Tag: Cyber Threats

Jul 16, 2025Ravie LakshmananBrowser Security / Zero-Day

Google on Tuesday rolled out fixes for six security issues in its Chrome web browser, including one that it said has been exploited in the wild.

The high-severity vulnerability in question is CVE-2025-6558 (CVSS score: 8.8), which has been described as an incorrect validation of untrusted input in the browser’s ANGLE and GPU components.

“Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page,” according to the description of the flaw from the NIST’s National Vulnerability Database (NVD).

ANGLE, short for “Almost Native Graphics Layer Engine,” acts as a translation layer between Chrome’s rendering engine and device-specific graphics drivers. Vulnerabilities in the module can let attackers escape Chrome’s sandbox by abusing low-level GPU operations that browsers usually keep isolated, making this a rare but powerful path to deeper system access.

For most users, a sandbox escape like this means that visiting a malicious site is sufficient to potentially break out of the browser’s security bubble and interact with the underlying system. This is especially critical in targeted attacks where just opening a webpage could trigger a silent compromise without requiring any download or click.

Clément Lecigne and Vlad Stolyarov of Google’s Threat Analysis Group (TAG) have been credited with discovering and reporting the zero-day vulnerability on June 23, 2025.

The exact nature of the attacks weaponizing the flaw has not been disclosed, but Google acknowledged that an “exploit for CVE-2025-6558 exists in the wild.” That said, the discovery by TAG alludes to the possibility of nation-state involvement.

The development comes about two weeks after Google addressed another actively exploited Chrome zero-day (CVE-2025-6554, CVSS score: 8.1), which was also reported by Lecigne on June 25, 2025.

Google has resolved a total of five zero-day vulnerabilities in Chrome that have been either actively exploited or demonstrated as a proof-of-concept (PoC) since the start of the year. This includes: CVE-2025-2783, CVE-2025-4664, CVE-2025-5419, and CVE-2025-6554.

To safeguard against potential threats, it’s advised to update their Chrome browser to versions 138.0.7204.157/.158 for Windows and Apple macOS, and 138.0.7204.157 for Linux. To make sure the latest updates are installed, users can navigate to More > Help > About Google Chrome, and select Relaunch.

Users of other Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.

Issues like this often fall under broader categories like GPU sandbox escapes, shader-related bugs, or WebGL vulnerabilities. While not always headline-grabbing, they tend to resurface in chained exploits or targeted attacks. If you follow Chrome security updates, it’s worth keeping an eye out for graphics driver flaws, privilege boundary bypasses, and memory corruption in rendering paths, as they often point to the next round of patch-worthy bugs.

Jul 16, 2025Ravie LakshmananAI Security / Vulnerability

Google on Tuesday revealed that its large language model (LLM)-assisted vulnerability discovery framework discovered a security flaw in the SQLite open-source database engine before it could have been exploited in the wild.

The vulnerability, tracked as CVE-2025-6965 (CVSS score: 7.2), is a memory corruption flaw affecting all versions prior to 3.50.2. It was discovered by Big Sleep, an artificial intelligence (AI) agent that was launched by Google last year as part of a collaboration between DeepMind and Google Project Zero.

“An attacker who can inject arbitrary SQL statements into an application might be able to cause an integer overflow resulting in read off the end of an array,” SQLite project maintainers said in an advisory.

The tech giant described CVE-2025-6965 as a critical security issue that was “known only to threat actors and was at risk of being exploited.” Google did not reveal who the threat actors were.

“Through the combination of threat intelligence and Big Sleep, Google was able to actually predict that a vulnerability was imminently going to be used and we were able to cut it off beforehand,” Kent Walker, President of Global Affairs at Google and Alphabet, said.

“We believe this is the first time an AI agent has been used to directly foil efforts to exploit a vulnerability in the wild.”

In October 2024, Big Sleep was behind the discovery of another flaw in SQLite, a stack buffer underflow vulnerability that could have been exploited to result in a crash or arbitrary code execution.

Coinciding with the development, Google has also published a white paper to build secure AI agents such that they have well-defined human controllers, their capabilities are carefully limited to avoid potential rogue actions and sensitive data disclosure, and their actions are observable and transparent.

“Traditional systems security approaches (such as restrictions on agent actions implemented through classical software) lack the contextual awareness needed for versatile agents and can overly restrict utility,” Google’s Santiago (Sal) Díaz, Christoph Kern, and Kara Olive said.

“Conversely, purely reasoning-based security (relying solely on the AI model’s judgment) is insufficient because current LLMs remain susceptible to manipulations like prompt injection and cannot yet offer sufficiently robust guarantees.”

To mitigate the key risks associated with agent security, the company said it has adopted a hybrid defense-in-depth approach that combines the strengths of both traditional, deterministic controls and dynamic, reasoning-based defenses.

The idea is to create robust boundaries around the agent’s operational environment so that the risk of harmful outcomes is significantly mitigated, specifically malicious actions carried out as a result of prompt injection.

“This defense-in-depth approach relies on enforced boundaries around the AI agent’s operational environment to prevent potential worst-case scenarios, acting as guardrails even if the agent’s internal reasoning process becomes compromised or misaligned by sophisticated attacks or unexpected inputs,” Google said.

“This multi-layered approach recognizes that neither purely rule-based systems nor purely AI-based judgment are sufficient on their own.”

Jul 15, 2025Ravie LakshmananBotnet / Network Security

Cloudflare on Tuesday said it mitigated 7.3 million distributed denial-of-service (DDoS) attacks in the second quarter of 2025, a significant drop from 20.5 million DDoS attacks it fended off the previous quarter.

“Overall, in Q2 2025, hyper-volumetric DDoS attacks skyrocketed,” Omer Yoachimik and Jorge Pacheco said. “Cloudflare blocked over 6,500 hyper-volumetric DDoS attacks, an average of 71 per day.”

In Q1 2025, the company said an 18-day sustained campaign against its own and other critical infrastructure protected by Cloudflare was responsible for 13.5 million of the attacks observed during the time period. Cumulatively, Cloudflare has blocked nearly 28 million DDoS attacks, surpassing the number of attacks it mitigated in all of 2024.

The notable of the attacks in Q2 2025 is a staggering DDoS attack that peaked at 7.3 terabits per second (Tbps) and 4.8 billion packets per second (Bpps) within a span of 45 seconds.

Big traffic spikes like these make headlines—but what often gets missed is how attackers are now combining them with smaller, targeted probes. Instead of just overwhelming systems with brute force, they’re mixing large-scale floods with quiet scans to find weak spots and slip past defenses built to block only the obvious.

Layer 3/Layer 4 (L3/4) DDoS attacks declined 81% quarter-over-quarter to 3.2 million, while HTTP DDoS attacks rose 9% to 4.1 million. More than 70% of the HTTP DDoS attacks emanated from known botnets. The most common L3/4 attack vectors were flood attacks conducted over DNS, TCP SYN, and UDP protocols.

Telecommunication service providers and carriers were among the most targeted, followed by the Internet, IT services, gaming, and gambling sectors.

China, Brazil, Germany, India, South Korea, Turkey, Hong Kong, Vietnam, Russia, and Azerbaijan emerged as the most attacked locations based on the billing country of the Cloudflare customers. Indonesia, Singapore, Hong Kong, Argentina, and Ukraine were the top five sources of DDoS attacks.

The web infrastructure and security company also revealed that the number of hyper-volumetric DDoS attacks exceeding 100 million packets per second (pps) increased by 592% compared to the previous quarter.

Another significant aspect is the 68% increase in ransom DDoS attack, which occurs when malicious actors attempt to extort money from an organization by threatening them with a DDoS attack. It also involves scenarios where the attacks are carried out and a ransom is demanded to stop it from happening again.

“While the majority of DDoS attacks are small, hyper-volumetric DDoS attacks are increasing in size and frequency,” Cloudflare said. “Six out of every 100 HTTP DDoS attacks exceed 1M rps, and 5 out of every 10,000 L3/4 DDoS attacks exceed 1 Tbps — a 1,150% QoQ increase.”

The company further has called attention to a botnet variant dubbed DemonBot that infects Linux-based systems, predominantly unsecured IoT devices, via open ports or weak credentials to enlist them into a DDoS botnet that can carry out UDP, TCP, and application-layer floods.

“Attacks are typically command-and-control (C2) driven and can generate significant volumetric traffic, often targeting gaming, hosting, or enterprise services,” it added. “To avoid infection, leverage antivirus software and domain filtering.”

Infection vectors like those exploited by DemonBot highlight broader challenges with unsecured IoT exposure, weak SSH credentials, and outdated firmware—common themes across DDoS botnet proliferation. Related attack strategies, such as TCP reflection, DNS amplification, and burst-layer evasion, are increasingly discussed in Cloudflare’s application-layer threat reports and API security breakdowns.

Cybersecurity researchers have shed light on a new ransomware-as-a-service (RaaS) operation called GLOBAL GROUP that has targeted a wide range of sectors in Australia, Brazil, Europe, and the United States since its emergence in early June 2025.

GLOBAL GROUP was “promoted on the Ramp4u forum by the threat actor known as ‘$$$,’” EclecticIQ researcher Arda Büyükkaya said. “The same actor controls the BlackLock RaaS and previously managed Mamona ransomware operations.”

It’s believed that GLOBAL GROUP is a rebranding of BlackLock after the latter’s data leak site was defaced by the DragonForce ransomware cartel back in March. It’s worth mentioning that BlackLock in itself is a rebrand of another RaaS scheme known as Eldorado.

The financially motivated group has been found to lean heavily on initial access brokers (IABs) to deploy the ransomware by weaponizing access to vulnerable edge appliances from Cisco, Fortinet, and Palo Alto Networks. Also put to use are brute-force utilities for Microsoft Outlook and RDWeb portals.

$$$ has acquired Remote Desktop Protocol (RDP) or web shell access to corporate networks, such as those related to law firms, as a way to deploy post-exploitation tools, conduct lateral movement, siphon data, and deploy the ransomware.

Outsourcing the infiltration phase to other threat actors, who supply pre-compromised entry points into enterprise networks, allows affiliates to expend their efforts on payload delivery, extortion, and negotiation rather than network penetration.

The RaaS platform comes with a negotiation portal and an affiliate panel, the latter of which allows cybercriminals to manage victims, build ransomware payloads for VMware ESXi, NAS, BSD, and Windows, and monitor operations. In a bid to entice more affiliates, the threat actors promise a revenue-sharing model of 85%.

“GLOBAL GROUP’s ransom negotiation panel features an automated system powered by AI-driven chatbots,” the Dutch security company said. “This enables non-English-speaking affiliates to engage victims more effectively.”

As of July 14, 2025, the RaaS group has claimed 17 victims in Australia, Brazil, Europe, and the United States, spanning healthcare, oil-and-gas equipment fabrication, industrial machinery and precision engineering, automotive repair, accident-recovery services, and large-scale business process outsourcing (BPO).

The links to BlackLock and Mamona stem from the use of the same Russian VPS provider IpServer and source code similarities with Mamona. Specifically, GLOBAL GROUP is said to be an evolution of Mamona with added features to enable domain-wide ransomware installation. What’s more, the malware is also written in Go, just like BlackLock.

“The creation of GLOBAL GROUP by BlackLock’s administrator is a deliberate strategy to modernize operations, expand revenue streams, and stay competitive in the ransomware market,” Büyükkaya said. “This new brand integrates AI-powered negotiation, mobile-friendly panels, and customizable payload builders, appealing to a broader pool of affiliates.”

The disclosure comes as the Qilin ransomware group emerged as the most active RaaS operation in June 2025, accounting for 81 victims. Other major players include Akira (34), Play (30), SafePay (27), and DragonForce (25).

“SafePay saw the steepest decline at 62.5%, suggesting a major pullback,” cybersecurity company CYFIRMA said. “DragonForce emerged rapidly, with attacks spiking by 212.5%.”

In all, the total number of ransomware victims has dropped from 545 in May to 463 in June 2025, a 15% decline. February tops this year’s list with 956 victims.

“Despite the decline in numbers, geopolitical tensions and high-profile cyber attacks highlight growing instability, potentially heightening the risk of cyber threats,” NCC Group noted late last month.

According to data gathered by Optiv’s Global Threat Intelligence Center (gTIC), 314 ransomware victims were listed on 74 unique data leak sites in Q1 2025, representing a 213% increase in the number of victims. A total of 56 variants were observed in Q1 2024.

“Ransomware operators continued to use tried-and-true methods to gain initial access to victims – social engineering/phishing, exploitation of software vulnerabilities, compromising exposed and insecure software, supply-chain attacks and leveraging the initial access broker (IAB) community,” Optiv researcher Emily Lee said.

Cybersecurity researchers have charted the evolution of a widely used remote access trojan called AsyncRAT, which was first released on GitHub in January 2019 and has since served as the foundation for several other variants.

“AsyncRAT has cemented its place as a cornerstone of modern malware and as a pervasive threat that has evolved into a sprawling network of forks and variants,” ESET researcher Nikola Knežević said in a report shared with The Hacker News.

“While its capabilities are not that impressive on their own, it is the open-source nature of AsyncRAT that has truly amplified its impact. Its plug-in-based architecture and ease of modification have sparked the proliferation of many forks, pushing the boundaries even further”

While AsyncRAT’s evolution highlights its technical adaptability, its real-world impact stems from how it’s deployed in opportunistic phishing campaigns and bundled with loaders like GuLoader or SmokeLoader. These delivery methods enable rapid distribution through cracked software, malicious ads, or fake updates—targeting users in both corporate and consumer environments. Without early detection, AsyncRAT often acts as a staging tool for follow-on payloads like ransomware or credential stealers.

First published on GitHub by NYAN CAT, the C#-based malware is equipped to capture screenshots, log keystrokes, steal credentials, and allow attackers to commandeer infected systems stealthily, exfiltrate data, and execute malicious instructions.

The modular tool’s simplicity and open-source nature, coupled with its modular architecture and enhanced stealth features, has not only made it very adaptable and harder to detect, but also an attractive option for threat actors, as evidenced by the myriad campaigns distributing the threat over the years.

The Slovak cybersecurity company said the “groundwork” for AsyncRAT was laid earlier by another open-source RAT known as Quasar RAT (aka CinaRAT or Yggdrasil) that has been available on GitHub since 2015. Although both the malware strains are coded in C#, the wide-ranging differences between them suggest that AsyncRAT was much more than a fork: It was a major rewrite.

The two pieces of malware are united by the use of the same custom cryptography classes used to decrypt the malware configuration settings. Since the release of AsyncRAT, the malware has spawned diverse variants, including DCRat (aka DarkCrystal RAT) and Venom RAT.

DCRat marks a significant improvement over AsyncRAT, packing in evasion techniques to fly under the radar and augmenting its capabilities to gather webcam data, microphone recordings, and Discord tokens, alongside even a module to encrypt files.

“DCRat also implements evasion techniques like AMSI and ETW patching, which work by disabling security features that detect and log malicious behavior,” ESET said. “Addi5onally, it features an anti-process system whereby processes whose names match those in a denylist are terminated.”

Venom RAT, on the other hand, is said to have been inspired by DCRat, while also packing in enough unique features of its own.

“While they indeed belong to the Quasar RAT family, they are still different RATs,” Rapid7 researcher Anna Širokova noted in an analysis of AsyncRAT and Venom RAT in November 2024. “Venom RAT presents more advanced evasion techniques, making it a more sophisticated threat.”

ESET said it also identified lesser-known variants of AsyncRAT, such as NonEuclid RAT, which incorporates plugins to brute-force SSH and FTP credentials, collect geolocation, act as a clipper by substituting clipboard data with the attacker’s cryptocurrency wallet addresses, and even spread the malware by compromising portable executable files with an arbitrary payload.

JasonRAT, for its part, introduces bespoke changes of its own, such as the ability to target systems based on country. Likewise, XieBroRAT features a browser credential stealer and a plugin to interact with Cobalt Strike servers via a reverse connection. It’s also adapted for the Chinese market.

“AsyncRAT’s rise and its subsequent forks highlight the inherent risks of open-source malware frameworks,” ESET said. “All of these forks not only extend AsyncRAT’s technical capabilities but also demonstrate how quickly and creatively threat actors can adapt and repurpose open-source code.”

“The widespread availability of such frameworks significantly lowers the barrier to entry for aspiring cybercriminals, enabling even novices to deploy sophisticated malware with minimal effort. This democratization of malware development – especially considering the rising popularity of LLMs and potential to misuse their capabilities – further accelerates the creation and customization of malicious tools, contributing to a rapidly expanding and increasingly complex threat landscape.”

This shift has also fueled the rise of malware-as-a-service (MaaS), where preconfigured AsyncRAT builders and plug-and-play modules are sold openly on Telegram and dark web forums. The growing overlap between open-source malware, penetration testing tools, and commercial remote access frameworks complicates attribution and defense.

For security teams, this means greater focus on behavioral detection, command-and-control (C2) analysis, and understanding how fileless persistence, clipboard hijacking, and credential theft converge in modern malware campaigns.

Jul 15, 2025The Hacker NewsAutomation / Risk Management

AI agents promise to automate everything from financial reconciliations to incident response. Yet every time an AI agent spins up a workflow, it has to authenticate somewhere; often with a high-privilege API key, OAuth token, or service account that defenders can’t easily see. These “invisible” non-human identities (NHIs) now outnumber human accounts in most cloud environments, and they have become one of the ripest targets for attackers.

Astrix’s Field CTO Jonathan Sander put it bluntly in a recent Hacker News webinar:

“One dangerous habit we’ve had for a long time is trusting application logic to act as the guardrails. That doesn’t work when your AI agent is powered by LLMs that don’t stop and think when they’re about to do something wrong. They just do it.”

Why AI Agents Redefine Identity Risk

1. Autonomy changes everything: An AI agent can chain multiple API calls and modify data without a human in the loop. If the underlying credential is exposed or overprivileged, each additional action amplifies the blast radius.
2. LLMs behave unpredictably: Traditional code follows deterministic rules; large language models operate on probability. That means you cannot guarantee how or where an agent will use the access you grant it.
3. Existing IAM tools were built for humans: Most identity governance platforms focus on employees, not tokens. They lack the context to map which NHIs belong to which agents, who owns them, and what those identities can actually touch.

Treat AI Agents Like First-Class (Non-Human) Users

Successful security programs already apply “human-grade” controls like birth, life, and retirement to service accounts and machine credentials. Extending the same discipline to AI agents delivers quick wins without blocking business innovation.

Secure AI Agent Access

Enterprises shouldn’t have to choose between security and agility.

Astrix makes it easy to protect innovation without slowing it down, delivering all essential controls in one intuitive platform:

1. Discovery and Governance

Automatically discover and map all AI agents, including external and homegrown agents, with context into their associated NHIs, permissions, owners, and accessed environments. Prioritize remediation efforts based on automated risk scoring based on agent exposure levels and configuration weaknesses.

2. Lifecycle management

Manage AI agents and the NHIs they rely on from provisioning to decommissioning through automated ownership, policy enforcement, and streamlined remediation processes, without the manual overhead.

3. Threat detection & response

Continuously monitor AI agent activity to detect deviations, out-of-scope actions, and abnormal behaviors, while automating remediation with real-time alerts, workflows, and investigation guides.

The Instant Impact: From Risk to ROI in 30 Days

Within the first month of deploying Astrix, our customers consistently report three transformative business wins within the first month of deployment:

• Reduced risk, zero blind spots

  Automated discovery and a single source of truth for every AI agent, NHI, and secret reveal unauthorized third-party connections, over-entitled tokens, and policy violations the moment they appear. Short-lived, least-privileged identities prevent credential sprawl before it starts.

  “Astrix gave us full visibility into high-risk NHIs and helped us take action without slowing down the business.” – Albert Attias, Senior Director at Workday. Read Workday’s success story here.

• Audit-ready compliance, on demand

  Meet compliance requirements with scoped permissions, time-boxed access, and per-agent audit trails. Events are stamped at creation, giving security teams instant proof of ownership for regulatory frameworks such as NIST, PCI, and SOX, turning board-ready reports into a click-through exercise.

  “With Astrix, we gained visibility into over 900 non-human identities and automated ownership tracking, making audit prep a non-issue” – Brandon Wagner, Head of Information Security at Mercury. Read Mercury’s success story here.

• Productivity increased, not undermined

  Automated remediation enables engineers to integrate new AI workflows without waiting on manual reviews, while security gains real-time alerts for any deviation from policy. The result: faster releases, fewer fire drills, and a measurable boost to innovation velocity.

  “The time to value was much faster than other tools. What could have taken hours or days was compressed significantly with Astrix” – Carl Siva, CISO at Boomi. Read Boomi’s success story here.

The Bottom Line

AI agents unlock historic productivity, yet they also magnify the identity problem security teams have wrestled with for years. By treating every agent as an NHI, applying least privilege from day one, and leaning on automation for continuous enforcement, you can help your business embrace AI safely, instead of cleaning up the breach after attackers exploit a forgotten API key.

Ready to see your invisible identities? Visit astrix.security and schedule a live demo to map every AI agent and NHI in minutes.

Jul 15, 2025Ravie LakshmananCyber Espionage / Threat Intelligence

Governmental organizations in Southeast Asia are the target of a new campaign that aims to collect sensitive information by means of a previously undocumented Windows backdoor dubbed HazyBeacon.

The activity is being tracked by Palo Alto Networks Unit 42 under the moniker CL-STA-1020, where “CL” stands for “cluster” and “STA” refers to “state-backed motivation.”

“The threat actors behind this cluster of activity have been collecting sensitive information from government agencies, including information about recent tariffs and trade disputes,” security researcher Lior Rochberger said in a Monday analysis.

Southeast Asia has increasingly become a focal point for cyber espionage due to its role in sensitive trade negotiations, military modernization, and strategic alignment in the U.S.–China power dynamic. Targeting government agencies in this region can provide valuable intelligence on foreign policy direction, infrastructure planning, and internal regulatory shifts that influence regional and global markets.

The exact initial access vector used to deliver the malware is currently not known, although evidence shows the use of DLL side-loading techniques to deploy it on compromised hosts. Specifically, it involves planting a malicious version of a DLL called “mscorsvc.dll” along with the legitimate Windows executable, “mscorsvw.exe.”

Once the binary is launched, the DLL proceeds to establish communication with an attacker-controlled URL that allows it to execute arbitrary commands and download additional payloads. Persistence is achieved by means of a service that ensures the DLL is launched even after a reboot of the system.

HazyBeacon is notable for the fact that it leverages Amazon Web Services (AWS) Lambda URLs for command-and-control (C2) purposes, demonstrating threat actors’ continued abuse of legitimate services to fly under the radar and escape detection.

“AWS Lambda URLs are a feature of AWS Lambda that allows users to invoke serverless functions directly over HTTPS,” Rochberger explained. “This technique uses legitimate cloud functionality to hide in plain sight, creating a reliable, scalable and difficult-to-detect communication channel.”

Defenders should pay attention to outbound traffic to rarely used cloud endpoints like *.lambda-url.*.amazonaws.com, especially when initiated by unusual binaries or system services. While AWS usage itself isn’t suspicious, context-aware baselining—such as correlating process origins, parent-child execution chains, and endpoint behavior—can help distinguish legitimate activity from malware leveraging cloud-native evasion.

Downloaded among the payloads is a file collector module that’s responsible for harvesting files matching a specific set of extensions (e.g., doc, docx, xls, xlsx, and pdf) and within a time range. This includes attempts to search for files related to the recent tariff measures imposed by the United States.

The threat actor has also been found to employ other services like Google Drive and Dropbox as exfiltration channels so as to blend in with normal network traffic and transmit the gathered data. In the incident analyzed by Unit 42, attempts to upload the files to the cloud storage services are said to have been blocked.

In the final stage, the attackers run cleanup commands to avoid leaving traces of their activity, deleting all the archives of staged files and other payloads downloaded during the attack.

“The threat actors used HazyBeacon as the main tool for maintaining a foothold and collecting sensitive information from the affected governmental entities,” Rochberger said. “This campaign highlights how attackers continue to find new ways to abuse legitimate, trusted cloud services.”

HazyBeacon reflects a broader trend of advanced persistent threats using trusted platforms as covert channels—a tactic often referred to as “living off trusted services” (LOTS). As part of this cloud-based malware cluster, similar techniques have been observed in threats using Google Workspace, Microsoft Teams, or Dropbox APIs to evade detection and facilitate persistent access.

Jul 15, 2025Ravie LakshmananMalware / Web Security

The North Korean threat actors linked to the Contagious Interview campaign have been observed publishing another set of 67 malicious packages to the npm registry, underscoring ongoing attempts to poison the open-source ecosystem via software supply chain attacks.

The packages, per Socket, have attracted more than 17,000 downloads, and incorporate a previously undocumented version of a malware loader codenamed XORIndex. The activity is an expansion of an attack wave spotted last month that involved the distribution of 35 npm packages that deployed another loader referred to as HexEval.

“The Contagious Interview operation continues to follow a whack-a-mole dynamic, where defenders detect and report malicious packages, and North Korean threat actors quickly respond by uploading new variants using the same, similar, or slightly evolved playbooks,” Socket researcher Kirill Boychenko said.

Contagious Interview is the name assigned to a long-running campaign that seeks to entice developers into downloading and executing an open-source project as part of a purported coding assignment. First publicly disclosed in late 2023, the threat cluster is also tracked as DeceptiveDevelopment, Famous Chollima, Gwisin Gang, Tenacious Pungsan, UNC5342, and Void Dokkaebi.

The activity is believed to be complementary to Pyongyang’s infamous remote information technology (IT) worker scheme, adopting the strategy of targeting developers already employed in companies of interest rather than applying for a job.

The attack chains using malicious npm packages are fairly straightforward in that they serve as a conduit for a known JavaScript loader and stealer called BeaverTail, which is subsequently used to extract data from web browsers and cryptocurrency wallets, as well as deploy a Python backdoor referred to as InvisibleFerret.

“The two campaigns now operate in parallel. XORIndex has accumulated over 9,000 downloads in a short window (June to July 2025), while HexEval continues at a steady pace, with more than 8,000 additional downloads across the newly discovered packages,” Boychenko said.

The XORIndex Loader, like HexEval, profiles the compromised machine and uses endpoints associated with hard-coded command-and-control (C2) infrastructure to obtain the external IP address of the host. The collected information is then beaconed to a remote server, after which BeaverTail is launched.

Further analysis of these packages has uncovered a steady evolution of the loader, progressing from a bare-bones prototype to a sophisticated, stealthier malware. Early iterations have been found to lack in obfuscation and reconnaissance capabilities, while keeping their core functionality intact, with second and third-generation versions introducing rudimentary system reconnaissance capabilities.

“Contagious Interview threat actors will continue to diversify their malware portfolio, rotating through new npm maintainer aliases, reusing loaders such as HexEval Loader and malware families like BeaverTail and InvisibleFerret, and actively deploying newly observed variants including XORIndex Loader,” Boychenko said.

Jul 14, 2025Ravie LakshmananMalware / Web Security

Threat actors behind the Interlock ransomware group have unleashed a new PHP variant of its bespoke remote access trojan (RAT) as part of a widespread campaign using a variant of ClickFix called FileFix.

“Since May 2025, activity related to the Interlock RAT has been observed in connection with the LandUpdate808 (aka KongTuke) web-inject threat clusters,” The DFIR Report said in a technical analysis published today in collaboration with Proofpoint.

“The campaign begins with compromised websites injected with a single-line script hidden in the page’s HTML, often unbeknownst to site owners or visitors.”

The JavaScript code acts as a traffic distribution system (TDS), using IP filtering techniques to redirect users to fake CAPTCHA verification pages that leverage ClickFix to entice them into running a PowerShell script that leads to the deployment of NodeSnake (aka Interlock RAT).

The use of NodeSnake by Interlock was previously documented by Quorum Cyber as part of cyber attacks targeting local government and higher education organizations in the United Kingdom in January and March 2025. The malware facilitates persistent access, system reconnaissance, and remote command execution capabilities.

While the name of the malware is a reference to its Node.js foundations, new campaigns observed last month have led to the distribution of a PHP variant by means FileFix. The activity is assessed to be opportunistic in nature, aiming for a broad range of industries.

“This updated delivery mechanism has been observed deploying the PHP variant of the Interlock RAT, which in certain cases has then led to the deployment of the Node.js variant of the Interlock RAT,” the researchers said.

FileFix is an evolution of ClickFix that takes advantage of the Windows operating system’s ability to instruct victims into copying and executing commands using the File Explorer’s address bar feature. It was first detailed as a proof-of-concept (PoC) last month by security researcher mrd0x.

Once installed, the RAT malware carries out reconnaissance of the infected host and exfiltrate system information in JSON format. It also checks its own privileges to determine if it’s being run as USER, ADMIN, or SYSTEM, and establishes contact with a remote server to download and run EXE or DLL payloads.

Persistence on the machine is accomplished via Windows Registry changes, while the Remote Desktop Protocol (RDP) is used to enable lateral movement.

A noteworthy feature of the trojan is its abuse of Cloudflare Tunnel subdomains to obscure the true location of the command-and-control (C2) server. The malware further embeds hard-coded IP addresses as a fallback mechanism so as to ensure that the communication remains intact even if the Cloudflare Tunnel is taken down.

“This discovery highlights the continued evolution of the Interlock group’s tooling and their operational sophistication,” the researchers said. “While the Node.js variant of Interlock RAT was known for its use of Node.js, this variant leverages PHP, a common web scripting language, to gain and maintain access to victim networks.”

Jul 14, 2025The Hacker NewsSecrets Management / SaaS Security

While phishing and ransomware dominate headlines, another critical risk quietly persists across most enterprises: exposed Git repositories leaking sensitive data. A risk that silently creates shadow access into core systems

Git is the backbone of modern software development, hosting millions of repositories and serving thousands of organizations worldwide. Yet, amid the daily hustle of shipping code, developers may inadvertently leave behind API keys, tokens, or passwords in configuration files and code files, effectively handing attackers the keys to the kingdom.

This isn’t just about poor hygiene; it’s a systemic and growing supply chain risk. As cyber threats become more sophisticated, so do compliance requirements. Security frameworks like NIS2, SOC2, and ISO 27001 now demand proof that software delivery pipelines are hardened and third-party risk is controlled. The message is clear: securing your Git repositories is no longer optional, it’s essential.

Below, we look at the risk profile of exposed credentials and secrets in public and private code repositories, how this attack vector has been used in the past, and what you can do to minimize your exposure.

The Git Repo Threat Landscape

The threat landscape surrounding Git repositories is expanding rapidly, driven by a number of causes:

• Growing complexity of DevOps practices
• Widespread reliance on public version control platforms like GitHub
• Human error and all the misconfigurations that entail: from poorly applied access controls to forgotten test environments pushed to production

It’s no surprise that as development velocity increases, so does the opportunity for attackers to weaponize exposed code repositories. GitHub alone reported over 39 million leaked secrets in 2024—a 67% increase from the year before. These included cloud credentials, API tokens, and SSH keys. Most of these exposures originate from:

• Personal developer accounts
• Abandoned or forked projects
• Misconfigured or unaudited repositories

For attackers, these aren’t just mistakes, they’re entry points. Exposed Git repos offer a direct, low-friction pathway into internal systems and developer environments. What starts as a small oversight can escalate into a full-blown compromise, often without triggering any alerts.

How Do Attackers Leverage Exposed Git Repositories?

Public tools and scanners make it trivial to harvest secrets from exposed Git repositories, and attackers know how to pivot quickly from exposed code to compromised infrastructure.

Once inside a repository, attackers look for:

• Secrets and credentials: API keys, authentication tokens, and passwords. Often hidden in plain sight within config files or commit history.
• Infrastructure intel: Details about Internal systems such as hostnames, IPs, ports, or architectural diagrams.
• Business logic: Source code that can reveal vulnerabilities in authentication, session handling, or API access.

These insights are then weaponized for:

• Initial access: Attackers use valid credentials to authenticate into:
  • Cloud environments — e.g., AWS IAM roles via exposed access keys, Azure Service Principals
  • Databases — e.g., MongoDB, PostgreSQL, MySQL using hardcoded connection strings
  • SaaS platforms — leveraging API tokens found in config files or commit history
• Lateral movement: Once inside, attackers pivot further by:
  • Enumerating internal APIs using exposed OpenAPI/Swagger specs
  • Accessing CI/CD pipelines using leaked tokens from GitHub Actions, GitLab CI, or Jenkins
  • Using misconfigured permissions to move across internal services or cloud accounts
• Persistence and exfiltration: To maintain access and extract data over time, they:
  • Create new IAM users or SSH keys to stay embedded
  • Deploy malicious Lambda functions or containers to blend in with normal workloads
  • Exfiltrate data from S3 buckets, Azure Blob Storage, or logging platforms like CloudWatch and Log Analytics

A single leaked AWS key can expose an entire cloud footprint. A forgotten .git/config file or stale commit may still contain live credentials.

These exposures often bypass traditional perimeter defenses entirely. We’ve seen attackers pivot from exposed Git repositories → to developer laptops → to internal networks. This threat isn’t theoretical, it’s a kill chain we’ve validated in live production environments using Pentera.

Recommended Mitigation Strategies

Reducing exposure risk starts with the basics. While no single control can eliminate Git-based attacks, the following practices help reduce the likelihood of secrets leaking – and limit the impact when they do.

1. Secrets Management

• Store secrets outside your codebase using dedicated secret management solutions like HashiCorp Vault (open source), AWS Secrets Manager, or Azure Key Vault. These tools provide secure storage, fine-grained access control, and audit logging.
• Avoid hardcoding secrets in source files or configuration files. Instead, inject secrets at runtime via environment variables or secure APIs.
• Automate secret rotation to reduce the window of exposure.

2. Code Hygiene

• Enforce strict .gitignore policies to exclude files that may contain sensitive information, such as .env, config.yaml, or credentials.json.
• Integrate scanning tools like Gitleaks, Talisman, and git-secrets into developer workflows and CI/CD pipelines to catch secrets before they’re committed.

3. Access Controls

• Enforce the principle of least privilege across all Git repositories. Developers, CI/CD tools, and third-party integrations should only have the access they need – no more.
• Use short-lived tokens or time-bound credentials wherever possible.
• Enforce multi-factor authentication (MFA) and single sign-on (SSO) on Git platforms.
• Regularly audit user and machine access logs to identify excessive privileges or suspicious behavior.

Find Exposed Git Data Before Attackers Do

Exposed Git repositories are not an edge-case risk, but a mainstream attack vector especially in fast-moving DevOps environments. While secret scanners and hygiene practices are essential, they often fall short of providing the full picture. Attackers aren’t just reading your code; they’re using it as a map to walk right into your infrastructure.

Yet, even teams using best practices are left blind to one critical question: could an attacker actually use this exposure to break in? Securing your repositories requires more than just static checks. It calls for continuous validation, proactive remediation, and an adversary’s mindset. As compliance mandates tighten and attack surfaces expand, organizations must treat code exposure as a core part of their security strategy and not as an afterthought.

To learn more about how your team can do this, join the webinar They’re Out to Git You on July 23rd, 2025