Tag: Cyber Security

Sep 17, 2025The Hacker NewsAI Security / Shadow IT

Generative AI has gone from a curiosity to a cornerstone of enterprise productivity in just a few short years. From copilots embedded in office suites to dedicated large language model (LLM) platforms, employees now rely on these tools to code, analyze, draft, and decide. But for CISOs and security architects, the very speed of adoption has created a paradox: the more powerful the tools, the more porous the enterprise boundary becomes.

And here’s the counterintuitive part: the biggest risk isn’t that employees are careless with prompts. It’s that organizations are applying the wrong mental model when evaluating solutions, trying to retrofit legacy controls for a risk surface they were never designed to cover. A new guide (download here) tries to bridge that gap.

The Hidden Challenge in Today’s Vendor Landscape

The AI data security market is already crowded. Every vendor, from traditional DLP to next-gen SSE platforms, is rebranding around “AI security.” On paper, this seems to offer clarity. In practice, it muddies the waters.

The truth is that most legacy architectures, designed for file transfers, email, or network gateways, cannot meaningfully inspect or control what happens when a user pastes sensitive code into a chatbot, or uploads a dataset to a personal AI tool. Evaluating solutions through the lens of yesterday’s risks is what leads many organizations to buy shelfware.

This is why the buyer’s journey for AI data security needs to be reframed. Instead of asking “Which vendor has the most features?” the real question is: Which vendor understands how AI is actually used at the last mile: inside the browser, across sanctioned and unsanctioned tools?

The Buyer’s Journey: A Counterintuitive Path

Most procurement processes start with visibility. But in AI data security, visibility is not the finish line; it’s the starting point. Discovery will show you the proliferation of AI tools across departments, but the real differentiator is how a solution interprets and enforces policies in real time, without throttling productivity.

The buyer’s journey often follows four stages:

1. Discovery – Identify which AI tools are in use, sanctioned or shadow. Conventional wisdom says this is enough to scope the problem. In reality, discovery without context leads to overestimation of risk and blunt responses (like outright bans).
2. Real-Time Monitoring – Understand how these tools are being used, and what data flows through them. The surprising insight? Not all AI usage is risky. Without monitoring, you can’t separate harmless drafting from the inadvertent leak of source code.
3. Enforcement – This is where many buyers default to binary thinking: allow or block. The counterintuitive truth is that the most effective enforcement lives in the gray area—redaction, just-in-time warnings, and conditional approvals. These not only protect data but also educate users in the moment.
4. Architecture Fit – Perhaps the least glamorous but most critical stage. Buyers often overlook deployment complexity, assuming security teams can bolt new agents or proxies onto existing stacks. In practice, solutions that demand infrastructure change are the ones most likely to stall or get bypassed.

What Experienced Buyers Should Really Ask

Security leaders know the standard checklist: compliance coverage, identity integration, reporting dashboards. But in AI data security, some of the most important questions are the least obvious:

• Does the solution work without relying on endpoint agents or network rerouting?
• Can it enforce policies in unmanaged or BYOD environments, where much shadow AI lives?
• Does it offer more than “block” as a control. I.e., can it redact sensitive strings, or warn users contextually?
• How adaptable is it to new AI tools that haven’t yet been released?

These questions cut against the grain of traditional vendor evaluation but reflect the operational reality of AI adoption.

Balancing Security and Productivity: The False Binary

One of the most persistent myths is that CISOs must choose between enabling AI innovation and protecting sensitive data. Blocking tools like ChatGPT may satisfy a compliance checklist, but it drives employees to personal devices, where no controls exist. In effect, bans create the very shadow AI problem they were meant to solve.

The more sustainable approach is nuanced enforcement: permitting AI usage in sanctioned contexts while intercepting risky behaviors in real time. In this way, security becomes an enabler of productivity, not its adversary.

Technical vs. Non-Technical Considerations

While technical fit is paramount, non-technical factors often decide whether an AI data security solution succeeds or fails:

• Operational Overhead – Can it be deployed in hours, or does it require weeks of endpoint configuration?
• User Experience – Are controls transparent and minimally disruptive, or do they generate workarounds?
• Futureproofing – Does the vendor have a roadmap for adapting to emerging AI tools and compliance regimes, or are you buying a static product in a dynamic field?

These considerations are less about “checklists” and more about sustainability—ensuring the solution can scale with both organizational adoption and the broader AI landscape.

The Bottom Line

Security teams evaluating AI data security solutions face a paradox: the space looks crowded, but true fit-for-purpose options are rare. The buyer’s journey requires more than a feature comparison; it demands rethinking assumptions about visibility, enforcement, and architecture.

The counterintuitive lesson? The best AI security investments aren’t the ones that promise to block everything. They’re the ones that enable your enterprise to harness AI safely, striking a balance between innovation and control.

This Buyer’s Guide to AI Data Security distills this complex landscape into a clear, step-by-step framework. The guide is designed for both technical and economic buyers, walking them through the full journey: from recognizing the unique risks of generative AI to evaluating solutions across discovery, monitoring, enforcement, and deployment. By breaking down the trade-offs, exposing counterintuitive considerations, and providing a practical evaluation checklist, the guide helps security leaders cut through vendor noise and make informed decisions that balance innovation with control.

Sep 17, 2025Ravie LakshmananThreat Intelligence / Cybercrime

Cybersecurity researchers have tied a fresh round of cyber attacks targeting financial services to the notorious cybercrime group known as Scattered Spider, casting doubt on their claims of going “dark.”

Threat intelligence firm ReliaQuest said it has observed indications that the threat actor has shifted their focus to the financial sector. This is supported by an increase in lookalike domains potentially linked to the group that are geared towards the industry vertical, as well as a recently identified targeted intrusion against an unnamed U.S. banking organization.

“Scattered Spider gained initial access by socially engineering an executive’s account and resetting their password via Azure Active Directory Self-Service Password Management,” the company said.

“From there, they accessed sensitive IT and security documents, moved laterally through the Citrix environment and VPN, and compromised VMware ESXi infrastructure to dump credentials and further infiltrate the network.”

To achieve privilege escalation, the attackers reset a Veeam service account password, assigned Azure Global Administrator permissions, and relocated virtual machines to evade detection. There are also signs that Scattered Spider attempted to exfiltrate data from Snowflake, Amazon Web Services (AWS), and other repositories.

Exit or Smokescreen?

The recent activity undercuts the group’s claims that they were ceasing operations alongside 14 other criminal groups, such as LAPSUS$. Scattered Spider is the moniker assigned to a loose-knit hacking collective that’s part of a broader online entity called The Com.

The group also shares a high degree of overlap with other cybercrime crews like ShinyHunters and LAPSUS$, so much so that the three clusters formed an overarching entity named “scattered LAPSUS$ hunters.”

One of these clusters, notably ShinyHunters, has also engaged in extortion efforts after exfiltrating sensitive data from victims’ Salesforce instances. In these cases, the activity took place months after the targets were compromised by another financially motivated hacking group tracked by Google-owned Mandiant as UNC6040.

The incident is a reminder not to be lulled into a false sense of security, ReliaQuest added, urging organizations to stay vigilant against the threat. As in the case of ransomware groups, there is no such thing as retirement, as it’s very much possible for them to regroup or rebrand under a different alias in the future.

“The recent claim that Scattered Spider is retiring should be taken with a significant degree of skepticism,” Karl Sigler, security research manager of SpiderLabs Threat Intelligence at Trustwave, said. “Rather than a true disbanding, this announcement likely signals a strategic move to distance the group from increasing law enforcement pressure.”

Sigler also pointed out that the farewell letter should be viewed as a strategic retreat, allowing the group to reassess its practices, refine its tradecraft, and evade ongoing efforts to put a lid on its activities, not to mention complicate attribution efforts by making it harder to tie future incidents to the same core actors.

“It’s plausible that something within the group’s operational infrastructure has been compromised. Whether through a breached system, an exposed communication channel, or the arrest of lower-tier affiliates, something has likely triggered the group to go dark, at least temporarily. Historically, when cybercriminal groups face heightened scrutiny or suffer internal disruption, they often ‘retire’ in name only, opting instead to pause, regroup, and eventually re-emerge under a new identity.”

Microsoft’s Digital Crimes Unit said it teamed up with Cloudflare to coordinate the seizure of 338 domains used by RaccoonO365, a financially motivated threat group that was behind a phishing-as-a-service (Phaas) toolkit used to steal more than 5,000 Microsoft 365 credentials from 94 countries since July 2024.

“Using a court order granted by the Southern District of New York, the DCU seized 338 websites associated with the popular service, disrupting the operation’s technical infrastructure and cutting off criminals’ access to victims,” Steven Masada, assistant general counsel at DCU, said.

“This case shows that cybercriminals don’t need to be sophisticated to cause widespread harm – simple tools like RaccoonO365 make cybercrime accessible to virtually anyone, putting millions of users at risk.”

The initial phase of the Cloudflare takedown commenced on September 2, 2025, with additional actions occurring on September 3 and September 4. This included banning all identified domains, placing interstitial “phish warning” pages in front of them, terminating the associated Workers scripts, and suspending the user accounts. The efforts were completed on September 8.

Tracked by the Windows maker under the name Storm-2246, RaccoonO365 is marketed to other cybercriminals under a subscription model, allowing them to mount phishing and credential harvesting attacks at scale with little to no technical expertise. A 30-day plan costs $355, and a 90-day plan is priced at $999.

The operators also claim that the tool is hosted on bulletproof virtual private servers with no hidden backdoors (unlike, say, BulletProofLink), and that it’s “built for serious players only – no low-budget freeloaders.”

According to Morado, campaigns using RaccoonO365 have been active since September 2024. These attacks typically mimic trusted brands like Microsoft, DocuSign, SharePoint, Adobe, and Maersk in fraudulent emails, tricking them into clicking on lookalike pages that are designed to capture victims’ Microsoft 365 usernames and passwords. The phishing emails are often a precursor to malware and ransomware.

The most troubling aspect, from a defender’s standpoint, is the use of legitimate tools like Cloudflare Turnstile as a CAPTCHA, as well as implementing bot and automation detection using a Cloudflare Workers script to protect their phishing pages, thereby making sure that only intended targets of the attack can access and interact with them.

Earlier this April, the Redmond-based company warned of several phishing campaigns leveraging tax-related themes to deploy malware such as Latrodectus, AHKBot, GuLoader, and BruteRatel C4 (BRc4). The phishing pages, it added, were delivered via RaccoonO365, with one such campaign attributed to an initial access broker called Storm-0249.

The phishing campaigns have targeted over 2,300 organizations in the United States, including at least 20 U.S. healthcare entities.

“Using RaccoonO365’s services, customers can input up to 9,000 target email addresses per day and employ sophisticated techniques to circumvent multi-factor authentication protections to steal user credentials and gain persistent access to victims’ systems,” Microsoft said.

“Most recently, the group started advertising a new AI-powered service, RaccoonO365 AI-MailCheck, designed to scale operations and increase the sophistication – and effectiveness – of attacks.”

The mastermind behind RaccoonO365 is assessed to be Joshua Ogundipe, an individual based in Nigeria, who, along with his associates, has advertised the tool on an 850-member strong Telegram channel, receiving no less than $100,000 in cryptocurrency payments. The e-crime group is believed to have sold about 100-200 subscriptions, although Microsoft cautioned it’s likely an underestimate.

The tech giant said it was able to make the attribution courtesy of an operational security lapse that inadvertently exposed a secret cryptocurrency wallet. Ogundipe and four other co-conspirators currently remain at large, but Microsoft noted that a criminal referral for Ogundipe has been sent to international law enforcement.

Cloudflare, in its own analysis of the PhaaS service, said the takedown of hundreds of domains and Worker accounts is aimed at increasing operational costs and sending a warning to other malicious actors who may abuse its infrastructure for malicious purposes.

Since the disruption, the threat actors have announced that they are “scrapping all legacy RaccoonO365 links,” urging their customers who paid for a 1-month subscription to switch to a new plan. The group also said it will compensate those affected by offering “one extra week of subscription” following the upgrade.

The “response represents a strategic shift from reactive, single-domain takedowns to a proactive, large-scale disruption aimed at dismantling the actor’s operational infrastructure on our platform,” Cloudflare said.

Sep 17, 2025Ravie LakshmananData Breach / Cybercrime

The U.S. Department of Justice (DoJ) on Tuesday resentenced the former administrator of BreachForums to three years in prison in connection with his role in running the cybercrime forum and possessing child sexual abuse material (CSAM).

Conor Brian Fitzpatrick (aka Pompompurin), 22, of Peekskill, New York, pleaded guilty to one count of access device conspiracy, one count of access device solicitation, and one count of possession of child sexual abuse material. Fitzpatrick was initially arrested in March 2023 and pleaded guilty later that July.

As part of the plea agreement, Fitzpatrick is also said to have agreed to forfeit over 100 domain names used in the operation of BreachForums, over a dozen electronic devices used to execute the scheme, and cryptocurrency that represented the illicit proceeds of the operation.

“Conor Fitzpatrick personally profited from the sale of vast quantities of stolen information, ranging from private personal information to commercial data,” said U.S. Attorney Erik S. Siebert for the Eastern District of Virginia.

“These crimes were so extensive that the damage is difficult to quantify, and the human cost of his collection of child sexual abuse material is incalculable. We will not allow criminals to hide in the darkest corners of the internet and will use all legal means to bring them to justice.”

The resentencing comes after the U.S. Court of Appeals for the Fourth Circuit issued an opinion on January 21, 2025, vacating Fitzpatrick’s prior sentence of 17-day time served and remanding the case for resentencing. Fitzpatrick was previously sentenced to time served and 20 years of supervised release for his role as the creator and administrator of BreachForums in January 2024.

BreachForums, launched in March 2022 following the dismantlement of RaidForums by law enforcement, is a criminal marketplace that allows bad actors to buy, sell, and trade stolen data associated with high-profile companies across the world. The forum is estimated to have had 330,000 members at its peak and held more than 14 billion individual records.

The hacker market has since been relaunched a number of times despite numerous efforts to shut it down, cropping up under a revolving door of new domains. In July 2024, the whole database of the original BreachForums was leaked online, exposing members’ information.

Then last month, ShinyHunters, which took over the reins after Baphomet’s arrest in 2023, claimed that the notorious cybercrime marketplace had been compromised and was under the control of international law enforcement agencies. As of writing, the copycat forum has gone offline on its latest domain, stating they have “decided to go dark” along with 14 other e-crime groups, including LAPSUS$ and Scattered Spider.

Microsoft’s Digital Crimes Unit said it teamed up with Cloudflare to coordinate the seizure of 338 domains used by RaccoonO365, a financially motivated threat group that was behind a phishing-as-a-service (Phaas) toolkit used to steal more than 5,000 Microsoft 365 credentials from 94 countries since July 2024.

“Using a court order granted by the Southern District of New York, the DCU seized 338 websites associated with the popular service, disrupting the operation’s technical infrastructure and cutting off criminals’ access to victims,” Steven Masada, assistant general counsel at DCU, said.

“This case shows that cybercriminals don’t need to be sophisticated to cause widespread harm – simple tools like RaccoonO365 make cybercrime accessible to virtually anyone, putting millions of users at risk.”

The initial phase of the Cloudflare takedown commenced on September 2, 2025, with additional actions occurring on September 3 and September 4. This included banning all identified domains, placing interstitial “phish warning” pages in front of them, terminating the associated Workers scripts, and suspending the user accounts. The efforts were completed on September 8.

Tracked by the Windows maker under the name Storm-2246, RaccoonO365 is marketed to other cybercriminals under a subscription model, allowing them to mount phishing and credential harvesting attacks at scale with little to no technical expertise. A 30-day plan costs $355, and a 90-day plan is priced at $999.

The operators also claim that the tool is hosted on bulletproof virtual private servers with no hidden backdoors (unlike, say, BulletProofLink), and that it’s “built for serious players only – no low-budget freeloaders.”

According to Morado, campaigns using RaccoonO365 have been active since September 2024. These attacks typically mimic trusted brands like Microsoft, DocuSign, SharePoint, Adobe, and Maersk in fraudulent emails, tricking them into clicking on lookalike pages that are designed to capture victims’ Microsoft 365 usernames and passwords. The phishing emails are often a precursor to malware and ransomware.

The most troubling aspect, from a defender’s standpoint, is the use of legitimate tools like Cloudflare Turnstile as a CAPTCHA, as well as implementing bot and automation detection using a Cloudflare Workers script to protect their phishing pages, thereby making sure that only intended targets of the attack can access and interact with them.

Earlier this April, the Redmond-based company warned of several phishing campaigns leveraging tax-related themes to deploy malware such as Latrodectus, AHKBot, GuLoader, and BruteRatel C4 (BRc4). The phishing pages, it added, were delivered via RaccoonO365, with one such campaign attributed to an initial access broker called Storm-0249.

The phishing campaigns have targeted over 2,300 organizations in the United States, including at least 20 U.S. healthcare entities.

“Using RaccoonO365’s services, customers can input up to 9,000 target email addresses per day and employ sophisticated techniques to circumvent multi-factor authentication protections to steal user credentials and gain persistent access to victims’ systems,” Microsoft said.

“Most recently, the group started advertising a new AI-powered service, RaccoonO365 AI-MailCheck, designed to scale operations and increase the sophistication – and effectiveness – of attacks.”

The mastermind behind RaccoonO365 is assessed to be Joshua Ogundipe, an individual based in Nigeria, who, along with his associates, has advertised the tool on an 850-member strong Telegram channel, receiving no less than $100,000 in cryptocurrency payments. The e-crime group is believed to have sold about 100-200 subscriptions, although Microsoft cautioned it’s likely an underestimate.

The tech giant said it was able to make the attribution courtesy of an operational security lapse that inadvertently exposed a secret cryptocurrency wallet. Ogundipe and four other co-conspirators currently remain at large, but Microsoft noted that a criminal referral for Ogundipe has been sent to international law enforcement.

Cloudflare, in its own analysis of the PhaaS service, said the takedown of hundreds of domains and Worker accounts is aimed at increasing operational costs and sending a warning to other malicious actors who may abuse its infrastructure for malicious purposes.

Since the disruption, the threat actors have announced that they are “scrapping all legacy RaccoonO365 links,” urging their customers who paid for a 1-month subscription to switch to a new plan. The group also said it will compensate those affected by offering “one extra week of subscription” following the upgrade.

The “response represents a strategic shift from reactive, single-domain takedowns to a proactive, large-scale disruption aimed at dismantling the actor’s operational infrastructure on our platform,” Cloudflare said.

Cybersecurity researchers have flagged a fresh software supply chain attack targeting the npm registry that has affected more than 40 packages that belong to multiple maintainers.

“The compromised versions include a function (NpmModule.updatePackage) that downloads a package tarball, modifies package.json, injects a local script (bundle.js), repacks the archive, and republishes it, enabling automatic trojanization of downstream packages,” supply chain security company Socket said.

The end goal of the campaign is to search developer machines for secrets using TruffleHog’s credential scanner and transmit them to an external server under the attacker’s control. The attack is capable of targeting both Windows and Linux systems.

The following packages have been identified as impacted by the incident –

• angulartics2@14.1.2
• @ctrl/deluge@7.2.2
• @ctrl/golang-template@1.4.3
• @ctrl/magnet-link@4.0.4
• @ctrl/ngx-codemirror@7.0.2
• @ctrl/ngx-csv@6.0.2
• @ctrl/ngx-emoji-mart@9.2.2
• @ctrl/ngx-rightclick@4.0.2
• @ctrl/qbittorrent@9.7.2
• @ctrl/react-adsense@2.0.2
• @ctrl/shared-torrent@6.3.2
• @ctrl/tinycolor@4.1.1, @4.1.2
• @ctrl/torrent-file@4.1.2
• @ctrl/transmission@7.3.1
• @ctrl/ts-base32@4.0.2
• encounter-playground@0.0.5
• json-rules-engine-simplified@0.2.4, 0.2.1
• koa2-swagger-ui@5.11.2, 5.11.1
• @nativescript-community/gesturehandler@2.0.35
• @nativescript-community/sentry 4.6.43
• @nativescript-community/text@1.6.13
• @nativescript-community/ui-collectionview@6.0.6
• @nativescript-community/ui-drawer@0.1.30
• @nativescript-community/ui-image@4.5.6
• @nativescript-community/ui-material-bottomsheet@7.2.72
• @nativescript-community/ui-material-core@7.2.76
• @nativescript-community/ui-material-core-tabs@7.2.76
• ngx-color@10.0.2
• ngx-toastr@19.0.2
• ngx-trend@8.0.1
• react-complaint-image@0.0.35
• react-jsonschema-form-conditionals@0.3.21
• react-jsonschema-form-extras@1.0.4
• rxnt-authentication@0.0.6
• rxnt-healthchecks-nestjs@1.0.5
• rxnt-kue@1.0.7
• swc-plugin-component-annotate@1.9.2
• ts-gaussian@3.0.6

The malicious JavaScript code (“bundle.js”) injected into each of the trojanized package is designed to download and run TruffleHog, a legitimate secret scanning tool, using it to scan the host for tokens and cloud credentials, such as GITHUB_TOKEN, NPM_TOKEN, AWS_ACCESS_KEY_ID, and AWS_SECRET_ACCESS_KEY.

“It validates npm tokens with the whoami endpoint, and it interacts with GitHub APIs when a token is available,” Socket said. “It also attempts cloud metadata discovery that can leak short-lived credentials inside cloud build agents.”

The script then abuses the developer’s credentials (i.e., the GitHub personal access tokens) to create a GitHub Actions workflow in .github/workflows, and exfiltrates the collected data to a webhook[.]site endpoint.

Developers are advised to audit their environments and rotate npm tokens and other exposed secrets if the aforementioned packages are present with publishing credentials.

“The workflow that it writes to repositories persists beyond the initial host,” the company noted. “Once committed, any future CI run can trigger the exfiltration step from within the pipeline where sensitive secrets and artifacts are available by design.”

StepSecurity, which also shared details of the campaign, said the attack demonstrates a concerning evolution in supply chain threats, given that the malware includes a self-propagating mechanism enabling automatic infection of downstream packages. This behavior creates a “cascading compromise across the ecosystem.”

More Packages Impacted

The ongoing npm supply chain incident, codenamed Shai-Hulud attack, has also leveraged the “crowdstrike-publisher” npm account to publish several trojanized packages –

• @crowdstrike/commitlint@8.1.1, 8.1.2
• @crowdstrike/falcon-shoelace@0.4.2
• @crowdstrike/foundry-js@0.19.2
• @crowdstrike/glide-core@0.34.2, 0.34.3
• @crowdstrike/logscale-dashboard@1.205.2
• @crowdstrike/logscale-file-editor@1.205.2
• @crowdstrike/logscale-parser-edit@1.205.1, 1.205.2
• @crowdstrike/logscale-search@1.205.2
• @crowdstrike/tailwind-toucan-base@5.0.2
• browser-webdriver-downloader@3.0.8
• ember-browser-services@5.0.3
• ember-headless-form-yup@1.0.1
• ember-headless-form@1.1.3
• ember-headless-table@2.1.6
• ember-url-hash-polyfill@1.0.13
• ember-velcro@2.2.2
• eslint-config-crowdstrike-node@4.0.4
• eslint-config-crowdstrike@11.0.3
• monorepo-next@13.0.2
• remark-preset-lint-crowdstrike@4.0.2
• verror-extra@6.0.1
• yargs-help-output@5.0.3

“After detecting several malicious Node Package Manager (npm) packages in the public npm registry, a third-party open source repository, we swiftly removed them and proactively rotated our keys in public registries,” a CrowdStrike spokesperson told The Hacker News.

“These packages are not used in the Falcon sensor, the platform is not impacted and customers remain protected. We are working with npm and conducting a thorough investigation.”

The OX Security team, in its own analysis said, it found 34 compromised GitHub accounts which contain the ‘Shai-Hulud’ repository, within which there is a “data.json” file containing an encoded JSON with the compromised information the attacker uploaded to the victim’s GitHub account.

Supply chain security company ReversingLabs characterized the incident as a “first of its kind self-replicating worm” compromising npm packages with cloud token stealing malware. The starting point is believed to be rxnt-authentication, a malicious version of which was published on npm on September 14, 2025, at 17:58:50 UTC.

“As a result, the npm maintainer ‘techsupportrxnt’ can be considered Patient Zero for this campaign,” security researcher Karlo Zanki said. “Once infected by Shai-Hulud, npm packages spawn attacks of their own by unknowingly allowing the worm to self-propagate through the packages they maintain.”

“Given the large number of package inter-dependencies in the npm ecosystem, it is difficult to predict who will get compromised next and how far Shai-Hulud could spread. As of this writing, RL has identified hundreds of npm packages that have been compromised by the Shai-Hulud malware.”

Exactly how the “techsupportrxnt” npm account was compromised is key to unlocking the attack’s origin, although the possibility of a phishing email or the exploitation of a vulnerable GitHub action cannot be ruled out, ReversingLabs said.

Besides compromising an npm developer account to trojanize other packages by creating a new versions after injecting the malware into them, the worm-like malware tries to create a public copy of all private repositories belonging to the compromised user in a likely attempt to gain access to secrets hard-coded in those repositories and steal source code.

The newly created repositories get a suffix -migration to their original name, reminiscent of the s1ngularity attack targeting the nx build system late last month.

“The design and functional overlap of the nx campaign with the Shai-Hulud worm we detected is lsignificant,” Zanki said. “What is even more concerning is the automated spreading of malware to the packages maintained by the compromised npm accounts.”

Cloud security firm Wiz has also drawn parallels between the two activity clusters, assessing the latest campaign to be “directly downstream” of the s1ngularity attack. Stating it to be “one of the most severe JavaScript supply chain attacks observed to date,” the company is urging immediate action to remove malicious versions of the packages and upgrade to a clean release.

“One of the most striking features of this attack is that it behaves like a true worm,” Aikido researcher Charlie Eriksen said. “This cycle allows the malware to continuously infect every package a maintainer has access to.”

“Each published package becomes a new distribution vector: as soon as someone installs it, the worm executes, replicates, and pushes itself further into the ecosystem. Once a single environment is compromised, the worm automates the spread by piggybacking on the maintainer’s own publishing rights.”

crates.io Phishing Campaign

The disclosure comes as the Rust Security Response Working Group is warning of phishing emails from a typosquatted domain, rustfoundation[.]dev, targeting crates.io users.

The messages, which originate from security@rustfoundation[.]dev, warn recipients of an alleged compromise of the crates.io infrastructure and instruct them to click on an embedded link to rotate their login information so as to “ensure that the attacker cannot modify any packages published by you.”

The rogue link, github.rustfoundation[.]dev, mimics a GitHub login page, indicating a clear attempt on the part of the attackers to capture victims’ credentials. The phishing page is currently inaccessible.

“These emails are malicious and come from a domain name not controlled by the Rust Foundation (nor the Rust Project), seemingly with the purpose of stealing your GitHub credentials,” the Rust Security Response WG said. “We have no evidence of a compromise of the crates.io infrastructure.”

The Rust team also said they are taking steps to monitor any suspicious activity on crates.io, in addition to getting the phishing domain taken down.

Sep 16, 2025Ravie LakshmananVulnerability / Cloud Security

Cybersecurity researchers have disclosed multiple critical security vulnerabilities in Chaos Mesh that, if successfully exploited, could lead to cluster takeover in Kubernetes environments.

“Attackers need only minimal in-cluster network access to exploit these vulnerabilities, execute the platform’s fault injections (such as shutting down pods or disrupting network communications), and perform further malicious actions, including stealing privileged service account tokens,” JFrog said in a report shared with The Hacker News.

Chaos Mesh is an open-source cloud-native Chaos Engineering platform that offers various types of fault simulation and simulates various abnormalities that might occur during the software development lifecycle.

The issues, collectively called Chaotic Deputy, are listed below –

• CVE-2025-59358 (CVSS score: 7.5) – The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster, which provides an API to kill arbitrary processes in any Kubernetes pod, leading to cluster-wide denial-of-service
• CVE-2025-59359 (CVSS score: 9.8) – The cleanTcs mutation in Chaos Controller Manager is vulnerable to operating system command injection
• CVE-2025-59360 (CVSS score: 9.8) – The killProcesses mutation in Chaos Controller Manager is vulnerable to operating system command injection
• CVE-2025-59361 (CVSS score: 9.8) – The cleanIptables mutation in Chaos Controller Manager is vulnerable to operating system command injection

An in-cluster attacker, i.e., a threat actor with initial access to the cluster’s network, could chain CVE-2025-59359, CVE-2025-59360, CVE-2025-59361, or with CVE-2025-59358 to perform remote code execution across the cluster, even in the default configuration of Chaos Mesh.

JFrog said the vulnerabilities stem from insufficient authentication mechanisms within the Chaos Controller Manager’s GraphQL server, allowing unauthenticated attackers to run arbitrary commands on the Chaos Daemon, resulting in cluster takeover.

Threat actors could then leverage the access to potentially exfiltrate sensitive data, disrupt critical services, or even move laterally across the cluster to escalate privileges.

Following responsible disclosure on May 6, 2025, all the identified shortcomings were addressed by Chaos Mesh with the release of version 2.7.3 on August 21.

Users are advised to update their installations to the latest version as soon as possible. If immediate patching is not an option, it’s recommended to restrict network traffic to the Chaos Mesh daemon and API server, and avoid running Chaos Mesh in open or loosely secured environments.

Cybersecurity researchers have flagged a fresh software supply chain attack targeting the npm registry that has affected more than 40 packages that belong to multiple maintainers.

“The compromised versions include a function (NpmModule.updatePackage) that downloads a package tarball, modifies package.json, injects a local script (bundle.js), repacks the archive, and republishes it, enabling automatic trojanization of downstream packages,” supply chain security company Socket said.

The end goal of the campaign is to search developer machines for secrets using TruffleHog’s credential scanner and transmit them to an external server under the attacker’s control. The attack is capable of targeting both Windows and Linux systems.

The following packages have been identified as impacted by the incident –

• angulartics2@14.1.2
• @ctrl/deluge@7.2.2
• @ctrl/golang-template@1.4.3
• @ctrl/magnet-link@4.0.4
• @ctrl/ngx-codemirror@7.0.2
• @ctrl/ngx-csv@6.0.2
• @ctrl/ngx-emoji-mart@9.2.2
• @ctrl/ngx-rightclick@4.0.2
• @ctrl/qbittorrent@9.7.2
• @ctrl/react-adsense@2.0.2
• @ctrl/shared-torrent@6.3.2
• @ctrl/tinycolor@4.1.1, @4.1.2
• @ctrl/torrent-file@4.1.2
• @ctrl/transmission@7.3.1
• @ctrl/ts-base32@4.0.2
• encounter-playground@0.0.5
• json-rules-engine-simplified@0.2.4, 0.2.1
• koa2-swagger-ui@5.11.2, 5.11.1
• @nativescript-community/gesturehandler@2.0.35
• @nativescript-community/sentry 4.6.43
• @nativescript-community/text@1.6.13
• @nativescript-community/ui-collectionview@6.0.6
• @nativescript-community/ui-drawer@0.1.30
• @nativescript-community/ui-image@4.5.6
• @nativescript-community/ui-material-bottomsheet@7.2.72
• @nativescript-community/ui-material-core@7.2.76
• @nativescript-community/ui-material-core-tabs@7.2.76
• ngx-color@10.0.2
• ngx-toastr@19.0.2
• ngx-trend@8.0.1
• react-complaint-image@0.0.35
• react-jsonschema-form-conditionals@0.3.21
• react-jsonschema-form-extras@1.0.4
• rxnt-authentication@0.0.6
• rxnt-healthchecks-nestjs@1.0.5
• rxnt-kue@1.0.7
• swc-plugin-component-annotate@1.9.2
• ts-gaussian@3.0.6

The malicious JavaScript code (“bundle.js”) injected into each of the trojanized package is designed to download and run TruffleHog, a legitimate secret scanning tool, using it to scan the host for tokens and cloud credentials, such as GITHUB_TOKEN, NPM_TOKEN, AWS_ACCESS_KEY_ID, and AWS_SECRET_ACCESS_KEY.

“It validates npm tokens with the whoami endpoint, and it interacts with GitHub APIs when a token is available,” Socket said. “It also attempts cloud metadata discovery that can leak short-lived credentials inside cloud build agents.”

The script then abuses the developer’s credentials (i.e., the GitHub personal access tokens) to create a GitHub Actions workflow in .github/workflows, and exfiltrates the collected data to a webhook[.]site endpoint.

Developers are advised to audit their environments and rotate npm tokens and other exposed secrets if the aforementioned packages are present with publishing credentials.

“The workflow that it writes to repositories persists beyond the initial host,” the company noted. “Once committed, any future CI run can trigger the exfiltration step from within the pipeline where sensitive secrets and artifacts are available by design.”

StepSecurity, which also shared details of the campaign, said the attack demonstrates a concerning evolution in supply chain threats, given that the malware includes a self-propagating mechanism enabling automatic infection of downstream packages. This behavior creates a “cascading compromise across the ecosystem.”

More Packages Impacted

The ongoing npm supply chain incident, codenamed Shai-Hulud attack, has also leveraged the “crowdstrike-publisher” npm account to publish several trojanized packages –

• @crowdstrike/commitlint@8.1.1, 8.1.2
• @crowdstrike/falcon-shoelace@0.4.2
• @crowdstrike/foundry-js@0.19.2
• @crowdstrike/glide-core@0.34.2, 0.34.3
• @crowdstrike/logscale-dashboard@1.205.2
• @crowdstrike/logscale-file-editor@1.205.2
• @crowdstrike/logscale-parser-edit@1.205.1, 1.205.2
• @crowdstrike/logscale-search@1.205.2
• @crowdstrike/tailwind-toucan-base@5.0.2
• browser-webdriver-downloader@3.0.8
• ember-browser-services@5.0.3
• ember-headless-form-yup@1.0.1
• ember-headless-form@1.1.3
• ember-headless-table@2.1.6
• ember-url-hash-polyfill@1.0.13
• ember-velcro@2.2.2
• eslint-config-crowdstrike-node@4.0.4
• eslint-config-crowdstrike@11.0.3
• monorepo-next@13.0.2
• remark-preset-lint-crowdstrike@4.0.2
• verror-extra@6.0.1
• yargs-help-output@5.0.3

“After detecting several malicious Node Package Manager (npm) packages in the public npm registry, a third-party open source repository, we swiftly removed them and proactively rotated our keys in public registries,” a CrowdStrike spokesperson told The Hacker News.

“These packages are not used in the Falcon sensor, the platform is not impacted and customers remain protected. We are working with npm and conducting a thorough investigation.”

The OX Security team, in its own analysis said, it found 34 compromised GitHub accounts which contain the ‘Shai-Hulud’ repository, within which there is a “data.json” file containing an encoded JSON with the compromised information the attacker uploaded to the victim’s GitHub account.

Supply chain security company ReversingLabs characterized the incident as a “first of its kind self-replicating worm” compromising npm packages with cloud token stealing malware. The starting point is believed to be rxnt-authentication, a malicious version of which was published on npm on September 14, 2025, at 17:58:50 UTC.

“As a result, the npm maintainer ‘techsupportrxnt’ can be considered Patient Zero for this campaign,” security researcher Karlo Zanki said. “Once infected by Shai-Hulud, npm packages spawn attacks of their own by unknowingly allowing the worm to self-propagate through the packages they maintain.”

“Given the large number of package inter-dependencies in the npm ecosystem, it is difficult to predict who will get compromised next and how far Shai-Hulud could spread. As of this writing, RL has identified hundreds of npm packages that have been compromised by the Shai-Hulud malware.”

Exactly how the “techsupportrxnt” npm account was compromised is key to unlocking the attack’s origin, although the possibility of a phishing email or the exploitation of a vulnerable GitHub action cannot be ruled out, ReversingLabs said.

Besides compromising an npm developer account to trojanize other packages by creating a new versions after injecting the malware into them, the worm-like malware tries to create a public copy of all private repositories belonging to the compromised user in a likely attempt to gain access to secrets hard-coded in those repositories and steal source code.

The newly created repositories get a suffix -migration to their original name, reminiscent of the s1ngularity attack targeting the nx build system late last month.

“The design and functional overlap of the nx campaign with the Shai-Hulud worm we detected is lsignificant,” Zanki said. “What is even more concerning is the automated spreading of malware to the packages maintained by the compromised npm accounts.”

Cloud security firm Wiz has also drawn parallels between the two activity clusters, assessing the latest campaign to be “directly downstream” of the s1ngularity attack. Stating it to be “one of the most severe JavaScript supply chain attacks observed to date,” the company is urging immediate action to remove malicious versions of the packages and upgrade to a clean release.

crates.io Phishing Campaign

The disclosure comes as the Rust Security Response Working Group is warning of phishing emails from a typosquatted domain, rustfoundation[.]dev, targeting crates.io users.

The messages, which originate from security@rustfoundation[.]dev, warn recipients of an alleged compromise of the crates.io infrastructure and instruct them to click on an embedded link to rotate their login information so as to “ensure that the attacker cannot modify any packages published by you.”

The rogue link, github.rustfoundation[.]dev, mimics a GitHub login page, indicating a clear attempt on the part of the attackers to capture victims’ credentials. The phishing page is currently inaccessible.

“These emails are malicious and come from a domain name not controlled by the Rust Foundation (nor the Rust Project), seemingly with the purpose of stealing your GitHub credentials,” the Rust Security Response WG said. “We have no evidence of a compromise of the crates.io infrastructure.”

The Rust team also said they are taking steps to monitor any suspicious activity on crates.io, in addition to getting the phishing domain taken down.

Sep 16, 2025Ravie LakshmananAd Fraud / Mobile Security

A massive ad fraud and click fraud operation dubbed SlopAds ran a cluster of 224 apps, collectively attracting 38 million downloads across 228 countries and territories.

“These apps deliver their fraud payload using steganography and create hidden WebViews to navigate to threat actor-owned cashout sites, generating fraudulent ad impressions and clicks,” HUMAN’s Satori Threat Intelligence and Research Team said in a report shared with The Hacker News.

The name “SlopAds” is a nod to the likely mass-produced nature of the apps and the use of artificial intelligence (AI)-themed services like StableDiffusion, AIGuide, and ChatGLM hosted by the threat actor on the command-and-control (C2) server.

The company said the campaign accounted for 2.3 billion bid requests a day at its peak, with traffic from SlopAds apps mainly originating from the U.S. (30%), India (10%), and Brazil (7%). Google has since removed all the offending apps from the Play Store, effectively disrupting the threat.

What makes the activity stand out is that when a SlopAds-associated app is downloaded, it queries a mobile marketing attribution SDK to check if it was downloaded directly from the Play Store (i.e., organically) or if it was the result of a user clicking on an ad that redirected them to the Play Store listing (i.e., non-organically).

The fraudulent behavior is initiated only in scenarios where the app was downloaded following an ad click, causing it to download the ad fraud module, FatModule, from the C2 server. On the other hand, if it was originally installed, the app behaves as advertised on the app store page.

“From developing and publishing apps that only commit fraud under certain circumstances to adding layer upon layer of obfuscation, SlopAds reinforces the notion that threats to the digital advertising ecosystem are only growing in sophistication,” HUMAN researchers said.

“This tactic creates a more complete feedback loop for the threat actors, triggering fraud only if they have reason to believe the device isn’t being examined by security researchers. It blends malicious traffic into legitimate campaign data, complicating detection.”

The FatModule is delivered by means of four PNG image files that conceal the APK, which is then decrypted and reassembled to gather device and browser information, as well as conduct ad fraud using hidden WebViews.

“One cashout mechanism for SlopAds is through HTML5 (H5) game and news websites owned by the threat actors,” HUMAN researchers said. “These game sites show ads frequently, and since the WebView in which the sites are loaded is hidden, the sites can monetize numerous ad impressions and clicks before the WebView closes.”

Domains promoting SlopAds apps have been found to link back to another domain, ad2[.]cc, which serves as the Tier-2 C2 server. In all, an estimated 300 domains advertising such apps have been identified.

The development comes a little over two months after HUMAN flagged another set of 352 Android apps as part of an ad fraud scheme codenamed IconAds.

“SlopAds highlights the evolving sophistication of mobile ad fraud, including stealthy, conditional fraud execution and rapid scaling capabilities,” Gavin Reid, CISO at HUMAN, said.

Sep 16, 2025Ravie LakshmananMalware / Social Engineering

Cybersecurity researchers have warned of a new campaign that’s leveraging a variant of the FileFix social engineering tactic to deliver the StealC information stealer malware.

“The observed campaign uses a highly convincing, multilingual phishing site (e.g., fake Facebook Security page), with anti-analysis techniques and advanced obfuscation to evade detection,” Acronis security researcher Eliad Kimhy said in a report shared with The Hacker News.

At a high level, the attack chain involves the use of FileFix to entice users into launching an initial payload that then proceeds to download seemingly innocuous images containing the malicious components from a Bitbucket repository. This allows the attackers to abuse the trust associated with a legitimate source code hosting platform to bypass detection.

FileFix, first documented by security researcher mrd0x as a proof-of-concept (PoC) in June 2025, is a little different from ClickFix in that it eschews the need for users to launch the Windows Run dialog and paste an already copied obfuscated command to complete bogus CAPTCHA verification checks on phishing pages set up for this purpose.

Instead, it leverages a web browser’s file upload feature to deceive users into copying and pasting a command on the File Explorer’s address bar, causing it to be executed locally on the victim’s machine.

The attack commences with a phishing site to which the victim is likely redirected from an email message that warns recipients of potential suspension of their Facebook accounts after a week, claiming the shared posts or messages violate its policies. Users are then asked to appeal the decision by clicking on a button.

The phishing page is not only heavily obfuscated, but also resorts to techniques like junk code and fragmentation to hinder analysis efforts.

The FileFix attack comes into play once the button is clicked, at which point the victim is displayed a message stating they can access a PDF version of the supposed policy violation by copying and pasting a path to the document in the File Explorer’s address bar.

While the path provided in the instruction is completely harmless, a malicious command is surreptitiously copied to the user’s clipboard when they click on the button in the page to open File Explorer. This command is a multi-stage PowerShell script that downloads the aforementioned image, decodes it into the next-stage payload, and ultimately runs a Go-based loader that unpacks shellcode responsible for launching StealC.

FileFix also offers a crucial advantage over ClickFix, as it abuses a widely used browser feature as opposed to opening the Run dialog (or the Terminal app in case of Apple macOS), which could be blocked by a system administrator as a security measure.

“On the other hand, one of the things that makes ClickFix so challenging to detect in the first place is that it is spawned from Explorer.exe via the run dialog, or directly from a terminal, whereas with FileFix, the payload is executed by the web browser used by the victim, which is far more likely to stand out in an investigation or to a security product,” Acronis said.

“The adversary behind this attack demonstrated significant investment in tradecraft, carefully engineering the phishing infrastructure, payload delivery and supporting elements to maximize both evasion and impact.”

The disclosure comes as Doppel detailed another campaign that has been observed using a combination of fake support portals, Cloudflare CAPTCHA error pages, and clipboard hijacking — i.e., ClickFix — to socially engineer victims into running malicious PowerShell code that downloads and runs an AutoHotkey (AHK) script.

The script is designed to profile the compromised host and deliver additional payloads, including AnyDesk, TeamViewer, information stealers, and clipper malware.

The cybersecurity company said it also observed other variants of the activity where victims are guided to run an MSHTA command pointing to a lookalike Google domain (“wl.google-587262[.]com”), which then retrieves and executes a remote malicious script.

“AHK is a Windows-based scripting language originally designed for automating repetitive tasks like keystrokes and mouse clicks,” Doppel security researcher Aarsh Jawa noted.

“While it’s long been popular among power users and system admins for its simplicity and flexibility, threat actors began weaponizing AHK around 2019 to create lightweight malware droppers and info-stealers. These malicious scripts often masquerade as benign automation tools or support utilities.”