Category: Cybersecurity

Aug 04, 2025Ravie LakshmananHacking News / Cybersecurity

Malware isn’t just trying to hide anymore—it’s trying to belong. We’re seeing code that talks like us, logs like us, even documents itself like a helpful teammate. Some threats now look more like developer tools than exploits. Others borrow trust from open-source platforms, or quietly build themselves out of AI-written snippets. It’s not just about being malicious—it’s about being believable.

In this week’s cybersecurity recap, we explore how today’s threats are becoming more social, more automated, and far too sophisticated for yesterday’s instincts to catch.

⚡ Threat of the Week

Secret Blizzard Conduct ISP-Level AitM Attacks to Deploy ApolloShadow — Russian cyberspies are abusing local internet service providers’ networks to target foreign embassies in Moscow and likely collect intelligence from diplomats’ devices. The activity has been attributed to the Russian advanced persistent threat (APT) known as Secret Blizzard (aka Turla). It likely involves using an adversary-in-the-middle (AiTM) position within domestic telecom companies and ISPs that diplomats are using for Internet access to push a piece of malware called ApolloShadow. This indicates that the ISP may be working with the threat actor to facilitate the attacks using the System for Operative Investigative activities (SORM) systems. Microsoft declined to say how many organizations were targeted, or successfully infected, in this campaign.

• Companies that Employed Hafnium Hackers Linked to Over a Dozen Patents — Threat actors linked to the notorious Hafnium hacking group have worked for companies that registered several patents for highly intrusive forensics and data collection technologies. The findings highlight China’s diverse private sector offensive ecosystem and an underlying problem with mapping tradecraft to a specific cluster, which may not accurately reflect the true organizational structure of the attackers. The fact that the threat actors have been attributed to three different companies shows that multiple companies may be working in tandem to conduct the intrusions and those companies may be providing their tools to other actors, leading to incomplete or misleading attribution. It’s currently not known how the threat actors came to possess the Microsoft Exchange Server flaws that were used to target various entities in a widespread campaign in early 2021. But their close relationship with the Shanghai State Security Bureau (SSSB) has raised the possibility that the bureau may have obtained access to information about the zero-days through some evidence collection method and passed it on to the attackers. The discovery also highlights another important aspect: China-based Advanced Persistent Threats (APTs) may actually consist of different companies that serve many clients owing to the contracting ecosystem, which forces these companies to collaborate on intrusions. In June 2025, Recorded Future revealed that a Chinese state-owned defense research institute filed a patent in late December 2024 that analyzes various kinds of intelligence, including OSINT, HUMINT, SIGINT, GEOINT, and TECHINT, to train a military-specific large language model in order to “support every phase of the intelligence cycle and improve decision-making during military operations.”
• Likely 0-Day SonicWall SSL VPN Flaw Used in Akira Ransomware Attacks — SonicWall SSL VPN devices have become the target of Akira ransomware attacks as part of a newfound surge in activity observed in late July 2025. Arctic Wolf Labs said that the attacks could be exploiting an as-yet-undetermined security flaw in the appliances, meaning a zero-day vulnerability, given that some of the incidents affected fully-patched SonicWall devices. However, the possibility of credential-based attacks for initial access hasn’t been ruled out. The development came as watchTowr Labs detailed multiple vulnerabilities in SonicWall SMA 100 Series appliances (CVE-2025-40596, CVE-2025-40597, and CVE-2025-40598) that an attacker could exploit to cause denial-of-service or code execution. “We stumbled across vulnerabilities that feel like they were preserved in amber from a more naïve era of C programming,” security researcher Sina Kheirkhah said. “While we understand (and agree) that these vulnerabilities are ultimately difficult – or in some cases, currently not exploitable – the fact that they exist at all is, frankly, disappointing. Pre-auth stack and heap overflows triggered by malformed HTTP headers aren’t supposed to happen anymore.”
• UNC2891 Breaches ATM Network via 4G Raspberry Pi in Cyber-Physical Attack — The threat actor known as UNC2891 has been observed targeting Automatic Teller Machine (ATM) infrastructure using a 4G-equipped Raspberry Pi as part of a covert attack. The cyber-physical attack involved the adversary leveraging their physical access to install the Raspberry Pi device and have it connected directly to the same network switch as the ATM, effectively placing it within the target bank’s network. The end goal of the infection was to deploy the CAKETAP rootkit on the ATM switching server and facilitate fraudulent ATM cash withdrawals. UNC2891 is assessed to share tactical overlaps with another threat actor called UNC1945 (aka LightBasin), which was previously identified compromising managed service providers and striking targets within the financial and professional consulting industries. UNC1945 is also known for its attacks aimed at the telecom sector.
• Active Exploitation of Alone WordPress Theme Flaw — Threat actors are actively exploiting a critical security flaw in “Alone – Charity Multipurpose Non-profit WordPress Theme” to take over susceptible sites. The vulnerability, tracked as CVE-2025-5394 (CVSS score: 9.8), is an arbitrary file upload affecting all versions of the plugin prior to and including 7.8.3. It has been fixed in version 7.8.5 released on June 16, 2025. In the observed attacks, the flaw is averaged to upload a ZIP archive containing a PHP-based backdoor to execute remote commands and upload additional files. Alternatively, the flaw has also been weaponized to deliver fully-featured file managers and backdoors capable of creating rogue administrator accounts.
• Multiple Flaws Patched in AI Code Editor Cursor — Several security vulnerabilities have been addressed in Cursor, including one high-severity bug (CVE-2025-54135 aka CurXecute) that could result in remote code execution (RCE) when processing external content from a third-party model context protocol (MCP) server. “If chained with a separate prompt injection vulnerability, this could allow the writing of sensitive MCP files on the host by the agent,” Cursor said. “This can then be used to directly execute code by adding it as a new MCP server.” Also addressed in Cursor version 1.3 is CVE-2025-54136 (CVSS score of 7.2), which could have allowed attackers to swap harmless MCP configuration files for a malicious command, without triggering a warning. “If an attacker has write permissions on a user’s active branches of a source repository that contains existing MCP servers the user has previously approved, or an attacker has arbitrary file-write locally, the attacker can achieve arbitrary code execution,” the company said.

‎️‍🔥 Trending CVEs

Hackers are quick to jump on newly discovered software flaws – sometimes within hours. Whether it’s a missed update or a hidden bug, even one unpatched CVE can open the door to serious damage. Below are this week’s high-risk vulnerabilities making waves. Review the list, patch fast, and stay a step ahead.

This week’s list includes — CVE-2025-7340, CVE-2025-7341, CVE-2025-7360 (HT Contact Form plugin), CVE-2025-54782 (@nestjs/devtools-integration), CVE-2025-54418 (CodeIgniter4), CVE‑2025‑4421, CVE‑2025‑4422, CVE‑2025‑4423, CVE‑2025‑4424, CVE‑2025‑4425, CVE‑2025‑4426 (Lenovo), CVE-2025-6982 (TP-Link Archer C50), CVE-2025-2297 (BeyondTrust Privilege Management for Windows), CVE-2025-5394 (Alone theme), CVE-2025-2523 (Honeywell Experion PKS), CVE-2025-54576 (OAuth2-Proxy), CVE-2025-46811 (SUSE), CVE-2025-6076, CVE-2025-6077, and CVE-2025-6078 (Partner Software).

📰 Around the Cyber World

• Critical RCE in @nestjs/devtools-integration — A critical remote code execution flaw (CVE-2025-54782, CVSS score: 9.4) has been uncovered in @nestjs/devtools-integration, a NestJS npm package downloaded over 56,000 times per week. The package sets up a local development server with an endpoint that executes arbitrary code inside a JavaScript “sandbox” built with node:vm module and the now-abandoned safe-eval, ultimately allowing for execution of untrusted user code in a sandboxed environment, Socket said. Further analysis has found that the sandbox is trivially escapable and because the server is accessible on localhost, any malicious website can trigger code execution on a developer’s machine via CSRF using the inspector/graph/interact endpoint. “Due to improper sandboxing and missing cross-origin protections, any malicious website visited by a developer can execute arbitrary code on their local machine,” Nestjs maintainer Kamil Mysliwiec said in an advisory. “By chaining these issues, a malicious website can trigger the vulnerable endpoint and achieve arbitrary code execution on a developer’s machine running the NestJS devtools integration.”
• Attackers Exploit Compromised Email Accounts for Attacks — Threat actors are increasingly using compromised internal or trusted business partner email accounts to send malicious emails to obtain initial access. “Using a legitimate trusted account affords an attacker numerous advantages, such as potentially bypassing an organization’s security controls as well as appearing more trustworthy to the recipient,” Talos said. The disclosure comes as bad actors are also continuing to exploit Microsoft 365’s Direct Send feature to deliver phishing emails that appear to originate from within the organization by using a spoofed internal From address and increases the likelihood of success of social engineering attacks. The messages are injected into Microsoft 365 tenants via unsecured third-party email security appliances used as SMTP relays. “This tactic allows attackers to send malicious payloads to Microsoft 365 users with increased credibility, often resulting in successful delivery despite failed authentication checks,” Proofpoint said.
• Signal Warns it Will Exit Australia Over Encryption Backdoor Push — Signal Foundation president Meredith Whittaker said the secure messaging application will leave Australia if the government forces it to incorporate a backdoor into its encryption algorithm or demand access to encrypted user data. Earlier this year, the U.K. government issued a secret order demanding that Apple allow it access to encrypted user data to assist in investigations, resulting in Apple removing its Advanced Data Protection (ADP) feature for users in the region. While the U.K. government appears to be backing down from its earlier demand, Google told TechCrunch that, unlike Apple, it did not receive any request from the U.K. to build a secret backdoor. This is the first time Google has formally commented on the matter.
• Google Hardens Chrome Extension Supply Chain Against Account Compromise — Google has rolled out a new security feature called Verified CRX Upload for Chrome extension developers that enforces cryptographic signatures for all Chrome extension updates and prevents bad actors from compromising developer accounts and publishing malicious updates to the Chrome Web Store (CWS). The security protection is also designed to address scenarios where CWS code reviews may not always flag such malicious attacks. “When opting an extension into Verified CRX Upload, the developer gives Google a public key. After that, the developer can no longer upload unsigned ZIP files for that extension and must instead upload a CRX file signed with the corresponding private key,” Google said [PDF]. “Verified upload acts as a second factor for the act of uploading to CWS. A malicious actor who compromises a developer’s account password, session cookies, or even an OAuth token, would not be able to upload a malicious update unless they also gain access to the developer’s private signing key.”
• Kimsuky Targets South Korea with Stealer Malware — The North Korea-linked Kimsuky hacking group has been linked to a spear-phishing campaign that targets South Korean entities using Windows shortcut (LNK) files as an initial access vector to trigger a multi-stage infection chain to deploy a keylogger, information stealer, establish persistent control over compromised hosts, and deliver unknown next-stage payloads. In parallel, users are displayed with lure PDF documents related to tax notices and government alerts about alleged sex offenders in the area. “Once inside, the malware performs extensive system profiling, steals credentials and sensitive documents, monitors user activity through keylogging and clipboard capture, and exfiltrates data in discreet segments over standard web traffic—helping it blend into normal network operations,” Aryaka said.

• Apple macOS Flaw Can Bypass TCC — Attackers could have used a recently patched macOS vulnerability to bypass Transparency, Consent, and Control (TCC) security checks and steal sensitive user information from locations such as the Downloads directory and Apple Intelligence caches. The flaw, dubbed Sploitlight by Microsoft and tracked as CVE-2025-31199, was addressed by Apple with the release of macOS Sequoia 15.4 in March 2025. The attack is so named because it exploits Spotlight plugins called importers, which are used to index data found on a device and surface it via its built-in search tool. Sploitlight turns these plugins into a TCC bypass, allowing valuable data to be leaked without a user’s consent.
• Improved Version of XWorm Spotted — A new version of a remote access trojan called XWorm (version 6.0) has been discovered with new features such as process protection and enhanced anti-analysis capabilities, indicating continued attempts by the developers to iterate and refine their tactics. The starting point of the attack is a Visual Basic Script that’s likely delivered to targets via social engineering, which then proceeds to set up persistence on the host via Windows Registry (as opposed to scheduled tasks in the previous version), although it’s important to note that the builder offers three different methods, including the aforementioned techniques and the adding the payload to the Startup folder. It’s also designed to run a PowerShell script that includes the ability to bypass Antimalware Scan Interface (AMSI) via in-memory modification of “clr.dll” to sidestep detection. Some of the new features observed in the latest version of XWorm are its ability to prevent process termination by marking itself as a critical process and killing itself if the compromised host is running Windows XP.
• Mozilla Warns Add-ons Devs Against Phishing Attack — Browser maker Mozilla is warning of a phishing campaign targeting its Firefox Add-ons infrastructure that aims to trick developers into parting with their account credentials as part of emails containing messages like “Your Mozilla Add-ons account requires an update to continue accessing developer features” that are designed to provoke engagement. The disclosure follows the emergence of bogus Firefox add-ons that masquerade as TronLink, Solflare, Rabby Wallet and are designed to steal cryptocurrency wallet secrets, security researcher Lukasz Olejnik said.
• New Stealer Malware Dissected — Cybersecurity researchers have detailed three new stealer malware families called Cyber Stealer, Raven Stealer, and SHUYAL Stealer that combine extensive credential theft capabilities with advanced system reconnaissance and evasion tactics. “Beyond credential theft, SHUYAL captures system screenshots and clipboard content, exfiltrating this data alongside stolen Discord tokens through a Telegram bot infrastructure,” Hybrid Analysis said. “The malware maintains operational stealth through self-deletion mechanisms, removing traces of its activity using a batch file after completing its primary functions.” Cyber Stealer, for its part, maintains communication with its command-and-control (C2) server through heartbeat checks, XMR miner configuration, task checks, and data exfiltration. It also comes with a clipper, remote shell, reverse proxy, DDoS, XMR mining, and DNS poisoning capabilities based on the subscription tier chosen by a customer. “The C2 URL can be dynamically updated through Pastebin, with a hardcoded backup URL if that fails,” eSentire said. While there are a number of stealers on the cybercrime scene already, the emergence of new stealers demonstrates the lucrative nature of such tools to enable data theft at scale. The third new infostealer malware is Raven Stealer, which is actively distributed through GitHub repositories and promoted via a Telegram channel operated by the threat actors. The stealer is consistent with other stealers, facilitating credential theft, browser data harvesting, and real-time data exfiltration via Telegram bot integration.
• NOVABLIGHT Node.js Stealer Spotted in the Wild — Developed and sold by the Sordeal Group, a threat actor demonstrating French-language proficiency, NOVABLIGHT is marketed as an “educational tool” on platforms like Telegram and Discord from €25 for a month to €140 for six months ($28 to $162). However, this aspect masks its true intent: A modular, feature-rich NodeJS-based malware built on the Electron framework, designed to steal sensitive information, including login credentials and cryptocurrency wallet data. The malware is said to be distributed via fake websites advertising video game installers. “NOVABLIGHT is a modular and feature-rich information stealer built on Node.js with the Electron framework,” Elastic Security Labs said. “Its capabilities go beyond simple credential theft, incorporating methods for data collection and exfiltration, sandbox detection, and heavy obfuscation.”
• $3.5B LuBian Bitcoin Theft Goes Undetected for Nearly Five Years — A previously undisclosed theft of 127,426 Bitcoin, valued at $3.5 billion at the time (presently approximately $14.5 billion), has been traced back to a December 2020 attack on a little-known Chinese mining pool called LuBian, making it as the largest cryptocurrency theft to date, surpassing the $1.5 billion Bybit hack that occurred in February 2025. “They appear to have been first hacked on December 28th, 2020, for over 90% of their BTC,” Arkham Intelligence said. “Subsequently, on December 29th, around $6M of additional BTC and USDT was stolen from a Lubian address active on the Bitcoin Omni layer. On the 31st, LuBian rotated their remaining funds to recovery wallets.” It’s believed that the unknown attackers may have exploited a flawed private key generation algorithm that left it susceptible to brute-force attacks. “LuBian preserved 11,886 BTC, currently worth $1.35B, which they still hold,” Arkham said. “The hacker also still holds the stolen BTC, with their last known movement being a wallet consolidation in July 2024.” Neither LuBian nor the suspected hacker has ever publicly acknowledged the breach.
• Russia Blocks Access to Speedtest — Russia blocked access to Speedtest, a popular internet speed testing tool developed by U.S. company Ookla, claiming the service poses a national security threat and could aid cyber attacks. The restriction is due to the “identified threats to the security of the public communication network and the Russian segment of the internet,” Roskomnadzor, country’s communications watchdog, said, adding it “collects data on the layout and capacity of Russian communications nodes” that could be used to “plan, conduct, and assess attacks on Russian networks and related systems.”
• CISA Releases Thorium — The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced the public availability of Thorium, an open-source platform for malware and forensic analysts across the government, public, and private sectors. “Thorium enhances cybersecurity teams’ capabilities by automating analysis workflows through seamless integration of commercial, open-source, and custom tools,” CISA said. “It supports various mission functions, including software analysis, digital forensics, and incident response, allowing analysts to efficiently assess complex malware threats.” The agency has also released the Eviction Strategies Tool, which helps security teams during the incident response by providing the necessary actions to contain and evict adversaries from compromised networks and devices.
• Russian Entities Targeted to Deploy Cobalt Strike — The Russian information technology (IT) sector, and to a certain extent companies in China, Japan, Malaysia, and Peru, has been at the receiving end of a spear-phishing email campaign that delivers the Cobalt Strike Beacon by means of intermediate payloads that reach out to fake profiles on social media platforms to obtain the URL hosting the post-exploitation toolkit. The accounts, created on GitHub, Quora, and Russian-language social networks, are said to have been created specifically for the attacks and act as dead drop resolvers to facilitate operational resiliency. The activity was first recorded in the second half of 2024, reaching its peak in November and December. The campaign has not been attributed to any known threat actor or group.
• APT36 Targets Indian Railways, Oil & Gas Sectors — A suspected Pakistani threat actor known as APT36 (aka Transparent Tribe) has been attributed to attacks targeting Indian railway systems, oil and gas infrastructure, and the Ministry of External Affairs via spear-phishing attacks to deliver a known malware called Poseidon. “They use .desktop files disguised as PDF documents to execute scripts that download malware and establish persistence using cron jobs,” Hunt.io said. “The Poseidon backdoor, built on the Mythic framework and written in Go, is used to maintain access and support lateral movement.”
• Qilin Ransomware Attack Leverages BYOVD Technique — Threat actors associated with Qilin ransomware have been observed leveraging a previously unknown driver, TPwSav.sys, to stealthily disable security tools using a custom version of EDRSandblast as part of a Bring Your Own Vulnerable Driver (BYOVD) attack. “This driver, originally developed for power-saving features on Toshiba laptops, is a signed Windows kernel driver, making it an attractive choice for bypassing EDR protections through a BYOVD attack,” Blackpoint Cyber said. Prior to this incident, there has been no evidence of in-the-wild exploitation of the driver. “Compiled in 2015 and holding a valid signature, this driver is an appealing candidate for BYOVD attacks aimed at disabling EDR. While interacting with the driver requires only low-level privileges, loading it and enumerating physical memory demand administrative privileges,” the company added.
• Phishing Campaign Distributes 0bj3ctivity Stealer — Phishing emails bearing purchase order-lures are being used to distribute via JavaScript files a stealer called 0bj3ctivity Stealer, which has been propagated via Ande Loader in the past. “The further stages are uncommon, including custom PowerShell scripts to deploy the next stages and steganography to hide some of the payloads,” Trellix said. “Once decoded, the PowerShell script will download from archive.org a JPG image, which contains the next stage hidden using steganography.” The United States, Germany, and Montenegro exhibit a high volume of detections, although telemetry data has also revealed noticeable activity in Europe, North America, Southeast Asia, and Australia, indicating the global nature of the threat.

• Increasing Number of Flaws Leveraged as 0- or 1-Days — A third of flaws leveraged by attackers this year have been zero-day or 1-day flaws, indicating that threat actors are becoming faster at exploiting vulnerabilities. “We observed an 8.5% increase in the percentage of KEVs [Known Exploited Vulnerabilities] that had exploitation evidence disclosed on or before the day a CVE was published — 32.1% in H1-2025 as compared to the 23.6% we reported in 2024,” VulnCheck said. In total, the company added 432 new vulnerabilities to its KEV list in the first half of 2025, with 92 unique threat actors linked to the exploitation efforts. Of these, 56 (60.8%) were attributed to specific countries, including China (20), Russia (11), North Korea (9), and Iran (6). In a related development, a GreyNoise report found that in 80% of reconnaissance spikes against enterprise gear, the increase in activity was followed by the publication of a new CVE within six weeks, suggesting threat actors or researchers are testing their exploits ahead of time. “These patterns were exclusive to enterprise edge technologies like VPNs, firewalls, and remote access tools – the same kinds of systems increasingly targeted by advanced threat actors,” the threat intelligence firm said.
• BreachForums Comes Back Online — BreachForums appears to be back again after it went offline in April. The popular cybercrime forum was shut down and resurrected several times over the past year. According to DataBreaches.Net, the official site appears to be back online on its dark web address, while preserving the original user database, reputation, credits, and posts. What’s more, the site seems to have returned under new leadership – a user with the online moniker “N/A.” In an introductory post, N/A also claimed that none of its administrators have been arrested and that it’s “business as usual.”
• RedCurl’s New Attacks Deliver RedLoader — The threat actor known as Gold Blade (aka Earth Kapre, RedCurl, and Red Wolf) has been linked to a new set of attacks in July 2025 that combine malicious LNK files and WebDAV to execute remotely hosted DLLs to ultimately launch RedLoader using DLL side-loading. The LNK files, disguised as cover letters in the PDF format, are distributed via phishing emails via third-party job search sites like Indeed.
• Mimo Exploits SharePoint Flaws to Deliver Ransomware — The threat actor known as Mimo is exploiting the recently disclosed Microsoft SharePoint flaws to deliver the Go-based 4L4MD4r ransomware. The hacking group was recently linked to the abuse of a critical Craft CMS flaw to drop miners. The development marks the first time the hacking group has deployed ransomware in the wild.
• Silver Fox APT Uses Fake Flash Plugin to Deliver Malware — The threat actor tracked as Silver Fox has been observed delivering the Winos trojan under the guise of popular tools like Adobe Flash, Google Translate, and WPS. Typical distribution vectors include email, phishing websites, and instant messaging software. “However, with the leakage of core remote control Trojan source code (such as Winos 4.0) in the cybercrime circle, Silver Fox has gradually transformed from a single organization into a malicious family widely redeveloped by cybercrime groups and even APT organizations,” the Knownsec 404 team said. “Winos has a rich set of functional plug-ins that enable various remote control functions and data theft on the target host.”
• Girona Hacker Arrested — Spanish authorities have apprehended a cybercriminal who allegedly stole sensitive data from major financial institutions, educational organizations, and private companies across the country. The accused, described as a man with advanced computer programming skills, stands accused of targeting Spanish banks, a driving school, and a public university, among others. The suspect is alleged to have stolen personal databases of employees and customers, as well as internal documents of companies and organizations, and then sold them for profit.
• ShadowSyndicate Infrastructure Analyzed — Cybersecurity researchers have found connections between ShadowSyndicate infrastructure and various malware families like AMOS Stealer, TrueBot, and a number of ransomware strains such as Cl0p, BlackCat, LockBit, Play, Royal, CACTUS, and RansomHub. Aside from having access to a network of bulletproof hosters (BPHs) in Europe, it’s believed that ShadowSyndicate functions as an initial access broker (IAB) fueling Russian, North Korean, and Chinese APTs. “It remains unclear whether ShadowSyndicate has a structured business model with formal clients or partners in cybercrime, or whether it represents a more fluid, hybrid threat actor,” Intrinsec said.
• Who is Lionishackers? — Threat hunters have ripped the cover off Lionishackers, a corporate database seller and a financially motivated threat actor focused on exfiltrating and selling corporate databases through Telegram and underground forums since July 2024. “Even though they seem to have an opportunistic approach when choosing their targets, there seems to be a certain preference for victims located in Asian countries,” Outpost24 said. “They have shown a high level of collaboration with the ‘Hunt3r Kill3rs’ group and extensive participation in relevant underground communities’ Telegram channels. Furthermore, they also worked on and offered other services such as pen testing, the commercialization of the Ghost botnet, and the launch of a forum project dubbed Stressed Forums.”
• EdskManager RAT, Pulsar RAT, and Retro-C2 RAT Exposed — Three new remote access trojans called EdskManager RAT, Pulsar RAT, and Retro-C2 RAT have been flagged by cybersecurity researchers, flagging their ability to evade detection and maintain control over compromised systems. “The malware employs a downloader disguised as legitimate software, followed by in-memory decryption and stealth communication with command-and-control servers,” CYFIRMA said about EdskManager RAT. “Its use of HVNC (Hidden Virtual Network Computing), advanced persistence techniques, and anti-analysis measures indicates a strong focus on long-term, covert access to infected systems.” Pulsar RAT, on the other hand, is an Android trojan that exploits accessibility services to gain near-total control of the device, accessing messages, calls, GPS data, the camera, microphone, and other sensitive data. Developed by a Turkish-speaking threat actor known as ZeroTrace, Retro-C2 RAT employs reflective loading techniques to evade detection and siphon data from compromised machines. “The command-and-control infrastructure is fully web-based and provides threat actors with real-time client monitoring, action management such as CMD, PowerShell, Remote Desktop, keylogging, clipboard capture, file and process management, registry and network operations, audio recording, wallet scanning, persistence operations, and credential recovery,” ThreatMon said.
• Apple to Enable Advanced Fingerprinting Protection for All Safari Browsing Sessions — Apple has revealed that it intends to make advanced fingerprinting protection the default for all browsing sessions in Safari with the release of iOS 26, iPadOS 26, and macOS 26 in September 2025. Currently, the option is limited to Private Browsing mode. The feature was first introduced in Safari 17.0.
• Security Flaw Uncovered in Catwatchful Spyware — An SQL injection vulnerability in an Android stalkerware operation called Catwatchful has exposed more than 62,000 of its customers, including its Uruguay-based administrator, Omar Soca Charcov. The bug, discovered by researcher Eric Daigle, could be exploited to leak the application’s database, compromising customers’ email addresses and plaintext passwords. Google has since added protections to flag such malicious apps and suspended the developer’s Firebase account for abusing its infrastructure to operate the monitoring software.
• Ransomware Continues to be a Threat — DragonForce has claimed more than 250 victims on its dark web leak site, with 58 in the second quarter of 2025 alone, indicating that the ransomware cartel is gaining traction after purportedly absorbing RansomHub. Some of the groups that appear to have exited the scene include RansomHub, Babuk-Bjorka, FunkSec, BianLian, 8Base, Cactus, and Hunters International. “With major RaaS services shutting down, many affiliates are operating independently or seeking new partnerships,” Check Point said. “The result is a growing number of smaller, often short-lived, ransomware entities. At the same time, established players are actively competing to recruit these ‘orphaned’ affiliates.” Ransomware attacks have also been observed evolving beyond double extortion to coerce victims into paying up with threats of data leaks and DDoS attacks. “Double, triple, and quadruple extortion tactics add pressure by threatening to expose customer information, disrupting operations with distributed denial-of-service (DDoS) attacks, and sending harassing messages to business partners, customers, and others — including informing media of the breach,” Akamai said.
• Threat Actors Hide Malware in DNS Records — While it’s known that threat actors have leveraged the Domain Name System (DNS) for command-and-control purposes using a technique called DNS tunneling, it has been observed that cybercriminals are evolving their tactics further by concealing malicious commands in DNS TXT records by converting them into their hexadecimal representation and storing them in chunks. The practice is both clever and sneaky as it allows malicious scripts and early-stage malware to fetch binary files without having to download them from attacker-controlled sites or attach them to emails, which have a higher chance of being detected by antivirus software.

🎥 Cybersecurity Webinars

• Malicious Python Packages Are Everywhere — Learn How to Spot and Stop Them: In 2025, attacks on the Python ecosystem are rising fast—from typosquatting to dangerous container image flaws. If you’re still “pip installing and praying,” it’s time to level up. Join us for a hands-on webinar where we break down real supply chain threats and show you how to defend your code with practical tools, smarter workflows, and hardened images. No hype—just clear steps to secure your Python stack.

• Secure Your AI Stack: Learn How to Defend Identity Before It’s Too Late: AI is changing the way we work—and the way we get attacked. Join Okta’s Karl Henrik Smith to explore how identity is becoming the last, and most critical, line of defense against AI-powered threats. From deepfakes to autonomous agents, attackers are moving faster than traditional tools can handle. In this free webinar, you’ll learn why identity-first security is the key to staying ahead—and how to put it into action.

🔧 Cybersecurity Tools

• Thorium: Released by the U.S. CISA, this new open-source tool is a scalable platform for automating file analysis and aggregating results across diverse tools. It helps cybersecurity teams streamline malware triage, forensics, and tool testing by integrating with existing workflows through event-driven automation and a scalable infrastructure.
• LangExtract: It is an open-source Python library, developed by Google, that helps developers extract structured information from unstructured text using Gemini and other LLMs. It’s designed for tasks like parsing medical records, legal documents, or customer feedback by combining prompt-driven extraction, source-grounded outputs, and schema enforcement. LangExtract supports flexible backends, scales across long documents, and makes it easy to visualize and verify results—all without fine-tuning a model.

Disclaimer: These newly released tools are for educational use only and haven’t been fully audited. Use at your own risk—review the code, test safely, and apply proper safeguards.

🔒 Tip of the Week

Your Keyboard Could Be Spying on You — Here’s How to Tell — Most people don’t realize it, but your smartphone keyboard can do more than just type. Some of them quietly connect to the internet, sending back what you type, when you type, and even what’s in your clipboard. Even trusted apps like Gboard and SwiftKey have cloud sync features that share your typing patterns. And in worse cases, rogue keyboards can log passwords or steal crypto wallet seeds without any visible signs.

The fix isn’t just “don’t use shady keyboards.” It’s knowing how to control what they can do. Start by using a firewall app like NetGuard or RethinkDNS to block your keyboard from sending data over the internet. Go into your keyboard’s settings and turn off “personalization” or sync features. Watch out for weird behavior like a keyboard asking for access to your mic, contacts, or location — those are red flags. On newer Android versions, clipboard alerts will warn you if a keyboard is snooping.

If you want full peace of mind, switch to a keyboard that respects your privacy by design. Options like OpenBoard or Simple Keyboard have no internet access at all. They’re fast, clean, and open source — meaning their code can be audited for hidden behavior. In short: if your keyboard wants to “learn from you,” make sure it’s not learning too much.

Conclusion

Every threat we covered this week tells the same story: attackers are evolving faster because they’re learning from us. From how we code to how we trust, they’re watching closely. But the flipside? So are we.

The more we share, the faster we adapt. Keep pushing, keep questioning, and never let “normal” make you comfortable.

Everyone’s an IT decision-maker now. The employees in your organization can install a plugin with just one click, and they don’t need to clear it with your team first. It’s great for productivity, but it’s a serious problem for your security posture.

When the floodgates of SaaS and AI opened, IT didn’t just get democratized, its security got outpaced. Employees are onboarding apps faster than security teams can say, “We need to check this out first.” The result is a sprawling mess of shadow IT, embedded AI, and OAuth permissions that would make any CISO break into a cold sweat.

Here are five ways IT democratization can undermine your organization’s security posture and how to prevent it from doing so.

1. You can’t secure what you can’t see

Remember when IT security used to control what was allowed to pass the firewall? Good times. Today, anyone can find an app to do the heavy lifting for them. They won’t notice or care when the app requires access to your company’s Google Drive or has embedded AI. These apps are entering your stack right under your nose. The process is fast, decentralized, and a security nightmare.

How to solve it:

You need full visibility into the entire application stack, including any shadow IT or shadow AI in use. How can this be achieved? This comes down to one question: How good is your discovery? Wing automatically discovers every app in use, whether its SaaS, internal app, if it has embedded AI or if it’s an AI agent, even the ones hiding behind personal logins, OAuth connections, and browser extensions. It surfaces the risk levels, flags redundant or suspicious tools, and gives you the power to review, restrict, or remove them.

2. The growing attack surface of Shadow AI

AI tools are tech’s new shiny object and your organization’s users are all in. From copy to deck generators, code assistants, and data crunchers, most of them were never reviewed or approved. The productivity gains of AI are huge. Productivity has been catapulted forward in every department and across every vertical.

So what could go wrong? Oh, just sensitive data leaks, uncontrolled API connections, persistent OAuth tokens, and no monitoring, audit logs, or privacy policies… and that’s just to name a few of the very real and dangerous issues.

How to solve it:

You need a discovery tool that detects where AI is being used and how, even when it’s embedded within applications. Wing continuously detects apps with embedded AI, AI agents and Agetic AI across your environment, not just the ones you’re aware of, but also the ones that snuck into your stack unnoticed. It even alerts you when an app in use suddenly adds AI capabilities, so you are aware of this and not caught by surprise.

Ready to see what’s hiding in your stack? See what Wing can show you.

Cybersecurity researchers have discovered a nascent Android remote access trojan (RAT) called PlayPraetor that has infected more than 11,000 devices, primarily across Portugal, Spain, France, Morocco, Peru, and Hong Kong.

“The botnet’s rapid growth, which now exceeds 2,000 new infections per week, is driven by aggressive campaigns focusing on Spanish and French speakers, indicating a strategic shift away from its previous common victim base,” Cleafy researchers Simone Mattia, Alessandro Strino, and Federico Valentini said in an analysis of the malware.

PlayPraetor, managed by a Chinese command-and-control (C2) panel, does significantly deviate from other Android trojans in that it abuses accessibility services to gain remote control and can serve fake overlay login screens atop nearly 200 banking apps and cryptocurrency wallets in an attempt to hijack victim accounts.

PlayPraetor was first documented by CTM360 in March 2025, detailing the operation’s use of thousands of fraudulent Google Play Store download pages to perpetrate an interconnected large-scale scam campaign that can harvest banking credentials, monitor clipboard activity, and log keystrokes.

“The links to the impersonated Play Store pages are distributed through Meta Ads and SMS messages to effectively reach a wide audience,” the Bahrain-based company noted at the time. “These deceptive ads and messages trick users to click on the links, leading them to the fraudulent domains hosting the malicious APKs.”

Assessed to be a globally coordinated operation, PlayPraetor comes in five different variants that install deceptive Progressive Web Apps (PWAs), WebView-based apps (Phish), exploit accessibility services for persistent and C2 (Phantom), facilitate invite code-based phishing and trick users into purchasing counterfeit products (Veil), and grant full remote control via EagleSpy and SpyNote (RAT).

The Phantom variant of PlayPraetor, per the Italian fraud prevention company, is capable of on-device fraud (ODF) and is dominated by two principal affiliate operators who control about 60% of the botnet (roughly 4,500 compromised devices) and appear to center their efforts around Portuguese-speaking targets.

“Its core functionality relies on abusing Android’s accessibility services to gain extensive, real-time control over a compromised device,” Cleafy said. “This allows an operator to perform fraudulent actions directly on the victim’s device.”

Image Source: CTM360

Once installed, the malware beacons out to the C2 server via HTTP/HTTPS and makes use of a WebSocket connection to create a bidirectional channel to issue commands. It also sets up a Real-Time Messaging Protocol (RTMP) connection to initiate a video livestream of the infected device’s screen.

The evolving nature of the supported commands indicates that PlayPraetor is being actively developed by its operators, allowing for comprehensive data theft. In recent weeks, attacks distributing the malware have increasingly targeted Spanish- and Arabic-speaking victims, signaling a broader expansion of the malware-as-a-service (MaaS) offering.

The C2 panel, for its part, is not only used to actively interact with compromised devices in real-time, but also enable the creation of bespoke malware delivery pages that mimic Google Play Store on both desktop and mobile devices.

“The campaign’s success is built upon a well-established operational methodology, leveraging a multi-affiliate MaaS model,” Cleafy said. “This structure allows for broad and highly targeted campaigns.”

PlayPraetor is the latest malware originating from Chinese-speaking threat actors with an aim to conduct financial fraud, a trend exemplified by the emergence of ToxicPanda and SuperCard X over the past year.

ToxicPanda Evolves

According to data from Bitsight, ToxicPanda has compromised around 3,000 Android devices in Portugal, followed by Spain, Greece, Morocco and Peru. Campaigns distributing the malware have leveraged TAG-1241, a traffic distribution system (TDS), for malware distribution using ClickFix and fake Google Chrome update lures.

“This carefully orchestrated redirection is part of the TDS’s design to ensure that only selected targets are funneled to these malicious endpoints,” security researcher Pedro Falé said in a report last week.

The latest version of ToxicPanda improves upon its predecessors by incorporating a Domain Generation Algorithm (DGA) to establish C2 and enhance operational resilience in the face of infrastructure takedowns. Also baked into the malware are new commands to set a fallback C2 domain and better control malicious overlays.

DoubleTrouble Rises

The findings come as Zimperium disclosed another sophisticated Android banking trojan dubbed DoubleTrouble that has evolved beyond overlay attacks to record the device screen, log keystrokes, and run various commands for data exfiltration and entrenched device control.

Besides leaning heavily on abusing Android’s accessibility services to carry out its fraudulent activities, DoubleTrouble’s distribution strategy involves leveraging bogus websites that host malware samples directly within Discord channels.

“The new functionalities include: displaying malicious UI overlays to steal PIN codes or unlock patterns, comprehensive screen recording capabilities, the ability to block the opening of specific applications, and advanced keylogging functionality,” Zimperium zLabs researcher Vishnu Madhav said.

Telecommunications organizations in Southeast Asia have been targeted by a state-sponsored threat actor known as CL-STA-0969 to facilitate remote control over compromised networks.

Palo Alto Networks Unit 42 said it observed multiple incidents in the region, including one aimed at critical telecommunications infrastructure between February and November 2024.

The attacks are characterized by the use of several tools to enable remote access, as well as the deployment of Cordscan, which can collect location data from mobile devices.

However, the cybersecurity company said it found no evidence of data exfiltration from the networks and systems it investigated. Nor were any efforts made by the attackers to track or communicate with target devices within mobile networks.

“The threat actor behind CL-STA-0969 maintained high operational security (OPSEC) and employed various defense evasion techniques to avoid detection,” security researchers Renzon Cruz, Nicolas Bareil, and Navin Thomas said.

CL-STA-0969, per Unit 42, shares significant overlaps with a cluster tracked by CrowdStrike under the name Liminal Panda, a China-nexus espionage group that has been attributed to attacks directed against telecommunications entities in South Asia and Africa since at least 2020 with the goal of intelligence gathering.

It’s worth noting that some aspects of Liminal Panda’s tradecraft were previously attributed to another threat actor called LightBasin (aka UNC1945), which has also singled out the telecom sector since 2016. LightBasin, for its part, overlaps with a third cluster dubbed UNC2891, a financially motivated crew known for its attacks on Automatic Teller Machine (ATM) infrastructure.

“While this cluster significantly overlaps with Liminal Panda, we have also observed overlaps in attacker tooling with other reported groups and activity clusters, including Light Basin, UNC3886, UNC2891, and UNC1945,” the researchers pointed out.

In at least one case, CL-STA-0969 is believed to have employed brute-force attacks against SSH authentication mechanisms for initial compromise, leveraging the access to drop various implants such as –

• AuthDoor, a malicious Pluggable Authentication Module (PAM) that works similar to SLAPSTICK (originally attributed to UNC1945) to conduct credential theft and provide persistent access to the compromised host via a hard-coded magic password
• Cordscan, a network scanning and packet capture utility (previously attributed to Liminal Panda)
• GTPDOOR, a malware explicitly designed to be deployed in telecom networks that are adjacent to GPRS roaming exchanges
• EchoBackdoor, a passive backdoor that listens for ICMP echo request packets containing command-and-control (C2) instructions to extract the command and send the results of the execution back to the server via an unencrypted ICMP Echo Reply packet
• Serving GPRS Support Node (SGSN) Emulator (sgsnemu), an emulation software to tunnel traffic via the telecommunications network and bypass firewall restrictions (previously attributed to Liminal Panda)
• ChronosRAT, a modular ELF binary that’s capable of shellcode execution, file operations, keylogging, port forwarding, remote shell, screenshot capture, and proxy capabilities
• NoDepDNS (internally referred to as MyDns), a Golang backdoor that creates a raw socket and passively listens for UDP traffic on port 53 to parse incoming commands via DNS messages

“CL-STA-0969 leveraged different shell scripts that established a reverse SSH tunnel along with other functionalities,” Unit 42 researchers noted. “CL-STA-0969 systematically clears logs and deletes executables when they are no longer needed, to maintain a high degree of OPSEC.”

Adding to the already broad portfolio of malicious tools that the threat actor has deployed are Microsocks proxy, Fast Reverse Proxy (FRP), FScan, Responder, and ProxyChains, as well as programs to exploit flaws in Linux and UNIX-based systems (CVE-2016-5195, CVE-2021-4034, and CVE-2021-3156) to achieve privilege escalation.

Besides using a combination of bespoke and publicly available tooling, the threat actors have been found to adopt a number of strategies to fly under the radar. This encompasses DNS tunneling of traffic, routing traffic through compromised mobile operators, erasing authentication logs, disabling Security-Enhanced Linux (SELinux), and disguising process names with convincing names that match the target environment.

“CL-STA-0969 demonstrates a deep understanding of telecommunications protocols and infrastructure,” Unit 42 said. “Its malware, tools and techniques reveal a calculated effort to maintain persistent, stealthy access. It achieved this by proxying traffic through other telecom nodes, tunneling data using less-scrutinized protocols and employing various defense evasion techniques.”

China Accuses U.S. Agencies of Targeting Military and Research Institutions

The disclosure comes as the National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT) accused U.S. intelligence agencies of weaponizing a Microsoft Exchange zero-day exploit to steal defense-related information and hijack more than 50 devices belonging to a “major Chinese military enterprise” between July 2022 and July 2023.

The agency also said high-tech military-related universities, scientific research institutes, and enterprises in the country were targeted as part of these attacks to siphon valuable data from compromised hosts. Among those targeted was a Chinese military enterprise in the communications and satellite internet sectors that was attacked from July to November of 2024 by exploiting vulnerabilities in electronic file systems, CNCERT alleged.

The attribution effort mirrors tactics from the West, which has repeatedly blamed China for major cyber attacks, counting the latest zero-day exploitation of Microsoft SharePoint Server.

Asked last month about Chinese hacking into U.S. telecom systems and theft of intellectual property on Fox News, U.S. President Donald Trump said, “You don’t think we do that to them? We do. We do a lot of things. That’s the way the world works. It’s a nasty world.”

Aug 02, 2025Ravie LakshmananThreat Detection / SSH Security

Cybersecurity researchers have flagged a previously undocumented Linux backdoor dubbed Plague that has managed to evade detection for a year.

“The implant is built as a malicious PAM (Pluggable Authentication Module), enabling attackers to silently bypass system authentication and gain persistent SSH access,” Nextron Systems researcher Pierre-Henri Pezier said.

Pluggable Authentication Modules refers to a suite of shared libraries used to manage user authentication to applications and services in Linux and UNIX-based systems.

Given that PAM modules are loaded into privileged authentication processes, a rogue PAM can enable theft of user credentials, bypass authentication checks, and remain undetected by security tools.

The cybersecurity company said it uncovered multiple Plague artifacts uploaded to VirusTotal since July 29, 2024, with none of them detected by antimalware engines as malicious. What’s more, the presence of several samples signals active development of the malware by the unknown threat actors behind it.

Plague boasts of four prominent features: Static credentials to allow covert access, resist analysis and reverse engineering using anti-debugging and string obfuscation; and enhanced stealth by erasing evidence of an SSH session.

This, in turn, is accomplished by unsetting environment variables such as SSH_CONNECTION and SSH_CLIENT using unsetenv, and redirecting HISTFILE to /dev/null to prevent shell command logging, in order otherwise avoid leaving an audit trail.

“Plague integrates deeply into the authentication stack, survives system updates, and leaves almost no forensic traces,” Pezier noted. “Combined with layered obfuscation and environment tampering, this makes it exceptionally hard to detect using traditional tools.”

Aug 02, 2025Ravie LakshmananVulnerability / Zero Day

SonicWall SSL VPN devices have become the target of Akira ransomware attacks as part of a newfound surge in activity observed in late July 2025.

“In the intrusions reviewed, multiple pre-ransomware intrusions were observed within a short period of time, each involving VPN access through SonicWall SSL VPNs,” Arctic Wolf Labs researcher Julian Tuin said in a report.

The cybersecurity company suggested that the attacks could be exploiting an as-yet-undetermined security flaw in the appliances, meaning a zero-day flaw, given that some of the incidents affected fully-patched SonicWall devices. However, the possibility of credential-based attacks for initial access hasn’t been ruled out.

The uptick in attacks involving SonicWall SSL VPNs was first registered on July 15, 2025, although Arctic Wolf said that it has observed similar malicious VPN logins as far back as October 2024, suggesting sustained efforts to target the devices.

“A short interval was observed between initial SSL VPN account access and ransomware encryption,” it said. “In contrast with legitimate VPN logins which typically originate from networks operated by broadband internet service providers, ransomware groups often use Virtual Private Server hosting for VPN authentication in compromised environments.”

Queries sent to SonicWall for further details on the activity did not elicit a response until the publishing of this article. As mitigations, organizations are advised to consider disabling the SonicWall SSL VPN service until a patch is made available and deployed, given the likelihood of a zero-day vulnerability.

Other best practices include enforcing multi-factor authentication (MFA) for remote access, deleting inactive or unused local firewall user accounts, and following password hygiene.

As of early 2024, Akira ransomware actors are estimated to have extorted approximately $42 million in illicit proceeds after targeting more than 250 victims. It first emerged in March 2023.

Statistics shared by Check Point show that Akira was the second most active group in the second quarter of 2025 after Qilin, claiming 143 victims during the time period.

“Akira ransomware maintains a special focus on Italy, with 10% of its victims from Italian companies compared to 3% in the general ecosystem,” the cybersecurity company said.

Cybersecurity researchers have disclosed a now-patched, high-severity security flaw in Cursor, a popular artificial intelligence (AI) code editor, that could result in remote code execution.

The vulnerability, tracked as CVE-2025-54135 (CVSS score: 8.6), has been addressed in version 1.3 released on July 29, 2025. It has been codenamed CurXecute by Aim Labs, which previously disclosed EchoLeak.

“Cursor runs with developer‑level privileges, and when paired with an MCP server that fetches untrusted external data, that data can redirect the agent’s control flow and exploit those privileges,” the Aim Labs Team said in a report shared with The Hacker News.

“By feeding poisoned data to the agent via MCP, an attacker can gain full remote code execution under the user privileges, and achieve any number of things, including opportunities for ransomware, data theft, AI manipulation and hallucinations, etc.”

In other words, the remote code execution triggered by a single externally‑hosted prompt‑injection that silently rewrites the “~/.cursor/mcp.json” file and runs attacker‑controlled commands.

The vulnerability is similar to EchoLeak in that the tools, which are exposed by Model Control Protocol (MCP) servers for use by AI models and facilitate interaction with external systems, such as querying databases or invoking APIs, could fetch untrusted data that can poison the agent’s expected behavior.

Specifically, Aim Security found that the mcp.json file used to configure custom MCP servers in Cursor can trigger the execution of any new entry (e.g., adding a Slack MCP server) without requiring any confirmation.

This auto-run mode is particularly dangerous because it can lead to the automatic execution of a malicious payload that’s injected by the attacker via a Slack message. The attack sequence proceeds as follows –

• User adds Slack MCP server via Cursor UI
• Attacker posts message in a public Slack channel with the command injection payload
• Victim opens a new chat and asks Cursor’s agent to use the newly configured Slack MCP server to summarize their messages in a prompt: “Use Slack tools to summarize my messages”
• The agent encounters a specially crafted message designed to inject malicious commands to its context

“The core cause of the flaw is that new entries to the global MCP JSON file are starting automatically,” Aim Security said. “Even if the edit is rejected, the code execution had already happened.”

The entire attack is noteworthy for its simplicity. But it also highlights how AI-assisted tools can open up new attack surfaces when processing external content, in this case, any third-party MCP server.

“As AI agents keep bridging external, internal, and interactive worlds, security models must assume external context may affect the agent runtime – and monitor every hop,” the company added.

Version 1.3 of Cursor also addresses another issue with auto-run mode that can easily circumvent the platform’s denylist-based protections using methods like Base64-encoding, shell scripts, and enclosing shell commands within quotes (e.g., “e”cho bypass) to execute unsafe commands.

Following responsible disclosure by the BackSlash Research Team, Cursor has taken the step of altogether deprecating the denylist feature for auto-run in favor of an allowlist.

“Don’t expect the built-in security solutions provided by vibe coding platforms to be comprehensive or foolproof,” researchers Mustafa Naamneh and Micah Gold said. “The onus is on end-user organizations to ensure agentic systems are equipped with proper guardrails.”

The disclosure comes as HiddenLayer also found that Cursor’s ineffective denylist approach can be weaponized by embedding hidden malicious instructions with a GitHub README.md file, allowing an attacker to steal API keys, SSH credentials, and even run blocked system commands.

“When the victim viewed the project on GitHub, the prompt injection was not visible, and they asked Cursor to git clone the project and help them set it up, a common occurrence for an IDE-based agentic system,” researchers Kasimir Schulz, Kenneth Yeung, and Tom Bonner noted.

“However, after cloning the project and reviewing the readme to see the instructions to set up the project, the prompt injection took over the AI model and forced it to use the grep tool to find any keys in the user’s workspace before exfiltrating the keys with curl.”

HiddenLayer said it also found additional weaknesses that could be abused to leak Cursor’s system prompt by overriding the base URL provided for OpenAI API requests to a proxied model, as well as exfiltrate a user’s private SSH keys by leveraging two benign tools, read_file and create_diagram, in what’s called a tool combination attack.

This essentially involves inserting a prompt injection command within a GitHub README.md file that’s parsed by Cursor when the victim user asks the code editor to summarize the file, resulting in the execution of the command.

The hidden instruction, for its part, uses the read_file tool to read private SSH keys belonging to the user and then utilizes the create_diagram tool to exfiltrate the keys to an attacker-controlled webhook.site URL. All the identified shortcomings have been remediated by Cursor in version 1.3.

News of various vulnerabilities in Cursor comes as Tracebit devised an attack targeting Google’s Gemini CLI, an open-source command-line tool fine-tuned for coding tasks, that exploited a default configuration of the tool to surreptitiously exfiltrate sensitive data to an attacker-controlled server using curl.

Like observed in the case of Cursor, the attack requires the victim to (1) instruct Gemini CLI to interact with an attacker-created GitHub codebase containing a nefarious indirect prompt injection in the GEMINI.md context file and (2) add a benign command to an allowlist (e.g., grep).

“Prompt injection targeting these elements, together with significant validation and display issues within Gemini CLI could cause undetectable arbitrary code execution,” Tracebit founder and CTO Sam Cox said.

To mitigate the risk posed by the attack, Gemini CLI users are advised to upgrade their installations to version 0.1.14 shipped on July 25, 2025.

Cybersecurity researchers have detailed a new cluster of activity where threat actors are impersonating enterprises with fake Microsoft OAuth applications to facilitate credential harvesting as part of account takeover attacks.

“The fake Microsoft 365 applications impersonate various companies, including RingCentral, SharePoint, Adobe, and Docusign,” Proofpoint said in a Thursday report.

The ongoing campaign, first detected in early 2025, is designed to use the OAuth applications as a gateway to obtain unauthorized access to users’ Microsoft 365 accounts by means of phishing kits like Tycoon and ODx that are capable of conducting multi-factor authentication (MFA) phishing.

The enterprise security company said it observed the approach being used in email campaigns with more than 50 impersonated applications.

The attacks begin with phishing emails sent from compromised accounts and aim to trick recipients into clicking on URLs under the pretext of sharing requests for quotes (RFQ) or business contract agreements.

Clicking on these links directs the victim to a Microsoft OAuth page for an application named “iLSMART” that asks them to grant it permissions to view their basic profile and maintain continued access to the data that they have been granted access to.

What makes this attack notable is the impersonation of ILSMart, a legitimate online marketplace for aviation, marine, and defense industries to buy and sell parts and repair services.

“The applications’ permissions would provide limited use to an attacker, but it is used for setting up the next stage of the attack,” Proofpoint said.

Regardless of whether the target accepted or denied the permissions requested, they are first redirected to a CAPTCHA page and then to a phony Microsoft account authentication page once the verification is complete.

This fake Microsoft page makes use of adversary-in-the-middle (AitM) phishing techniques powered by the Tycoon Phishing-as-a-Service (PhaaS) platform to harvest the victim’s credentials and MFA codes.

As recently as last month, Proofpoint said it detected another campaign impersonating Adobe in which the emails are sent via Twilio SendGrid, an email marketing platform, and are engineered with the same goal in mind: To gain user authorization or trigger a cancellation flow that redirects the victim to a phishing page.

The campaign represents just a drop in the bucket when compared to overall Tycoon-related activity, with the multiple clusters leveraging the toolkit to perform account takeover attacks. In 2025 alone, attempted account compromises affecting nearly 3,000 user accounts spanning more than 900 Microsoft 365 environments have been observed.

“Threat actors are creating increasingly innovative attack chains in an attempt to bypass detections and obtain access to organizations globally,” the company said, adding it “anticipates threat actors will increasingly target users’ identity, with AiTM credential phishing becoming the criminal industry standard.”

As of last month, Microsoft has announced plans to update default settings to improve security by blocking legacy authentication protocols and requiring admin consent for third-party app access. The updates are expected to be completed by August 2025.

“This update will have a positive impact on the landscape overall and will hamstring threat actors that use this technique,” Proofpoint pointed out.

The disclosure follows Microsoft’s decision to disable external workbook links to blocked file types by default between October 2025 and July 2026 in an attempt to enhance workbook security.

The findings also come as spear-phishing emails bearing purported payment receipts are used to deploy by means of an AutoIt-based injector a piece of .NET malware called VIP Keylogger that can steal sensitive data from compromised hosts, Seqrite said.

Over the course of several months, spam campaigns have been spotted concealing installation links to remote desktop software inside PDF files so as to bypass email and malware defenses. The campaign is believed to have been ongoing since November 2024, primarily targeting entities in France, Luxembourg, Belgium, and Germany.

“These PDFs are often disguised to look like invoices, contracts, or property listings to enhance credibility and lure victims into clicking the embedded link,” WithSecure said. “This design was intended to create the illusion of legitimate content that has been obscured, prompting the victim to install a program. In this case, the program was FleetDeck RMM.”

Other Remote Monitoring and Management (RMM) tools deployed as part of the activity cluster include Action1, OptiTune, Bluetrait, Syncro, SuperOps, Atera, and ScreenConnect.

“Although no post-infection payloads have been observed, the use of RMM tools strongly suggests their role as an initial access vector, potentially enabling further malicious activity,” the Finnish company added. “Ransomware operators in particular have favoured this approach.”

Aug 01, 2025Ravie LakshmananMalware / Artificial Intelligence

Cybersecurity researchers have flagged a malicious npm package that was generated using artificial intelligence (AI) and concealed a cryptocurrency wallet drainer.

The package, @kodane/patch-manager, claims to offer “advanced license validation and registry optimization utilities for high-performance Node.js applications.” It was uploaded to npm by a user named “Kodane” on July 28, 2025. The package is no longer available for download from the registry, but not before it attracted over 1,500 downloads.

Software supply chain security company Safety, which discovered the library, said the malicious features are advertised directly in the source code, calling it an “enhanced stealth wallet drainer.”

Specifically, the behavior is triggered as part of a postinstall script that drops its payload within hidden directories across Windows, Linux, and macOS systems, and then proceeds to connect to a command-and-control (C2) server at “sweeper-monitor-production.up.railway[.]app.”

“The script generates a unique machine ID code for the compromised host and shares that with the C2 server,” Paul McCarty, head of research at Safety, said, noting that the C2 server lists two compromised machines.

In the npm ecosystem, postinstall scripts are often overlooked attack vectors—they run automatically after a package is installed, meaning users can be compromised without ever executing the package manually. This creates a dangerous blind spot, especially in CI/CD environments where dependencies are updated routinely without direct human review.

The malware is designed to scan the system for the presence of a wallet file, and if found, it proceeds to drain all funds from the wallet to a hard-coded wallet address on the Solana blockchain.

While this is not the first time cryptocurrency drainers have been identified in open-source repositories, what makes @kodane/patch-manager stand out are clues that suggest the use of Anthropic’s Claude AI chatbot to generate it.

This includes the presence of emojis, extensive JavaScript console logging messages, well-written and descriptive comments, the README.md markdown file written in a style that’s consistent with Claude-generated markdown files, and Claude’s pattern of calling code changes as “Enhanced.”

The discovery of the npm package highlights “how threat actors are leveraging AI to create more convincing and dangerous malware,” McCarty said.

The incident also underlines growing concerns in software supply chain security, where AI-generated packages may bypass conventional defenses by appearing clean or even helpful. This raises the stakes for package maintainers and security teams, who now need to monitor not just known malware, but increasingly polished, AI-assisted threats that exploit trusted ecosystems like npm.

Just as triathletes know that peak performance requires more than expensive gear, cybersecurity teams are discovering that AI success depends less on the tools they deploy and more on the data that powers them

The junk food problem in cybersecurity

Imagine a triathlete who spares no expense on equipment—carbon fiber bikes, hydrodynamic wetsuits, precision GPS watches—but fuels their training with processed snacks and energy drinks. Despite the premium gear, their performance will suffer because their foundation is fundamentally flawed. Triathletes see nutrition as the fourth discipline of their training that can have a significant impact on performance and can even determine race outcomes.

Today’s security operations centers (SOCs) face a similar issue. They’re investing heavily in AI-powered detection systems, automated response platforms, and machine learning analytics—the equivalent of professional-grade triathlon equipment. But they’re powering these sophisticated tools with legacy data feeds that lack the richness and context modern AI models need to perform effectively.

Just as a triathlete needs to master swimming, cycling, and running in seamless coordination, SOC teams must excel at detection, investigation, and response. However, without their own “fourth discipline,” SOC analysts will be working with sparse endpoint logs, fragmented alert streams, and data silos that don’t communicate, it’s like trying to complete a triathlon fueled only by a bag of chips and a beer—no matter how good your training or equipment, you’re not crossing the finish line first. While you may load up on sugar and calories on race day to ensure you have the energy to make it through, that isn’t a sustainable, long-term regimen that will optimize your body for the best performance.

The hidden cost of legacy data diets

“We’re living through the first wave of an AI revolution, and so far the spotlight has focused on models and applications,” said Greg Bell, Corelight chief strategy officer. “That makes sense, because the impacts for cyber defense are going to be huge. But I think there’s starting to be a dawning realization that ML and GenAI tools are gated by the quality of data they consume.”

This disconnect between advanced AI capabilities and outdated data infrastructure creates what security professionals are now calling “data debt”—the accumulated cost of building AI systems on foundations that weren’t designed for machine learning consumption.

AI-driven threat detection becomes dramatically more effective when powered by forensic-grade network evidence that includes full context and real-time collection across on-premise, hybrid, and multi-cloud environments. This enables AI models to identify subtle patterns and anomalies that would be invisible in traditional log formats.

AI workflows transform the analyst experience by providing expert-authored processes enhanced with AI-driven payload analysis, historical context, and session-level summaries. This is equivalent to having a world-class coach who can instantly analyze performance data and provide specific, actionable guidance for improvement.

AI-enabled ecosystem integrations ensure that AI-ready data flows seamlessly into existing SOC tools—SIEMs, SOAR platforms, XDR systems, and data lakes—without requiring custom integrations or format conversions. It’s automatically compatible with nearly every tool in an analyst’s arsenal.

The compound effect of superior data

The impact of transitioning to AI-ready data creates a compound effect across security operations. Teams can correlate unusual access patterns and privilege escalations in ephemeral cloud environments, critical for addressing cloud-native threats that traditional tools miss. They gain expanded coverage for novel, evasive, and zero-day threats while enabling faster development of new detections.

Perhaps most importantly, analysts can quickly understand incident timelines without parsing raw logs, get plain-language summaries of suspicious behaviors across hosts and sessions, and focus their attention on priority alerts with clear justifications for why each incident matters.

“High quality, context-rich data is the ‘clean fuel’ AI needs to achieve its full potential,” added Bell. “Models starved of quality data will inevitably disappoint. As AI augmentation becomes the standard for both attack and defense, organizations that succeed will be the ones that understand a fundamental truth: in the world of AI security, you are what you eat.”

The training decision every SOC must make

As AI becomes standard for both attack and defense, AI-driven security tools can’t reach their potential without the right data. Organizations that continue feeding these systems with legacy data may find their significant investment in next-generation technology underperforming against increasingly advanced threats. Those that recognize this isn’t about replacing existing security investments — it’s about providing them with the high-quality fuel to deliver on their promise — will be positioned to unlock AI’s competitive advantage.

In the escalating battle against AI-enhanced threats, peak performance truly begins with what you feed your engine.

For more information about industry-standard security data models that all the major LLMs have already been trained on, visit www.corelight.com. Corelight delivers forensic-grade telemetry to power SOC workflows, drive detection, and enable the broader SOC ecosystem.