Tag: Cyber Threats

A new artificial intelligence (AI)-powered penetration testing tool linked to a China-based company has attracted nearly 11,000 downloads on the Python Package Index (PyPI) repository, raising concerns that it could be repurposed by cybercriminals for malicious purposes.

Dubbed Villager, the framework is assessed to be the work of Cyberspike, which has positioned the tools as a red teaming solution to automate testing workflows. The package was first uploaded to PyPI in late July 2025 by a user named stupidfish001, a former capture the flag (CTF) player for the Chinese HSCSEC team.

“The rapid, public availability and automation capabilities create a realistic risk that Villager will follow the Cobalt Strike trajectory: commercially or legitimately developed tooling becoming widely adopted by threat actors for malicious campaigns,” Straiker researchers Dan Regalado and Amanda Rousseau said in a report shared with The Hacker News.

The emergence of Villager comes shortly after Check Point revealed that threat actors are attempting to leverage another nascent AI-assisted offensive security tool called HexStrike AI to exploit recently disclosed security flaws.

With the advent of generative AI (aka GenAI) models, threat actors have capitalized on the technology for social engineering, technical, and information operations in ways that have likely contributed to increased speed, access to expertise, and scalability.

One key advantage to relying on such tools is that they lower the barrier to exploitation, and cut short the amount of time and effort required to pull off such attacks. What once required highly skilled operators and weeks of manual development can be automated using AI, offering bad actors assistance with crafting exploits, payload delivery, and even infrastructure setup.

“Exploitation can be parallelized at scale, with agents scanning thousands of IPs simultaneously,” Check Point noted recently. “Decision-making becomes adaptive; failed exploit attempts can be automatically retried with variations until successful, increasing the overall exploitation yield.”

The fact that Villager is available as an off-the-shelf Python package means it offers attackers an easy way to integrate the tool into their workflows, Straiker noted, describing it as a “concerning evolution in AI-driven attack tooling.”

Cyberspike first appeared in November 2023, when the domain “cyberspike[.]top” was registered under Changchun Anshanyuan Technology Co., Ltd., an AI company supposedly based in China. That said, the only source of information about what the company does comes from a Chinese talent services platform called Liepin, raising questions about who is behind it.

Snapshots of the domain captured on the Internet Archive reveal that the tool is marketed as a network attack simulation and post-penetration test tool to help organizations evaluate and strengthen their cybersecurity posture.

Once installed, Cyberspike has been found to incorporate plugins that are components of a remote access tool (RAT), enabling invasive victim surveillance and control using remote desktop access, Discord account compromise, keystroke logging, webcam hijacking, and other monitoring functions. Further analysis has uncovered similarities with a known RAT called AsyncRAT.

“Cyberspike integrated AsyncRAT into its red teaming product, with additional plugins to well-known hacktools like Mimikatz as well,” Straiker said. “These integrations demonstrate how Cyberspike repackaged established hacktools and offensive tools into a turnkey framework designed for penetration testing and probably malicious operations.”

Villager appears to be the latest offering from Cyberspike. Operating as a Model Context Protocol (MCP) client, it integrates with Kali Linux toolsets, LangChain, and DeepSeek’s AI models to automate testing workflows, handle browser-based interactions, and issue commands in natural language that can then be converted into their technical equivalents.

Besides leveraging a database of 4,201 AI system prompts to generate exploits and make real-time decisions in penetration testing, the AI-native penetration testing framework automatically creates isolated Kali Linux containers for network scanning, vulnerability assessment, and penetration testing, and destroys them after a period of 24 hours, effectively covering up traces of the activity.

“The ephemeral nature of these containers, combined with randomized SSH ports, makes AI-powered attack containers difficult to detect, complicating forensic analysis and threat attribution,” the researchers noted.

Command-and-control (C2) is accomplished by means of a FastAPI interface that processes incoming tasks, while the Python-based Pydantic AI agent platform is used to standardize outputs.

“Villager reduces skill and time required to run sophisticated offensive toolchains, enabling less-skilled actors to perform more advanced intrusions,” the researchers said. “Its task-based architecture, where AI dynamically orchestrates tools based on objectives rather than following rigid attack patterns, marks a fundamental shift in how cyber attacks are conducted.”

Increased frequency and speed of automated reconnaissance, exploitation attempts, and follow-on activity could raise detection and response burdens across the enterprise.”

“Its task-based architecture, where AI dynamically orchestrates tools based on objectives rather than following rigid attack patterns, marks a fundamental shift in how cyber attacks are conducted.”

Chinese-speaking users are the target of a search engine optimization (SEO) poisoning campaign that uses fake software sites to distribute malware.

“The attackers manipulated search rankings with SEO plugins and registered lookalike domains that closely mimicked legitimate software sites,” Fortinet FortiGuard Labs researcher Pei Han Liao said. “By using convincing language and small character substitutions, they tricked victims into visiting spoofed pages and downloading malware.”

The activity, which was discovered by the cybersecurity company in August 2025, leads to the deployment of malware families like HiddenGh0st and Winos (aka ValleyRAT), both of which are variants of a remote access trojan called Gh0st RAT.

It’s worth noting that the use of Winos has been attributed to a cybercrime group known as Silver Fox, which is also tracked as SwimSnake, The Great Thief of Valley (or Valley Thief), UTG-Q-1000, and Void Arachne. It’s believed to be active at least since 2022.

In the latest attack chain documented by Fortinet, users searching for tools like DeepL Translate, Google Chrome, Signal, Telegram, WhatsApp, and WPS Office on Google are redirected to bogus sites to trigger the delivery of the malware using trojanized installers.

“A script named nice.js controls the malware delivery process on these sites,” Fortinet explained. “The script follows a multi-step chain: it first calls a download link that returns JSON data, which includes a secondary link. That secondary link then points to another JSON response containing a link that redirects to the final URL of the malicious installer.”

Present within the installer is a malicious DLL (“EnumW.dll”) that carries out several anti-analysis checks to sidestep detection, including extracting another DLL (“vstdlib.dll”) to overwhelm analysis tools by inflating memory usage and slowing their performance.

The second DLL is also engineered to unpack and launch the main payload, but not before ascertaining the presence of 360 Total Security antivirus software on the compromised host. If present, the malware uses a technique called TypeLib COM hijacking to set up persistence and ultimately launch a Windows executable (“insalivation.exe”)

In the event the antivirus software is not installed on the host, persistence is achieved by creating a Windows shortcut that points to the same executable. The end goal of the infection is to sideload a DLL (“AIDE.dll”) that initiates three core functions –

• Command-and-Control (C2), to establish communication with a remote server and exchange data in an encrypted format
• Heartbeat, to collect system and victim data and enumerate running processes against a hard-coded list of security products
• Monitor, to evaluate the victim’s environment to confirm persistence, track user activity, and beacon to the C2 server

The C2 module also supports commands to download additional plugins, log keystrokes and clipboard data, and even hijack cryptocurrency wallets associated with Ethereum and Tether. Some of the identified plugins are capable of keeping tabs on the victim’s screen and have been previously identified as part of the Winos framework.

“The installers contained both the legitimate application and the malicious payload, making it difficult for users to notice the infection,” Fortinet said. “Even highly ranked search results were weaponized in this way, underscoring the importance of carefully inspecting domain names before downloading software.”

Chinese Speakers Targeted by Malware Trifecta, Including New kkRAT

The development comes as Zscaler ThreatLabz flagged a separate campaign, also targeting Chinese-speaking users, with a previously undocumented malware called kkRAT since early May 2025, along with Winos and FatalRAT.

kkRAT “shares code similarities with both Gh0st RAT and Big Bad Wolf (大灰狼), a RAT typically leveraged by China-based cybercriminals,” Zscaler researcher Muhammed Irfan V A said.

Like the aforementioned activity, the attack campaign uses fake installer pages mimicking popular software like DingTalk to deliver the three trojans. The phishing sites are hosted on GitHub pages, allowing the bad actors to abuse the trust associated with a legitimate platform for malware distribution. The GitHub account used to deploy the pages is no longer available.

Once launched by the victim, the installer hosted on the sites runs a series of checks to identify sandbox environments and virtual machines (VMs), as well as bypass security software. It also requests for administrator privileges, which, if granted, enables it to enumerate and temporarily disable all active network adapters, effectively interfering with the regular functioning of antivirus programs.

Another notable aspect of the malware is its use of the Bring Your Own Vulnerable Driver (BYOVD) technique to disarm antivirus software installed on the host by reusing code from the RealBlindingEDR open-source project. The malware specifically searches for the following five programs –

• 360 Internet Security suite
• 360 Total Security
• HeroBravo System Diagnostics suite
• Kingsoft Internet Security
• QQ电脑管家

Once the relevant antivirus-related processes have been terminated, the malware takes steps to create a scheduled task that’s run with SYSTEM privileges to execute a batch script to ensure that they are automatically killed every time after a user logs in to the machine.

Furthermore, it modifies Windows Registry entries for 360 Total Security with the likely goal of disabling network checks. After all these actions are carried out, the malware proceeds to re-enable network adapters to restore the system’s network connectivity.

The primary responsibility of the installer is to launch shellcode, which, in turn, launches another obfuscated shellcode file named “2025.bin” from a hard-coded URL. This newly retrieved shellcode serves as a downloader for an artifact (“output.log”) that subsequently reaches out to two different URLs to fetch two ZIP archives –

• trx38.zip, containing a legitimate executable file and a malicious DLL that’s launched using DLL side-loading
• p.zip, containing a file named longlq.cl, which holds the encrypted final payload

“The malware then will create a shortcut for the legitimate executable extracted from trx38.zip, add this shortcut to the startup folder for persistence, and execute the legitimate executable to sideload the malicious DLL,” Zscaler said. “The malicious DLL decrypts and executes the final payload from the file longlq.cl. The final payload of the campaign varies based on the second ZIP archive that is downloaded.”

Attack chain for a malware campaign delivering several RATs

One of the three payloads is kkRAT. After establishing a socket connection with the C2 server, the malware profiles the victim machine and obtains various plugins to perform a wide range of data gathering tasks –

• Screen capturing and simulating user inputs such as keyboard and mouse actions
• Retrieving and modifying clipboard data
• Enabling remote desktop features, such as launching web browsers and terminating active processes
• Facilitating remote command execution via a shell interface
• Enabling Windows management on the screen
• Proving process management features, such as listing active processes and terminating them as and when required
• Generating a list of active network connections
• Providing application management features, such as listing installed software and uninstalling specific ones
• Enumerating and retrieving the list of values stored in the autorun Registry key
• Acting as a proxy to route data between a client and server using the SOCKS5 protocol

In addition to these plugins, kkRAT offers support for a long list of commands to invoke the plugins; function as a clipper by replacing cryptocurrency wallet addresses copied to the clipboard; set up persistence; deploy GotoHTTP and Sunlogin; and clear data associated with 360 Speed Browser, Google Chrome, Internet Explorer, Mozilla Firefox, QQ Browser, Sogou Explorer, Skye, Telegram.

“kkRAT’s commands and plugins enable features such as clipboard hijacking to replace cryptocurrency wallet addresses, installing RMM tools like Sunlogin and GotoHTTP, and relaying network traffic that can be used to bypass firewalls and VPNs,” Zscaler said.

The U.S. Federal Bureau of Investigation (FBI) has issued a flash alert to release indicators of compromise (IoCs) associated with two cybercriminal groups tracked as UNC6040 and UNC6395 for a string of data theft and extortion attacks.

“Both groups have recently been observed targeting organizations’ Salesforce platforms via different initial access mechanisms,” the FBI said.

UNC6395 is a threat group that has been attributed a widespread data theft campaign targeting Salesforce instances in August 2025 by exploiting compromised OAuth tokens for the Salesloft Drift application. In an update issued this week, Salesloft said the attack was made possible due to the breach of its GitHub account from March through June 2025.

As a result of the breach, Salesloft has isolated the Drift infrastructure and taken the artificial intelligence (AI) chatbot application offline. The company also said it’s in the process of implementing new multi-factor authentication processes and GitHub hardening measures.

“We are focused on the ongoing hardening of the Drift Application environment,” the company said. “This process includes rotating credentials, temporarily disabling certain parts of the Drift application and strengthening security configurations.” “At this time, we are advising all Drift customers to treat any and all Drift integrations and related data as potentially compromised.”

The second group the FBI has called attention to is UNC6040. Assessed to be active since October 2024, UNC6040 is the name assigned by Google to a financially motivated threat cluster that has engaged in vishing campaigns to obtain initial access and hijack Salesforce instances for large-scale data theft and extortion.

These attacks have involved the use of a modified version of Salesforce’s Data Loader application and custom Python scripts to breach victims’ Salesforce portals and exfiltrate valuable data. At least some of the incidents have involved extortion activities following UNC6040 intrusions, with them taking place months after the initial data theft.

“UNC6040 threat actors have utilized phishing panels, directing victims to visit from their mobile phones or work computers during the social engineering calls,” the FBI said. “After obtaining access, UNC6040 threat actors have then used API queries to exfiltrate large volumes of data in bulk.”

The extortion phase has been attributed by Google to another uncategorized cluster tracked as UNC6240, which has consistently claimed to be the ShinyHunters group in emails and calls to employees of victim organizations.

“In addition, we believe threat actors using the ‘ShinyHunters’ brand may be preparing to escalate their extortion tactics by launching a data leak site (DLS),” Google noted last month. “These new tactics are likely intended to increase pressure on victims, including those associated with the recent UNC6040 Salesforce-related data breaches.”

Since then, there have been a flurry of developments, the most notable being the teaming up of ShinyHunters, Scattered Spider, and LAPSUS$ to consolidate and unify their criminal efforts. Then on September 12, 2025, the group claimed on their Telegram channel “scattered LAPSUS$ hunters 4.0” that they are shutting down.

“We LAPSUS$, Trihash, Yurosh, Yaxsh, WyTroZz, N3z0x, Nitroz, TOXIQUEROOT, Prosox, Pertinax, Kurosh, Clown, IntelBroker, Scattered Spider, Yukari and among many others, have decided to go dark,” the group said. “Our objectives having been fulfilled, it is now time to say goodbye.”

It’s currently not clear what prompted the group to hang up their boots, but it’s possible that the move is an attempt to lay low and avoid further law enforcement attention.

“The newly formed scattered LAPSUS$ hunters 4.0 group said it’s hanging up the boots and ‘go dark’ after it alleged that French law enforcement arrested another wrong person in connection with the cybercrime group,” Sam Rubin, senior vice president of Unit 42 Consulting and Threat Intelligence, told The Hacker News. “These declarations rarely signal a true retirement.”

“Recent arrests may have prompted the group to lay low, but history tells us this is often temporary. Groups like this splinter, rebrand, and resurface – much like ShinyHunters. Even if public operations pause, the risks remain: stolen data can resurface, undetected backdoors may persist, and actors may re-emerge under new names. Silence from a threat group does not equal safety. Organizations must stay vigilant and operate under the assumption that the threat has not disappeared, only adapted.”

Sep 12, 2025Ravie Lakshmanan

Apple has notified users in France of a spyware campaign targeting their devices, according to the Computer Emergency Response Team of France (CERT-FR).

The agency said the alerts were sent out on September 3, 2025, making it the fourth time this year that Apple has notified citizens in the county that at least one of the devices linked to their iCloud accounts may have been compromised as part of highly-targeted attacks.

The agency did not share further details on what triggered these alerts. Previous threat notifications were sent on March 5, April 29, and June 25. Apple has been sending these notices since November 2021.

“These complex attacks target individuals for their status or function: journalists, lawyers, activists, politicians, senior officials, members of steering committees of strategic sectors, etc,” CERT-FR said.

The development comes less than a month after it emerged that a security flaw in WhatsApp (CVE-2025-55177, CVSS score: 5.4) was chained with an Apple iOS bug (CVE-2025-43300, CVSS score: 8.8) as part of zero-click attacks.

WhatsApp subsequently told The Hacker News that it had sent in-app threat notifications to less than 200 users who may have been targeted as part of the campaign. It’s not known who, and which commercial spyware vendor, is behind the activity.

The disclosure comes as Apple has introduced a security feature in the latest iPhone models called Memory Integrity Enforcement (MIE) to combat memory corruption vulnerabilities and make it harder for surveillance vendors, who typically rely on such zero-days for planting spyware on a target’s phone.

In a report published this week, the Atlantic Council said the number of United States investors in spyware and surveillance technologies jumped from 11 in 2023 to 31 last year, surpassing other major investing countries such as Israel, Italy, and the United Kingdom.

Altogether, the study has flagged two holding companies, 55 individuals, 34 investors, eighteen partners, seven subsidiaries, 10 suppliers, and four vendors that established themselves in the last year in the spyware marketplace. This includes new spyware entities in Japan, Malaysia, and Panama, as well as vendors like Israel’s Bindecy and Italy’s SIO.

“The quantity of U.S.-based entities investing in the spyware market is three times greater than in the next three highest countries with the most investors,” the report said, adding “56% of investors are incorporated in Israel, the United States, Italy, and the United Kingdom.”

“Tesellers and brokers now are key actors in the spyware market – comprising more sample market share than previously demonstrated – and oftentimes are under-observed and not readily addressed in current policy deliberations.”

Sep 12, 2025Ravie LakshmananVulnerability / Mobile Security

Samsung has released its monthly security updates for Android, including a fix for a security vulnerability that it said has been exploited in zero-day attacks.

The vulnerability, CVE-2025-21043 (CVSS score: 8.8), concerns an out-of-bounds write that could result in arbitrary code execution.

“Out-of-bounds Write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote attackers to execute arbitrary code,” Samsung said in an advisory. “The patch fixed the incorrect implementation.”

According to a 2020 report from Google Project Zero, libimagecodec.quram.so is a closed-source image parsing library developed by Quramsoft that implements support for various image formats.

The critical-rated issue, per the South Korean electronics giant, affects Android versions 13, 14, 15, and 16. The vulnerability was privately disclosed to the company on August 13, 2025.

Samsung did not share any specifics on how the vulnerability is being exploited in attacks and who may be behind these efforts. However, it acknowledged that “an exploit for this issue has existed in the wild.”

The development comes shortly after Google said it resolved two security flaws in Android (CVE-2025-38352 and CVE-2025-48543) that it said have been exploited in targeted attacks.

Sep 12, 2025Ravie LakshmananVulnerability / Cyber Espionage

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting Dassault Systèmes DELMIA Apriso Manufacturing Operations Management (MOM) software to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.

The vulnerability, tracked as CVE-2025-5086, carries a CVSS score of 9.0 out of 10.0. According to Dassault, the issue impacts versions from Release 2020 through Release 2025.

“Dassault Systèmes DELMIA Apriso contains a deserialization of untrusted data vulnerability that could lead to a remote code execution,” the agency said in an advisory.

The addition of CVE-2025-5086 to the KEV catalog comes after the SANS Internet Storm Center reported seeing exploitation attempts targeting the flaw that originate from the IP address 156.244.33[.]162, which geolocates to Mexico.

The attacks involve sending an HTTP request to the “/apriso/WebServices/FlexNetOperationsService.svc/Invoke” endpoint with a Base64-encoded payload that decodes to a GZIP-compressed Windows executable (“fwitxz01.dll“), Johannes B. Ullrich, the dean of research at the SANS Technology Institute, said.

Kaspersky has flagged the DLL as “Trojan.MSIL.Zapchast.gen,” which the company describes as a malicious program designed to electronically spy on a user’s activities, including capturing keyboard input, taking screenshots, and gathering a list of active applications, among others.

“The collected information is sent to the cybercriminal by various means, including email, FTP, and HTTP (by sending data in a request),” the Russian cybersecurity vendor added.

Zapchast variants, according to Bitdefender and Trend Micro, have been distributed via phishing emails bearing malicious attachments for over a decade. It’s currently not clear if “Trojan.MSIL.Zapchast.gen” is an improved version of the same malware.

In light of active exploitation, Federal Civilian Executive Branch (FCEB) agencies are advised to apply the necessary updates by October 2, 2025, to secure their networks.

Cybersecurity researchers have discovered a new ransomware strain dubbed HybridPetya that resembles the notorious Petya/NotPetya malware, while also incorporating the ability to bypass the Secure Boot mechanism in Unified Extensible Firmware Interface (UEFI) systems using a now-patched vulnerability disclosed earlier this year.

Slovakian cybersecurity company ESET said the samples were uploaded to the VirusTotal platform in February 2025.

“HybridPetya encrypts the Master File Table, which contains important metadata about all the files on NTFS-formatted partitions,” security researcher Martin Smolár said. “Unlike the original Petya/NotPetya, HybridPetya can compromise modern UEFI-based systems by installing a malicious EFI application onto the EFI System Partition.”

In other words, the deployed UEFI application is the central component that takes care of encrypting the Master File Table (MFT) file, which contains metadata related to all the files on the NTFS-formatted partition.

HybridPetya comes with two main components: a bootkit and an installer, with the former appearing in two distinct versions. The bootkit, which is deployed by the installer, is chiefly responsible for loading its configuration and checking its encryption status. It can have three different values –

• 0 – ready for encryption
• 1 – already encrypted, and
• 2 – ransom paid, disk decrypted

Should the value be set to 0, it proceeds to set the flag to 1 and encrypts the EFIMicrosoftBootverify file with the Salsa20 encryption algorithm using the key and nonce specified in the configuration. It also creates a file called “EFIMicrosoftBootcounter” on the EFI System Partition prior to launching the disk encryption process of all NTFS-formatted partitions. The file is used to keep track of the already encrypted disk clusters.

Furthermore, the bootkit updates the fake CHKDSK message displayed on the victim’s screen with information about the current encryption status, while the victim is deceived into thinking that the system is repairing disk errors.

If the bootkit detects that the disk is already encrypted (i.e., the flag is set to 1), it serves a ransom note to the victim, demanding them to send $1,000 in Bitcoin to the specified wallet address (34UNkKSGZZvf5AYbjkUa2yYYzw89ZLWxu2). The wallet is currently empty, although it has received $183.32 between February and May 2025.

It’s worth noting that bootloader changes initiated by the installer during the deployment of the UEFI bootkit component triggers a system crash (aka Blue Screen of Death or BSoD) and ensures that the bootkit binary is executed once the device is turned on.

Select variants of HybridPetya, ESET added, have been found to exploit CVE‑2024‑7344 (CVSS score: 6.7), a remote code execution vulnerability in the Howyar Reloader UEFI application (“reloader.efi”, renamed in the artifact as “EFIMicrosoftBootbootmgfw.efi”) that could result in a Secure Boot bypass.

The variant also packs in a specially crafted file named “cloak.dat,” which is loadable through reloader.efi and contains the XORed bootkit binary. Microsoft has since revoked the old, vulnerable binary as part of its Patch Tuesday update for January 2025 update.

“When the reloader.efi binary (deployed as bootmgfw.efi) is executed during boot, it searches for the presence of the cloak.dat file on the EFI System Partition, and loads the embedded UEFI application from the file in a very unsafe way, completely ignoring any integrity checks, thus bypassing UEFI Secure Boot,” ESET said.

Another aspect where HybridPetya and NotPetya differ is that, unlike the latter’s destructive capabilities, the newly identified artifact allows the threat actors to reconstruct the decryption key from the victim’s personal installation keys.

Telemetry data from ESET indicates no evidence of HybridPetya being used in the wild. The cybersecurity company also pointed out the recent discovery of a UEFI Petya Proof-of-Concept (PoC) by security researcher Aleksandra “Hasherezade” Doniec, adding it’s possible there could be “some relationship between the two cases.” However, it doesn’t rule out the possibility that HybridPetya may also be a PoC.

“HybridPetya is now at least the fourth publicly known example of a real or proof-of-concept UEFI bootkit with UEFI Secure Boot bypass functionality, joining BlackLotus (exploiting CVE‑2022‑21894), BootKitty (exploiting LogoFail), and the Hyper-V Backdoor PoC (exploiting CVE‑2020‑26200),” ESET said.

“This shows that Secure Boot bypasses are not just possible – they’re becoming more common and attractive to both researchers and attackers.”

The security landscape for cloud-native applications is undergoing a profound transformation. Containers, Kubernetes, and serverless technologies are now the default for modern enterprises, accelerating delivery but also expanding the attack surface in ways traditional security models can’t keep up with.

As adoption grows, so does complexity. Security teams are asked to monitor sprawling hybrid environments, sift through thousands of alerts, and protect dynamic applications that evolve multiple times per day. The question isn’t just how to detect risks earlier — it’s how to prioritize and respond to what really matters in real time.

That’s where cloud-native application protection platforms (CNAPPs) come into play. These platforms consolidate visibility, compliance, detection, and response into a unified system. But in 2025, one capability is proving indispensable: runtime visibility.

The New Center of Gravity: Runtime

For years, cloud security has leaned heavily on preventative controls like code scanning, configuration checks, and compliance enforcement. While essential, these measures provide only part of the picture. They identify theoretical risks, but not whether those risks are active and exploitable in production.

Runtime visibility fills that gap. By observing what workloads are actually running — and how they behave — security teams gain the highest fidelity signal for prioritizing threats. Runtime context answers critical questions:

• Is this vulnerability reachable in a live workload?
• Is this misconfiguration creating a real attack path?
• Is this workload being exploited right now?

Without runtime, organizations risk chasing false positives while attackers exploit real weaknesses. With runtime, teams can focus on fixing the issues that matter most, reducing both noise and exposure.

From Prevention to Prioritization

Partnerships and integrations play a key role here. For example, Sysdig’s collaboration with Semgrep enables organizations to connect runtime vulnerabilities to their originating source code, reducing the back-and-forth between teams and streamlining remediation.

Why Consolidation Is Inevitable

Enterprises have long relied on best-of-breed security tools. But in the cloud, fragmentation becomes a liability. Multiple point products generate duplicate findings, lack shared context, and increase operational overhead.

CNAPP represents the next stage of consolidation. By unifying vulnerability management, posture assessment, threat detection, and incident response into a single platform, organizations can:

• Eliminate silos.
• Reduce tool sprawl.
• Gain a single source of truth for cloud risk.

And most importantly, they can tie everything back to runtime, ensuring that real-world threats are never lost in the noise.

Preparing for What’s Next

The rise of containers and cloud-native applications shows no sign of slowing. In fact, by the end of the decade, containers are expected to power half of all enterprise applications. With this growth comes pressure for security teams to adopt strategies that scale, simplify, and automate.

The future of cloud security will be defined by three priorities:

1. Runtime-powered visibility to cut through noise and focus on real risk.
2. AI-driven assistance to help teams triage, prioritize, and respond at machine speed.
3. Unified platforms that consolidate fragmented tools into a single, contextual view of cloud risk.

Enterprises that embrace this model will be positioned to move faster, reduce exposure, and stay ahead of attackers. Those who cling to disconnected tools and reactive processes will find themselves increasingly outpaced.

Secure What Matters, When It Matters

The cloud has redefined how businesses build and run applications. It’s now redefining how they must secure them. Runtime visibility, AI-driven prioritization, and unified platforms are no longer optional — they’re essential.

At Sysdig, we believe the future of cloud security is rooted in real-time context and collaboration. By focusing on what’s actively happening in production, organizations can align security and development, reduce false positives, and respond to threats with confidence.

The message is clear: stop chasing every alert and start focusing on what matters most.

To explore these trends in greater depth, download the full 2025 Gartner® Market Guide for Cloud-Native Application Protection Platforms.

A security weakness has been disclosed in the artificial intelligence (AI)-powered code editor Cursor that could trigger code execution when a maliciously crafted repository is opened using the program.

The issue stems from the fact that an out-of-the-box security setting is disabled by default, opening the door for attackers to run arbitrary code on users’ computers with their privileges.

“Cursor ships with Workspace Trust disabled by default, so VS Code-style tasks configured with runOptions.runOn: ‘folderOpen’ auto-execute the moment a developer browses a project,” Oasis Security said in an analysis. “A malicious .vscode/tasks.json turns a casual ‘open folder’ into silent code execution in the user’s context.”

Cursor is an AI-powered fork of Visual Studio Code, which supports a feature called Workspace Trust to allow developers to safely browse and edit code regardless of where it came from or who wrote it.

With this option disabled, an attacker can make available a project in GitHub (or any platform) and include a hidden “autorun” instruction that instructs the IDE to execute a task as soon as a folder is opened, causing malicious code to be executed when the victim attempts to browse the booby-trapped repository in Cursor.

“This has the potential to leak sensitive credentials, modify files, or serve as a vector for broader system compromise, placing Cursor users at significant risk from supply chain attacks,” Oasis Security researcher Erez Schwartz said.

To counter this threat, users are advised to enable Workplace Trust in Cursor, open untrusted repositories in a different code editor, and audit them before opening them in the tool.

The development comes as prompt injections and jailbreaks have emerged as a stealthy and systemic threat plaguing AI-powered coding and reasoning agents like Claude Code, Cline, K2 Think, and Windsurf, allowing threat actors to embed malicious instructions in sneaky ways to trick the systems into performing malicious actions or leaking data from software development environments.

Software supply chain security outfit Checkmarx, in a report last week, revealed how Anthropic’s newly introduced automated security reviews in Claude Code could inadvertently expose projects to security risks, including instructing it to ignore vulnerable code through prompt injections, causing developers to push malicious or insecure code past security reviews.

“In this case, a carefully written comment can convince Claude that even plainly dangerous code is completely safe,” the company said. “The end result: a developer – whether malicious or just trying to shut Claude up – can easily trick Claude into thinking a vulnerability is safe.”

Another problem is that the AI inspection process also generates and executes test cases, which could lead to a scenario where malicious code is run against production databases if Claude Code isn’t properly sandboxed.

The AI company, which also recently launched a new file creation and editing feature in Claude, has warned that the feature carries prompt injection risks due to it running in a “sandboxed computing environment with limited internet access.”

Specifically, it’s possible for a bad actor to “inconspicuously” add instructions via external files or websites – aka indirect prompt injection – that trick the chatbot into downloading and running untrusted code or reading sensitive data from a knowledge source connected via the Model Context Protocol (MCP).

“This means Claude can be tricked into sending information from its context (e.g., prompts, projects, data via MCP, Google integrations) to malicious third parties,” Anthropic said. “To mitigate these risks, we recommend you monitor Claude while using the feature and stop it if you see it using or accessing data unexpectedly.”

“New forms of prompt injection attacks are also constantly being developed by malicious actors,” it added. “By uncovering real-world examples of unsafe behavior and new attack patterns that aren’t present in controlled tests, we’ll teach our models to recognize the attacks and account for the related behaviors, and ensure that safety classifiers will pick up anything that the model itself misses.”

At the same time, these tools have also been found susceptible to traditional security vulnerabilities, broadening the attack surface with potential real-world impact –

• A WebSocket authentication bypass in Claude Code IDE extensions (CVE-2025-52882, CVSS score: 8.8) that could have allowed an attacker to connect to a victim’s unauthenticated local WebSocket server simply by luring them to visit a website under their control, enabling remote command execution
• An SQL injection vulnerability in the Postgres MCP server that could have allowed an attacker to bypass the read-only restriction and execute arbitrary SQL statements
• A path traversal vulnerability in Microsoft NLWeb that could have allowed a remote attacker to read sensitive files, including system configurations (“/etc/passwd”) and cloud credentials (.env files), using a specially crafted URL
• An incorrect authorization vulnerability in Lovable (CVE-2025-48757, CVSS score: 9.3) that could have allowed remote unauthenticated attackers to read or write to arbitrary database tables of generated sites
• Open redirect, stored cross-site scripting (XSS), and sensitive data leakage vulnerabilities in Base44 that could have allowed attackers to access the victim’s apps and development workspace, harvest API keys, inject malicious logic into user-generated applications, and exfiltrate data
• A vulnerability in Ollama Desktop arising as a result of incomplete cross-origin controls that could have allowed an attacker to stage a drive-by attack, where visiting a malicious website can reconfigure the application’s settings to intercept chats and even alter responses using poisoned models

“As AI-driven development accelerates, the most pressing threats are often not exotic AI attacks but failures in classical security controls,” Imperva said. “To protect the growing ecosystem of ‘vibe coding’ platforms, security must be treated as a foundation, not an afterthought.”

U.S. Senator Ron Wyden has called on the Federal Trade Commission (FTC) to probe Microsoft and hold it responsible for what he called “gross cybersecurity negligence” that enabled ransomware attacks on U.S. critical infrastructure, including against healthcare networks.

“Without timely action, Microsoft’s culture of negligent cybersecurity, combined with its de facto monopolization of the enterprise operating system market, poses a serious national security threat and makes additional hacks inevitable,” Wyden wrote in a four-page letter to FTC Chairman Andrew Ferguson, likening Redmond to an “arsonist selling firefighting services to their victims.”

The development comes after Wyden’s office obtained new information from healthcare system Ascension, which suffered a crippling ransomware attack last year, resulting in the theft of personal and medical information associated with nearly 5.6 million individuals.

The ransomware attack, which also disrupted access to electronic health records, was attributed to a ransomware group known as Black Basta. According to the U.S. Department of Health and Human Services, the breach has been ranked as the third-largest healthcare-related incident over the past year.

According to the senator’s office, the breach occurred when a contractor clicked on a malicious link after conducting a web search on Microsoft’s Bing search engine, causing their system to be infected with malware. Subsequently, the attackers leveraged “dangerously insecure default settings” on Microsoft software to obtain elevated access to the most sensitive parts of Ascension’s network.

This involved the use of a technique called Kerberoasting that targets the Kerberos authentication protocol to extract encrypted service account credentials from Active Directory.

Kerberoasting “exploits an insecure encryption technology from the 1980s known as ‘RC4’ that is still supported by Microsoft software in its default configuration,” Wyden’s office said, adding it urged Microsoft to warn customers about the threat posed by the threat on July 29, 2024.

RC4, short for Rivest Cipher 4, is a stream cipher that was first developed in 1987. Originally intended to be a trade secret, it was leaked in a public forum in 1994. As of 2015, the Engineering Task Force (ETF) has prohibited the use of RC4 in TLS, citing a “variety of cryptographic weaknesses” that allow plaintext recovery.

Eventually, Microsoft did publish an alert in October 2024 outlining the steps users can take to stay protected, in addition to stating its plans to deprecate support for RC4 as a future update to Windows 11 24H2 and Windows Server 2025 –

Microsoft, which removed support for the Data Encryption Standard (DES) in Kerberos for Windows Server 2025 and Windows 11, version 24H2 earlier this February, said it has also introduced security improvements in Server 2025 that prevent the Kerberos Distribution Center from issuing Ticket Granting Tickets using RC4 encryption, such as RC4-HMAC(NT).

Some of Microsoft’s recommended mitigations to harden environments against Kerberoasting include –

• Using Group Managed Service Accounts (gMSA) or Delegated Managed Service Accounts (dMSA) wherever possible
• Securing service accounts by setting randomly generated, long passwords that are at least 14 characters long
• Making sure all service accounts are configured to use AES (128 and 256 bit) for Kerberos service ticket encryption
• Auditing user accounts with Service Principal Names (SPNs)

However, Wyden wrote that Microsoft’s software does not enforce a 14-character password length for privileged accounts, and that the company’s continued support for the insecure RC4 encryption technology “needlessly exposes” its customers to ransomware and other cyber threats by allowing attackers to crack the passwords of privileged accounts.

The Hacker News has reached out to Microsoft for comment, and we will update the story if we hear back. This is not the first time the Windows maker has been blasted for its cybersecurity practices.

In a report released last year, U.S. Cyber Safety Review Board (CSRB) lambasted the company for a series of avoidable errors that could have prevented Chinese threat actors known as Storm-0558 from compromising the Microsoft Exchange Online mailboxes of 22 organizations and over 500 individuals around the world.

“Ultimately, Microsoft’s abysmal cybersecurity track record has had no impact on its lucrative federal contracts thanks to its dominant market position and inaction by government agencies in the face of the company’s string of security failures,” Wyden’s office argued.

“The letter underscores a long-standing tension in enterprise cybersecurity, the balance between legacy system support and secure-by-default design,” Ensar Seker, CISO at SOCRadar, said. “It’s about systemic risk inherited from default configurations and the architectural complexity of widely adopted software ecosystems like Microsoft’s. When a single vendor becomes foundational to national infrastructure, their security design decisions, or lack thereof, can have cascading consequences.”

“Ultimately, this isn’t about blaming one company. It’s about recognizing that national security is now tightly coupled with the configuration defaults of dominant IT platforms. Enterprises and public sector agencies alike need to demand more secure-by-design defaults and be ready to adapt when they’re offered.”