uncensored LLMs are unaligned models that operate without the constraints of guardrails. These systems happily generate sensitive, controversial, or potentially harmful output in response to user prompts. As a result, uncensored LLMs are perfectly suited for cybercriminal usage.”

This fits a bigger shift we’re seeing: Phishing is being powered by AI in more ways than before. Fake emails, cloned voices, even deepfake videos are showing up in social engineering attacks. These tools help attackers scale up fast, turning small scams into large, automated campaigns. It’s no longer just about tricking users—it’s about building whole systems of deception.

Cybersecurity researchers have discovered a critical security vulnerability in artificial intelligence (AI) company Anthropic’s Model Context Protocol (MCP) Inspector project that could result in remote code execution (RCE) and allow an attacker to gain complete access to the hosts.

The vulnerability, tracked as CVE-2025-49596, carries a CVSS score of 9.4 out of a maximum of 10.0.

“This is one of the first critical RCEs in Anthropic’s MCP ecosystem, exposing a new class of browser-based attacks against AI developer tools,” Oligo Security’s Avi Lumelsky said in a report published last week.

“With code execution on a developer’s machine, attackers can steal data, install backdoors, and move laterally across networks – highlighting serious risks for AI teams, open-source projects, and enterprise adopters relying on MCP.”

MCP, introduced by Anthropic in November 2024, is an open protocol that standardizes the way large language model (LLM) applications integrate and share data with external data sources and tools.

The MCP Inspector is a developer tool for testing and debugging MCP servers, which expose specific capabilities through the protocol and allow an AI system to access and interact with information beyond its training data.

It contains two components, a client that provides an interactive interface for testing and debugging, and a proxy server that bridges the web UI to different MCP servers.

That said, a key security consideration to keep in mind is that the server should not be exposed to any untrusted network as it has permission to spawn local processes and can connect to any specified MCP server.

This aspect, coupled with the fact that the default settings developers use to spin up a local version of the tool come with “significant” security risks, such as missing authentication and encryption, opens up a new attack pathway, per Oligo.

“This misconfiguration creates a significant attack surface, as anyone with access to the local network or public internet can potentially interact with and exploit these servers,” Lumelsky said.

The attack plays out by chaining a known security flaw affecting modern web browsers, dubbed 0.0.0.0 Day, with a cross-site request forgery (CSRF) vulnerability in Inspector (CVE-2025-49596) to run arbitrary code on the host simply upon visiting a malicious website.

“Versions of MCP Inspector below 0.14.1 are vulnerable to remote code execution due to lack of authentication between the Inspector client and proxy, allowing unauthenticated requests to launch MCP commands over stdio,” the developers of MCP Inspector said in an advisory for CVE-2025-49596.

0.0.0.0 Day is a 19-year-old vulnerability in modern web browsers that could enable malicious websites to breach local networks. It takes advantage of the browsers’ inability to securely handle the IP address 0.0.0.0, leading to code execution.

“Attackers can exploit this flaw by crafting a malicious website that sends requests to localhost services running on an MCP server, thereby gaining the ability to execute arbitrary commands on a developer’s machine,” Lumelsky explained.

“The fact that the default configurations expose MCP servers to these kinds of attacks means that many developers may be inadvertently opening a backdoor to their machine.”

Specifically, the proof-of-concept (PoC) makes use of the Server-Sent Events (SSE) endpoint to dispatch a malicious request from an attacker-controlled website to achieve RCE on the machine running the tool even if it’s listening on localhost (127.0.0.1).

This works because the IP address 0.0.0.0 tells the operating system to listen on all IP addresses assigned to the machine, including the local loopback interface (i.e., localhost).

In a hypothetical attack scenario, an attacker could set up a fake web page and trick a developer into visiting it, at which point, the malicious JavaScript embedded in the page would send a request to 0.0.0.0:6277 (the default port on which the proxy runs), instructing the MCP Inspector proxy server to execute arbitrary commands.

The attack can also leverage DNS rebinding techniques to create a forged DNS record that points to 0.0.0.0:6277 or 127.0.0.1:6277 in order to bypass security controls and gain RCE privileges.

Following responsible disclosure in April 2025, the vulnerability was addressed by the project maintainers on June 13 with the release of version 0.14.1. The fixes add a session token to the proxy server and incorporate origin validation to completely plug the attack vector.

“Localhost services may appear safe but are often exposed to the public internet due to network routing capabilities in browsers and MCP clients,” Oligo said.

“The mitigation adds Authorization which was missing in the default prior to the fix, as well as verifying the Host and Origin headers in HTTP, making sure the client is really visiting from a known, trusted domain. Now, by default, the server blocks DNS rebinding and CSRF attacks.”

Cybersecurity researchers have flagged the tactical similarities between the threat actors behind the RomCom RAT and a cluster that has been observed delivering a loader dubbed TransferLoader.

Enterprise security firm Proofpoint is tracking the activity associated with TransferLoader to a group dubbed UNK_GreenSec and the RomCom RAT actors under the moniker TA829. The latter is also known by the names CIGAR, Nebulous Mantis, Storm-0978, Tropical Scorpius, UAC-0180, UAT-5647, UNC2596, and Void Rabisu.

The company said it discovered UNK_GreenSec as part of its investigation into TA829, describing it as using an “unusual amount of similar infrastructure, delivery tactics, landing pages, and email lure themes.”

TA829 is something of an unusual hacking group in the threat landscape given its ability to conduct both espionage as well as financially motivated attacks. The Russia-aligned hybrid group has also been linked to the zero-day exploitation of security flaws in Mozilla Firefox and Microsoft Windows to deliver RomCom RAT in attacks aimed at global targets.

Earlier this year, PRODAFT detailed the threat actors’ use of bulletproof hosting providers, living-off-the-land (LOTL) tactics, and encrypted command-and-control (C2) communications to sidestep detection.

TransferLoader, on the other hand, was first documented by Zscaler ThreatLabz in connection with a February 2025 campaign that delivered the Morpheus ransomware against an unnamed American law firm.

Proofpoint noted that campaigns undertaken by both TA829 and UNK_GreenSec rely on REM Proxy services that are deployed on compromised MikroTik routers for their upstream infrastructure. That said, the exact method used to breach these devices is not known.

“REM Proxy devices are likely rented to users to relay traffic,” the Proofpoint threat research team said. “In observed campaigns, both TA829 and UNK_GreenSec use the service to relay traffic to new accounts at freemail providers to then send to targets. REM Proxy services have also been used by TA829 to initiate similar campaigns via compromised email accounts.”

Given that the format of the sender addresses are similar — e.g., ximajazehox333@gmail.com and hannahsilva1978@ukr.net — it’s believed that the threat actors are likely using some sort of an email builder utility that facilitates the en masse creation and sending of phishing emails via REM Proxy nodes.

The messages act as a conduit to deliver a link, which is either directly embedded in the body or within a PDF attachment. Clicking on the link initiates a series of redirections via Rebrandly that ultimately take the victim to a fake Google Drive or Microsoft OneDrive page, while filtering out machines that have been flagged as sandboxes or deemed not of interest to the attackers.

It’s at this stage that the attack chains splinter into two, as the adversary infrastructure to which the targets are redirected is different, ultimately paving the way for TransferLoader in the case of UNK_GreenSec and a malware strain called SlipScreen in the case of TA829.

“TA829 and UNK_GreenSec have both deployed Putty’s PLINK utility to set up SSH tunnels, and both used IPFS services to host those utilities in follow-on activity,” Proofpoint noted.

SlipScreen is a first-stage loader that’s designed to decrypt and load shellcode directly into memory and initiate communications with a remote server, but only after a Windows Registry check to ensure the targeted computer has at least 55 recent documents based on the “HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerRecentDocs” key.

The infection sequence is then used to deploy a downloader named MeltingClaw (aka DAMASCENED PEACOCK) or RustyClaw, which is then used to drop backdoors like ShadyHammock or DustyHammock, with the former being used to launch SingleCamper (aka SnipBot), an updated version of RomCom RAT.

DustyHammock, besides running reconnaissance commands on an infected system, comes fitted with the ability to download additional payloads hosted on the InterPlanetary File System (IPFS) network.

Campaigns propagating TransferLoader have been found to leverage job opportunity-themed messages to trick victims into clicking on a link that ostensibly leads to a PDF resume, but, in reality, results in the download of TransferLoader from an IPFS webshare.

TransferLoader’s primary objective is to fly under the radar and serve more malware, such as Metasploit and Morpheus ransomware, a rebranded version of HellCat ransomware.

“Unlike the TA829 campaigns, the TransferLoader campaigns’ JavaScript components redirected users to a different PHP endpoint on the same server, which allows the operator to conduct further server-side filtering,” Proofpoint said. “UNK_GreenSec used a dynamic landing page, often irrelevant to the OneDrive spoof, and redirected users to the final payload that was stored on an IPFS webshare.”

The overlapping tradecraft between TA829 and UNK_GreenSec raises one of the four possibilities –

• The threat actors are procuring distribution and infrastructure from the same third-party provider
• TA829 acquires and distributes infrastructure on its own, and has provided these services to UNK_GreenSec
• UNK_GreenSec is the infrastructure provider that typically offers its warez to TA829, but decided to temporarily use it to deliver its own malware, TransferLoader
• TA829 and UNK_GreenSec are one and the same, and TransferLoader is a new addition to their malware arsenal

“In the current threat landscape, the points at which cybercrime and espionage activity overlap continue to increase, removing the distinctive barriers that separate criminal and state actors,” Proofpoint said. “Campaigns, indicators, and threat actor behaviors have converged, making attribution and clustering within the ecosystem more challenging.”

“While there is not sufficient evidence to substantiate the exact nature of the relationship between TA829 and UNK_GreenSec, there is very likely a link between the groups.”

Jul 01, 2025Ravie LakshmananDeveloper Security / Software Development

A new study of integrated development environments (IDEs) like Microsoft Visual Studio Code, Visual Studio, IntelliJ IDEA, and Cursor has revealed weaknesses in how they handle the extension verification process, ultimately enabling attackers to execute malicious code on developer machines.

“We discovered that flawed verification checks in Visual Studio Code allow publishers to add functionality to extensions while maintaining the verified icon,” OX Security researchers Nir Zadok and Moshe Siman Tov Bustan said in a report shared with The Hacker News. “This results in the potential for malicious extensions to appear verified and approved, creating a false sense of trust.”

Specifically, the analysis found that Visual Studio Code sends an HTTP POST request to the domain “marketplace.visualstudio[.]com” to determine if an extension is verified or otherwise.

The exploitation method essentially involves creating a malicious extension with the same verifiable values as an already verified extension, such as that of Microsoft, and bypassing trust checks.

As a result, it allows rogue extensions to appear verified to unsuspecting developers, while also containing code capable of executing operating system commands.

From a security standpoint, this is a classic case of extension sideloading abuse, where bad actors distribute plugins outside the official marketplace. Without proper code signing enforcement or trusted publisher verification, even legitimate-looking extensions can hide dangerous scripts.

For attackers, this opens up a low-barrier entry point to achieve remote code execution—a risk that’s especially serious in development environments where sensitive credentials and source code are often accessible.

In a proof-of-concept (PoC) demonstrated by the cybersecurity company, the extension was configured to open the Calculator app on a Windows machine, thereby highlighting its ability to execute commands on the underlying host.

By identifying the values used in verification requests and modifying them, it was found that it’s possible to create a VSIX package file such that it causes the malicious extension to appear legitimate.

OX Security said it was able to reproduce the flaw across other IDEs like IntelliJ IDEA and Cursor by modifying the values used for verification without making them lose their verified status.

In response to responsible disclosures, Microsoft said the behavior is by design and that the changes will prevent the VSIX extension from being published to the Marketplace owing to extension signature verification that’s enabled by default across all platforms.

However, the cybersecurity company found the flaw to be exploitable as recently as June 29, 2025. The Hacker News has reached out to Microsoft for comment, and we will update the story if we hear back.

The findings once again show that relying solely on the verified symbol of extensions can be risky, as attackers can trick developers into running malicious code without their knowledge. To mitigate such risks, it’s advised to install extensions directly from official marketplaces as opposed to using VSIX extension files shared online.

“The ability to inject malicious code into extensions, package them as VSIX/ZIP files, and install them while maintaining the verified symbols across multiple major development platforms poses a serious risk,” the researchers said. “This vulnerability particularly impacts developers who install extensions from online resources such as GitHub.”

U.S. cybersecurity and intelligence agencies have issued a joint advisory warning of potential cyber attacks from Iranian state-sponsored or affiliated threat actors.

“Over the past several months, there has been increasing activity from hacktivists and Iranian government-affiliated actors, which is expected to escalate due to recent events,” the agencies said.

“These cyber actors often exploit targets of opportunity based on the use of unpatched or outdated software with known Common Vulnerabilities and Exposures or the use of default or common passwords on internet-connected accounts and devices.”

There is currently no evidence of a coordinated campaign of malicious cyber activity in the U.S. that can be attributed to Iran, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Department of Defense Cyber Crime Center (DC3), and the National Security Agency (NSA) noted.

Emphasizing the need for “increased vigilance,” the agencies singled out Defense Industrial Base (DIB) companies, specifically those with ties to Israeli research and defense firms, as being at an elevated risk. U.S. and Israeli entities may also be exposed to distributed denial-of-service (DDoS) attacks and ransomware campaigns, they added.

Attackers often start with reconnaissance tools like Shodan to find vulnerable internet-facing devices, especially in industrial control system (ICS) environments. Once inside, they can exploit weak segmentation or misconfigured firewalls to move laterally across networks. Iranian groups have previously used remote access tools (RATs), keyloggers, and even legitimate admin utilities like PsExec or Mimikatz to escalate access—all while evading basic endpoint defenses.

Based on prior campaigns, attacks mounted by Iranian threat actors leverage techniques like automated password guessing, password hash cracking, and default manufacturer passwords to gain access to internet-exposed devices. They have also been found to employ system engineering and diagnostic tools to breach operational technology (OT) networks.

The development comes days after the Department of Homeland Security (DHS) released a bulletin, urging U.S. organizations to be on the lookout for possible “low-level cyber attacks” by pro-Iranian hacktivists amid the ongoing geopolitical tensions between Iran and Israel.

Last week, Check Point revealed that the Iranian nation-state hacking group tracked as APT35 targeted journalists, high-profile cyber security experts, and computer science professors in Israel as part of a spear-phishing campaign designed to capture their Google account credentials using bogus Gmail login pages or Google Meet invitations.

As mitigations, organizations are advised to follow the below steps –

• Identify and disconnect OT and ICS assets from the public internet
• Ensure devices and accounts are protected with strong, unique passwords, replace weak or default passwords, and enforce multi-factor authentication (MFA)
• Implement phishing-resistant MFA for accessing OT networks from any other network
• Ensure systems are running the latest software patches to protect against known security vulnerabilities
• Monitor user access logs for remote access to the OT network
• Establish OT processes that prevent unauthorized changes, loss of view, or loss of control
• Adopt full system and data backups to facilitate recovery

“Despite a declared ceasefire and ongoing negotiations towards a permanent solution, Iranian-affiliated cyber actors and hacktivist groups may still conduct malicious cyber activity,” the agencies said.

Update

In a new report, Censys said it uncovered 43,167 internet-exposed devices from Tridium Niagara, 2,639 from Red Lion, 1,697 from Unitronics, and 123 from Orpak SiteOmat as of June 2025. A majority of the increased exposures associated with Tridium Niagara appear to be in Germany, Sweden, and Japan.

It also noted that default passwords continue to provide an easy pathway for threat actors to access critical systems, urging manufacturers to avoid shipping devices or software with default credentials, and instead require strong, unique passwords as well as offer ways to prevent exposing their systems directly to the internet.

“Apart from Unitronics, which is most commonly observed in Australia, the highest numbers of these devices are observed in the U.S.,” the company said. “Though Tridium Niagara boasts the highest exposure numbers, it’s building automation software. Depending on a threat actor’s objective, these systems, though plentiful, may not be the most valuable targets.”

SOCRadar said the Iran-Israel conflict of 2025 has led to a spike in cyber activity, with more than 600 cyber attack claims reported across more than 100 Telegram channels between June 12 and 27, 2025. Israel emerged as the most targeted country with 441 attack claims, followed by the U.S. (69), India (34), and Middle Eastern nations like Jordan (33) and Saudi Arabia (13).

The top hacktivist groups during the time period included Mr Hamza, Keymous, Mysterious Team, Team Fearless, GARUDA_ERROR_SYSTEM, Dark Storm Team, Arabian Ghosts, Cyber Fattah, CYBER U.N.I.T.Y, and NoName057(16). Governments, defense, telecom, financial services, and technology sectors were among the most targeted industries.

“Since the war began, state-sponsored hackers, hacktivists from both countries, and cyber actors from non-participant nations ranging from South Asia to Russia to across the Middle East have become active,” the threat intelligence firm said. “Israel was the main target of DDoS attacks, with 357 claims, making up 74% of all DDoS activity.”