Tag: Cyber Threats

Dec 04, 2025Ravie LakshmananDDoS Attacks / Network Security

Cloudflare on Wednesday said it detected and mitigated the largest ever distributed denial-of-service (DDoS) attack that measured at 29.7 terabits per second (Tbps).

The activity, the web infrastructure and security company said, originated from a DDoS botnet-for-hire known as AISURU, which has been linked to a number of hyper-volumetric DDoS attacks over the past year. The attack lasted for 69 seconds. It did not disclose the target of the attack.

The botnet has prominently targeted telecommunication providers, gaming companies, hosting providers, and financial services. Also tackled by Cloudflare was a 14.1 Bpps DDoS attack from the same botnet. AISURU is believed to be powered by a massive network comprising an estimated 1-4 million infected hosts worldwide.

“The 29.7 Tbps was a UDP carpet-bombing attack bombarding an average of 15,000 destination ports per second,” Omer Yoachimik and Jorge Pacheco said. “The distributed attack randomized various packet attributes in an attempt to evade defenses.”

In all, Cloudflare has mitigated 2,867 Aisuru attacks since the start of the year, out of which 1,304 hyper-volumetric attacks were launched from the botnet in the third quarter of 2025 alone. A total of 8.3 million DDoS attacks were blocked during the entire time period, a figure that represents a 15% increase from the previous quarter and a 40% jump from last year.

As many as 36.2 million DDoS attacks were thwarted in 2025, of which 1,304 were network-layer attacks exceeding 1 Tbps, up from 717 in Q1 2025 and 846 in Q2 2025. Some of the other notable trends observed in Q3 2025 are listed below –

• The number of DDoS attacks that exceeded 100 million packets per second (Mpps) increased by 189% QoQ.
• Most attacks, 71% of HTTP DDoS and 89% of network layer, lasted less than 10 minutes.
• Seven out of the 10 top sources of DDoS were locations within Asia, including Indonesia, Thailand, Bangladesh, Vietnam, India, Hong Kong, and Singapore. The other three sources are Ecuador, Russia, and Ukraine.
• DDoS attacks against the mining, minerals, and metals industry surged, making it the 49th most attacked sector globally.
• The automotive industry saw the largest increase in DDoS attacks, placing it as the sixth most attacked sector globally.
• DDoS attack traffic against artificial intelligence (AI) companies spiked by 347% in September 2025
• Information technology, telecommunications, gambling, gaming, and internet services topped the list of most attacked sectors.
• China, Turkey, Germany, Brazil, the U.S., Russia, Vietnam, Canada, South Korea, and the Philippines were the most attacked countries.
• Nearly 70% of HTTP DDoS attacks originated from known botnets.

“We’ve entered an era where DDoS attacks have rapidly grown in sophistication and size — beyond anything we could’ve imagined a few years ago,” Cloudflare said. “Many organizations have faced challenges in keeping pace with this evolving threat landscape.”

Cybercriminals associated with a financially motivated group known as GoldFactory have been observed staging a fresh round of attacks targeting mobile users in Indonesia, Thailand, and Vietnam by impersonating government services.

The activity, observed since October 2024, involves distributing modified banking applications that act as a conduit for Android malware, Group-IB said in a technical report published Wednesday.

Assessed to be active as far back as June 2023, GoldFactory first gained attention early last year, when the Singapore-headquartered cybersecurity company detailed the threat actor’s use of custom malware families like GoldPickaxe, GoldDigger, and GoldDiggerPlus targeting both Android and iOS devices.

Evidence points to GoldFactory being a well-organized Chinese-speaking cybercrime group with close connections to Gigabud, another Android malware that was spotted in mid-2023. Despite major disparities in their codebases, both GoldDigger and Gigabud have been found to share similarities in their impersonation targets and landing pages.

The first cases in the latest attack wave were detected in Thailand, with the threat subsequently appearing in Vietnam by late 2024 and early 2025 and in Indonesia from mid-2025 onwards.

Group-IB said it has identified more than 300 unique samples of modified banking applications that have led to almost 2,200 infections in Indonesia. Further investigation has uncovered over 3,000 artifacts that it said led to no less than 11,000 infections. About 63% of the altered banking apps cater to the Indonesian market.

The infection chains, in a nutshell, involve the impersonation of government entities and trusted local brands and approaching prospective targets over the phone to trick them into installing malware by instructing them to click on a link sent on messaging apps like Zalo.

In at least one case documented by Group-IB, fraudsters posed as Vietnam’s public power company EVN and urged victims to pay overdue electricity bills or risk facing immediate suspension of the service. During the call, the threat actors are said to have asked the victims to add them on Zalo so as to receive a link to download an app and link their accounts.

The links redirect the victims to fake landing pages that masquerade as Google Play Store app listings, resulting in the deployment of a remote access trojan like Gigabud, MMRat, or Remo, which surfaced earlier this year using the same tactics as GoldFactory. These droppers then pave the way for the main payload that abuses Android’s accessibility services to facilitate remote control.

“The malware […] is based on the original mobile banking applications,” researchers Andrey Polovinkin, Sharmine Low, Ha Thi Thu Nguyen, and Pavel Naumov said. “It operates by injecting malicious code into only a portion of the application, allowing the original application to retain its normal functionality. The functionality of injected malicious modules can differ from one target to another, but mainly it bypasses the original application’s security features.”

Specifically, it works by hooking into the application’s logic to execute the malware. Three different malware families have been discovered based on the frameworks used in the modified applications to perform runtime hooking: FriHook, SkyHook, and PineHook. Regardless of these differences, the functionality of the modules overlaps, making it possible to –

• Hide the list of applications that have accessibility services enabled
• Prevent screencast detection
• Spoof the signature of an Android application
• Hide the installation source
• Implement custom integrity token providers, and
• Obtain the victims’ balance account

While SkyHook makes use of the publicly available Dobby framework to execute the hooks, FriHook employs a Frida gadget that’s injected into the legitimate banking application. PineHook, as the name implies, utilizes a Java-based hooking framework called Pine.

Group-IB said its analysis of the malicious infrastructure erected by GoldFactory also uncovered a pre-release testing build of a new Android malware variant dubbed Gigaflower that’s likely a successor to the Gigabud malware.

It supports around 48 commands to enable real-time screen and device activity streaming using WebRTC; weaponize accessibility services for keylogging, reading user interface content, and performing gestures; serve fake screens to mimic system updates, PIN prompts, and account registration to harvest personal information, and extract data from images associated with identification cards using a built-in text recognition algorithm.

Also currently in the works is a QR code scanner feature that attempts to read the QR code on Vietnamese identity cards, likely with the goal of simplifying the process of capturing the details.

Interestingly, GoldFactory appears to have ditched its bespoke iOS trojan in favor of an unusual approach that now instructs victims to borrow an Android device from a family member or relative to continue the process. It’s currently not clear what prompted the shift, but it’s believed that it’s due to stricter security measures and app store moderation on iOS.

“While earlier campaigns focused on exploiting KYC processes, recent activity shows direct patching of legitimate banking applications to commit fraud,” the researchers said. “The use of legitimate frameworks such as Frida, Dobby, and Pine to modify trusted banking applications demonstrates a sophisticated yet low-cost approach that allows cybercriminals to bypass traditional detection and rapidly scale their operation.”

Dec 03, 2025Ravie LakshmananVulnerability / Cloud Security

A maximum-severity security flaw has been disclosed in React Server Components (RSC) that, if successfully exploited, could result in remote code execution.

The vulnerability, tracked as CVE-2025-55182, carries a CVSS score of 10.0.

It allows “unauthenticated remote code execution by exploiting a flaw in how React decodes payloads sent to React Server Function endpoints,” the React Team said in an alert issued today.

“Even if your app does not implement any React Server Function endpoints, it may still be vulnerable if your app supports React Server Components.”

According to cloud security firm Wiz, the issue is a case of logical deserialization that stems from processing RSC payloads in an unsafe manner. As a result, an unauthenticated attacker could craft a malicious HTTP request to any Server Function endpoint that, when deserialized by React, achieves execution of arbitrary JavaScript code on the server.

The vulnerability impacts versions 19.0, 19.1.0, 19.1.1, and 19.2.0 of the following npm packages –

• react-server-dom-webpack
• react-server-dom-parcel
• react-server-dom-turbopack

It has been addressed in versions 19.0.1, 19.1.2, and 19.2.1. New Zealand-based security researcher Lachlan Davidson has been credited with discovering and reporting the flaw on November 29, 2025.

It’s worth noting that the vulnerability also affects Next.js using App Router. The issue has been assigned the CVE identifier CVE-2025-66478 (CVSS score: 10.0). It impacts versions >=14.3.0-canary.77, >=15, and >=16. Patched versions are 16.0.7, 15.5.7, 15.4.8, 15.3.6, 15.2.6, 15.1.9, and 15.0.5.

That said, any library that bundles RSC is likely to be affected by the flaw. This includes, but is not limited to, Vite RSC plugin, Parcel RSC plugin, React Router RSC preview, RedwoodJS, and Waku.

Wiz said 39% of cloud environments have instances vulnerable to CVE-2025-55182 and/or CVE-2025-66478. In light of the severity of the vulnerability, it’s advised that users apply the fixes as soon as possible for optimal protection.

Dec 03, 2025Ravie LakshmananVulnerability / Endpoint Security

Microsoft has silently plugged a security flaw that has been exploited by several threat actors since 2017 as part of the company’s November 2025 Patch Tuesday updates, according to ACROS Security’s 0patch.

The vulnerability in question is CVE-2025-9491 (CVSS score: 7.8/7.0), which has been described as a Windows Shortcut (LNK) file UI misinterpretation vulnerability that could lead to remote code execution.

“The specific flaw exists within the handling of .LNK files,” according to a description in the NIST National Vulnerability Database (NVD). “Crafted data in an .LNK file can cause hazardous content in the file to be invisible to a user who inspects the file via the Windows-provided user interface. An attacker can leverage this vulnerability to execute code in the context of the current user.”

In other words, these shortcut files are crafted such that viewing their properties in Windows conceals the malicious commands executed by them out of the user’s sight by using various “whitespace” characters. To trigger their execution, attackers could disguise the files as harmless documents.

Details of the shortcoming first emerged in March 2025, when Trend Micro’s Zero Day Initiative (ZDI) disclosed that the issue had been exploited by 11 state-sponsored groups from China, Iran, North Korea, and Russia as part of data theft, espionage, and financially motivated campaigns, some of which date back to 2017. The issue is also tracked as ZDI-CAN-25373.

At that time, Microsoft told The Hacker News that the flaw does not meet the bar for immediate servicing and that it will consider fixing it in a future release. It also pointed out that the LNK file format is blocked across Outlook, Word, Excel, PowerPoint, and OneNote, as a result of which any attempt to open such files will trigger a warning to users not to open files from unknown sources.

Subsequently, a report from HarfangLab found that the shortcoming was abused by a cyber espionage cluster known as XDSpy to distribute a Go-based malware called XDigo as part of attacks targeting Eastern European governmental entities, the same month the flaw was publicly disclosed.

Then, in late October 2025, the issue reared up a third time after Arctic Wolf flagged an offensive campaign in which China-affiliated threat actors weaponized the flaw in attacks aimed at European diplomatic and government entities and delivered the PlugX malware.

This development prompted Microsoft to issue a formal guidance on CVE-2025-9491, reiterating its decision not to patch it and emphasizing that it does consider it a vulnerability “due to the user interaction involved and the fact that the system already warns users that this format is untrusted.”

0patch said the vulnerability is not just about hiding the malicious part of the command out of the Target field, but the fact that a LNK file “allows the Target arguments to be a very long string (tens of thousands of characters), but the Properties dialog only shows the first 260 characters, silently cutting off the rest.”

This also means that a bad actor can create an LNK file that can run a long command, which would cause only the first 260 characters of it to be displayed to the user who viewed its properties. The rest of the command string is simply truncated. According to Microsoft, the file’s structure theoretically allows for strings of up to 32k characters.

The silent patch released by Microsoft addresses the problem by showing in the Properties dialog the entire Target command with arguments, no matter its length. That said, this behavior hinges on the possibility that there can exist shortcut files with more than 260 characters in their Target field.

0patch’s micropatch for the same flaw takes a different route by displaying a warning when users attempt to open an LNK file with over 260 characters.

“Even though malicious shortcuts could be constructed with fewer than 260 characters, we believe disrupting actual attacks detected in the wild can make a big difference for those targeted,” it said.

The Hacker News has reached out to Microsoft for comment, and will update the piece if we hear back from the company.

Dec 03, 2025Ravie LakshmananVulnerability / Website Security

A critical security flaw impacting a WordPress plugin known as King Addons for Elementor has come under active exploitation in the wild.

The vulnerability, CVE-2025-8489 (CVSS score: 9.8), is a case of privilege escalation that allows unauthenticated attackers to grant themselves administrative privileges by simply specifying the administrator user role during registration.

It affects versions from 24.12.92 through 51.1.14. It was patched by the maintainers in version 51.1.35 released on September 25, 2025. Security researcher Peter Thaleikis has been credited with discovering and reporting the flaw. The plugin has over 10,000 active installs.

“This is due to the plugin not properly restricting the roles that users can register with,” Wordfence said in an alert. “This makes it possible for unauthenticated attackers to register with administrator-level user accounts.”

Specifically, the issue is rooted in the “handle_register_ajax()” function that’s invoked during user registration. But an insecure implementation of the function meant that unauthenticated attackers can specify their role as “administrator” in a crafted HTTP request to the “/wp-admin/admin-ajax.php” endpoint, allowing them to obtain elevated privileges.

Wordfence said it has blocked over 48,400 exploit attempts since the flaw was publicly disclosed in late October 2025, with 75 attempts thwarted in the last 24 hours alone. The attacks have originated from the following IP addresses –

• 45.61.157.120
• 182.8.226.228
• 138.199.21.230
• 206.238.221.25
• 2602:fa59:3:424::1

“Attackers may have started actively targeting this vulnerability as early as October 31, 2025, with mass exploitation starting on November 9, 2025,” the WordPress security company said.

Site administrators are advised to ensure that they are running the latest version of the plugin, audit their environments for any suspicious admin users, and monitor for any signs of abnormal activity.

The threat actor known as Water Saci is actively evolving its tactics, switching to a sophisticated, highly layered infection chain that uses HTML Application (HTA) files and PDFs to propagate a worm that deploys a banking trojan via WhatsApp in attacks targeting users in Brazil.

The latest wave is characterized by the attackers shifting from PowerShell to a Python-based variant that spreads the malware in a worm-like manner over WhatsApp Web.

“Their new multi-format attack chain and possible use of artificial intelligence (AI) to convert propagation scripts from PowerShell to Python exemplifies a layered approach that has enabled Water Saci to bypass conventional security controls, exploit user trust across multiple channels, and ramp up their infection rates,” Trend Micro researchers Jeffrey Francis Bonaobra, Sarah Pearl Camiling, Joe Soares, Byron Gelera, Ian Kenefick, and Emmanuel Panopio said.

In these attacks, users receive messages from trusted contacts on WhatsApp, urging them to interact with malicious PDF or HTA attachments and activate the infection chain and ultimately drop a banking trojan that can harvest sensitive data. The PDF lure instructs victims to update Adobe Reader by clicking on an embedded link.

Users who receive HTA files are deceived into executing a Visual Basic Script immediately upon opening, which then runs PowerShell commands to fetch next-stage payloads from a remote server, an MSI installer for the trojan and a Python script that’s responsible for spreading the malware via WhatsApp Web.

“This newly observed variant allows for broader browser compatibility, object-oriented code structure, enhanced error handling, and faster automation of malware delivery through WhatsApp Web,” Trend Micro said. “Together, these changes make propagation faster, more resilient to failure, and easier to maintain or extend.”

The MSI installer, for its part, serves as a conduit for delivering the banking trojan using an AutoIt script. The script also runs checks to ensure that only one instance of the trojan is running at any given point of time. It accomplishes this by verifying the presence of a marker file named “executed.dat.” If it does not exist, the script creates the file and notifies an attacker-controlled server (“manoelimoveiscaioba[.]com”).

Other AutoIt artifacts uncovered by Trend Micro have also been found to verify whether the Windows system language is set to Portuguese (Brazil), proceeding further to scan the infected system for banking-related activity only if this criteria is met. This includes checking for folders related to major Brazilian banking applications, security, and anti-fraud modules, such as Bradesco, Warsaw, Topaz OFD, Sicoob, and Itaú.

It’s worth noting Latin America (LATAM)-focused banking trojans like Casbaneiro (aka Metamorfo and Ponteiro) have incorporated similar features as far back as 2019. Furthermore, the script analyzes the user’s Google Chrome browsing history to search visits to banking websites, specifically a hard-coded list comprising Santander, Banco do Brasil, Caixa Econômica Federal, Sicredi, and Bradesco.

The script then proceeds to another critical reconnaissance step that involves checking for installed antivirus and security software, as well as harvesting detailed system metadata. The main functionality of the malware is to monitor open windows and extract their window titles to compare them against a list of banks, payment platforms, exchanges, and cryptocurrency wallets.

“If a TDA file is present, the AutoIt script decrypts and loads it as an intermediate PE loader (Stage 2) into memory,” Trend Micro explained. “However, if only a DMP file is found (no TDA present), the AutoIt script bypasses the intermediate loader entirely and loads the banking trojan directly into the AutoIt process memory, skipping the process hollowing step and running as a simpler two-stage infection.”

Persistence is achieved by constantly keeping tabs on the newly spawned “svchost.exe” process. Should the process be terminated, the malware starts afresh and waits to re-inject the payload the next time the victim opens a browser window for a financial service that’s targeted by Water Saci.

The attacks stand out for a major tactical shift. The banking trojan deployed is not Maverick, but rather a malware that exhibits structural and behavioral continuity with Casbaneiro. This assessment is based on the AutoIt-based delivery and loader mechanism employed, as well as the window title monitoring, Registry-based persistence, and IMAP-based fallback command-and-control (C2) mechanism.

Once launched, the trojan carries out “aggressive” anti-virtualization checks to sidestep analysis and detection, and gathers host information through Windows Management Instrumentation (WMI) queries. It makes Registry modifications to set up persistence and establishes contact with a C2 server (“serverseistemasatu[.]com”) to send the collected details and receive backdoor commands that grant remote control over the infected system.

Besides scanning the titles of active windows to identify whether the user is interacting with banking or cryptocurrency platforms, the trojan forcibly terminates several browsers to force victims to reopen banking sites under “attacker-controlled conditions.” Some of the supported features of the trojan are listed below –

• Send system information
• Enable keyboard capture
• Start/stop screen capture
• Modify screen resolution
• Simulate mouse movements and clicks
• Perform file operations
• Upload/download files
• Enumerate windows, and
• Create fake banking overlays to capture credentials and transaction data

The second aspect of the campaign is the use of a Python script, an enhanced version of its PowerShell predecessor, to enable malware delivery to every contact via WhatsApp Web sessions using the Selenium browser automation tool.

There is “compelling” evidence to suggest that Water Saci may have used a large language model (LLMs) or code-translation tool to port their propagation script from PowerShell to Python, given the functional similarities between the two versions and the inclusion of emojis in console outputs.

“The Water Saci campaign exemplifies a new era of cyber threats in Brazil, where attackers exploit the trust and reach of popular messaging platforms like WhatsApp to orchestrate large-scale, self-propagating malware campaigns,” Trend Micro said.

“By weaponizing familiar communication channels and employing advanced social engineering, threat actors are able to swiftly compromise victims, bypass traditional defenses, and sustain persistent banking trojan infections. This campaign demonstrates how legitimate platforms can be transformed into powerful vectors for malware delivery and underscores the growing sophistication of cybercriminal operations in the region.”

Brazil Targeted by New RelayNFC Android Malware

The development comes as Brazilian banking users are also being targeted by a previously undocumented Android malware dubbed RelayNFC that’s designed to carry out Near-Field Communication (NFC) relay attacks and siphon contactless payment data. The campaign has been running since early November 2025.

“RelayNFC implements a full real-time APDU relay channel, allowing attackers to complete transactions as though the victim’s card were physically present,” Cyble said in an analysis. “The malware is built using React Native and Hermes bytecode, which complicates static analysis and helps evade detection.”

Primarily spread via phishing, the attack makes use of decoy Portuguese-language sites (e.g., “maisseguraca[.]site”) to trick users into installing the malware under the pretext of securing their payment cards. The end goal of the campaign is to capture the victim’s card details and relay them to attackers, who can then perform fraudulent transactions using the stolen data.

Like other NFC relay malware families such as SuperCard X and PhantomCard, RelayNFC operates as a reader that’s designed to gather the card data by instructing the victim to tap their payment card on the device. Once the card data is read, the malware displays a message that prompts them to enter their 4- or 6-digit PIN. The captured information is then sent to the attacker’s server through a WebSocket connection.

“When the attacker initiates a transaction from their POS-emulator device, the C&C server sends a specially crafted message of type ‘apdu’ to the infected phone,” Cyble said. “This message contains a unique request ID, a session identifier, and the APDU command encoded as a hexadecimal string.”

“Upon receiving this instruction, RelayNFC parses the packet, extracts the APDU data, and forwards it directly to the victim device’s NFC subsystem, effectively acting as a remote interface to the physical payment card.”

The cybersecurity company said its investigation also uncovered a separate phishing site (“test.ikotech[.]online”) that distributes an APK file with a partial implementation of Host Card Emulation (HCE), indicating that the threat actors are experimenting with different NFC relay techniques.

Because HCE allows an Android device to emulate a payment card, the mechanism allows a victim’s card interactions to be transmitted between a legitimate payment-of-sale (PoS) terminal and an attacker-controlled device, thereby facilitating a real-time NFC relay attack. The feature is assessed to be under development, as the APK file does not register the HCE service in the package manifest file.

“The RelayNFC campaign highlights the rapid evolution of NFC relay malware targeting payment systems, particularly in Brazil,” the company said. “By combining phishing-driven distribution, React Native-based obfuscation, and real-time APDU relaying over WebSockets, the threat actors have created a highly effective mechanism for remote EMV transaction fraud.”

Dec 03, 2025The Hacker NewsCybercrime / Artificial Intelligence

Remember when phishing emails were easy to spot? Bad grammar, weird formatting, and requests from a “Prince” in a distant country?

Those days are over.

Today, a 16-year-old with zero coding skills and a $200 allowance can launch a campaign that rivals state-sponsored hackers. They don’t need to be smart; they just need to subscribe to the right AI tool.

We are witnessing the industrialization of cybercrime. The barrier to entry has collapsed, and your current email filters are looking for threats that no longer exist.

Watch the Live Breakdown of AI Phishing Tools ➜

The New “Big Three” of Cybercrime

Security leaders don’t need another lecture on what phishing is. You need to see exactly what you are up against. This isn’t science fiction—these tools are being sold on the dark web right now.

In this webinar, we are going inside the “AI Phishing Factory” to deconstruct the three tools rewriting the threat landscape:

• WormGPT: Think of ChatGPT, but without the “ethical guardrails.” It doesn’t have a conscience. It writes flawless, highly personalized Business Email Compromise (BEC) messages that sound exactly like your CEO—no typos, perfect tone.
• FraudGPT: The “Netflix” of hacking. For a low monthly subscription, attackers get a full suite of tools to write malicious code, create scam landing pages, and draft emails. It is hacking-as-a-service.
• SpamGPT: This acts like a high-end marketing automation tool, but for criminals. It allows attackers to A/B test their scams and deliver them at a volume that overwhelms standard detection limits.

Here is the hard truth: You cannot train your employees fast enough to outsmart a machine that learns instantly. If an email is written by AI to be indistinguishable from a legitimate sender, someone will click. It is a statistical certainty.

Most defensive strategies focus on detection—trying to spot the bad email. But when the AI changes the emails’ signature every second, detection fails.

Register for the Webinar ➜

Stop the Damage, Not Just the Email

This session isn’t about scaring you with the problem; it’s about fixing it.

Since we know users will eventually click, we have to change the strategy. We need to make the click irrelevant. We need to ensure that even if they land on the phishing page, the attacker gets nothing.

Join us to learn how to:

1. Identify the specific signatures of WormGPT and FraudGPT attacks.
2. Shift your defense strategy from “blocking emails” to “protecting identity.”
3. Neutralize the attack at the point of access by removing the one thing hackers want: the credentials.

The bad guys are using AI to scale their attacks. You need to use intelligence to scale your defense.

Secure Your Seat Now ➜

Don’t wait for the quarterly report to find out you were vulnerable. Get the strategy you need to shut this down now.

Most people know the story of Paul Bunyan. A giant lumberjack, a trusted axe, and a challenge from a machine that promised to outpace him. Paul doubled down on his old way of working, swung harder, and still lost by a quarter inch. His mistake was not losing the contest. His mistake was assuming that effort alone could outmatch a new kind of tool.

Security professionals are facing a similar moment. AI is our modern steam-powered saw. It is faster in some areas, unfamiliar in others, and it challenges a lot of long-standing habits. The instinct is to protect what we know instead of learning what the new tool can actually do. But if we follow Paul’s approach, we’ll find ourselves on the wrong side of a shift that is already underway. The right move is to learn the tool, understand its capabilities, and leverage it for outcomes that make your job easier.

AI’s Role in Daily Cybersecurity Work

AI is now embedded in almost every security product we touch. Endpoint protection platforms, mail filtering systems, SIEMs, vulnerability scanners, intrusion detection tools, ticketing systems, and even patch management platforms advertise some form of “intelligent” decision-making. The challenge is that most of this intelligence lives behind a curtain. Vendors protect their models as proprietary IP, so security teams only see the output.

This means models are silently making risk decisions in environments where humans still carry accountability. Those decisions come from statistical reasoning, not an understanding of your organization, its people, or its operational priorities. You cannot inspect an opaque model, and you cannot rely on it to capture nuance or intent.

That is why security professionals should build or tune their own AI-assisted workflows. The goal is not to rebuild commercial tools. The goal is to counterbalance blind spots by building capabilities you control. When you design a small AI utility, you determine what data it learns from, what it considers risky, and how it should behave. You regain influence over the logic shaping your environment.

Removing Friction and Raising Velocity

A large portion of security work is translational. Anyone who has written complex JQ filters, SQL queries, or regular expressions just to pull a small piece of information from logs knows how much time that translation step can consume. These steps slow down investigations not because they are difficult, but because they interrupt your flow of thought.

AI can remove much of that translation burden. For example, I have been writing small tools that put AI on the front end and a query language on the back end. Instead of writing the query myself, I can ask for what I want in plain English, and the AI generates the correct syntax to extract it. It becomes a human-to-computer translator that lets me focus on what I am trying to investigate rather than the mechanics of the query language.

Register for SANS 2026 here.

Note: This article was expertly authored by Mark Baggett, SANS Fellow.

Dec 03, 2025Ravie LakshmananMachine Learning / Vulnerability

Three critical security flaws have been disclosed in an open-source utility called Picklescan that could allow malicious actors to execute arbitrary code by loading untrusted PyTorch models, effectively bypassing the tool’s protections.

Picklescan, developed and maintained by Matthieu Maitre (@mmaitre314), is a security scanner that’s designed to parse Python pickle files and detect suspicious imports or function calls, before they are executed. Pickle is a widely used serialization format in machine learning, including PyTorch, which uses the format to save and load models.

But pickle files can also be a huge security risk, as they can be used to automatically trigger the execution of arbitrary Python code when they are loaded. This necessitates that users and organizations load trusted models, or load model weights from TensorFlow and Flax.

The issues discovered by JFrog essentially make it possible to bypass the scanner, present the scanned model files as safe, and enable malicious code to be executed, which could then pave the way for a supply chain attack.

“Each discovered vulnerability enables attackers to evade PickleScan’s malware detection and potentially execute a large-scale supply chain attack by distributing malicious ML models that conceal undetectable malicious code,” security researcher David Cohen said.

Picklescan, at its core, works by examining the pickle files at bytecode level and checking the results against a blocklist of known hazardous imports and operations to flag similar behavior. This approach, as opposed to allowlisting, also means that it prevents the tools from detecting any new attack vector and requires the developers to take into account all possible malicious behaviors.

The identified flaws are as follows –

• CVE-2025-10155 (CVSS score: 9.3/7.8) – A file extension bypass vulnerability that can be used to undermine the scanner and load the model when providing a standard pickle file with a PyTorch-related extension such as .bin or .pt
• CVE-2025-10156 (CVSS score: 9.3/7.5) – A bypass vulnerability that can be used to disable ZIP archive scanning by introducing a Cyclic Redundancy Check (CRC) error
• CVE-2025-10157 (CVSS score: 9.3/8.3) – A bypass vulnerability that can be used to undermine Picklescan’s unsafe globals check, leading to arbitrary code execution by getting around a blocklist of dangerous imports

Successful exploitation of the aforementioned flaws could allow attackers to conceal malicious pickle payloads within files using common PyTorch extensions, deliberately introduce CRC errors into ZIP archives containing malicious models, or craft malicious PyTorch models with embedded pickle payloads to bypass the scanner.

Following responsible disclosure on June 29, 2025, the three vulnerabilities have been addressed in Picklescan version 0.0.31 released on September 9.

The findings illustrate some key systemic issues, including the reliance on a single scanning tool, discrepancies in file-handling behavior between security tools and PyTorch, thereby rendering security architectures vulnerable to attacks.

“AI libraries like PyTorch grow more complex by the day, introducing new features, model formats, and execution pathways faster than security scanning tools can adapt,” Cohen said. “This widening gap between innovation and protection leaves organizations exposed to emerging threats that conventional tools simply weren’t designed to anticipate.”

“Closing this gap requires a research-backed security proxy for AI models, continuously informed by experts who think like both attackers and defenders. By actively analyzing new models, tracking library updates, and uncovering novel exploitation techniques, this approach delivers adaptive, intelligence-driven protection against the vulnerabilities that matter most.”

Dec 03, 2025Ravie LakshmananMalware / Web3 Security

Cybersecurity researchers have discovered a malicious Rust package that’s capable of targeting Windows, macOS, and Linux systems, and features malicious functionality to stealthily execute on developer machines by masquerading as an Ethereum Virtual Machine (EVM) unit helper tool.

The Rust crate, named “evm-units,” was uploaded to crates.io in mid-April 2025 by a user named “ablerust,” attracting more than 7,000 downloads over the past eight months. Another package created by the same author, “uniswap-utils,” listed “evm-units” as a dependency. It was downloaded over 7,400 times. The packages have since been removed from the package repository.

“Based on the victim’s operating system and whether Qihoo 360 antivirus is running, the package downloads a payload, writes it to the system temp directory, and silently executes it,” Socket security researcher Olivia Brown said in a report. “The package appears to return the Ethereum version number, so the victim is none the wiser.”

A notable aspect of the package is that it is explicitly designed to check for the presence of the “qhsafetray.exe” process, an executable file associated with 360 Total Security, an antivirus software developed by Chinese security vendor Qihoo 360.

Specifically, the package is designed to invoke a seemingly harmless function named “get_evm_version(),” which decodes and reaches out to an external URL (“download.videotalks[.]xyz”) to fetch a next-stage payload depending on the operating system on which it’s being run –

• On Linux, it downloads a script, saves it in /tmp/init, and runs it in the background using the nohup command, enabling the attacker to gain full control
• On macOS, it downloads a file called init and runs it using osascript in the background with the nohup command
• On Windows, it downloads and saves the payload as a PowerShell script file (“init.ps1”) in the temp directory and checks running processes for “qhsafetray.exe,” before invoking the script

In the event the process is not present, it creates a Visual Basic Script wrapper that runs a hidden PowerShell script with no visible window. If the antivirus process is detected, it slightly alters its execution flow by directly invoking PowerShell.

“This focus on Qihoo 360 is a rare, explicit, China-focused targeting indicator, because it is a leading Chinese internet company,” Brown said. “It fits the crypto-theft profile, as Asia is one of the largest global markets for retail cryptocurrency activity.”

The references to EVM and Uniswap, a decentralized cryptocurrency exchange protocol built on the Ethereum blockchain, indicate that the supply chain incident is designed to target developers in the Web3 space by passing off the packages as Ethereum-related utilities.

“Ablerust, the threat actor responsible for the malicious code, embedded a cross-platform second-stage loader inside a seemingly harmless function,” Brown said. “Worse, the dependency was pulled into another widely used package (uniswap-utils), allowing the malicious code to execute automatically during initialization.”