Category: Cybersecurity

Jul 30, 2025Ravie LakshmananVulnerability / Zero-Day

Apple on Tuesday released security updates for its entire software portfolio, including a fix for a vulnerability that Google said was exploited as a zero-day in the Chrome web browser earlier this month.

The vulnerability, tracked as CVE-2025-6558 (CVSS score: 8.8), is an incorrect validation of untrusted input in the browser’s ANGLE and GPU components that could result in a sandbox escape via a crafted HTML page.

While there are no details on how the issue has been weaponized by threat actors, Google acknowledged that an “exploit for CVE-2025-6558 exists in the wild.” Clément Lecigne and Vlad Stolyarov of Google’s Threat Analysis Group (TAG) have been credited with discovering and reporting the shortcoming.

The iPhone maker, in its latest round of software updates, also included patches for CVE-2025-6558, stating the vulnerability impacts the WebKit browser engine that powers its Safari browser.

“This is a vulnerability in open-source code and Apple Software is among the affected projects,” the company said in an advisory, adding it could be exploited to result in an unexpected crash of Safari when processing maliciously crafted web content.

The bug has been addressed in the following versions –

• iOS 18.6 and iPadOS 18.6 – iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
• iPadOS 17.7.9 – iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation
• macOS Sequoia 15.6 – Macs running macOS Sequoia
• tvOS 18.6 – Apple TV HD and Apple TV 4K (all models)
• watchOS 11.6 – Apple Watch Series 6 and later
• visionOS 2.6 – Apple Vision Pro

While there is no evidence that the vulnerability has been used to target Apple device users, it’s always a good practice to update to the latest versions of the software for optimal protection.

Jul 30, 2025Ravie LakshmananEndpoint Security / Cyber Espionage

Chinese companies linked to the state-sponsored hacking group known as Silk Typhoon (aka Hafnium) have been identified as behind over a dozen technology patents, shedding light on the shadowy cyber contracting ecosystem and its offensive capabilities.

The patents cover forensics and intrusion tools that enable encrypted endpoint data collection, Apple device forensics, and remote access to routers and smart home devices, SentinelOne said in a new report shared with The Hacker News.

“This new insight into the Hafnium-affiliated firms’ capabilities highlights an important deficiency in the threat actor attribution space: threat actor tracking typically links campaigns and clusters of activity to a named actor,” Dakota Cary, China-focused strategic advisor for SentinelLabs, said.

“Our research demonstrates the strength in identifying not only the individuals behind attacks, but the companies they work for, the capabilities those companies have, and how those capabilities fortify the initiatives of the state entities who contract with these firms.”

The findings build upon the U.S. Department of Justice’s (DoJ) July 2025 indictment of Xu Zewei and Zhang Yu, who, working on behalf of China’s Ministry of State Security (MSS), are accused of orchestrating the widespread exploitation campaign in 2021 aimed at Microsoft Exchange Server using then-zero-days dubbed ProxyLogon.

Court documents alleged that Zewei worked for a company named Shanghai Powerock Network Co. Ltd., while Yu was employed at Shanghai Firetech Information Science and Technology Company, Ltd. Both individuals are said to have operated under the discretion of the Shanghai State Security Bureau (SSSB).

Interestingly, Natto Thoughts reported that Powerock deregistered its business on April 7, 2021, a little over a month after Microsoft pointed fingers at China for the zero-day exploitation activity. Zewei would then go on to join Chaitin Tech, another prominent cybersecurity firm, only to change jobs again and begin working as an IT manager at Shanghai GTA Semiconductor Ltd.

It’s worth mentioning here at this stage that Yin Kecheng, a hacker tied to Silk Typhoon, is said to have been employed at a third Chinese firm named Shanghai Heiying Information Technology Company, Limited, which was established by Zhou Shuai, a Chinese patriotic hacker and purported data broker.

“Shanghai Firetech worked on specific tasking handed down from MSS officers,” Cary explained. “Shanghai Firetech and co-conspirators earned an on-going, trusting relationship with the MSS’s premier regional office, the SSSB.”

“This ‘directed’ nature of the relationship between the SSSB and these two companies contours the tiered system of offensive hacking outfits in China.”

Further investigation into the web of connections between the individuals and their companies has uncovered patents filed by Shanghai Firetech and Shanghai Siling Commerce Consulting Center, a firm jointly founded by Yu and Yin Wenji, CEO of Shanghai Firetech to collect “evidence” from Apple devices, routers, and defensive equipment.

There is also evidence to suggest that Shanghai Firetech is also engaged in developing solutions that could enable close access operations against individuals of interest.

“The variety of tools under the control of Shanghai Firetech exceeds those attributed to Hafnium and Silk Typhoon publicly,” Cary said. “The capabilities may have been sold to other regional MSS offices, and thus not attributed to Hafnium, despite being owned by the same corporate structure.”

Jul 30, 2025Ravie LakshmananDevice Security / AI Security

Google has announced that it’s making a security feature called Device Bound Session Credentials (DBSC) in open beta to ensure that users are safeguarded against session cookie theft attacks.

DBSC, first introduced as a prototype in April 2024, is designed to bind authentication sessions to a device so as to prevent threat actors from using stolen cookies to sign-in to victims’ accounts and gain unauthorized access from a separate device under their control.

“Available in the Chrome browser on Windows, DBSC strengthens security after you are logged in and helps bind a session cookie – small files used by websites to remember user information – to the device a user authenticated from,” Andy Wen, senior director of product management at Google Workspace, said.

DBSC is not only meant to secure user accounts post-authentication. It makes it a lot more difficult for bad actors to reuse session cookies and improves session integrity.

The company also noted passkey support is now generally available to more than 11 million Google Workspace customers, along with expanded admin controls to audit enrollment and restrict passkeys to physical security keys.

Lastly, Google intends to roll out a shared signals framework (SSF) receiver in a closed beta for select customers in order to enable the exchange of crucial security signals in near real-time using the OpenID standard.

“This framework acts as a robust system for ‘transmitters’ to promptly inform ‘receivers’ about significant events, facilitating a coordinated response to security threats,” Wen said.

“Beyond threat detection and response, signal sharing also allows for the general sharing of different properties, such as device or user information, further enhancing the overall security posture and collaborative defense mechanisms.”

Google Project Zero Unveils Reporting Transparency

The development comes as Google Project Zero, a security team within the company that’s tasked with hunting zero-day vulnerabilities, announced a new trial policy called Reporting Transparency to address what has been described as an upstream patch gap.

While patch gap typically refers to the time period between when a fix is released for a vulnerability and a user installs the appropriate update, upstream patch gap denotes the timespan where an upstream vendor has a fix available but downstream customers are yet to integrate the patch and ship it to end users.

To close this upstream patch app, Google said it’s adding a new step where it intends to publicly share the discovery of a vulnerability within a week of reporting it to the relevant vendor.

This information is expected to include the vendor or open-source project that received the report, the affected product, the date the report was filed, and when the 90-day disclosure deadline expires. The current list includes two Microsoft Windows bugs, one flaw in Dolby Unified Decoder, and three issues in Google BigWave.

“The primary goal of this trial is to shrink the upstream patch gap by increasing transparency,” Project Zero’s Tim Willis said. “By providing an early signal that a vulnerability has been reported upstream, we can better inform downstream dependents. For our small set of issues, they will have an additional source of information to monitor for issues that may affect their users.”

Google further said it plans to apply this principle to Big Sleep, an artificial intelligence (AI) agent that was launched last year as part of a collaboration between DeepMind and Google Project Zero to augment vulnerability discovery.

The search behemoth also stressed that no technical details, proof-of-concept code, or any other information that could “materially assist” bad actors will be released until the deadline.

With the latest approach, Google Project Zero said it hopes to move the needle on releasing patches to the devices, systems, and services relied on by end users in a timely fashion and bolster the overall security ecosystem.

Jul 30, 2025Ravie Lakshmanan

Google Cloud’s Mandiant Consulting has revealed that it has witnessed a drop in activity from the notorious Scattered Spider group, but emphasized the need for organizations to take advantage of the lull to shore up their defenses.

“Since the recent arrests tied to the alleged Scattered Spider (UNC3944) members in the U.K., Mandiant Consulting hasn’t observed any new intrusions directly attributable to this specific threat actor,” Charles Carmakal, CTO of Mandiant Consulting at Google Cloud, told The Hacker News in a statement.

“This presents a critical window of opportunity that organizations must capitalize on to thoroughly study the tactics UNC3944 wielded so effectively, assess their systems, and reinforce their security posture accordingly.”

Carmakal also warned businesses not to “let their guard down entirely,” as other threat actors like UNC6040 are employing similar social engineering tactics as Scattered Spider to breach target networks.

“While one group may be temporarily dormant, others won’t relent,” Carmakal added.

The development comes as the tech giant detailed the financially motivated hacking group’s aggressive targeting of VMware ESXi hypervisors in attacks targeting retail, airline, and transportation sectors in North America.

The U.S. government, alongside Canada and Australia, has also released an updated advisory outlining Scattered Spider’s updated tradecraft obtained as part of investigations conducted by the Federal Bureau of Investigation (FBI) as recently as this month.

“Scattered Spider threat actors have been known to use various ransomware variants in data extortion attacks, most recently including DragonForce ransomware,” the agencies said.

“These actors frequently use social engineering techniques such as phishing, push bombing, and subscriber identity module swap attacks to obtain credentials, install remote access tools, and bypass multi-factor authentication. Scattered Spider threat actors consistently use proxy networks [T1090] and rotate machine names to further hamper detection and response.”

The group has also been observed posing as employees to persuade IT and/or help desk staff to provide sensitive information, reset the employee’s password, and transfer the employee’s multi-factor authentication (MFA) to a device under their control.

This marks a shift from the threat actors impersonating help desk personnel in phone calls or SMS messages to obtain employee credentials or instruct them to run commercial remote access tools enabling initial access. In other instances, the hackers have acquired employee or contractor credentials on illicit marketplaces such as Russia Market.

Furthermore, the governments called out Scattered Spider’s use of readily available malware tools like Ave Maria (aka Warzone RAT), Raccoon Stealer, Vidar Stealer, and Ratty RAT to facilitate remote access and gather sensitive information, as well as cloud storage service Mega for data exfiltration.

“In many instances, Scattered Spider threat actors search for a targeted organization’s Snowflake access to exfiltrate large volumes of data in a short time, often running thousands of queries immediately,” per the advisory.

“According to trusted third-parties, where more recent incidents are concerned, Scattered Spider threat actors may have deployed DragonForce ransomware onto targeted organizations’ networks – thereby encrypting VMware Elastic Sky X integrated (ESXi) servers.”

Jul 30, 2025Ravie LakshmananVulnerability / Threat Intelligence

Threat actors have been observed exploiting a now-patched critical SAP NetWeaver flaw to deliver the Auto-Color backdoor in an attack targeting a U.S.-based chemicals company in April 2025.

“Over the course of three days, a threat actor gained access to the customer’s network, attempted to download several suspicious files and communicated with malicious infrastructure linked to Auto-Color malware,” Darktrace said in a report shared with The Hacker News.

The vulnerability in question is CVE-2025-31324, a severe unauthenticated file upload bug in SAP NetWeaver that enables remote code execution (RCE). It was patched by SAP in April.

Auto-Color, first documented by Palo Alto Networks Unit 42 earlier this February, functions akin to a remote access trojan, enabling remote access to compromised Linux hosts. It was observed in attacks targeting universities and government organizations in North America and Asia between November and December 2024.

The malware has been found to hide its malicious behavior should it fail to connect to its command-and-control (C2) server, a sign that the threat actors are looking to evade detection by giving the impression that it’s benign.

It supports various features, including reverse shell, file creation and execution, system proxy configuration, global payload manipulation, system profiling, and even self-removal when a kill switch is triggered.

The incident detected by Darktrace took place on April 28, when it was alerted to the download of a suspicious ELF binary on an internet-exposed machine likely running SAP NetWeaver. That said, initial signs of scanning activity are said to have occurred at least three days prior.

“CVE-2025-31324 was leveraged in this instance to launch a second-stage attack, involving the compromise of the internet-facing device and the download of an ELF file representing the Auto-Color malware,” the company said.

“From initial intrusion to the failed establishment of C2 communication, the Auto-Color malware showed a clear understanding of Linux internals and demonstrated calculated restraint designed to minimize exposure and reduce the risk of detection.”

Jul 29, 2025Ravie LakshmananPhishing / Developer Security

The maintainers of the Python Package Index (PyPI) repository have issued a warning about an ongoing phishing attack that’s targeting users in an attempt to redirect them to fake PyPI sites.

The attack involves sending email messages bearing the subject line “[PyPI] Email verification” that are sent from the email address noreply@pypj[.]org (note that the domain is not “pypi[.]org“).

“This is not a security breach of PyPI itself, but rather a phishing attempt that exploits the trust users have in PyPI,” Mike Fiedler, PyPI Admin, said in a post Monday.

The email messages instruct users to follow a link to verify their email address, which leads to a replica phishing site that impersonates PyPI and is designed to harvest their credentials.

But in a clever twist, once the login information is entered on the bogus site, the request is routed to the legitimate PyPI site, effectively fooling the victims into thinking that nothing is amiss when, in reality, their credentials have been passed on to the attackers. This method is harder to detect because there are no error messages or failed logins to trigger suspicion.

PyPI said it’s looking at different methods to handle the attack. In the meanwhile, it’s urging users to inspect the URL in the browser before signing in and refrain from clicking on the link if they have already received such emails.

If you’re unsure whether an email is legitimate, a quick check of the domain name—letter by letter—can help. Tools like browser extensions that highlight verified URLs or password managers that auto-fill only on known domains can add a second layer of defense. These kinds of attacks don’t just trick individuals; they aim to gain access to accounts that may publish or manage widely used packages.

“If you have already clicked on the link and provided your credentials, we recommend changing your password on PyPI immediately,” Fiedler said. “Inspect your account’s Security History for anything unexpected.”

It’s currently not clear who is behind the campaign, but the activity bears striking similarities to a recent npm phishing attack that employed a typosquatted domain “npnjs[.]com” (as opposed to “npmjs[.]com”) to send similar email verification emails to capture users’ credentials.

The attack ended up compromising seven different npm packages to deliver a malware called Scavenger Stealer to gather sensitive data from web browsers. In one case, the attacks paved the way for a JavaScript payload that captured system information and environment variables, and exfiltrated the details over a WebSocket connection.

Similar attacks have been seen across npm, GitHub, and other ecosystems where trust and automation play a central role. Typosquatting, impersonation, and reverse proxy phishing are all tactics in this growing category of social engineering that exploits how developers interact with tools they rely on daily.

Jul 29, 2025Ravie LakshmananLLM Security / Vulnerability

Cybersecurity researchers have disclosed a now-patched critical security flaw in a popular vibe coding platform called Base44 that could allow unauthorized access to private applications built by its users.

“The vulnerability we discovered was remarkably simple to exploit — by providing only a non-secret app_id value to undocumented registration and email verification endpoints, an attacker could have created a verified account for private applications on their platform,” cloud security firm Wiz said in a report shared with The Hacker News.

A net result of this issue is that it bypasses all authentication controls, including Single Sign-On (SSO) protections, granting full access to all the private applications and data contained within them.

Following responsible disclosure on July 9, 2025, an official fix was rolled out by Wix, which owns Base44, within 24 hours. There is no evidence that the issue was ever maliciously exploited in the wild.

While vibe coding is an artificial intelligence (AI)-powered approach designed to generate code for applications by simply providing as input a text prompt, the latest findings highlight an emerging attack surface, thanks to the popularity of AI tools in enterprise environments, that may not be adequately addressed by traditional security paradigms.

The shortcoming unearthed by Wiz in Base44 concerns a misconfiguration that left two authentication-related endpoints exposed without any restrictions, thereby permitting anyone to register for private applications using only an “app_id” value as input –

• api/apps/{app_id}/auth/register, which is used to register a new user by providing an email address and password
• api/apps/{app_id}/auth/verify-otp, which is used to verify the user by providing a one-time password (OTP)

As it turns out, the “app_id” value is not a secret and is visible in the app’s URL and in its manifest.json file path. This also meant that it’s possible to use a target application’s “app_id” to not only register a new account but also verify the email address using OTP, thereby gaining access to an application that they didn’t own in the first place.

“After confirming our email address, we could just login via the SSO within the application page, and successfully bypass the authentication,” security researcher Gal Nagli said. “This vulnerability meant that private applications hosted on Base44 could be accessed without authorization.”

The development comes as security researchers have shown that state-of-the-art large language models (LLMs) and generative AI (GenAI) tools can be jailbroken or subjected to prompt injection attacks and make them behave in unintended ways, breaking free of their ethical or safety guardrails to produce malicious responses, synthetic content, or hallucinations, and, in some cases, even abandon correct answers when presented with false counterarguments, posing risks to multi-turn AI systems.

Some of the attacks that have been documented in recent weeks include –

• A “toxic” combination of improper validation of context files, prompt injection, and misleading user experience (UX) in Gemini CLI that could lead to silent execution of malicious commands when inspecting untrusted code.
• Using a special crafted email hosted in Gmail to trigger code execution through Claude Desktop by tricking Claude to rewrite the message such that it can bypass restrictions imposed on it.
• Jailbreaking xAI’s Grok 4 model using Echo Chamber and Crescendo to circumvent the model’s safety systems and elicit harmful responses without providing any explicit malicious input. The LLM has also been found leaking restricted data and abiding hostile instructions in over 99% of prompt injection attempts absent any hardened system prompt.
• Coercing OpenAI ChatGPT into disclosing valid Windows product keys via a guessing game
• Exploiting Google Gemini for Workspace to generate an email summary that looks legitimate but includes malicious instructions or warnings that direct users to phishing sites by embedding a hidden directive in the message body using HTML and CSS trickery.
• Bypassing Meta’s Llama Firewall to defeat prompt injection safeguards using prompts that used languages other than English or simple obfuscation techniques like leetspeak and invisible Unicode characters.
• Deceiving browser agents into revealing sensitive information such as credentials via prompt injections attacks.

“The AI development landscape is evolving at unprecedented speed,” Nagli said. “Building security into the foundation of these platforms, not as an afterthought – is essential for realizing their transformative potential while protecting enterprise data.”

The disclosure comes as Invariant Labs, the research division of Snyk, detailed toxic flow analysis (TFA) as a way to harden agentic systems against Model Control Protocol (MCP) exploits like rug pulls and tool poisoning attacks.

“Instead of focusing on just prompt-level security, toxic flow analysis pre-emptively predicts the risk of attacks in an AI system by constructing potential attack scenarios leveraging deep understanding of an AI system’s capabilities and potential for misconfiguration,” the company said.

Furthermore, the MCP ecosystem has introduced traditional security risks, with as many as 1,862 MCP servers exposed to the internet sans any authentication or access controls, putting them at risk of data theft, command execution, and abuse of the victim’s resources, racking up cloud bills.

“Attackers may find and extract OAuth tokens, API keys, and database credentials stored on the server, granting them access to all the other services the AI is connected to,” Knostic said.

A newly emerged ransomware-as-a-service (RaaS) gang called Chaos is likely made up of former members of the BlackSuit crew, as the latter’s dark web infrastructure has been the subject of a law enforcement seizure.

Chaos, which sprang forth in February 2025, is the latest entrant in the ransomware landscape to conduct big-game hunting and double extortion attacks.

“Chaos RaaS actors initiated low-effort spam flooding, escalating to voice-based social engineering for access, followed by RMM tool abuse for persistent connection and legitimate file-sharing software for data exfiltration,” Cisco Talos researchers Anna Bennett, James Nutland, and Chetan Raghuprasad said.

“The ransomware utilizes multi-threaded rapid selective encryption, anti-analysis techniques, and targets both local and network resources, maximizing impact while hindering detection and recovery.”

It’s important to note here that the ransomware group is unrelated to the Chaos ransomware builder variants such as Yashma and Lucky_Gh0$t, indicating that the threat actors are using the same name to sow confusion. A majority of the victims are located in the United States, based on data from Ransomware.live.

Compatible with Windows, ESXi, Linux and NAS systems, Chaos has been observed seeking ransoms of $300,000 from victims in exchange for a decryptor and a “detailed penetration overview with main kill chain and security recommendations.”

The attacks involve a combination of phishing and voice phishing techniques to obtain initial access by tricking victims into installing remote desktop software, particularly Microsoft Quick Assist.

The threat actors subsequently carry out post-compromise discovery and reconnaissance, followed by installing other RMM tools such as AnyDesk, ScreenConnect, OptiTune, Syncro RMM, and Splashtop to establish persistent remote access to the network.

In a related move, the U.S. Federal Bureau of Investigation (FBI) and the Department of Justice (DoJ) publicly announced the seizure of 20.2891382 BTC (now valued at over $2.4 million) from a cryptocurrency wallet address associated with a member of the Chaos ransomware group known as Hors.

Chaos is the latest entrant to the ransomware landscape, which has also witnessed the arrival of other new strains like Backups, Bert, BlackFL, BQTLOCK, Gunra, Jackalock, Moscovium, RedFox, and Sinobi. Assessed to be based on the infamous Conti ransomware, Gunra has claimed 13 victims since late April 2025.

“Gunra ransomware employs advanced evasion and anti-analysis techniques used to infect Windows Operating systems while minimizing the risk of detection,” CYFIRMA said. “Its evasion capabilities include obfuscation of malicious activity, avoidance of rule-based detection systems, strong encryption methods, ransom demands, and warnings to publish data on underground forums.”

Other recent ransomware attacks include the use of DLL side-loading to drop NailaoLocker and ClickFix-like lures to trick users into downloading malicious HTML Application (HTA) files under the pretext of completing a CAPTCHA verification check and spreading Epsilon Red ransomware.

“Epsilon Red ransomware, first identified in 2021, leaves a ransom note on infected computers that bears a resemblance to the REvil ransomware note, albeit with minor grammatical improvements,” CloudSEK said.

According to NCC Group, ransomware attacks in the second quarter of 2025 dropped 43% to 1,180, a decline from 2,074 in Q1 2025. Qilin has become the most active ransomware group during the time period, leading with 151 attacks, followed by Akira at 131, Play at 115, SafePay at 108, and Lynx at 46. In all, a total of 86 new and existing active attack groups are estimated to be active in 2025.

“The volume of victims being exposed on ransomware leak sites might be declining but this doesn’t mean threats are reduced,” Matt Hull, Global Head of Threat Intelligence at NCC Group, said.

“Law enforcement crackdowns and leaked ransomware source code is possibly a contributing factor as to a drop in activity, but ransomware groups are using this opportunity to evolve through rebranding and the use of advanced social engineering tactics.”

React conquered XSS? Think again. That’s the reality facing JavaScript developers in 2025, where attackers have quietly evolved their injection techniques to exploit everything from prototype pollution to AI-generated code, bypassing the very frameworks designed to keep applications secure.

Full 47-page guide with framework-specific defenses (PDF, free).

JavaScript conquered the web, but with that victory came new battlefields. While developers embraced React, Vue, and Angular, attackers evolved their tactics, exploiting AI prompt injection, supply chain compromises, and prototype pollution in ways traditional security measures can’t catch.

A Wake-up Call: The Polyfill.io Attack

In June 2024, a single JavaScript injection attack compromised over 100,000 websites in the biggest JavaScript injection attack of the year. The Polyfill.io supply chain attack, where a Chinese company acquired a trusted JavaScript library and weaponized it to inject malicious code, affected major platforms including Hulu, Mercedes-Benz, and WarnerBros. This wasn’t an isolated incident targeting vulnerable forms or outdated systems. This was a sophisticated injection that turned websites’ own security tools against them, proving that traditional JavaScript defenses have become dangerously obsolete.

The Threat Landscape Has Changed

Gone are the days when a simple innerHTML sanitization could keep your app secure. Today’s attackers are leveraging:

• Supply chain compromises targeting your favorite npm packages
• Prototype pollution attacks that can hijack your entire object model
• AI-driven prompt injections that trick LLMs into generating malicious code
• DOM-based XSS in single-page applications that bypass server-side protections

The numbers tell the story: 22,254 CVEs were reported by mid-2024, a 30% jump from 2023 and 56% increase from 2022. With 98% of websites using JavaScript client-side and 67.9% of developers relying on it as their primary language, the attack surface has never been larger.

What Makes This Different

Most security guides still focus on decade-old attack patterns. This comprehensive analysis breaks down modern threats with a defense-in-depth approach that prioritizes protections by impact:

For real-world code samples and a prioritized roadmap, see the full guide

The Framework Reality Check

Even modern frameworks aren’t bulletproof:

This React code looks safe but isn’t –

// 🚨 Vulnerable: unsanitized input

Better approach with proper sanitization –

// ✅ Secure: React component with DOMPurify

Why it matters:

dangerouslySetInnerHTML bypasses React’s built-in XSS protection by directly injecting HTML into the DOM. When user content contains malicious scripts, they execute immediately in the victim’s browser, potentially:

• Stealing authentication cookies and session tokens
• Performing actions on behalf of the user
• Redirecting to malicious sites
• Keylogging sensitive information

DOMPurify sanitizes HTML by parsing the content and removing any potentially malicious elements while preserving safe formatting tags like <b>, <i>, <p>, etc.

The Banking Sector Under Siege

The financial industry has become prime target for sophisticated JavaScript injection attacks. In March 2023, IBM uncovered a malware campaign that targeted over 40 banks across the Americas, Europe, and Japan, compromising more than 50,000 individual user sessions. The attack leveraged advanced JavaScript web injections that detect specific page structures used by banking platforms, then dynamically inject malicious scripts to steal user credentials and one-time password tokens.

What made this campaign particularly dangerous was its adaptive behavior, the malware constantly communicated with command-and-control servers, adjusting its tactics in real-time based on page states and security detection attempts. Using sophisticated obfuscation techniques, the malware could patch functions to remove traces of its presence and avoid execution when security products were detected, proving that traditional JavaScript defenses are no match for modern, dynamically evolving threats.

The Store Raw, Encode on Output Principle

One of the guide’s most practical insights reinforces a fundamental security best practice: always store raw data and encode based on output context.

This approach:

1. Store raw, unencoded data in your database
2. Apply context-specific encoding at render time based on where data appears
3. Use different encoding methods for each output context (HTML entities for HTML content, JavaScript escaping for JS contexts, URL encoding for URLs, CSS escaping for stylesheets)

This context-aware encoding approach prevents double-encoding issues, maintains data integrity, and ensures proper protection regardless of how the data is eventually displayed, something any TypeScript developer building robust domain models will appreciate. The key insight is that the same user input might need HTML encoding when displayed in a div, JavaScript escaping when used in a script tag, and URL encoding when used in a link parameter.

WebAssembly Security Considerations

While WebAssembly offers performance benefits and sandboxing, it’s important to understand its security implications. The guide examines how Wasm introduces specific considerations that developers should be aware of:

• Source code vulnerabilities carry over: Memory-unsafe languages like C/C++ compiled to Wasm retain their original vulnerability patterns (buffer overflows, use-after-free, etc.)
• Reduced transparency: The binary format makes security auditing more challenging compared to readable JavaScript source
• Novel attack surfaces: Side-channel attacks through timing analysis and potential VM escape vectors, though these remain largely theoretical

WebAssembly’s sandboxed execution model does provide strong isolation, but like any technology, it requires thoughtful implementation and shouldn’t be viewed as an automatic security upgrade from JavaScript.

Emerging AI Threats

As LLMs become integrated into web applications, a new attack vector has emerged: prompt injection attacks. Malicious users craft prompts that trick AI models into generating JavaScript code that executes on the client side, a completely new category of injection vulnerability. You can learn more about it in the full guide.

The Bottom Line

Modern JavaScript security isn’t about implementing a checklist, it’s about understanding how attackers think and building layered defenses that adapt to evolving threats. Whether you’re building with React, Angular, or Vue, the fundamental principle remains: never trust client-side code, always validate server-side, and encode based on context.

The complete guide provides implementation examples for all major frameworks, practical code samples, and a prioritized approach that helps teams tackle the most critical vulnerabilities first.

Download the full PDF playbook here.

Cybersecurity researchers have discovered a new, large-scale mobile malware campaign that’s targeting Android and iOS platforms with fake dating, social networking, cloud storage, and car service apps to steal sensitive personal data.

The cross-platform threat has been codenamed SarangTrap by Zimperium zLabs. Users in South Korea appear to be the primary focus.

“This extensive campaign involved over 250 malicious Android applications and more than 80 malicious domains, all disguised as legitimate dating and social media applications,” security researcher Rajat Goyal said.

The bogus domains, which impersonate legitimate app store listing pages, are used as a lure to trick users into installing these apps, resulting in the exfiltration of contact lists and images, all while keeping up an illusion of legitimacy.

Once installed, the Android apps also prompt the victim to enter an invitation code, after which it’s validated against a command-and-control (C2) server. The app then proceeds to request sensitive permissions that allow it access to SMS messages, contact lists, and files under the pretext of offering the advertised functionality.

Coupling the activation of the malicious behavior to an invitation code is, by turns, clever and sneaky as it allows the malware to evade dynamic analyses and antivirus scans and silently hoover data.

The iOS version of the campaign has been found to entice users into installing a deceptive mobile configuration profile on their device, and then use the configuration to facilitate the app installation to capture contacts, photos, and the photo library.

The campaign is said to be in active development, with new variants of the malware samples limiting themselves to collecting contacts, images, and device information to an external server. There is also evidence that the threat actors behind the activity have resorted to blackmailing victims with threats to share personal videos with family members.

“This unsettling story is not an isolated incident; it highlights the psychological manipulation and social engineering tactics that these campaigns employ to take advantage of emotional vulnerability,” Goyal said.

“Victims are enticed into installing malware with the promise of companionship, only to discover that they are caught in a cycle of surveillance, extortion, and humiliation.”

The disclosure comes in the wake of another campaign that has set up 607 Chinese-language domains to distribute malicious application files (APKs) posing as the Telegram messaging app via a QR code embedded on the site and execute remote commands in real-time to enable data theft, surveillance, and control over the device using the MediaPlayer API.

“The APK was signed with a v1 signature scheme, making it vulnerable to the Janus vulnerability on Android 5.0 – 8.0,” BforeAI said. “This vulnerability allows attackers to craft deceptive applications.”

“After crafting the malicious application, it is then repackaged using its original v1 signature. This modification goes undetected, allowing the compromised app to be installed without causing suspicion. In essence, it enables attackers to make an app more dangerous, redistribute it as an APK, and trick users (especially on older devices) into installing it while completely bypassing security checks.”

“While the attack techniques are not new, the campaign’s cultural targeting and sustained activity reflect how cybercriminals continue to adapt their strategies to reach specific communities,” McAfee Labs researcher Dexter Shin said.

The malware disseminated by impersonating Indian banking services, for its part, leverages Firebase for C2 operations and utilizes phishing pages to mimic genuine user interfaces and harvest a wide range of data, including debit card details and SIM information. It also features call forwarding and remote calling functions.

Another Asian country that has become the target of Android malware attacks is Vietnam, where phishing sites posing as financial and government institutions are being used to propagate a new banking trojan dubbed RedHook.

“It communicates to the command-and-control (C2) server using WebSocket and supports over 30 remote commands, enabling complete control over compromised devices,” Cyble said. “Code artifacts, including Chinese-language strings, suggest development by a Chinese-speaking threat actor or group.”

A notable feature of the RedHook is its combination of keylogging and remote access trojan (RAT) capabilities to conduct credential theft and financial fraud. It also abuses Android’s accessibility services to perform overlay attacks and leverages the MediaProjection API to capture screen content.

Although the campaign is new, an exposed AWS S3 bucket used by the threat actor has uncovered uploaded screenshots, fake banking templates, PDF documents, and images detailing the malware’s behavior dating back to November 27, 2024.

“The discovery of RedHook highlights the growing sophistication of Android banking trojans that combine phishing, remote access, and keylogging to carry out financial fraud,” the company added. “By leveraging legitimate Android APIs and abusing accessibility permissions, RedHook stealthily gains deep control over infected devices while remaining under the radar of many security solutions.”

Malicious Android APKs masquerading as popular brands and exploiting social engineering and off-market distribution channels have also been found to siphon data and hijack network traffic for monetization purposes, often with the end goal of simulating user activity to inflate ad metrics or redirect users through affiliate funnels for illicit revenue generation.

Besides incorporating checks for sandboxed and virtualized environments, the apps feature a modular design to turn on advanced functionality at will.

“It leverages the open-source tool ApkSignatureKillerEx to subvert Android’s native signature verification process, allowing the injection of a secondary payload (origin.apk) into the application’s directory,” Trustwave SpiderLabs said. “This effectively reroutes execution to malicious code while preserving the app’s appearance as a legitimate, properly signed package, both to the operating system and users.”

The campaign has not been attributed to any known threat actor or group, although the use of ad fraud tactics suggests a possible connection to Chinese-speaking criminal groups.

That’s not all. New research from iVerify has revealed that setting up new Android-focused campaigns can be as easy as renting a malware-as-a-service (MaaS) kit like PhantomOS or Nebula for a monthly subscription, further lowering the bar for cybercrime.

“Some of these kits come with features 2FA interception, the ability to bypass antivirus software, silent app installs, GPS tracking, and even phishing overlays that are specific to a brand,” researcher Daniel Kelley said. “The platforms come with everything they need, like support through Telegram, backend infrastructure, and built-in ways to get around Google Play Protect.”

Also offered on underground forums are crypters and exploit kits that allow the malware to stay under the radar and spread the infections at scale using social engineering techniques. One such tool is Android ADB Scanner, which looks for open Android Debug Bridge (ADB) ports and pushes a malicious APK file without the victim’s knowledge. The service is available for around $600-$750.

“Perhaps the most interesting development in this ecosystem is the commoditization of infected devices themselves,” Kelley noted. “So-called ‘install’ markets let cybercriminals buy access to already compromised Android devices in bulk.”

Markets such as Valhalla offer devices compromised by banking trojans like ERMAC, Hook, Hydra, and Octo in a chosen country for a fee. This approach obviates the need for attackers to distribute malware or infect devices on their own. Instead, they can just acquire a network of existing bots to carry out activities of their choice.

To mitigate the risks posed by such apps, it’s advised to remain cautious of apps requiring unusual permissions or invitation codes, avoid downloading apps from untrusted sources or unofficial app stores, and periodically review device permissions and installed profiles.