The plugins, listed under seven vendor accounts, were presented as coding assistants, code reviewers, bug finders, unit-test generators and Git commit-message tools. They invoked services familiar to developers using artificial intelligence inside IDEs, including OpenAI, DeepSeek and SiliconFlow. Combined marketplace download figures for the identified plugins were close to 70,000, with DeepSeek AI Assist and CodeGPT AI Assistant accounting for more than 53,000 of those downloads.

The campaign is notable because the malicious behaviour did not depend on a visibly broken or suspicious tool. The plugins offered chat, code review, bug detection, commit-message generation and test writing, giving users little reason to suspect that a credential-harvesting routine was running behind the settings panel. The theft was triggered when a developer pasted an API key into the plugin configuration and clicked Apply, a normal step for “bring your own key” AI tools.

Technical analysis found that the plugins used a shared codebase repackaged under different names and identifiers. Once a key was saved, the settings handler passed it to a hardcoded endpoint at 39.107.60[.]51 over unencrypted HTTP. The request included a static authentication value embedded in the plugin code, while the payload contained the user’s provider secret. That meant the key left the workstation before the developer had any indication that it was being sent anywhere other than the selected AI service.

The earliest known listing in the cluster appeared on 31 October 2025, when DeepSeek Junit Test was released. Other plugins followed through November, December, January, February and April, before a jump in June, when CodeGPT AI Assistant was released on 9 June and DeepSeek AI Assist on 10 June. Their download counts rose far above most earlier entries, although marketplace figures cannot be treated as a precise count of unique victims because downloads and ratings can be inflated.

The identified plugins include DeepSeek Junit Test, DeepSeek Git Commit, DeepSeek FindBugs, DeepSeek AI Chat, DeepSeek Dev AI, DeepSeek AI Coding, AI FindBugs, AI Git Commitor, AI Coder Review, DeepSeek Coder AI, AI Coder Assistant, DeepSeek Code Review, CodeGPT AI Assistant, DeepSeek AI Assist and Coding Simple Tool. Vendor accounts linked to the listings included CodePilot, StackSmith, CodeCrafter, CodeWeaver, JetCode, DailyCode and ZenCoder.

The attackers also appear to have built a paid tier into the operation. After payment through a donation wall, the remote server could return an API key to the user’s plugin, which would then use that key for model calls. The origin of those returned credentials has not been established, but the design raises the possibility of a two-sided abuse model in which credentials taken from one group of developers are reused or resold to another.

The incident underlines a widening security problem around AI-assisted development. IDE plugins sit inside environments that often contain proprietary code, project files, cloud credentials, tokens and build-system access. JetBrains’ Marketplace guidance says plugins run with the same access rights as the IDE, can connect to the internet, can interact with files and are not isolated through fine-grained permissions or sandboxing. Marketplace moderation combines automatic checks and review, but the case shows how a small exfiltration routine can be hidden inside a tool that otherwise behaves as advertised.

The risk is not limited to immediate billing abuse on AI platforms. A stolen API key can reveal usage patterns, expose application workflows, enable unauthorised model calls and create unexpected costs for the key owner. Where organisations use central accounts, a compromised key may also blur audit trails, making it harder to distinguish legitimate developer activity from attacker-driven consumption.

The article JetBrains plugin scam puts AI keys at risk appeared first on Arabian Post.

The June security update covers NeMo Framework versions from 0.0 through 2.7.2, with users advised to move to version 2.7.3 or later. The flaws are tracked as CVE-2026-24155, CVE-2026-24252 and CVE-2026-24228, each carrying a CVSS v3.1 base score of 7.8, placing them in the high-severity category. The bulletin marks the issue as important for all platforms, while two of the three weaknesses specifically affect Linux deployments.

The most operationally sensitive of the three is CVE-2026-24252, an OS command-injection weakness in NeMo for Linux. Such flaws matter because they can allow an attacker to pass crafted input to an application in a way that triggers unintended system commands. In shared AI infrastructure, where researchers, engineers and automated workloads may use the same GPU servers, a local low-privileged foothold can become a route to broader compromise.

CVE-2026-24155 is a code-injection vulnerability affecting NeMo Framework across all platforms. A successful exploit could lead to code execution, privilege escalation, information disclosure and data tampering. CVE-2026-24228 affects NeMo Framework on Linux and involves deserialisation of untrusted data, a class of vulnerability that has long been considered dangerous in machine-learning and software supply-chain environments because model files, checkpoints and intermediate artefacts often move between systems and teams.

NVIDIA credited Moomi Chen with reporting CVE-2026-24155 and CVE-2026-24252, while CVE-2026-24228 was credited to Tyler Zars working with Trend Micro’s Zero Day Initiative. The company’s update directs users to obtain the fixed version from the official NeMo repository and evaluate risk in line with their own configuration, reflecting the varied ways in which the framework is used across enterprise, academic and cloud environments.

NeMo is a widely used open-source framework for building, customising and deploying generative AI models. It supports work on large language models, multimodal systems, speech recognition, text-to-speech and other AI workloads. Its role in training and fine-tuning pipelines makes flaws in the framework more significant than ordinary application bugs, because AI development environments often hold model weights, training data, proprietary prompts, credentials, experiment logs and access to expensive compute resources.

The vulnerabilities arrive as organisations are moving from experimental AI deployments to production systems. That shift has increased scrutiny of model-development tooling, not only the models themselves. Security teams are focusing more closely on the software layers around AI pipelines, including Python packages, model checkpoints, dataset-processing scripts, notebook environments, orchestration systems and inference servers. NeMo sits within that broader risk landscape, where a weakness in development tooling can affect downstream production systems if compromised code or artefacts are promoted through a pipeline.

The attack requirements in the advisory indicate local access, low privileges and no user interaction. That profile does not describe an internet-wide remote bug, but it remains serious in multi-user and containerised AI environments. Many organisations consolidate training workloads on central GPU clusters, where a compromised user account, vulnerable notebook, exposed development container or poisoned internal workload could provide the access needed to attempt exploitation.

Security teams are expected to prioritise patching systems that run NeMo on shared Linux hosts, research clusters, model-training platforms and environments where untrusted or externally sourced model artefacts are handled. The fixed version also matters for teams that build custom containers around NeMo, since updating the source repository alone may not protect running workloads unless base images, dependency locks and deployment pipelines are rebuilt.

The disclosure follows a pattern of rising attention to AI framework security. Earlier vulnerabilities affecting model-loading, checkpoint handling and deserialisation across AI libraries showed how development tools can become an entry point for code execution. The NeMo bulletin reinforces a central lesson for enterprises adopting generative AI: model governance is incomplete without conventional software security controls, including dependency tracking, least-privilege access, code review, container isolation and rapid patch management.

For NVIDIA, the update comes at a time when its AI software stack is becoming more central to enterprise adoption of accelerated computing. The company’s hardware dominance has been matched by a growing set of frameworks, libraries and model tools designed to make AI development easier across cloud, on-premises and hybrid infrastructure. That broader software footprint also expands the security responsibilities around developer tooling.

Organisations running NeMo should identify affected installations, confirm whether versions up to 2.7.2 are present, update to 2.7.3 or later, rebuild dependent containers and review access controls on shared AI infrastructure. Teams handling third-party checkpoints, plug-ins, scripts or experimental model artefacts should apply additional caution, particularly where Linux-based training systems are shared across projects.

The article NVIDIA plugs NeMo flaws affecting AI pipelines appeared first on Arabian Post.

The move places artificial intelligence, cyber-physical security, critical infrastructure resilience, predictive risk management and next-generation fire protection at the centre of the Riyadh event, scheduled for 16–18 November 2026 at Riyadh Front Exhibition & Conference Center. Organisers expect the eighth edition to be the largest in the event’s history, with more than 25,000 visitors and over 500 exhibitors from across security, safety, fire and emergency services.

The Future Security Summit Advisory Committee includes representatives linked to the Royal Commission for AlUla, the Ministry of Municipalities and Housing, the International Civil Aviation Organization, Dubai Airports, IFPO MENASA, King Salman International Airport and specialist security consultancies. Its remit is to frame discussions on protecting public spaces, aviation systems, smart-city infrastructure, major events, logistics corridors and digital environments where physical and cyber risks increasingly overlap.

The Fire Protection & Technology Summit Advisory Committee brings together specialists from Saudi Aramco, Red Sea Global, Qiddiya City, King Fahd International Airport, AECOM, the National Water Company, NEOM and other fire and life-safety organisations. The committee’s work is expected to shape sessions on performance-based fire engineering, detection and suppression technology, emergency response, code compliance and protection of large-scale developments.

Riham Sedik, exhibition director of Intersec Saudi Arabia, said the committees bring together professionals with decades of operational, strategic and technical experience across security, emergency management, fire protection and resilience. Their role, she said, would help ensure that the summits address real operational challenges while giving delegates practical insight into the technologies, frameworks and leadership strategies shaping the sectors.

The advisory structure reflects a wider shift in the region’s risk environment. Saudi Arabia’s infrastructure pipeline spans tourism, aviation, energy, logistics, entertainment and urban development, with projects such as Red Sea Global, Qiddiya, NEOM, Diriyah and AlUla placing new demands on safety, security and business-continuity planning. The country is also preparing for Expo 2030 in Riyadh, the 2034 FIFA World Cup and the annual Hajj pilgrimage, each requiring layered security, crowd management, emergency response and transport coordination.

Yusuf Hasan, senior aviation security adviser at the International Civil Aviation Organization and a member of the Future Security Summit Advisory Committee, has identified the management of rapid growth while preserving secure, resilient and trusted environments as a key challenge for the region. He said artificial intelligence was accelerating the move from reactive protection to predictive, intelligence-led security through stronger threat detection, analytics and automation.

That emphasis is likely to feature prominently in the Future Security Summit, where themes include command-and-control systems, personal data protection, industrial control-system cybersecurity, crisis and emergency management, critical-infrastructure protection and protection of mega-events. The agenda also points to the increasing relevance of cyber-physical convergence, as airports, energy assets, real estate developments and public venues rely on connected surveillance, access-control, communications and building-management platforms.

Fire protection is moving through a similar transition. Dr Reginald D. Freeman, executive director for fire and emergency medical services at NEOM and a member of the fire summit committee, has said the sector is shifting from traditional code compliance towards risk-informed, performance-based fire engineering. He said the complexity of modern mega-projects required more sophisticated fire and life-safety approaches, with greater emphasis on anticipating risk and strengthening resilience rather than simply responding after incidents occur.

Market indicators underline the commercial stakes behind the conference agenda. Saudi Arabia’s security market is projected to reach about $3.4 billion by 2030, supported by demand for integrated physical security, cybersecurity, surveillance, access control and command-and-control solutions. The country’s fire and safety equipment market is projected to expand to about $7.1 billion by 2032 as construction, industrial development, regulatory enforcement and smart-building systems increase spending on prevention, detection and suppression technologies.

Intersec Saudi Arabia’s 2026 expansion follows the relocation of the event to Riyadh Front Exhibition & Conference Center and a planned 40 per cent increase in exhibition space. Organisers have positioned the show across five core sectors: commercial and perimeter security, homeland security and policing, cybersecurity, fire and rescue, and safety and health. The two CPD-certified conference streams are expected to convene more than 110 experts, policymakers and industry leaders.

The article Intersec Saudi panels set resilience and fire agenda appeared first on Arabian Post.

The incident affected OptinMonster, TrustPulse and PushEngage, products operated under the Awesome Motive umbrella and embedded on sites for pop-ups, lead generation, social proof alerts and push notifications. The compromise did not arrive through a normal plugin update. Instead, malicious code was appended to legitimate front-end scripts delivered through vendor-controlled content delivery network endpoints, meaning fully patched websites could still have loaded the poisoned files.

The injected script was designed to stay quiet for ordinary visitors. It activated only when a logged-in WordPress administrator loaded an affected page, then used that session to collect valid security tokens and make requests that looked like legitimate administrative actions. Once triggered, it attempted to create a new administrator account, install a self-hiding plugin and transmit credentials and site details to an attacker-controlled lookalike domain, tidio. cc, which mimicked the legitimate tidio. com brand.

The fixed operator account identified in the campaign was developerapi1 using the email customer1usx@gmail. com, while most observed attempts used randomised devxxxxxx administrator identities. The backdoor plugin rotated names, including “Content Delivery Helper” and “Database Optimizer”, and was built to hide from plugin lists, user lists, update checks and common dashboard views. It also exposed a web shell capable of running server commands and a separate code-execution endpoint.

The exposure window varied across products. Malicious code was seen in OptinMonster and TrustPulse script files late on June 12 UTC and was removed within a short window, while PushEngage’s affected scripts were served for several hours on June 12 and continued from some CDN edge locations into June 14. The companies have since said the altered files were removed, CDN caches purged and credentials rotated, but those steps do not remove backdoors already planted on customer websites.

OptinMonster has more than 1 million active WordPress installations, while PushEngage lists more than 9,000 active installations. OptinMonster’s own marketing says more than 1.2 million users rely on the service. WordPress remains the dominant content management system, powering about 41.5 per cent of all websites and 59.3 per cent of sites whose content management system can be identified, making plugin supply-chain incidents unusually wide in reach.

Vendor notices attributed the breach to an attacker gaining access to a marketing website server through a known vulnerability in UpdraftPlus, a backup and migration plugin, and then finding a CDN API key on that server. They said application servers, source code repositories and customer-data systems were hosted separately and showed no evidence of access. Security researchers have treated the initial entry point as still needing full corroboration, while agreeing that the critical abuse path was control over scripts delivered from trusted CDN locations.

The UpdraftPlus issue cited in the notices is tracked as CVE-2026-10795 and affects versions up to and including 1.26.4 in specific circumstances involving UpdraftCentral connections. It allows unauthenticated attackers to run remote procedure calls as a connected administrator, potentially uploading and activating malicious plugins. The flaw has been patched, but its appearance in the same chronology highlights the layered risk created when a plugin, a marketing site and a CDN key intersect.

Firewall telemetry from protected sites showed 271 blocked exploitation attempts across 13 websites over about 36 hours on June 14 and 15, from 81 unique IP addresses. Most attempts used the WordPress REST users endpoint, matching the payload’s effort to create an administrator account under cover of a genuine admin session.

The article WordPress plugin hijack plants hidden backdoors appeared first on Arabian Post.

The bug, tracked as CVE-2026-53435, affects Jenkins 2.567 and earlier and Jenkins LTS 2.555.2 and earlier. Fixed versions, Jenkins 2.568 and LTS 2.555.3, were issued on 10 June as part of a wider security update covering several core vulnerabilities. The flaw has been scored 8.8 on the CVSS 3.1 scale, placing it in the high-severity range.

The issue centres on how Jenkins processes attacker-controlled config. xml submissions. Jenkins uses XStream serialisation to load and save configuration and build data, guarded by a custom class filter intended to block unsafe deserialisation. The weakness allows an attacker to make Jenkins deserialise types from Jenkins core or installed plugins in a context that can later be reached through the Stapler web framework used for HTTP request handling.

That distinction matters for defenders. This is not a simple unauthenticated internet worm scenario based on the public advisory. The attacker needs Overall/Read permission and must either have a user account or hold permissions that allow a POST to config. xml, such as Item/Configure, View/Configure or Agent/Configure. Many development environments, however, grant broad read or configuration rights to engineering teams, contractors, service accounts and automation tools, widening the practical exposure.

Threat-intelligence accounts and security monitoring reports began flagging exploitation attempts against exposed Jenkins instances around 15 June. Honeypot activity described by researchers showed automated probing for Jenkins endpoints and attempts to plant malicious configuration data. Public proof-of-concept code also appeared after the advisory, accelerating the window in which defenders had to identify and patch affected controllers.

Successful exploitation could have consequences beyond a single build server. Jenkins often holds credentials, deployment keys, source-code access tokens and links to container registries, cloud environments and production release systems. A compromised controller can therefore become a staging point for supply-chain attacks, secret theft or tampering with build and deployment workflows, particularly in organisations that rely on automated release gates and shared administrative accounts.

The most serious path identified in the advisory involves user impersonation. Once an attacker can send HTTP requests as another user, the Script Console becomes a critical risk if the impersonated identity has administrative-level access. Jenkins’ Script Console can run Groovy code on the controller, making it a powerful administrative tool and a dangerous post-exploitation target.

A second impact is file access on the controller. Research examining the flaw showed exploit chains aimed first at predictable Unix files such as /etc/passwd, then at SSH keys, Jenkins credentials files and other secrets stored under the Jenkins home directory. Even when code execution is not achieved, file disclosure can give attackers enough material to move into source repositories, cloud accounts or internal services.

The June 10 update also addressed open-redirect flaws, a queue-item permission issue, limited user-profile information disclosure, stored cross-site scripting affecting node offline descriptions and a separate weakness involving plaintext secrets in configuration submissions. Although CVE-2026-53435 drew the strongest attention, defenders are being urged to treat the full advisory as a core platform update rather than a single-bug patch.

Security teams running Jenkins should prioritise version checks across all controllers, including development, staging and legacy build systems. Internet-facing instances carry the highest risk, but internal Jenkins servers are also attractive because attackers who already have a foothold often search for CI/CD platforms to obtain credentials and expand access.

Immediate containment steps include upgrading to Jenkins 2.568 or LTS 2.555.3, restricting access to controllers through VPNs or allow-listed networks, reviewing accounts with Overall/Read and configuration rights, and auditing Script Console use. Administrators should also review view, item and agent configuration changes made since 10 June, especially unexpected config. xml updates, newly created views, unusual HTTP POST activity and requests for sensitive files under the Jenkins home path.

The article Jenkins attacks expose CI pipeline risk appeared first on Arabian Post.

The campaign, tracked as SearchJack, shows how ordinary-looking browser tools can turn search traffic into affiliate revenue while giving users little practical visibility into who handles their queries. The extensions were presented as satellite imagery tools, map services, news readers, productivity aids and search helpers, but shared a common technical pattern: they used Chrome’s settings override mechanism to make their own search route the browser default.

Security researchers who mapped the operation identified 22 publishers and at least eight monetisation brokers linked through tracking parameters inside final Yahoo search redirect URLs. The affected extensions include high-install items such as PerfecTab Search, Quick Search Tool and Better Search, each listed at about 100,000 users, along with NewTab. Search at about 70,000 users and several map, video, menu and navigation-themed tools with smaller user bases.

The issue matters because search queries can reveal health concerns, financial worries, workplace activity, travel plans, political interests and login destinations. Once routed through third-party middleware, those queries may be logged alongside IP addresses, device identifiers and other technical data. The same control over traffic also creates an escalation risk: operators that can redirect search requests can later point users towards phishing pages, credential-harvesting sites or malicious downloads without needing to push a visible extension update.

The SearchJack findings underline a broader weakness in the browser-extension economy. Many extensions do not need broad permissions to change a user’s search path. Some in the campaign were minimal “shell” extensions, containing little beyond a manifest file and a default-search instruction. That simplicity can help them appear low-risk in static review because they may lack background scripts, content scripts or intrusive permission prompts.

Other extensions appeared to add just enough visible functionality to justify installation. Map viewers, video libraries and search-switching interfaces can make a product look useful while the main commercial activity happens through hidden redirect chains. Search Toggler, one of the named extensions, was flagged for a routing design in which user queries passed through operator middleware even when the interface suggested a choice of search engine.

Chrome’s documentation allows extensions to override selected settings, including search behaviour, but the Chrome Web Store’s policy framework places responsibility on developers to avoid misleading behaviour and respect user expectations. Users are also normally asked to confirm search-engine changes when an extension alters the default search setting. SearchJack raises questions over whether confirmation prompts and listing disclosures are enough when the commercial routing layer is buried behind technical parameters.

Checks of named Chrome Web Store listings show why the problem is difficult for users to judge. PerfecTab Search, listed with about 100,000 users, describes itself as a default search extension and states that it does not collect or use user data. Better Search, also listed with about 100,000 users, discloses handling personally identifiable information, web history, user activity and website content, while promoting Yahoo-powered results from the address bar.

The operation also highlights the role of brokers. Affiliate identifiers such as trp, infospace, flowsurf, adk, becovi, imageadvan, mnet, fc and dcola were linked to the search flows. This broker-led model means individual extensions can be removed or replaced while revenue relationships and hosted-search pathways continue elsewhere. For platform operators, that makes enforcement against single listings less effective than action against account clusters, domains and partner identifiers.

The article Chrome search hijack exposes 758,000 users appeared first on Arabian Post.

The claim, attributed to an online actor using the handle SHADOWBYT3$, centres on data allegedly connected to TINYpulse, an employee engagement and feedback platform associated with WebMD Health Services. The material is said to include workforce survey records, corporate email addresses, staff names, internal analytics, exported reports, workplace feedback, payment-related PDFs and W-9 tax forms. The allegation has not been confirmed by Nintendo or TINYpulse, and the available material does not prove whether Nintendo’s own systems were breached.

The incident claim surfaced on cybercrime channels with a deadline tied to mid-June, escalating pressure on the Kyoto-headquartered gaming group at a time when the company is managing heightened investor scrutiny around its console cycle. The actor’s post said the dataset contained reports from 2016 through 2026 and threatened disclosure if payment was not made. Security researchers who reviewed samples said parts of the material appeared consistent with internal employee engagement records, though the full dataset and method of access remain unverified.

The most sensitive element of the claim is not game source code or unreleased product material, but human resources information. Employee sentiment surveys and feedback platforms can contain candid remarks about management, morale, workloads and internal culture. Even where such systems are designed to support anonymous or confidential input, exported reports, metadata, email fields and administrator dashboards may create pathways to identify individuals if controls fail or data is mishandled.

The threat actor’s own language suggested the alleged target may have been data stored in or exported from TINYpulse rather than Nintendo’s core network. That distinction is significant. A direct breach of Nintendo infrastructure would raise questions about corporate defences, while a compromise through an HR technology vendor would place the case within the wider pattern of third-party cyber risk affecting large companies that outsource specialist workforce, payroll, collaboration and analytics functions.

Nintendo had not publicly confirmed the alleged incident at the time of writing. The company would be expected to conduct forensic checks, review vendor access logs, identify affected jurisdictions and determine whether employee or contractor notification obligations are triggered. TINYpulse or its parent organisation may also face questions about data segregation, authentication, administrator access, export controls and the retention period for older employee feedback records.

The alleged dataset size is modest compared with large entertainment industry leaks, but cybersecurity specialists generally treat HR records as high-risk because they can enable phishing, identity theft, social engineering and reputational pressure. W-9 forms may contain taxpayer identification details. Bank statement PDFs, if genuine, would raise the sensitivity of the incident further. Internal feedback and performance-related files can also expose private workplace grievances or management concerns that were never intended for public release.

The claim follows a shift in cyber extortion tactics away from disruptive encryption alone towards data theft and publication threats. Criminal groups increasingly target business applications holding sensitive but non-public information, especially where access to a vendor or cloud service can affect several clients. HR, payroll, legal, procurement and customer-support platforms are valuable because they often contain structured personal data, internal communications and documents that companies are under pressure to protect.

For Nintendo, the immediate commercial risk appears limited because there is no confirmed indication that consumer accounts, payment systems, live services, game development repositories or Switch 2 operations were affected. The reputational risk, however, could be material if the claim is validated, particularly for staff whose private feedback or financial documents may have been exposed. The company has historically been aggressive in protecting intellectual property, but workforce data incidents require a different response centred on privacy, notification and employee support.

Nintendo has dealt with cyber-related controversies before. In 2020, unauthorised access involving Nintendo Network ID credentials ultimately affected about 300,000 accounts, prompting password resets and changes to login options. A separate wave of development material leaks around the same period became known in gaming communities as the “gigaleak”, although that involved a different category of historic technical and product files.

The article Nintendo breach claim puts HR data at risk appeared first on Arabian Post.

The token’s sideways move followed a modest recovery of about 4 per cent over the past week, a gain that stood out against a cautious wider cryptocurrency market. Bitcoin and Ether also traded firmer, but investor conviction remained fragile after sharp swings across risk assets and thinner liquidity in several major digital tokens.

Market sentiment indicators have moved into unusually negative territory for XRP. One widely tracked measure of trader positioning showed average 30-day returns for active XRP holders deeply underwater, with losses at levels last seen during the late-2020 stress period. Such readings do not guarantee a rally, but they have often appeared near moments when forced selling eased and short-term rebounds developed.

The latest phase of fear has been amplified by weak price structure. XRP remains far below the levels reached during last year’s rally and has struggled to hold gains above key moving averages. Technical traders are watching the $1.18 to $1.20 area as near-term support, while resistance around $1.29 and then the mid-$1.30s could determine whether the bounce extends or fades into another consolidation phase.

Liquidity has become a central concern. Order-book depth on major venues has thinned from earlier cycle peaks, making XRP more vulnerable to sharp intraday moves when leveraged positions are unwound. That cuts both ways: a negative headline can trigger outsized selling, while crowded bearish positioning can produce abrupt recoveries if spot buyers return.

The backdrop is mixed rather than uniformly bullish. The Ripple-linked token has benefited from a clearer legal environment after the long-running securities case over XRP sales was formally brought to an end last year, leaving a $125 million penalty and restrictions tied to institutional sales in place. That outcome removed one of the largest overhangs for secondary-market trading, though it did not erase regulatory scrutiny around token issuance and institutional distribution.

Institutional interest has also helped cushion sentiment. XRP-linked exchange-traded products have continued to attract attention from asset managers and trading firms, creating a channel for regulated exposure that was largely absent during earlier cycles. Supporters argue that this has broadened the investor base beyond retail traders, while sceptics note that inflows can soften but not fully offset macro-driven selling when liquidity retreats across crypto markets.

Network developments have added another layer to the debate. The XRP Ledger’s version 3.2.0 software release has shifted the core server branding from rippled to xrpld and introduced infrastructure changes aimed at improving node efficiency. The update is not a consumer-facing catalyst, but it matters for validators, developers and service providers that rely on stable network operations.

For traders, the immediate question is whether negative crowd sentiment has reached exhaustion. Crypto markets frequently move against the most crowded view, and XRP has a history of sharp rallies after periods of intense doubt. Yet those rebounds have usually required more than pessimism alone. Stronger spot demand, improved liquidity and broader risk appetite have all played a role.

Broader conditions remain unsettled. Digital assets have been affected by shifting expectations for interest rates, volatile technology shares and uncertainty over institutional portfolio flows. Bitcoin’s recovery from its early-June lows has helped steady sentiment, but the market has not returned to the momentum seen during earlier bullish phases.

XRP’s supporters continue to point to its established settlement narrative, long operating history and developer ecosystem. Critics counter that adoption claims have often run ahead of measurable usage, and that token performance remains heavily dependent on speculative flows rather than network revenue or clear cash-flow fundamentals.

That tension is likely to define XRP trading in the days ahead. A sustained move above the upper end of the current range could force short sellers to cover and invite momentum buyers back into the market. Failure to hold support near $1.18 would weaken the rebound argument and expose the token to another test of lower levels.

The article XRP steadies as extreme fear fuels rebound hopes appeared first on Arabian Post.

The Stock Trading Carnival runs from 15 June to 4 July 2026 and is positioned as the third edition of the exchange’s Global Capital Gala series. The campaign allows eligible users to share rewards by inviting friends to trade stocks, taking part in trading activities and entering incentives aimed at first-time stock traders on the platform.

The Panama City-announced initiative gives users access to high-profile names including Nvidia, Micron, Samsung and SK Hynix, placing the campaign directly within the artificial intelligence and semiconductor investment theme that has dominated market activity this year. The inclusion of memory-chip leaders reflects strong demand for high-bandwidth memory, data-centre infrastructure and AI-linked computing capacity, areas that have pushed chip and storage stocks sharply higher.

BingX is presenting the campaign as part of a wider push beyond digital assets into traditional finance products. Its TradFi offering already covers more than 100 assets across commodities, foreign exchange, stocks and indices, with the company saying traditional-finance trading reached half of total platform volume at its peak during the first quarter. The exchange has also said peak daily TradFi volume has exceeded $2bn.

The move shows how crypto exchanges are trying to retain users who want exposure to equities, commodities and macro assets without shifting between brokerage and digital-asset accounts. The promise of near round-the-clock access remains one of the main selling points, particularly for users outside the trading hours of major stock exchanges.

Pablo Monti, a BingX spokesperson, said stock trading had become a key pillar of the company’s multi-asset strategy, reflecting demand from users seeking broader exposure beyond crypto. He said BingX TradFi was designed to make global markets easier to access while keeping the flexibility and user experience associated with the exchange.

The launch comes during a broader industry race to package traditional assets for crypto-native traders. Tokenised equities and stock-linked products have moved from niche experiments to a major competitive front, with exchanges and blockchain infrastructure firms testing models that track listed shares, private-company valuations or equity indices.

That expansion also brings regulatory and market-structure questions. Tokenised securities remain subject to securities rules when they represent stocks, bonds or similar instruments, even if ownership is recorded on a blockchain. Regulators have drawn distinctions between issuer-sponsored tokens, custodial models backed by underlying securities, and synthetic products that provide price exposure without the same ownership rights.

Mainstream market operators are also entering the field. Nasdaq has received approval for trading and settlement of certain tokenised securities, initially covering major liquid stocks and exchange-traded funds, while other exchange groups have explored blockchain-based settlement systems. That puts crypto platforms under pressure to show that their equity-linked products have clear backing, transparent terms and adequate investor protections.

BingX has been building its profile through several overlapping initiatives. The company, founded in 2018, says it serves more than 40m users worldwide and ranks among the leading global crypto derivatives exchanges. It has promoted copy trading, spot trading, futures and AI-powered tools as part of a broader effort to become a trading hub rather than a pure crypto venue.

Its first-quarter update highlighted more than 5m users of BingX AI products and 57m queries handled by its AI suite. The company has also used sports sponsorships to raise visibility, including its role as principal partner of Chelsea FC since 2024 and as the first official crypto exchange partner of Scuderia Ferrari HP in 2026.

The stock campaign follows other product pushes, including zero-fee TradFi futures and pre-IPO access initiatives. Those areas can attract traders looking for early exposure to high-demand companies, but they also carry risks around liquidity, pricing, leverage and whether instruments are directly backed by assets.

The article BingX expands stock trading push with carnival appeared first on Arabian Post.

The operation, tracked as Velvet Ant and labelled Operation Highland by investigators, exposed a high-risk tactic in cyber espionage: rather than relying only on conventional malware, the intruders replaced trusted OpenSSH binaries and Pluggable Authentication Modules with altered versions that could steal credentials, log commands and allow unauthorised entry.

The earliest forensic traces date to 2016, indicating an intrusion that persisted across years of system operation, security reviews and containment efforts. The targeted environment had no direct internet connectivity, a design meant to limit exposure, but the attackers built a staged path through internet-facing systems and then moved through connected corporate infrastructure to reach the restricted segment.

The case underscores a growing weakness in critical infrastructure defence. Many operators focus heavily on perimeter controls, endpoint alerts and patching, while authentication components, network appliances and legacy systems may receive less scrutiny. Velvet Ant appears to have exploited that gap by embedding access into the login process itself, making normal administrative activity difficult to distinguish from hostile surveillance.

Investigators found that the attackers first compromised public-facing servers and deployed a modified version of GS-Netcat, an encrypted reverse-shell tool. The binary was disguised as a legitimate system utility and configured to survive reboots through system startup mechanisms. A separate SOCKS5 proxy written in Perl helped route traffic through compromised hosts and support lateral movement.

The intrusion then used web infrastructure as a bridge. Nginx configurations were altered, and FastCGI wrappers were chained to execute commands on back-end systems. One custom tool, named to resemble a routine uptime utility, established SSH connections into the restricted network after receiving parameters through HTTP requests. This allowed the attackers to reach hosts that were not directly exposed online.

The most damaging stage involved control of the authentication layer. PAM sits beneath many Linux login flows, including SSH sessions, and OpenSSH provides the remote access channel used by administrators across server estates. By altering both, Velvet Ant gained visibility into logins and commands while preserving an appearance of normal operations.

Nine variants of a backdoored pam_unix. so module were identified. Some accepted a hardcoded backdoor password, bypassing normal checks. Others captured legitimate usernames and passwords as users logged in. Several versions appeared to have been compiled in different environments, suggesting a structured build process rather than an improvised intrusion.

The OpenSSH modifications were equally intrusive. Altered ssh, sshd and scp binaries captured credentials, recorded shell commands and stored logs in hidden directories. Some versions included a custom flag allowing the operator to disable its own logging, reducing the risk that investigators would later reconstruct attacker actions from the compromised tools. In some cases, timestamps were manipulated to make malicious files resemble older system artefacts.

The operation also showed why password resets and session termination may fail when attackers control the component that validates credentials. Resetting passwords before removing the malicious PAM and OpenSSH binaries could simply feed new secrets back to the intruder. That placed defenders in a difficult position: removing the backdoor was necessary, but replacing authentication components incorrectly could lock administrators out of live systems.

The remediation effort required careful host-by-host profiling because the environment contained multiple Linux distributions and versions. Systems without internet access could not pull clean packages directly from trusted repositories, while critical production requirements limited downtime. Replacement components had to be tested, moved into the restricted network through controlled channels and validated immediately after deployment.

Velvet Ant has been associated with earlier campaigns targeting infrastructure that sits outside routine monitoring. A 2024 case involved legacy F5 BIG-IP appliances used for persistence, while another involved exploitation of a Cisco NX-OS command-injection flaw affecting Nexus switches after attackers obtained administrator-level access. The pattern points to a preference for trusted network and system components that defenders may treat as stable background infrastructure.

The article Velvet Ant hid inside Linux login stack appeared first on Arabian Post.

Two alleged administrators were arrested in Georgia on 10 June after investigators targeted the platform’s clear web and dark web infrastructure, seized domains, blocked Telegram accounts and replaced AudiA6 and Dark2Web pages with law-enforcement seizure banners. The action struck at a service that investigators say operated as a trusted cash-out pipeline for criminal groups seeking to convert traceable cryptocurrency into funds that appeared clean.

The suspects, Ruslan Igorevich Tkachuk, 37, a Ukrainian national, and Alexander Vladimirovich Ledenev, 25, a Russian national, were living in Batumi, Georgia, when they were detained. Prosecutors in the Eastern District of Pennsylvania have charged them by criminal complaint with conspiracy to launder monetary instruments and sting money laundering. US authorities plan to seek their extradition.

The coordinated operation involved the US Secret Service, IRS Criminal Investigation, Europol, Eurojust and law-enforcement partners across Australia, Canada, France, Georgia, Germany, Iceland, Japan, Poland, Switzerland and the United Kingdom. Investigators searched three properties, took down 25 domains, seized more than 30 servers, froze cryptocurrency worth about €692,000 and seized more than €86,000 in digital assets. More than 80 vehicles and several properties in Georgia were also confiscated.

AudiA6 is alleged to have processed illicit funds between 2022 and 2025, with law-enforcement blockchain analysis tying the service to more than 15 international cybercrime investigations. The platform is said to have catered to ransomware operators, darknet market users and cybercrime services by offering rapid laundering through complex transaction chains. Customers allegedly sent stolen cryptocurrency to wallets controlled by the group and received cleaned funds back, often within about an hour, for commissions ranging from 3 per cent to 10 per cent.

Investigators also found more than 6,000 know-your-customer records linked to money mule accounts used to move funds through cryptocurrency exchanges. Those records suggest the laundering network relied on accounts opened with stolen, purchased or otherwise compromised identities, allowing criminals to exploit regulated exchange infrastructure while distancing themselves from the origin of the assets.

The case has exposed the role of specialist laundering brokers in sustaining ransomware, where the ability to cash out can be as important as the malware used to break into victim systems. Criminal groups increasingly depend on intermediaries able to move funds through mixers, exchanges, mule accounts and cross-border payment routes while frustrating attempts to link blockchain transactions to real-world identities.

Court documents say AudiA6 wallets received about 10,333 bitcoin, valued at roughly $389.7 million at the time of the transactions, since the service was launched in 2021. Of that amount, about 393.39 bitcoin, worth roughly $19.2 million at transaction-time valuations, allegedly came directly from known darknet markets, ransomware organisations, cybercrime services and other illicit sources, with more funds arriving indirectly from criminal activity.

The alleged operators are also accused of administering Dark2Web, a cybercrime forum used to advertise illegal services and connect actors across the underground market. AudiA6 was promoted there as a service capable of disguising the source of cryptocurrency that might otherwise be linked to criminal proceeds. The forum’s takedown widens the operation beyond a single laundering desk, hitting both the financial channel and one of the marketplaces that helped feed it clients.

The action followed an earlier arrest in Poland in September 2025. Investigators used electronic devices seized in that case to identify other people allegedly involved in the laundering network, while judicial coordination enabled measures across several jurisdictions before the June operation in Georgia.

The takedown fits a wider enforcement pattern aimed at the financial infrastructure behind ransomware rather than only the hacking groups themselves. Blockchain intelligence has allowed investigators to trace funds across public ledgers, but criminals continue to adapt by using mule networks, cross-chain transfers, nested services and private communications channels. Ransomware payments remained substantial in 2025 despite greater resistance from victims, while leak-site activity and opportunistic attacks kept pressure on companies, public bodies and critical service providers.

The allegations against Tkachuk and Ledenev have not been tested in court. If convicted in the United States, each defendant faces a maximum possible sentence of 20 years in prison. Georgian custody and extradition proceedings will determine the next stage of the case, while seized servers and financial records are expected to support parallel investigations into ransomware payments and cybercrime laundering routes across multiple jurisdictions.

The article AudiA6 takedown hits ransomware cash channels appeared first on Arabian Post.

The technique marks an operational evolution for the group, also known as Fancy Bear, Sofacy, Forest Blizzard and Pawn Storm. Long associated with intelligence collection against NATO governments, Ukraine, defence contractors, political organisations and critical infrastructure, APT28 is no longer relying only on cloud servers, rented hosting and bespoke implants. Its use of consumer and small-office routers gives it infrastructure that looks ordinary, sits close to intended victims and is harder for defenders to block at scale.

The activity centres on Ubiquiti EdgeRouters infected by MooBot, a Mirai-derived botnet family originally deployed by criminal operators against devices still using default or weak administrator credentials. Rather than build that network from the ground up, GRU-linked operators gained access to infected routers, installed scripts and binaries and repurposed the devices as an espionage platform.

Compromised EdgeRouters have been used to collect Net-NTLMv2 authentication material, proxy network traffic, host spear-phishing landing pages and stage custom Python tooling. Investigators found Bash scripts and Linux ELF binaries on targeted devices, including tools designed to exploit backdoored OpenSSH services and support credential theft. Some activity was linked to exploitation of Microsoft Outlook vulnerability CVE-2023-23397, used to leak authentication hashes to actor-controlled systems.

A court-authorised US operation, disclosed in February 2024, disrupted parts of the MooBot network by deleting malicious files from infected routers and changing firewall rules to block remote access by the operators. The action blunted one layer of the infrastructure but did not remove the wider problem: millions of routers remain poorly maintained, exposed to remote access or dependent on firmware that users rarely update.

The router pivot has since widened beyond MooBot. APT28-linked infrastructure has been tied to a DNS hijacking campaign known as FrostArmada, involving vulnerable MikroTik and TP-Link devices. Instead of infecting a victim laptop directly, the operators changed DHCP and DNS settings on compromised routers so connected phones, computers and office systems automatically sent selected lookups to attacker-controlled resolvers.

That approach enables adversary-in-the-middle attacks against web and email services. When a targeted user attempts to reach a login domain, malicious DNS responses can direct the connection through an interception node, where passwords, OAuth tokens and session data may be collected. Non-targeted traffic can still resolve normally, reducing the chance that users notice unusual behaviour.

The scale of the activity illustrates the appeal of unmanaged edge devices. During peak FrostArmada activity in December 2025, more than 18,000 unique IP addresses across at least 120 countries were seen communicating with the infrastructure. More than 200 organisations and about 5,000 consumer devices were identified as affected, with targets spanning government, defence, logistics, telecommunications, information technology, energy and third-party email services.

The campaign also shows how state-backed operators are blending criminal infrastructure, commodity devices and tailored intelligence requirements. APT28’s operators appear to cast a wide net, then filter the victim pool for accounts and organisations of value. This model reduces the need to place heavy malware on protected enterprise systems while creating access points through remote workers, small offices and suppliers outside central security monitoring.

For network defenders, the implications are uncomfortable. Blocking a known malicious server is simpler than identifying traffic proxied through residential or small-business IP addresses. Router forensics are often thin, logs may be unavailable, and many small-office devices sit outside routine patching cycles. Even when law enforcement takes down part of a botnet, abandoned devices can be re-compromised or folded into a new operational network.

The activity reinforces APT28’s broader pattern of adapting tradecraft without abandoning older methods. The group has continued to use credential harvesting, spear-phishing, webmail exploitation and custom implants alongside router-based infrastructure. Edge devices now act as a complementary layer, providing stealth, proximity and resilience for intelligence collection rather than indiscriminate disruption.

The article Routers deepen APT28’s espionage reach appeared first on Arabian Post.

Zscaler’s ThreatLabz 2026 Phishing and Initial Access Report says overall phishing volume fell by about 20% year on year for a second consecutive year, but the decline masks a shift towards campaigns built for speed, credibility and credential theft. The findings point to a cybercrime market moving away from broad “spray and pray” emails and towards polished lures that imitate routine business processes, exploit trusted brands and bypass traditional filters.

The report, released at Zenith Live in Las Vegas on June 10, draws on telemetry from the Zscaler Zero Trust Exchange covering 2025, supplemented by deception data gathered between October 2025 and March 2026. It identifies 413,524 AI-generated site instances, with 37,447 flagged as malicious. That figure, just over 9% of the total, shows how AI site builders are being used to produce fake portals, lookalike applications and malicious download pages at low cost.

Services businesses emerged as a major target, with phishing hits rising 65.5% from 330.9 million to 547.7 million. The sector’s exposure reflects customer support, billing, renewals, onboarding and document exchange, where urgent requests and external interactions can appear legitimate. Manufacturing and government also remained high-value targets, while Microsoft and Google continued to be among the most impersonated brands because enterprise identity systems offer a direct route into corporate networks.

Encryption has become central to this model. Zscaler found that 95.2% of phishing activity was delivered through encrypted channels, while 87% of malicious activity used HTTPS. That creates a blind spot for organisations that inspect email but lack deep visibility into web traffic. Attackers are using certificates, redirects and hosting infrastructure to make fraudulent sessions appear indistinguishable from ordinary browsing.

The more consequential shift is real-time compromise. Modern phishing kits, including adversary-in-the-middle and browser-in-the-middle tools, are designed not merely to collect passwords but to capture session cookies, authentication tokens and one-time codes during the login flow. That weakens conventional multi-factor authentication when users are tricked into entering credentials through an attacker-controlled proxy. Once a valid session is captured, criminals can move quickly before alerts or password resets take effect.

The report also highlights the reconnaissance stage that precedes many attacks. Deception telemetry recorded 89.9 million hostile interactions from 1.37 million unique attacker IP addresses over six months. More than 121,000 distinct AWS-hosted IPs were observed probing customer environments, illustrating how cloud infrastructure gives attackers scale and disposable resources.

The trend fits a broader pattern across the threat landscape. The 2026 Verizon Data Breach Investigations Report found that generative AI is bolstering attacks at multiple stages and that mobile threats are producing higher click rates than traditional email. The Anti-Phishing Working Group recorded more than 1 million phishing attacks in the first quarter of 2025, the highest quarterly level since late 2023. Academic research published in May 2026 showed that generative AI can automate personalised spear-phishing messages using public social media data.

The commercialisation of phishing kits is adding to the problem. Kits now bundle landing-page templates, evasion tools, bot filtering, brand impersonation and dashboards that track credential capture. Google this week filed a lawsuit in New York targeting the operators of the Outsider phishing kit, alleging that the service used AI tools to help create fraudulent sites and generated more than 1.5 million associated URLs between November and April. The action reflects pressure on technology companies to police misuse of cloud platforms and generative AI systems.

For security teams, the economics are changing. A lower number of phishing attempts no longer signals reduced risk if each campaign is better researched, better hosted and better timed. Defences built around inbox filtering and user awareness training remain useful but are no longer sufficient. Enterprises are being pushed towards phishing-resistant authentication, continuous session monitoring, encrypted traffic inspection, tighter identity controls and controls that limit lateral movement after a compromised account is used.

The article AI sharpens phishing despite lower volumes appeared first on Arabian Post.

The campaign targets Windows users with archives and documents framed as useful resources for artificial intelligence adoption, coding and marketing. One lure was presented as a developer guide for agentic coding with Claude Code, while other decoy titles referred to AI-ready data systems and marketing in the age of AI. The approach reflects a wider shift in cybercrime: attackers are no longer relying only on crude phishing attachments, but are packaging malware inside material that appears relevant to employees trying to keep pace with AI tools.

The infection begins with a compressed archive containing a shortcut file and hidden PDF files. The visible file appears harmless, but the shortcut launches an obfuscated command sequence using native Windows tools. Instead of calling an obvious executable, the command reads selected lines from one hidden PDF and treats the file as a container for staged malicious code.

That first stage extracts and runs PowerShell commands while suppressing visible windows and bypassing execution restrictions. The embedded script searches for concealed data markers inside the PDF, decodes Base64 content, applies PBKDF2 key derivation and AES-CBC decryption, then writes another PowerShell script into the user’s application data directory. The use of a benign-looking document as a storage layer allows the attack to conceal payloads away from conventional attachment scanning.

The next phase creates a working directory under a path designed to resemble a legitimate Windows diagnostics component. Additional payloads are extracted from the same PDF, including scripts and batch files with names imitating Realtek audio services. A clean decoy PDF is also opened to reassure the victim that the downloaded guide was legitimate, while the malicious chain continues silently.

Persistence is established through scheduled tasks carrying audio-related names, including tasks configured to run after infection, at user logon and, where permitted, at system startup or daily intervals. This gives the attackers repeated opportunities to regain control even after a reboot. The campaign also attempts to reduce forensic traces by using temporary logs that are deleted after execution.

A notable feature is the abuse of AutoHotkey as an execution layer. The recovered executables match legitimate AutoHotkey binaries but are renamed to resemble Realtek components. Malicious logic is placed in AutoHotkey scripts, allowing the attackers to mutate scripts more easily and reduce dependence on custom compiled files that security tools may flag.

The loader reconstructs payloads from disguised text files and injects them into legitimate. NET Framework processes through process hollowing. It uses standard Windows API functions for creating suspended processes, allocating memory, writing malicious code and resuming execution, allowing the final payload to run under the cover of trusted system components.

The final stage includes a modular remote access trojan and AsyncRAT. The malware can contact command-and-control infrastructure, collect system details, identify the user and operating system, monitor security products, capture screen data, receive encrypted commands, load additional. NET assemblies directly in memory and run follow-on payloads. One AsyncRAT sample used a command-and-control address at 107.172.10.190, while related infrastructure included domains designed to resemble shampoo or cosmetics websites.

AsyncRAT remains attractive to attackers because it is open-source, flexible and widely adapted across criminal operations. Once installed, it can support remote desktop access, credential theft, file manipulation, command execution and further malware delivery. Its availability has made it common in phishing, loader and malware-as-a-service ecosystems.

The campaign also points to possible AI-assisted malware development. Several scripts contained Simplified Chinese variable names, structured comments and artefacts that appeared unsanitised, including an emoji-marked instruction line. The overall attack logic still suggests deliberate human planning, but the coding style indicates that generative tools may have helped speed up implementation.

The timing is significant as workplaces continue to adopt AI assistants, code-generation tools and prompt-based workflows. Developers, marketers, analysts and students are searching for guides, templates and utilities, creating a fertile environment for malicious downloads disguised as educational material. Similar operations have used fake AI websites, spoofed coding tools, malicious search advertisements and poisoned software recommendations to target users seeking productivity tools.

The article Fake AI guides mask AsyncRAT campaign appeared first on Arabian Post.

The /security-review slash command, introduced as an experimental public preview for GitHub Copilot CLI, allows developers to run an AI-driven security check inside the terminal. The feature is designed to inspect current code changes and flag weaknesses such as injection flaws, cross-site scripting, unsafe data handling, path traversal and weak cryptography before the code enters a shared repository or production pipeline.

The move reflects a broader shift in software security: catching flaws at the point of creation rather than waiting for pull request reviews, continuous integration scans or post-deployment audits. With developers increasingly using AI coding assistants to generate, refactor and test software, platforms are under pressure to embed guardrails into the same workflows that now produce large volumes of code.

GitHub Copilot CLI, which became generally available earlier this year, gives developers access to Copilot from the command line for tasks such as explaining code, debugging, editing files and opening pull requests. The new security review option builds on that terminal-first workflow by giving teams a lightweight check before a commit is made. Unlike traditional code scanning systems that rely on rule-based analysis and data-flow tracking across a repository, the new command uses large language model inference focused on the developer’s active changes.

That distinction is central to GitHub’s positioning of the feature. The tool is not being presented as a replacement for CodeQL, dependency scanning, secret scanning or manual security review. It does not perform CVE database matching, full dependency analysis or exhaustive repository-wide taint analysis. Its value lies in immediacy, giving developers a prompt warning when a proposed change appears to introduce a risky pattern.

The timing is significant for security teams facing faster development cycles and wider use of autonomous coding tools. AI assistants can accelerate software delivery, but studies of AI-generated code have repeatedly found that generated snippets may contain common weaknesses, including insecure input handling, poor randomness, unsafe deserialisation and improper output encoding. The risk becomes sharper when teams adopt agentic workflows that allow tools to edit multiple files, run commands and suggest architectural changes with limited human intervention.

Security specialists have long argued that “shift left” programmes work only when controls are embedded naturally into developer routines. Pre-commit checks are attractive because they reduce the cost of remediation; a flaw found before commit is easier to fix than one discovered after a build fails, a pull request is blocked or an incident response begins. The challenge has been balancing speed with accuracy, as noisy alerts can cause developers to bypass or ignore tooling.

The new Copilot command attempts to address that by offering targeted feedback on changed code rather than broad security reports. In practice, it may help identify obvious missing validation, suspicious string concatenation in database queries, improper file path construction, weak cryptographic choices or unsafe rendering of user-controlled content. Its usefulness will depend on how clearly it explains findings, how often it avoids false positives and whether developers treat its output as an aid rather than a definitive audit.

The public preview label is important. Experimental AI security checks can miss vulnerabilities, misclassify benign code or offer incomplete remediation advice. Large language models are also sensitive to context: a change that appears unsafe in isolation may be protected elsewhere, while a subtle flaw may require deeper knowledge of the application, framework or deployment environment. For regulated industries and large enterprises, such tools are likely to supplement rather than replace established application security testing.

GitHub’s broader security stack already includes CodeQL-based code scanning, secret scanning, push protection and dependency alerts. The terminal command adds another layer at the earliest point in the workflow. Used properly, it may reduce the number of avoidable issues that reach pull requests, giving formal scanners and human reviewers more room to focus on complex risks.

The feature also intensifies competition among AI coding platforms. Developers are comparing not only code generation quality but also review, testing, security and automation capabilities. Vendors are racing to add specialised agents and slash commands that can perform narrowly defined tasks inside familiar environments, from integrated development environments to terminals and repository workflows.

The article Copilot brings security checks to terminal appeared first on Arabian Post.

Tenet Security researchers have described a technique they call “agentjacking”, in which a hostile actor plants malicious instructions inside a fake software error report and waits for a coding agent to read it during routine debugging. The attack does not require stolen passwords, malware on the developer’s machine or direct compromise of the target company’s systems. Its force comes from turning trusted workflow data into instructions that an agent treats as part of its task.

The proof-of-concept centres on Sentry, a widely used application monitoring platform that collects software errors, stack traces and diagnostic messages. Many websites expose a Sentry Data Source Name so front-end errors can be sent to the correct project. That design is not, by itself, a security flaw. Tenet’s argument is that a coding agent connected to the issue-tracking workflow may read attacker-supplied diagnostic text and interpret it as guidance for fixing a bug.

Researchers said a crafted event could look like a normal error report, complete with apparently helpful remediation steps. When an AI coding agent is asked to investigate the issue, it may follow those steps, install a package, run a command or modify code. If the agent has terminal access, repository access or local environment privileges, the attacker’s instructions can move from a text field into executable action.

Tenet said it tested the method under controlled conditions across more than 100 agent deployments and identified exposure among more than 2,300 organisations. The company said the pattern bypassed conventional controls because the activity appeared authorised: the agent was using permitted tools, acting under a developer’s identity and performing what looked like legitimate debugging work. That is why the researchers describe the weakness as an “authorised intent chain” rather than a conventional intrusion path.

The finding sharpens concern over the way coding agents are being added to developer environments. Tools such as Claude Code, Cursor, Gemini CLI, GitHub Copilot-style assistants, Cline and other agentic coding products increasingly move beyond autocomplete into planning, editing, testing and command execution. Their usefulness depends on access to repositories, terminals, package managers, logs, tickets and continuous integration systems. Those same connections create a wider attack surface when the model cannot reliably distinguish data from instructions.

Prompt injection has already been ranked as a leading risk for large language model applications because malicious or hidden input can alter an AI system’s behaviour. Coding agents raise the stakes because they can act on that altered behaviour. A poisoned bug report, dependency instruction, README file, support ticket or pull request comment may become an operational command once an agent ingests it.

Security researchers have warned throughout 2025 and 2026 that agentic systems are vulnerable to tool abuse, indirect prompt injection, data exfiltration and sandbox escape. Academic work on coding-agent attacks has also shown that poisoned “skills”, hidden scripts and manipulated tool descriptions can steer agents into unsafe behaviour even when the user’s original instruction is benign. The Tenet case adds a practical enterprise workflow to that list: error monitoring.

The Sentry angle is significant because error telemetry is routinely treated as diagnostic evidence rather than hostile input. Client-side reporting systems are designed to accept events at scale, and developers often rely on them to triage production failures quickly. If an agent is placed between the error report and the fix, the contents of the report become part of the model’s working context.

The risk is not limited to one monitoring platform. Any system that accepts outside-controlled text and later feeds it to an agent can become an entry point. That includes customer support systems, crash reports, GitHub issues, project-management tickets, chat logs, documentation sites and code comments. The common weakness is not the external system alone, but the decision to let an autonomous agent consume untrusted content while retaining permission to execute commands.

Defensive advice is moving away from simple prompt warnings. Telling an agent to ignore untrusted text may not be sufficient if the malicious instruction is embedded in a context that looks operationally relevant. Security teams are instead being urged to treat agents as privileged digital identities, restrict their permissions, isolate their execution environments, require human approval for risky commands, block automatic package installation, inspect tool calls and keep detailed audit logs of agent decisions.

The article Fake bug reports expose coding agents appeared first on Arabian Post.

The spread of so-called shadow AI has exposed a familiar weakness in corporate cybersecurity: organisations that struggled to control unapproved apps, unmanaged cloud storage and personal messaging channels are now facing the same problem with tools that can absorb sensitive data, generate code, summarise contracts and automate decisions. The difference is scale. A single prompt can contain customer records, source code, financial forecasts, legal advice or board material, while the resulting output may be copied into business workflows with little record of how it was produced.

The issue has moved from a technology-management concern to a board-level risk. Surveys of enterprise technology leaders show that many are accountable for AI systems they do not fully control, while governance frameworks remain incomplete. AI incidents requiring human intervention are already being reported across large organisations, including data exposure, compliance breaches and cascading system failures when automated tools interact with live systems. The risks rise further as companies move from simple chatbots to AI agents that can execute tasks across email, customer platforms, code repositories and enterprise applications.

Security teams say the roots of the problem are not new. Many organisations still lack reliable software inventories, consistent data classification, strong identity controls and clear accountability for business-led technology procurement. Shadow AI exploits those same gaps. Employees often use unauthorised tools because approved systems are unavailable, slow to access or poorly suited to their work. Attempts to block popular AI platforms without providing alternatives can push usage into personal accounts, unmanaged browsers and consumer subscriptions, where logs, retention settings and contractual safeguards are weaker.

The acceleration of workplace AI has left policy trailing behaviour. Knowledge workers are using generative tools for drafting, research, translation, coding, spreadsheet analysis, presentation design and customer communication. In many cases, the productivity gains are real, making blanket restrictions hard to defend. But informal adoption creates uncertainty over whether confidential data is used to train external models, whether outputs are accurate, whether copyrighted material is being reproduced, and whether regulated information is being processed outside approved jurisdictions.

Regulators are also sharpening scrutiny. The EU AI Act, GDPR, sectoral financial rules and privacy laws in several jurisdictions are forcing companies to document how AI systems are selected, assessed, deployed and audited. High-risk uses, including credit, employment, healthcare, insurance and critical infrastructure, demand stronger evidence of oversight. Even where a tool is used only for internal productivity, companies may still face legal exposure if personal data, trade secrets or client material are entered into platforms without proper safeguards.

The key players in the corporate AI market are trying to close the gap. Microsoft is embedding Copilot across Microsoft 365 and enterprise security products, OpenAI is expanding business controls for ChatGPT, Anthropic is positioning Claude for enterprise use, and Google is integrating Gemini into Workspace and cloud services. Cybersecurity vendors are adding AI usage discovery, browser controls, data-loss prevention, prompt monitoring and model-risk dashboards. Yet tools alone are unlikely to solve a governance failure that is partly organisational.

A more mature response starts with discovery. Companies need to know which AI tools are being used, by whom, for what purpose and with what data. That requires browser telemetry, identity logs, expense analysis, cloud access security controls and staff surveys, combined with a non-punitive reporting culture. Workers are less likely to hide usage if they are offered approved alternatives and clear rules on what can and cannot be shared.

Data governance is the next weak point. Many businesses have not classified information accurately enough to apply meaningful AI controls. Without clear labels for public, internal, confidential, regulated and restricted data, security teams cannot enforce prompt-level policies or decide which use cases require human review. AI governance therefore depends on the same data discipline that cybersecurity leaders have been urging for years.

The rise of AI agents makes the challenge more urgent. Unlike chat tools that respond to single prompts, agents can plan tasks, call APIs, retrieve files, send messages and update systems. That makes identity and access management central to AI safety. Each agent needs a defined owner, approved purpose, restricted permissions, logging, expiry rules and emergency shut-off. Treating agents as ordinary software scripts leaves organisations exposed to privilege misuse, prompt injection, data leakage and untraceable decisions.

The article Shadow AI widens corporate control gaps appeared first on Arabian Post.

The flaws affect versions before phpBB 3.3.17, released on June 6 as a maintenance and security update for the 3.3. x branch. One issue exposes default installations using database authentication, while the other affects boards where administrators have enabled OAuth login through providers such as Google, Facebook or Bitly. The disclosures have raised concern because phpBB remains widely used by communities, hobby groups, support forums, companies and private boards that often contain years of user records, private messages and moderation history.

The more severe flaw, tracked by researchers as PTT-2026-004 while a CVE identifier remains pending, has been rated critical with a CVSS score of 9.4. It allows an unauthenticated attacker to obtain a valid session as any active user by sending a single crafted request. The attack does not require the victim’s password, prior access to the forum or any action by the targeted user. Versions up to and including phpBB 3.3.16 and phpBB 4.0.0-a2 are affected when the platform is using its default database authentication setting.

The second issue, tracked as PTT-2026-005, has been rated high with a CVSS score of 8.3. It stems from a weakness in phpBB’s OAuth account-linking process, where a logged-in victim who loads a crafted URL can have an attacker-controlled OAuth credential silently attached to the victim’s account. Once the binding is created, the attacker can log in through that OAuth provider without needing the victim’s password. The risk is narrower than the default authentication bypass because it requires OAuth to be configured, but the exploit path is notable because it can be triggered without a visible click if the URL is embedded in content that a browser loads automatically.

The OAuth flaw can be delivered through an image tag placed in a post or private message. When a logged-in user views the content, the browser requests the attacker’s URL in the background, completing the account-linking action without the victim’s consent. The attacker then gains persistent access through the linked OAuth account unless the entry is removed from the forum’s OAuth account table or noticed and revoked.

For ordinary users, a successful compromise could expose private messages, restricted boards, profile data and posting rights. For moderators or administrators, the impact could include access to private forums, moderation controls and the ability to act under trusted identities. phpBB’s Administration Control Panel still requires password re-authentication, which limits direct administrative escalation through OAuth alone, but forum-level access under a privileged account could still allow significant disruption and data exposure.

The disclosure timeline has intensified scrutiny of patching windows. The flaws were discovered on May 13, reported to the phpBB security team on June 4, fixed in phpBB 3.3.17 on June 6 and publicly detailed on June 8. That short interval places pressure on forum owners to move quickly, particularly where public member lists make username discovery easy or where old boards are maintained with minimal technical oversight.

Administrators running affected versions have been told to upgrade to phpBB 3.3.17 or later. For boards that cannot patch immediately and have OAuth enabled, disabling OAuth authentication and reverting to database authentication removes exposure to the OAuth chain until the update is completed. Operators are also being advised to audit OAuth account records for unexpected provider links, especially on administrator, moderator and high-profile user accounts.

The case highlights a broader security challenge in mature open-source platforms: extensions, authentication options and legacy deployment patterns can turn small logic flaws into account-takeover paths. OAuth remains a standard login mechanism across the web, but weak state validation, silent account linking and inadequate confirmation prompts have repeatedly produced serious vulnerabilities in web applications.

The article phpBB rushes patch for silent account hijack appeared first on Arabian Post.

The campaign marks a shift in social engineering from email inboxes and fake websites to short-form video feeds, where attackers mimic creator culture, use casual language and rely on platform algorithms to amplify content. Videos typically advertise cracked or “activated” versions of popular products such as Spotify Premium, CapCut Pro, Microsoft 365, Adobe tools and streaming services, targeting users who are searching for shortcuts to paid software.

The tactic works because it blends entertainment, instruction and fraud into a familiar format. Some clips show step-by-step “how-to” guides, while others are presented as ordinary user recommendations. Viewers are encouraged to visit external links, paste commands into Windows tools, download archives or disable security controls. The final payload can include information-stealing malware designed to harvest browser passwords, session cookies, cryptocurrency wallet data, saved files and account credentials.

Security teams tracking the activity have linked parts of the campaign to infostealer families such as Vidar and StealC, while related short-video and fake activation schemes have also been associated with Lumma and other malware-as-a-service operations. These tools are widely traded in underground markets, allowing low-skilled operators to buy access to malware infrastructure and focus on distribution through social platforms.

The use of TikTok and Instagram Reels gives attackers several advantages. Short videos are fast to produce, easy to repost and difficult for ordinary users to assess. Fraudulent clips can gain credibility through comments, likes, captions and copied visual styles. Attackers can also rotate accounts and links, making takedowns less effective when the same lure is quickly republished under a different profile.

The method builds on the “ClickFix” style of attack, where users are tricked into running commands themselves under the belief they are solving a software activation problem, bypassing a warning or completing a verification step. Instead of exploiting a technical vulnerability, the attacker exploits trust, urgency and the appeal of free access. That makes the campaign harder to block purely through patching.

The risk is highest for Windows users because many of the instructions rely on PowerShell, Windows Run or terminal commands. Once executed, the script can contact remote servers, download additional payloads and establish persistence. In some cases, the malware avoids obvious installation prompts, giving victims little indication that credentials and browser data are being copied.

Businesses face a wider threat from the same activity. A compromised personal device can expose work passwords, cloud tokens or browser sessions used for corporate services. Infostealer logs are routinely sold or exchanged, and stolen credentials have become a common entry point for ransomware groups, business email compromise gangs and account takeover operations.

The campaign also reflects a broader trend in cybercrime: attackers are following audience behaviour. As younger users and creators spend more time inside short-video apps, malicious actors are adapting their delivery methods to match the way people search for software tips, editing tools, AI utilities and entertainment hacks. The lure is often framed around productivity or creativity, not only piracy.

Platform operators have policies against malware promotion, deceptive links and account abuse, but short-form video moderation remains a difficult problem. A clip may not contain malware itself; it may only display instructions, refer viewers to a profile link or direct them to a changing third-party page. That separation between content and payload complicates automated detection.

The article Short video scams widen malware threat appeared first on Arabian Post.

The vulnerability, named RoguePlanet by its publisher, was released with proof-of-concept code under the alias MSNightmare, adding to a turbulent sequence of Windows and Defender disclosures that have tested Microsoft’s patching process and the wider debate over vulnerability disclosure. The issue has not yet been assigned a public CVE, and Microsoft had not issued a dedicated advisory for RoguePlanet at the time of review.

RoguePlanet is described as a race-condition flaw in Microsoft Defender that can, when successful, spawn a command prompt with NT AUTHORITYSYSTEM privileges. That level of access is among the most serious outcomes for a local privilege-escalation flaw because it can allow an attacker who already has a foothold on a machine to disable protections, tamper with files, deploy additional payloads or move deeper into a network.

The proof-of-concept was published on GitHub and includes C++ code and a compiled executable. The repository states that the exploit has been tested on Windows 11 official and Canary builds, as well as Windows 10 systems with June 2026 patches installed. The publisher described the exploit as inconsistent across machines, saying it reached full reliability on some systems while failing or requiring repeated attempts on others.

A third-party security firm said it had reproduced the exploit on a fully patched Windows 11 system carrying the June update, lending weight to the claim that the issue affects current builds rather than only outdated installations. The same analysis indicated that application allowlisting could block execution of the public proof-of-concept, although that does not remove the underlying software weakness.

The immediate risk is greatest where attackers already have local access through stolen credentials, malware, exposed remote access tools or another exploit chain. Local privilege-escalation bugs are rarely the first step in an intrusion, but they are often decisive in turning limited access into full compromise. For enterprise defenders, that makes RoguePlanet important even before a formal severity score is published.

The disclosure comes after a busy patch cycle for Microsoft. The June 2026 Patch Tuesday release addressed 200 vulnerabilities, including three publicly disclosed zero-days and 33 flaws rated critical. That volume has increased pressure on administrators already managing emergency Defender updates issued in May after two separate Defender vulnerabilities were added to the US known-exploited list.

One of those May flaws, CVE-2026-41091, involved improper link resolution before file access in Microsoft Defender and allowed local privilege elevation. It carried a CVSS score of 7.8 and affected Microsoft Malware Protection Engine versions before 1.1.26040.8. The second, CVE-2026-45498, involved denial-of-service conditions in Defender components. Both were treated as exploited vulnerabilities and carried urgent remediation deadlines for federal systems.

RoguePlanet appears to sit within the same broader pattern: security products that perform privileged file operations can become attractive targets when their own handling of links, mounts, symbolic paths or remediation actions is flawed. Defender runs with elevated authority because it must inspect, quarantine and manipulate files across the operating system. That privileged role gives attackers a high-value target if they can influence what the service opens, moves or rewrites.

The MSNightmare repository claims the exploit does not work as written on Windows Server because standard users cannot mount ISO images, while asserting that server editions may still be vulnerable if the technique is redesigned. That server claim remains unverified and should be treated cautiously until Microsoft or independent researchers publish additional analysis.

The disclosure has also revived friction between Microsoft and independent researchers. The same researcher persona has been linked to earlier public releases involving Defender and other Windows components, including BlueHammer, RedSun, GreenPlasma and YellowKey. Some of those were later addressed through security updates, while the publication of working exploit code before coordinated patch availability drew criticism from parts of the security community.

For organisations, the practical response is to verify that Defender engine, platform and security intelligence updates are current, review endpoint telemetry for unexpected SYSTEM-level shells, and restrict execution of unsigned or unapproved binaries. Microsoft’s current Defender security intelligence page lists engine version 1.1.26050.11 and platform version 4.18.26050.15 as the latest available line at the time of review, underscoring the need to check component versions rather than rely only on monthly operating-system patch status.

Security teams should also harden standard-user environments, limit local administrator rights, monitor suspicious mount activity, and test controls against privilege-escalation attempts. Application control, attack-surface reduction rules, endpoint detection coverage and rapid isolation procedures can reduce the chance that a local flaw becomes a domain-wide incident.

The article Defender flaw exposes Windows systems to takeover appeared first on Arabian Post.

The latest wave adds 23 malicious PyPI package-version artefacts to an operation already linked to Mini Shai-Hulud, Miasma and Hades activity. The broader campaign now spans hundreds of npm and PyPI artefacts, with security tracking indicating 471 affected artefacts across the two ecosystems, including 411 npm artefacts across 106 packages and 60 PyPI artefacts across 37 packages. The expansion shows that attackers are no longer relying on a single infection path, but are adapting delivery methods to reach developers, machine-learning teams, bioinformatics users and organisations building tools around model context protocol workflows.

PyPI is widely used by Python developers to distribute and install software libraries. Its trust model depends heavily on package maintainers, version integrity and developer judgement. That makes it an attractive target for supply-chain attackers seeking access not just to individual machines, but to the credentials and automation tokens that allow code to be published, deployed or integrated into production systems.

The Shai-Hulud-linked activity is notable for its cross-ecosystem behaviour. Earlier waves targeted npm, the JavaScript package registry, before moving into PyPI and other developer repositories. The latest PyPI infections include techniques designed to run silently during installation or Python start-up, allowing malicious code to execute before a developer notices anything unusual. Some poisoned wheels abuse Python startup hooks by bundling. pth files that trigger execution automatically, while others use native extension or loader-based approaches to start a credential-stealing payload.

A key feature of the campaign is its use of Bun, a JavaScript runtime, as an execution engine. Instead of assuming that Node. js or another local runtime is available, the malware can download Bun and use it to run heavily obfuscated JavaScript payloads. That cross-runtime design makes detection more difficult because defenders watching only Python execution paths may miss the transition into JavaScript-based behaviour.

Once executed, the malware attempts to harvest sensitive material from developer environments, including GitHub tokens, package registry credentials, cloud keys, SSH material, API keys and CI/CD secrets. Those credentials can allow attackers to publish further poisoned packages, access private repositories, alter build pipelines or exfiltrate code and configuration files. The worm-like logic gives the operation the potential to move from one compromised developer workstation into wider organisational infrastructure.

The latest activity also shows evidence of branding and marker changes across variants. The Hades naming convention has appeared in exfiltration markers and repository descriptions, while Miasma activity has been linked to broader Shai-Hulud-style tradecraft. Although attribution remains uncertain, some earlier Mini Shai-Hulud waves have been associated by security vendors with TeamPCP, a financially motivated threat actor that emerged in late 2025 and has been linked to attacks exploiting developer infrastructure.

The campaign builds on a sequence of attacks that unfolded through April, May and June 2026. PyPI package lightning versions 2.6.2 and 2.6.3 were identified as malicious on April 30 and quarantined the same day. The package is heavily used by AI and machine-learning developers, with roughly 8 million monthly downloads, magnifying potential exposure for teams that imported affected versions before removal. Other waves affected well-known developer projects including TanStack, Mistral AI, UiPath, OpenSearch and Guardrails AI.

The May phase of the campaign showed larger-scale npm compromise, with more than 170 packages affected and hundreds of millions of monthly package downloads connected to impacted projects. Known PyPI artefacts in that phase included mistralai version 2.4.6 and guardrails-ai version 0.10.1, both linked to payloads designed to steal development secrets and potentially enable lateral movement. Malicious packages were uploaded in waves on April 29 and May 11, before further PyPI discoveries emerged in June.

For organisations, the risk is greater than ordinary endpoint malware because package installation often happens inside trusted build, testing and deployment environments. A poisoned dependency installed during automated CI/CD runs may gain access to secrets with broad privileges. Developer laptops may also hold long-lived tokens, cloud credentials and SSH keys, creating a path from a single package install to repository takeover or unauthorised software release.

The article PyPI attack widens developer supply-chain risk appeared first on Arabian Post.

The update, released on 8 June 2026, addresses flaws spanning memory corruption, privilege escalation, denial of service, cross-site scripting and unsafe handling of backend responses. The affected versions stretch across much of the 2.4 branch, with several vulnerabilities present from 2.4.0 through 2.4.67. The 2.4.68 build is now the recommended general availability release for the long-running 2.4. x line.

The most operationally significant fixes are in modules commonly deployed in reverse proxy, WebDAV, LDAP, TLS and HTTP/2 environments. While none of the flaws fixed in 2.4.68 has been rated critical, several are classed as moderate and could expose servers to disruption, unauthorised file access or unsafe parsing behaviour when combined with specific configurations.

One privilege management flaw affects expression handling in. htaccess across multiple modules. It could allow local. htaccess authors to read files using the privileges of the httpd user, raising concern for shared-hosting environments and platforms where delegated configuration is permitted. The issue affects Apache HTTP Server versions up to 2.4.67 and is among the most closely watched items in the patch set.

The release also fixes a denial-of-service weakness in mod_http2 that could be triggered through malicious HTTP requests. HTTP/2 support is widely enabled across high-traffic sites, APIs and content delivery environments, making the flaw important for operators managing systems that depend on persistent connections and multiplexed streams.

Several proxy-related vulnerabilities are also covered. A buffer overflow in modproxyhtml could be triggered by an untrusted backend, while ProxyPassReverseCookie handling carried a heap-based buffer overflow risk when interacting with malicious backend servers. Another flaw in modproxyftp involved an infinite-loop condition tied to attacker-controlled backend FTP servers, and a separate cross-site scripting issue affected HTML directory listing generation in modproxyftp.

The update further resolves a path-handling issue in moddavfs that could allow a WebDAV content author to manipulate trusted DAV property databases, with the potential to cause child process crashes. WebDAV is less visible than standard HTTP serving but remains in use in document management, publishing and legacy collaboration environments.

Memory-safety fixes make up a significant part of the release. These include a use-after-free condition in modldap per-directory configuration, a heap overflow in modxml2enc, an out-of-bounds read involving response header merging in modheaders and modmime, a buffer over-read in mod_ssl during outbound OCSP requests, and a heap underflow tied to crafted regular expressions in configuration.

The breadth of the fixes shows the continuing risk faced by modular web server platforms, where vulnerabilities may not affect every deployment but can become serious when enabled modules intersect with exposed services, untrusted backends, shared hosting models or complex authentication rules. Administrators are being urged to review active modules rather than assume that a vulnerability is irrelevant because the core server appears stable.

Apache remains one of the most widely deployed web servers. Current web technology surveys show it is used by roughly 23 per cent of websites whose server software is known, with the overwhelming majority of Apache deployments running version 2. x. That footprint gives even moderate-rated vulnerabilities substantial operational significance because patch delays can leave large numbers of systems exposed.

The 2.4.68 release follows Apache HTTP Server 2.4.67, issued in May, which addressed a separate HTTP/2 double-free flaw that could lead to denial of service and possible remote code execution in Apache HTTP Server 2.4.66. That earlier issue sharpened attention on HTTP/2 handling and reinforced the need for administrators to track point releases closely rather than waiting for major version changes.

Security teams are expected to focus first on servers exposed directly to the internet, reverse proxies handling untrusted upstream traffic, shared-hosting nodes, systems with. htaccess delegation, and installations using modhttp2, modproxy, moddavfs, modldap, modssl or XML conversion modules. Enterprises with layered patch approval processes may also need to check whether distribution-maintained packages have backported fixes without changing the visible upstream version number.

The article Apache update closes server security gaps appeared first on Arabian Post.

The campaign, tracked by security researchers as UNK_DeadDrop, unfolded over April and May and reached targets in technology, finance, cryptocurrency, education, business services and other sectors. More than 250 phishing emails were sent during a six-week burst, with most victims approached through developer job or project-review lures that directed them to attacker-controlled GitHub repositories.

The attackers posed as recruiters, employers or project owners seeking technical assessments. Targets were asked to clone a repository and open it in Visual Studio Code or Cursor, both widely used development environments. The malicious repositories were designed so that opening the project folder could silently trigger preconfigured tasks, reducing the need for victims to run obvious malware commands.

Once activated, the infection chain deployed platform-specific loaders for Windows, macOS and Linux. The malware installed a malicious Visual Studio Code extension disguised as a legitimate Google-related service and connected to command-and-control infrastructure. The payload then supported system reconnaissance, remote command execution and the theft of browser wallet extensions, decrypted credentials and desktop cryptocurrency wallets.

The operation shows how North Korea-aligned cyber groups are adapting to the software supply chain rather than relying only on conventional phishing attachments. Developers are attractive targets because they often hold access tokens, private repositories, cloud credentials and crypto wallets, and because technical assessments can plausibly require them to run unfamiliar code on their own machines.

The new campaign overlaps in tactics with the broader North Korea-linked “Contagious Interview” ecosystem, which has used fake job interviews and coding challenges since at least 2022 to compromise developers. Researchers have treated UNK_DeadDrop as a separate activity cluster because the latest telemetry does not show direct operational overlap, even though the tradecraft, targeting and financial motive fit the wider pattern.

Cryptocurrency remains a central focus. North Korea-linked actors stole at least $2.02bn in digital assets in 2025, pushing the estimated cumulative total to $6.75bn. The pattern has shifted towards fewer but larger compromises, with attackers increasingly pursuing privileged access inside exchanges, custodians and Web3 firms instead of relying only on direct wallet theft.

The stakes were underlined by the February 2025 Bybit breach, when attackers attributed to North Korea stole about $1.5bn in virtual assets from the Dubai-based exchange. That incident put renewed pressure on trading platforms, custodians and wallet infrastructure providers to harden signing processes, employee access controls and front-end transaction verification.

The developer-lure campaign also sits alongside a parallel North Korean IT worker threat. Skilled operatives using fabricated or stolen identities have sought remote jobs with technology companies, including crypto businesses, to generate revenue and obtain internal access. Some operations have involved laptop farms, forged credentials, compromised online profiles and facilitators who help route traffic or pass identity checks.

For companies, the risk is no longer confined to hiring fraud or endpoint compromise. A developer infected through a code-test repository could expose corporate source code, API keys, cloud credentials and production secrets. In crypto firms, the same foothold can give attackers a route toward wallet infrastructure, transaction-signing systems, smart-contract deployment tools or customer data.

The abuse of trusted developer platforms complicates detection. GitHub repositories, npm packages, Python libraries and editor extensions are part of everyday engineering work. A malicious assessment can look like a legitimate test, while the use of cross-platform tooling allows attackers to reach mixed corporate environments without tailoring each lure from scratch.

Security teams are tightening controls around recruitment workflows, including isolating coding assessments in disposable virtual machines, blocking automatic task execution in code editors, reviewing extension permissions and separating personal wallets from work devices. Companies are also expanding scrutiny of unsolicited recruiter contacts, newly created project repositories and requests to run package-installation commands outside approved build pipelines.

The article Fake coding tests expose crypto developers appeared first on Arabian Post.

The article CPX sharpens AI cyber resilience push appeared first on Arabian Post.

The issue centres on the way Claude Code Action handled file-reading capabilities inside GitHub Actions runners. While subprocess paths such as Bash were subject to environment scrubbing and sandboxing controls, the agent’s Read tool was not covered by the same restriction. That gap allowed the tool to access /proc/self/environ, a Linux process file that can reveal environment variables available to the workflow, including credentials such as ANTHROPICAPIKEY and potentially other CI/CD secrets.

The finding is significant because GitHub Actions is widely used to test, build and deploy software, and workflow runners often hold access tokens, cloud credentials, signing keys or package registry secrets. AI coding agents operating in that environment can read repository content, interpret pull requests, respond to issues, review code and, in some configurations, create commits or pull requests. When such agents process attacker-controlled text from issue bodies, pull request descriptions or comments, malicious instructions can be smuggled into the agent’s context through prompt injection.

Microsoft’s security team said responsible disclosure led Anthropic to mitigate the issue in Claude Code version 2.1.128 by blocking access to sensitive /proc files. The fix narrows one route for secret exposure, but the case highlights a wider security problem: agentic CI/CD tools do not behave like deterministic build scripts. They interpret natural language, use tools, follow context and may act on untrusted instructions unless strong boundaries are enforced.

Claude Code GitHub Actions allows developers to integrate Anthropic’s coding assistant into GitHub workflows. It can be triggered through @claude mentions in issues or pull requests, can analyse code, generate pull requests and automate engineering tasks based on repository standards. Anthropic’s documentation says the tool supports multiple authentication methods, including direct API keys, OAuth tokens, Amazon Bedrock, Google Vertex AI and Microsoft Foundry. Manual setup commonly involves adding an Anthropic API key to repository secrets and installing the Claude GitHub app with permissions to interact with code, issues and pull requests.

Security researchers have already shown how agentic workflows can be manipulated when untrusted GitHub event data is inserted into prompts. A malicious issue or comment can contain hidden instructions, including text placed inside HTML comments that may not be visible in the rendered browser view but remains visible to an AI model reading raw Markdown. Once processed, such instructions can steer the agent towards reading files, changing repository content or leaking information through comments, logs or workflow outputs.

The risk is not limited to Claude Code. Academic work on agentic workflow injection has identified hundreds of exploitable patterns in AI-assisted GitHub Actions, where issue bodies, pull request descriptions or comments reach an agent prompt boundary and influence tool use. The shift from scripted automation to language-driven automation has created a new class of supply-chain exposure, especially where agents have access to secrets and write-capable tools.

Anthropic’s own security guidance now stresses that environment scrubbing reduces but does not eliminate prompt-injection risk. It advises teams to keep workflow permissions minimal, restrict allowed tools and avoid using static personal access tokens, which can be recovered over time if exposed through prompt injection. It also warns that options allowing non-write users to trigger workflows should be used with extreme caution, because they bypass a primary security boundary.

The warning comes as software teams rapidly adopt AI coding assistants to speed up code review, issue triage and feature development. The productivity gains are clear: agents can perform repetitive repository tasks, draft patches and respond to routine engineering requests. The downside is that many organisations are placing these tools inside privileged automation environments before fully adjusting their threat models.

The article Claude action flaw exposes pipeline secrets appeared first on Arabian Post.

The technique targets the way Anthropic’s Claude Code interacts with Model Context Protocol servers, a fast-growing mechanism used to connect AI agents with external systems such as Jira, Confluence, GitHub, databases and internal application programming interfaces. The risk centres on the local Claude Code configuration file, ~/. claude. json, which can act as a control point for MCP routing, trusted project settings and stored authentication material.

Mitiga Labs detailed a proof-of-concept chain in which an attacker first persuades a developer to install a malicious npm package. The package uses a post-install hook to alter Claude Code configuration and seed trusted paths. When the developer later opens a project in one of those paths, Claude Code may treat the directory as already trusted, allowing a hook to rewrite MCP server settings and route traffic through attacker-controlled infrastructure.

Once the altered configuration is active, Claude Code continues to operate as expected from the user’s perspective. The MCP integration still works, the SaaS provider sees what appears to be legitimate authenticated activity, and audit logs may show traffic associated with trusted Anthropic infrastructure. Behind that normal activity, however, OAuth bearer tokens can pass through the attacker’s proxy.

The significance lies less in a single credential theft attempt and more in the persistence model. OAuth tokens used by MCP integrations may be broadly scoped and reusable across sessions. If a token expires, the refresh process can also be routed through the compromised path. If the user rotates the token without removing the malicious hook and restoring the MCP endpoint, the attacker may be able to capture the replacement token as well.

The attack does not rely on a new memory corruption flaw or privilege escalation bug. Its prerequisites are narrower but realistic in developer environments: a successful package installation on a machine where Claude Code is already configured with OAuth-backed MCP servers, combined with writable local configuration files and project hooks. That makes the issue difficult to classify under traditional vulnerability models, because the first foothold may come through accepted package-install behaviour.

Anthropic has treated the disclosure as outside the scope of a product vulnerability because the chain begins with user-level code execution and consent-like actions on the endpoint. Security teams may view the matter differently. The practical impact is that a local configuration change can convert a legitimate AI workflow into a durable credential relay, while downstream SaaS systems continue to see valid user activity.

The discovery adds to a broader pattern of concern around agentic coding tools. Claude Code and comparable systems are designed to edit files, run shell commands, call APIs and work across repositories with limited friction. That power creates productivity gains for developers, but it also expands the number of places where trust, identity and execution decisions intersect. Hooks, project settings, environment variables and MCP servers are now part of the enterprise attack surface.

Separate research into Claude Code earlier this year showed how project-level configuration and hooks could be abused for remote command execution and API token exfiltration when users opened untrusted repositories. Those issues were patched before public disclosure, but the wider lesson remains: AI development assistants are not only code generators. They are privileged operators sitting close to source code, credentials and internal systems.

The MCP ecosystem has also grown quickly as companies look for standardised ways to connect AI agents to business tools. That adoption has created new defensive gaps. Traditional endpoint controls may not understand agent-specific configuration files, while SaaS monitoring may struggle to distinguish a legitimate AI-driven request from an attacker replaying or relaying the same token through a trusted path.

Defenders are being urged to monitor changes to Claude Code configuration files, project-level MCP settings, unexpected localhost proxies, new MCP server URLs, OAuth refresh patterns and SaaS actions that do not match a user’s normal work. Baselines of approved MCP endpoints can help teams detect silent redirection, particularly where development machines are allowed to install packages and connect AI tools to enterprise applications.

The article Claude Code token theft raises SaaS risk appeared first on Arabian Post.

The activity, tracked as OP-512, targeted an internet-facing Windows Server 2016 system running Internet Information Services and an end-of-life. NET Framework 4.0 application. The operation involved three purpose-built web shells using ASPX and ASHX files, allowing attackers to manage files, execute commands and automatically report the location of compromised servers to attacker-controlled infrastructure.

The case has drawn attention because the tooling appears designed for long-term espionage rather than quick financial gain. The affected server showed signs of attacker access 75 days before the main intrusion sequence, indicating a patient operation in which access was tested, preserved and later expanded. Once the attackers returned, they deployed the web shells, created multiple command paths and attempted privilege escalation within hours.

OP-512’s framework differs from many commodity web shells because each deployment is cryptographically unique. The ASHX command handlers used RSA signature verification and RC4 encryption, making it difficult for defenders or rival attackers to send commands without the matching private key. The files also used obfuscation, randomised variable names and junk code to prevent simple hash-based detection.

A notable feature of the ASPX shell was its self-reporting capability. Once accessed, it encoded its own URL into a DNS query and transmitted it to attacker infrastructure. If DNS failed, the shell could fall back to HTTP communication with a separate command-and-control server. That design allowed the attacker to drop the shell and let central infrastructure catalogue the compromised endpoint automatically.

The malware also used timestomping, a technique that alters file creation and modification dates to blend malicious files into existing directories. By scanning nearby files and matching typical timestamps, the shells could appear to have been present for years, complicating forensic review based on file dates.

Investigators also found malicious DLLs in ASP. NET temporary compilation directories. These compiled artefacts can remain even after original ASPX or ASHX files are removed, creating a separate challenge for incident response teams. Removing visible web shells may not be enough unless temporary compilation paths are reviewed and cleaned.

The attackers attempted to escalate privileges using tools linked to the so-called Potato family of Windows exploitation techniques, including BadPotato, SweetPotato and EfsPotato. These tools are often used to move from limited service accounts towards higher privilege levels by abusing Windows service behaviour. Commands such as account and privilege checks were issued in encoded form through the web server process.

The intrusion also showed the limits of endpoint prevention when host isolation does not follow immediately. Security controls terminated malicious processes, but IIS automatically restarted worker processes, allowing attacker code to reload through successive process instances. That loop underlined the need to isolate affected servers rather than relying only on process termination.

The exposure of legacy IIS infrastructure remains a recurring weakness across enterprise environments. IIS servers often sit at the boundary between public-facing applications and internal networks, making them attractive pivot points for espionage actors. When those servers run unsupported frameworks or poorly monitored upload directories, attackers gain a practical route into deeper systems.. NET Framework 4.0 has been out of support for years, and Windows Server 2016 is approaching the final phase of its support lifecycle. Many organisations still keep such systems online because they support older business applications, internal portals or customer-facing services that are difficult to migrate. That operational reality creates a gap between formal patching policies and what remains exposed on the internet.

The OP-512 case also fits a broader pattern of China-linked clusters focusing on edge systems, web applications and legacy server software. Such targets offer stealth, persistence and access to sensitive communications or intellectual property without the need to compromise heavily monitored endpoints first. The overlap with other China-linked operations is not enough to treat OP-512 as a known group, but shared tactics point to a wider ecosystem of tools, training and operational methods.

The article IIS servers face new China-linked intrusion risk appeared first on Arabian Post.

The flaws, disclosed on 21 May 2026 and updated a day later under Security Advisory Bulletin 064, are tracked as CVE-2026-34908, CVE-2026-34909 and CVE-2026-34910. Each has been assigned a maximum CVSS 3.1 score of 10.0, reflecting network-based exploitation, low attack complexity, no privileges required and no need for user interaction. A fourth critical issue, CVE-2026-33000, carries a 9.1 score and requires high privileges, while CVE-2026-34911 has a lower but still significant severity rating.

The most serious risk lies in the way three flaws can be combined. The access-control weakness and path-traversal issue can allow an attacker to bypass the front-end authentication gateway and reach internal services that should require login. The command-injection flaw can then be used through the package-update service to run attacker-controlled commands. Security testing has shown the full chain can turn a single unauthenticated request into a root shell when the UniFi OS Server administrative interface is reachable.

UniFi OS Server versions 5.0.6 and earlier are affected, with Ubiquiti advising users to update to version 5.0.8 or later. The wider advisory also covers UniFi OS devices across Cloud Gateway, Dream Machine, Network Video Recorder, Enterprise Network Video Recorder, Cloud Key, UniFi Express and UNAS product lines, with model-specific fixed versions. Affected versions include UCG-Industrial 5.0.13 and earlier; UDM, UDM-Pro, UDM-SE, UDM-Pro-Max, EFG, UDW, UDR, UDR7, Express 7, UNVR, UNVR-Pro, UNVR-Instant, ENVR, UCG-Ultra, UCG-Max and UCG-Fiber 5.0.16 and earlier; UDR-5G, ENVR-Core, UCKP, UCK and UCK-Enterprise 5.0.17 and earlier; UNVR-G2 and UNVR-G2-Pro 5.1.11 and earlier; and UNAS models up to 5.1.8, depending on the product family.

The technical impact extends beyond ordinary server compromise because UniFi OS often functions as the control plane for broader IT environments. A compromised console may expose stored secrets, administrative tokens, WiFi and VPN material, TLS keys, user databases and device-management credentials. Where UniFi Protect or Access deployments are connected, the risk can extend to surveillance cameras, door controls and other physical security infrastructure.

The weakness also underscores a wider security challenge for unified network-management platforms. Vendors have increasingly consolidated routing, switching, surveillance, identity, storage and access-control services behind single dashboards. That model reduces administrative complexity but can magnify the consequences of a control-plane breach, particularly where the management interface is exposed beyond a restricted administrative network.

The authentication-bypass portion of the UniFi chain depends on a mismatch between how requests are evaluated by the front-end gateway and how they are routed to backend services. A crafted request can appear to match an authentication-exempt path while being normalised and forwarded to a protected internal endpoint. The command-injection component arises when user-controlled input reaches a shell-executed command path without adequate validation.

The patch closes the chain through separate changes to request normalisation checks, backend input validation and privilege-hardening controls. Updated builds reject the crafted request path, constrain package-name handling and remove dangerous command-execution behaviour that allowed shell metacharacters to be interpreted as instructions rather than data.

Security teams have been advised to treat exposed pre-patch systems with caution even after applying updates. Patching closes the known entry point but does not automatically remove persistence, invalidate stolen tokens or reverse secret theft. Systems that were reachable from untrusted networks before remediation may require log review, credential rotation, forced session invalidation and, where compromise is suspected, rebuild from trusted images.

The immediate defensive priority is to update UniFi OS Server to 5.0.8 or later and apply the corresponding firmware updates for hardware appliances. Administrators unable to patch at once should restrict access to the UniFi OS administrative interface, commonly exposed on TCP 11443 for server deployments, to trusted management networks only. Public exposure of management interfaces, guest VLAN reachability and broad internal access all increase the likelihood that a critical management-plane flaw can be weaponised.

Detection efforts should focus on suspicious requests containing authentication-exempt paths combined with encoded traversal patterns, as well as unusual access to package-update routes and unexpected child processes spawned by update-related service accounts. Because root-level access may allow attackers to tamper with local logs, organisations with exposed systems should prioritise centralised logging, network-level telemetry and review of authentication tokens, SSH settings and administrator accounts.

The article UniFi server flaws expose root takeover risk appeared first on Arabian Post.

The affected version, Hola Browser for Windows 1.251.91.0, wrote an unexpected file named me. exe to C:Program FilesHola on some systems. The executable was not part of the certified software footprint, was not digitally signed, carried no timestamp, used obfuscated code and had memory-write capabilities, raising immediate concerns during application integrity testing.

Further analysis identified strings and behaviour associated with cryptocurrency mining, including XMRig-related indicators and references suggesting the miner was designed to pause when the user was active. The file also attempted to create a Windows Defender exclusion, a common technique used by unwanted or malicious software to reduce the chance of detection.

The incident has sharpened attention on software delivery pipelines, where trusted installers, update channels and content delivery systems can become an attack route even when the main application code appears legitimate. Such compromises are especially sensitive because users often grant installers elevated privileges and security tools may initially treat certified applications as lower-risk.

Hola said the unwanted component was not meant to be distributed and that its internal monitoring had detected anomalous activity in the update distribution pipeline. The company said it halted the affected delivery route, removed the unwanted software from its infrastructure and from impacted devices, and engaged independent investigators to review the incident.

The company’s account indicates that about 0.1 per cent of users were affected and that no user data was accessed, stolen or compromised. Hola said it had rebuilt its distribution pipeline, strengthened code-signing verification, tightened access controls and added continuous monitoring to ensure only declared, certified and signed components reach users.

The executable’s persistence behaviour added to the seriousness of the finding. When run with administrative privileges, it copied itself as HolaMonitorService. exe and created an autostart service named holamonitorsvc, configured to run when the host was idle. That design is consistent with miners that try to consume processing power while avoiding obvious slowdowns during active use.

Cryptominers do not usually steal files in the way ransomware or credential theft malware does, but they can still impose costs. They consume CPU or GPU resources, raise electricity use, degrade device performance, increase heat and may shorten hardware life. For businesses, unauthorised mining can also complicate incident response because it may indicate broader access to software distribution systems.

Hola Browser is a Chromium-based browser that integrates proxy and VPN-style features, building on the wider Hola brand. The company has faced scrutiny in past years over traffic-routing practices connected to proxy services, making the handling of this incident important for user trust as well as technical remediation.

The discovery came through a certification and testing process designed to verify that shipped binaries match the declared application package. The fact that the file did not appear in every test run suggested the problem was not simply a fixed installer payload, but a delivery-path issue involving packaging, update logic, content distribution or release infrastructure.

That distinction matters because supply-chain incidents can be difficult to reproduce. A clean installer obtained through one route does not necessarily prove all users received the same files. Security teams increasingly treat inconsistent install footprints, unsigned binaries and unexplained post-install downloads as warning signs that the delivery process itself may have been tampered with.

The case also reflects a wider pattern in cyber threats, where attackers target software vendors, plug-in ecosystems, browser tools and update mechanisms rather than only end users. Trusted applications offer reach, and a compromised distribution path can place unwanted code on machines with less friction than phishing or drive-by attacks.

For affected users, the practical steps include checking whether Hola Browser for Windows version 1.251.91.0 was installed, looking for me. exe, HolaMonitorService. exe or the holamonitorsvc service, and ensuring endpoint protection tools are updated. Removing the affected application, scanning the system and checking Windows Defender exclusions can help identify whether the miner persisted beyond the original installation.

The article Hola miner breach exposes software pipeline gaps appeared first on Arabian Post.

Tracked as CVE-2026-4372, the vulnerability affects Transformers versions before 5.3.0 and centres on the handling of the attnimplementationinternal field inside a model’s config. json file. Security researchers found that an attacker could set that field to point to a repository under their control, causing the library to download and execute arbitrary Python code when a victim loaded the model through standard APIs such as frompretrained() or AutoModelForCausalLM. from_pretrained().

The finding is significant because the attack path bypassed the safeguard many developers rely on when handling untrusted models: trustremotecode=False. That setting is widely used to prevent execution of custom code from model repositories. In this case, researchers said the malicious path could run without warnings and without the user explicitly enabling remote code execution, undermining a core assumption in many machine learning security policies.

Hugging Face Transformers is one of the most widely used open-source libraries in artificial intelligence development, supporting PyTorch, TensorFlow and JAX workflows across text, vision, audio and multimodal models. Its reach gives the flaw an unusually large blast radius. The package has accumulated more than 2.2 billion PyPI downloads, attracts tens of millions of downloads each month and is embedded in enterprise AI systems, research environments, cloud notebooks and automated model evaluation pipelines.

The issue was disclosed by Pluto Security researcher Yotam Perkal, who described a scenario in which a single malicious configuration entry could compromise systems loading a model from the Hugging Face Hub. Vulnerable versions were downloaded hundreds of millions of times during the period in which the flaw was present, creating exposure across organisations that routinely test third-party models, run fine-tuning jobs or integrate open-source models into production inference services.

The technical risk comes from the way modern AI workflows blur the line between data and executable software. A model repository may contain weights, tokenisers, configuration files and code required to instantiate an architecture. Developers often treat configuration files as lower-risk metadata, but CVE-2026-4372 demonstrates that configuration-driven loading paths can become execution paths when libraries resolve references dynamically during model initialisation.

The vulnerability lands amid growing scrutiny of AI supply chains. Model hubs have become central to software development because they allow teams to reuse pre-trained systems rather than build them from scratch. That efficiency also creates a trust problem. A malicious or compromised repository can reach automated pipelines, developer laptops and GPU-backed servers if organisations pull models without isolation, pinning, scanning or review.

Academic work on model-hosting ecosystems has warned that unsafe loading practices, custom code hooks and developer confusion over remote execution controls remain widespread. Studies of model hubs have found that malicious payloads may be hidden in model files, dataset loading scripts or framework-specific APIs, with possible outcomes including credential theft, reverse shells, file access, system reconnaissance and lateral movement inside development environments.

For enterprises, the risk is not confined to experimental AI teams. Transformers is frequently used in retrieval systems, customer-service automation, document processing, code assistants, data labelling tools and internal analytics. A successful exploit could run with the privileges of the user or service account loading the model, putting cloud tokens, API keys, proprietary datasets and local files at risk. GPU servers used for model training may also have access to shared storage, build systems and internal networks.

Hugging Face has addressed the issue in Transformers 5.3.0. Security teams are being urged to upgrade immediately, audit environments for older package versions and review any model repositories loaded during the affected period. Organisations running pinned dependencies in containers, notebooks, continuous integration systems or managed machine learning platforms may need separate checks, as those environments often continue using frozen versions long after a patch is available.

The article Hugging Face flaw exposes AI pipelines appeared first on Arabian Post.

The latest technical findings show that VECT 2.0 suffers from multiple encryption and file-handling flaws, including a failure to preserve critical nonce values needed to decrypt parts of larger files. The weakness means that files above 128 KB can be damaged beyond reliable recovery, regardless of whether a victim obtains a decryptor from the attackers. Windows-focused analysis has also identified additional implementation errors that can leave files renamed, partially encrypted or inconsistently processed.

The ransomware has drawn attention because it is being marketed as a ransomware-as-a-service operation, a model in which developers provide malware and infrastructure while affiliates conduct intrusions and share proceeds. VECT 2.0 has been described as cross-platform, with Windows, Linux and ESXi variants, making it relevant to enterprise environments that depend on virtual machines, databases, file servers and backup repositories.

The 128 KB threshold is especially significant because it covers routine office documents, email archives, spreadsheets, databases, virtual disk files and compressed backups. A flaw affecting files above that size could therefore strike the categories of data organisations are most likely to pay to recover. The issue undercuts one of the assumptions behind ransomware negotiations: that attackers, however criminal, can at least provide a working decryptor if paid.

Researchers examining the malware found that it divides larger files into sections during encryption but fails to retain all nonce values required for decryption. A nonce is a unique value used with modern encryption routines to ensure that encrypted data can be correctly reversed with the right key. When the malware discards or overwrites those values, the missing information cannot be reconstructed from the ransom key alone.

The result is a recovery gap that cannot be solved through ordinary negotiation. A decryptor may restore small files or fragments of larger files, but not the full original content where the necessary cryptographic material has been lost. The Windows implementation appears to compound the problem through file-renaming and processing errors that can create inconsistent states across affected directories.

The findings strengthen warnings that ransom payment should not be treated as a recovery strategy. Security teams have long advised against relying on attacker-supplied decryptors because they can be slow, incomplete or deliberately defective. VECT 2.0 adds a sharper risk: the attackers may not possess the information needed to reverse the damage even if they intend to do so.

The case also shows how the ransomware ecosystem is being shaped by low-quality code and rapid commercialisation. Ransomware-as-a-service operations often advertise polished portals, leak sites and affiliate terms, but the underlying malware can contain severe engineering faults. Affiliates may deploy tools without fully understanding their limitations, while victims discover the failure only after encryption has already occurred.

VECT’s emergence comes as ransomware crews continue to target supply chains, managed service providers, cloud systems and virtualised infrastructure. ESXi servers remain attractive because a single compromise can affect multiple workloads. Linux variants broaden the attack surface, while Windows builds allow intruders to hit endpoints, file shares and domain-connected systems. A flawed encryptor deployed across all three environments can therefore magnify operational disruption.

The immediate defensive lesson is that organisations should treat VECT 2.0 incidents as potential data destruction events, not only extortion cases. Response teams need to preserve forensic evidence, isolate affected hosts, verify backup integrity and avoid overwriting damaged files during recovery attempts. Backups stored offline or in immutable repositories become critical when decryptors cannot be trusted to restore data.

Security monitoring should also focus on pre-encryption behaviour, including credential theft, lateral movement, privilege escalation, deletion of shadow copies, disabling of security tools and unusual access to backup systems. Once encryption begins, technical recovery options may narrow quickly, particularly where large files are involved.

The article Vect flaw raises ransom recovery risks appeared first on Arabian Post.

The activity came to light after suspicious traffic was detected from a Linux-based virtual machine appliance during an incident response investigation. The inquiry found that attackers had used stolen administrative credentials to access a firewall, enabled web SSL VPN access and then moved further into the victim network. The case adds VerdantBamboo to a widening set of China-nexus clusters associated with BRICKSTORM, a stealthy remote access tool built for persistence, internal reconnaissance and covert command-and-control.

BRICKSTORM has emerged as one of the more consequential espionage implants aimed at network appliances and virtualisation environments. The malware was first documented as a Go-based backdoor and later appeared in Rust-based variants. Its modular design gives operators a remote shell, a SOCKS5 proxy for tunnelling traffic through compromised networks and a lightweight web server capable of listing and transferring files. Security researchers have also identified a custom library known as wssoft, which appears to handle task processing and communications.

The latest case shows how attackers are exploiting the weak visibility around appliances that are rarely covered by conventional endpoint detection and response tools. Firewalls, storage synchronisation servers, VMware vCenter hosts, ESXi environments and network-attached storage devices can become high-value staging points because they control access, identity flows and internal routing. Once compromised, they allow attackers to blend into administrative traffic, capture credentials and pivot into more sensitive systems.

The VerdantBamboo intrusion also highlights the continuing use of legitimate access rather than noisy exploit chains once an initial foothold is obtained. Investigators found that the firewall’s administrative interface was exposed to the internet and that stolen administrator credentials were not protected by multi-factor authentication. The attackers then configured VPN access through the device and used it to reach internal systems, a pattern that fits a broader shift in state-linked intrusions toward “living off the land” techniques and trusted remote services.

BRICKSTORM’s technical evolution has made detection more difficult. Samples have used WebSockets for command-and-control, nested TLS, DNS-over-HTTPS and infrastructure hosted through cloud platforms or dynamic naming services. Some versions have been obfuscated, while others appear designed to mimic normal appliance behaviour. Earlier analyses found no consistent reuse of command-and-control domains across victims, suggesting careful operational discipline intended to frustrate broad indicator-based blocking.

The malware’s persistence features are equally significant. BRICKSTORM can monitor itself and restart or reinstall if interrupted. Some samples have been configured with delayed execution, allowing the implant to remain dormant until a specified date before contacting its command server. That capability can let operators survive initial remediation efforts and re-establish access after defenders believe a breach has been contained.

Government cyber authorities have already warned that BRICKSTORM has been used by China state-sponsored actors for long-term persistence against government services, facilities and information technology entities. Publicly analysed incidents include compromises of VMware vCenter servers, domain controllers and Active Directory Federation Services systems. One breach involved access from April 2024 until at least September 2025, underlining the long dwell times associated with this toolset.

China has consistently denied allegations that it sponsors cyberattacks, while arguing that it is itself a major victim of cyber operations. Western governments and private threat intelligence teams, however, continue to link several long-running campaigns to China-nexus actors, particularly those targeting telecommunications, legal services, software providers, government bodies and managed service providers.

The focus on managed service providers is especially sensitive. Compromising an MSP can give attackers a trusted route into multiple downstream customers, including organisations with limited in-house security capacity. The VerdantBamboo case points to this risk by showing how stolen credentials and remote access pathways can turn one compromised support environment into a broader intrusion channel.

For enterprises, the main lesson is that appliances can no longer be treated as passive infrastructure. Security teams are being urged to inventory all edge devices, virtual appliances and management servers; enforce multi-factor authentication on administrative interfaces; restrict internet exposure; centralise appliance logs; monitor outbound traffic from systems that normally generate little communication; and hunt for unexplained WebSocket, DNS-over-HTTPS or TLS activity from management hosts.

The article Brickstorm exposes new appliance blind spot appeared first on Arabian Post.

The campaign began at about 23:30 UTC with the compromise of @vapi-ai/server-sdk, the official server-side software development kit for Vapi. ai’s voice AI platform. The package has more than 408,000 monthly downloads, making it the most visible target in the wave. About an hour later, malicious versions appeared across more than 50 packages linked to the maintainer account jagreehal, including ai-sdk-ollama, which draws more than 120,000 monthly downloads, and package families such as autotel, awaitly, executable-stories, node-env-resolver and wrangler-deploy.

The attack stands out because it used a binding. gyp file to trigger execution during npm install, rather than relying on the preinstall or postinstall scripts that many security tools already monitor. The technique allows malicious code to run through npm’s native add-on build process while leaving package. json lifecycle scripts apparently clean. That made the campaign harder to detect through conventional checks focused on obvious script entries or visible changes to application code.

Researchers tracking the incident have described the method as “Phantom Gyp”, reflecting the way a small build configuration file can silently invoke execution. One analysed package contained a binding. gyp file of only 157 bytes, yet it was enough to initiate the malicious chain. The legitimate package code in the distribution folder was not necessarily altered, reducing visible signs of tampering for developers reviewing the package contents manually.

The payload is assessed as a variant of Miasma, a self-spreading malware family linked to the broader Shai-Hulud-style wave of npm attacks that has escalated through 2026. Its purpose is not merely to infect a single project. Once installed in a developer workstation or a continuous integration environment, it seeks credentials that can be used to publish further compromised packages, turning trusted maintainer access into a propagation channel.

The malware targets GitHub tokens, npm tokens, SSH keys, cloud credentials and secrets from development environments. It also seeks access to AWS, Google Cloud, Microsoft Azure, Kubernetes service-account tokens, HashiCorp Vault material and CI/CD platforms. The danger for companies lies less in the infected package alone than in the access it may gain to build systems, deployment pipelines and private repositories.

Exfiltration appears to have used GitHub as part of the infrastructure. Stolen material was uploaded as encrypted JSON files into attacker-controlled repositories, with hundreds of repositories reportedly acting as credential dead-drops. Some repository descriptions carried “Miasma – The Spreading Blight”, while others used a reversed Shai-Hulud phrase that functioned as both a marker and a taunt.

The June 3 wave followed a separate June 1 compromise affecting packages under the @redhat-cloud-services npm namespace, where malicious versions were pushed through a compromised account and carried a related credential-harvesting payload. That earlier incident showed how a trusted organisational namespace can become a distribution vehicle when developer or automation credentials are abused.

The broader pattern has become a central concern for software supply chain defenders. npm has long been a high-value target because JavaScript projects routinely pull in direct and transitive dependencies at scale. A single compromised maintainer account can expose not only direct users of a package but also downstream projects that inherit it through dependency trees.

The attack also highlights a limitation in policies that focus only on lifecycle scripts. Many organisations have hardened pipelines against packages that declare install-time commands, but binding. gyp abuse shifts attention to native build tooling and node-gyp behaviour. Projects that do not require native add-ons may now face pressure to block or inspect such build files more aggressively.

The article npm worm exploits hidden build trigger appeared first on Arabian Post.

The campaign, tracked as Operation FlutterBridge, is linked to a broader cybercrime cluster known as CL-CRI-1089, which has operated since at least 2023. The group has used paid advertisements, verified advertiser accounts and shell companies to place malicious promotions in front of users searching for desktop applications. The activity shows how threat actors are moving beyond crude adware towards tools that can execute commands, manipulate files and alter browser settings while appearing to function as ordinary software.

FlutterShell is built using Google’s Flutter framework and is designed to masquerade as legitimate macOS applications, including a podcast player and PDF viewers. Security researchers identified three main variants under the names PodcastsLounge, PDF-Brain and PDF-Ninja. Each version was promoted through polished download websites and distributed via advertising infrastructure that gave the applications a degree of legitimacy before users installed them.

The malware’s importance lies in its dual nature. On the surface, it behaves like adware, modifying browser settings to redirect searches and new-tab traffic through attacker-controlled domains that can generate advertising revenue. Beneath that layer, it carries backdoor capabilities that allow arbitrary shell command execution, interaction with the file system and collection of environment variables. Those functions would allow attackers to escalate the campaign beyond nuisance monetisation if they chose to deploy more intrusive payloads.

The attack chain relies heavily on trust signals. Observed FlutterShell samples were signed with valid Apple Developer IDs and passed Apple’s notarisation checks at the time they were submitted. They also showed zero detections on VirusTotal during analysis, underscoring the difficulty security tools face when malware uses legitimate developer processes, staged behaviour and remotely hosted logic. Notarisation can reduce risk for users, but FlutterShell demonstrates that automated review is not a guarantee that software is safe.

A core technical feature of FlutterShell is its WebView-based architecture. Rather than embedding all malicious logic directly in the application binary, the malware loads instructions from attacker-controlled web pages and uses a JavaScript-to-native bridge to translate those instructions into macOS operations. This design enables operators to alter behaviour without rebuilding or redistributing the application, making static analysis harder and giving the campaign room to evolve after installation.

Researchers found signs that FlutterShell remains under active development. The three variants showed changes in command naming, string handling and obfuscation. PDF-Ninja, the third identified version, used Flutter’s built-in obfuscation option to strip debugging information and randomise symbols, raising the cost of reverse engineering. Some commands were renamed to resemble legitimate PDF operations, a technique likely intended to reduce suspicion during automated or manual review.

One notable feature in the PDF-focused variants is an AI summarisation function that can double as a data-exfiltration route. When a user asks the application to summarise a document, its contents can be routed through an attacker-controlled server before being forwarded for processing. That means a user seeking a convenience feature could unintentionally hand over sensitive business, legal or personal documents to the malware operator.

The campaign’s advertising network was broad, with emphasis on English-speaking and Western European markets, including the United States, Canada, Australia, France and Germany. Hundreds of Google-verified advertisements were linked to the distribution effort. The operators used entities including AdsParkPro LTD and Advantage Web Marketing LLC, while related Windows campaigns were tied to SOFT WE ART LIMITED. These companies appeared legitimate on the surface, highlighting a weakness in vetting systems that rely heavily on corporate registration and advertiser verification.

Google has suspended advertiser accounts tied to the activity for violating malware policies. The episode still illustrates the scale problem confronting large ad networks. Malicious advertisers can rotate domains, companies and creatives, while campaigns can remain convincing because they imitate ordinary software marketing. The same group has also been linked to Windows-focused operations such as RecipeLister and Calendaromatic, suggesting a cross-platform monetisation strategy rather than an isolated macOS experiment.

The article Malvertising campaign pushes macOS backdoor through trusted ads appeared first on Arabian Post.

The findings point to a widening supply-chain problem around “skills”, the modular instruction-and-file packages that allow AI agents to perform tasks such as editing documents, running scripts, managing workflows or connecting with external services. Unlike conventional software packages, these skills may combine code, natural-language instructions, metadata and bundled files, giving attackers more ways to hide harmful behaviour from automated checks.

The tests targeted ClawHub’s malicious-skill detector, Cisco’s open-source agent skill scanner and scanners integrated into skills. sh, a Vercel-backed registry-style platform. The bypasses did not require advanced exploitation. Several malicious samples were reportedly built within less than an hour using standard evasion techniques, with a fourth taking longer because of trial-and-error around prompt-injection wording.

ClawHub, developed for the OpenClaw ecosystem, has positioned itself as a public registry for text-based agent skills and related plugins. Its model allows users to publish, browse, version and install skills, including SKILL. md files and supporting material. That openness has helped expand access to reusable AI-agent functions, but it has also created a target for malicious actors seeking to reach developers and organisations through trusted-looking packages.

One ClawHub bypass relied on an unusually simple method: placing a large number of blank lines between harmless introductory content and malicious code. The effect was to push the harmful material beyond what the scanner inspected or interpreted properly. The test exposed a weakness familiar in automated security systems: if review pipelines truncate input or rely on limited context windows, attackers can place damaging content outside the inspected region while still keeping it inside the package delivered to users.

The ClawHub checks included a VirusTotal-linked process and a custom guard-model scanner. While the platform restricts certain file types and does not allow arbitrary binaries or archives in distributed skills, the experiment showed that packaging rules alone cannot prevent abuse when natural-language instructions and code-like content remain available attack surfaces.

Cisco’s skill scanner and the scanners used through skills. sh faced a different challenge because they operate on broader repository-style uploads. That opens the door to hidden or opaque material in file trees, compiled artefacts, document containers and assets that scanners may not fully examine. One proof-of-concept skill used a document file to carry hidden instructions and payload material. Another used Python bytecode poisoning, where the visible source code appeared harmless while the compiled file contained behaviour capable of harvesting environment variables.

The weakness is significant because environment variables often hold tokens, credentials and configuration secrets used by development systems. If an AI agent installs and runs a skill containing such hidden behaviour, attackers may gain access to sensitive systems without the user realising that the compromise began through an apparently useful agent extension.

Cisco’s scanner combines language-model analysis with pattern matching and static analysis. That layered design is stronger than a single keyword filter, but the tests showed gaps in file coverage, language support and the handling of content that is referenced indirectly or stored in formats the scanner treats as opaque. Improvements have been proposed, including stricter format validation and broader support for JavaScript and TypeScript scanning, but prompt-injection attacks remain harder to eliminate because they exploit meaning and context rather than only code signatures.

The skills. sh ecosystem has relied on integrations with external scanning providers including Gen, Socket and Snyk. Such tools are valuable for identifying known malicious patterns and risky dependencies, but the bypasses underline that agent skills sit between software security and AI safety. A package can be dangerous because of what it tells an agent to do, not only because it contains a suspicious executable.

Academic work on agent-skill security has reached a similar conclusion. Large-scale studies of ClawHub-style registries have found high disagreement between scanner families, with some tools flagging semantic agentic risk while others detect conventional malware traces. That split suggests that a single pass-fail scanner is unlikely to provide enough assurance for organisations using AI agents in software engineering, finance, legal, healthcare or internal operations.

The operational risk is amplified by how easily agent marketplaces can mimic the dynamics of package-manager ecosystems. Developers may install skills because they appear popular, well documented or functionally useful. Attackers can exploit that trust with typosquatting, benign-looking descriptions, bundled helper scripts and prompt instructions that only become harmful when executed by an agent with access to files, credentials or network services.

The article Malicious uploads expose agent skill scanners appeared first on Arabian Post.

The change marks a significant turn in online fraud tactics. Classic phishing pages still imitate banks, cloud services, delivery firms and workplace platforms, but attackers are increasingly using emails, search ads, fake software installers, messaging apps and compromised websites to deliver infostealer malware. Once installed, these tools can collect far more than a single password typed into a fraudulent page.

Security teams say the appeal is clear. A fake login page depends on a victim entering credentials and may be blocked by multi-factor authentication, takedowns or browser warnings. Infostealers work differently. They target the device itself, harvesting stored browser credentials, authentication cookies, autofill data, screenshots, files, system details and tokens that can sometimes allow criminals to bypass login prompts altogether.

The tactic has become central to identity-led cybercrime. Stolen credentials remain one of the most common entry points for network breaches, while infostealer logs are widely traded in underground markets by brokers who package access for ransomware groups, fraud crews and business email compromise operators. Data taken from one personal or work device can be used to reach cloud dashboards, corporate mailboxes, code repositories, finance portals and customer databases.

Several malware families have become prominent in this market, including RedLine, Raccoon, Vidar, Lumma, Stealc and Atomic macOS Stealer. Their operators often sell access through malware-as-a-service models, lowering the technical barrier for less skilled criminals. Buyers can subscribe to panels, receive stolen logs automatically and filter victims by geography, organisation, browser, wallet type or corporate domain.

Campaigns have also expanded beyond Windows. macOS users are being targeted through fake productivity tools, poisoned search results, malicious advertising and social engineering prompts that trick users into running commands or approving system access. Atomic macOS Stealer has become one of the best-known examples, with attackers using branded installers and convincing prompts to capture passwords, keychain data and cryptocurrency wallet information.

Phishing emails remain an important delivery route, but the message content has changed. Instead of directing every target to a spoofed sign-in page, attackers increasingly push users towards downloading a file, opening a shared document, installing a browser update, joining a fake meeting, resolving a supposed security issue or completing a software verification step. The aim is to create enough trust and urgency for the victim to execute the malware.

Artificial intelligence is adding scale to the shift. Attackers are using automated tools to draft more convincing messages, localise lures, rotate domains and test wording against email defences. Security filters that once relied heavily on spotting poor grammar, suspicious templates or known phishing kits face a harder challenge when messages are cleaner, more personalised and linked to fast-changing malware infrastructure.

For businesses, the risk is no longer confined to an employee losing a password. Infostealer infections can expose personal and corporate identities at the same time, particularly on devices used for hybrid work. A single compromised browser profile may contain access to email, internal applications, cloud storage, password managers, collaboration tools and financial services. Session cookies and refresh tokens are especially valuable because they can preserve access even after passwords are changed.

The underground market has adapted around that value. Criminal forums and automated shops list logs from infected machines, often priced cheaply enough to encourage bulk buying. Initial access brokers then use the data to identify corporate accounts that can be exploited for fraud, espionage, extortion or ransomware deployment. This creates a supply chain in which a low-level infection can later become a major enterprise incident.

Defence strategies are also changing. Traditional anti-phishing training remains useful, but it cannot address the full threat if employees are being pushed into malware execution rather than simple credential submission. Organisations are placing greater emphasis on endpoint detection, browser security, application control, token revocation, device posture checks and continuous monitoring for stolen credentials appearing in criminal markets.

Multi-factor authentication remains important, but security specialists warn that it must be combined with phishing-resistant methods and stronger session controls. Hardware security keys, passkeys, conditional access policies, rapid token invalidation and alerts for impossible travel or unfamiliar devices can limit the usefulness of stolen credentials. Password resets alone may not be enough if cookies and tokens remain valid.

Consumers face similar exposure. Saving passwords in browsers, reusing credentials across sites and installing software from ads or unofficial portals increase the damage an infostealer can cause. Security hygiene now depends on verified downloads, updated operating systems, reputable endpoint protection, unique passwords, passkeys where available and caution over prompts that ask users to disable protections or run commands.

Law-enforcement action against malware markets has disrupted parts of the ecosystem, but the model has proved resilient. When one marketplace or malware operation is taken down, new vendors and rebranded tools often appear. The broader shift towards identity theft, session hijacking and access resale suggests phishing will remain a major threat, but its most damaging form is increasingly less visible than a fake login screen.

The article Infostealers reshape phishing threat landscape appeared first on Arabian Post.

The activity, tracked as CL-STA-1020, has been linked to intelligence-gathering operations focused on sensitive state information, including material tied to tariffs, trade disputes and government policy discussions. Security researchers have identified the campaign as part of a wider movement by advanced threat actors away from easily blocked attacker-owned servers and toward cloud-native infrastructure that is trusted by corporate and public-sector networks.

HazyBeacon’s most notable feature is its use of AWS Lambda Function URLs for command-and-control communications. Lambda Function URLs allow developers to expose serverless functions directly through HTTPS endpoints. When configured with weak access controls or public invocation settings, these endpoints can be used as relays between infected systems and attacker-controlled infrastructure.

This technique presents a problem for defenders because traffic to AWS domains is common in government, enterprise and contractor environments. Conventional network controls that rely on blocking suspicious IP addresses or unfamiliar domains may struggle to distinguish malicious beaconing from legitimate cloud activity. Encrypted HTTPS traffic further reduces visibility unless organisations have strong endpoint telemetry, cloud logging and behavioural detection in place.

The campaign does not appear to exploit a flaw in AWS itself. Instead, it abuses legitimate cloud features and poor security hygiene around identity, permissions and public endpoints. Lambda Function URLs support authentication settings that either require AWS identity-based access or allow unauthenticated public access where policies permit it. Attackers can exploit overly permissive configurations or compromised credentials to create infrastructure that looks benign from the outside.

HazyBeacon has been observed as a malicious DLL, with execution aided by DLL side-loading. The malware has used a file named mscorsvc. dll and has been associated with a legitimate-looking executable, mscorsvw. exe, to help evade casual scrutiny. Once running, the backdoor communicates with an AWS Lambda URL, receives commands and supports further payload delivery.

The operators also used legitimate file-sharing services during later stages of the intrusion. Google Drive and Dropbox were used for data movement, helping the campaign hide exfiltration activity among routine workplace traffic. Tools connected with the operation included archive utilities and custom upload components placed under system directories, enabling the collection, compression and transfer of targeted files.

Government entities in Southeast Asia are attractive targets because of the region’s role in trade negotiations, supply-chain policy, maritime disputes, economic security and strategic competition among major powers. Access to tariff-related material and policy documents can provide intelligence value well beyond the immediate victim, especially when negotiations involve multiple states, investors and industrial sectors.

The operation shows how espionage groups are adapting to the cloud era. Earlier command-and-control infrastructure often depended on rented virtual private servers, compromised websites or newly registered domains. Those assets could be identified through reputation systems, takedown requests or threat-intelligence feeds. Cloud-native C2 changes that equation by using legitimate platforms that defenders may be reluctant to block because of business disruption risks.

Serverless infrastructure adds another layer of difficulty. Lambda functions can be created quickly, scaled automatically and discarded with little operational footprint. A function URL can act as a lightweight proxy, forwarding requests between malware and a backend system while presenting defenders with traffic that appears to terminate at a trusted cloud provider. This makes identity controls and control-plane monitoring as important as traditional perimeter defence.

The risk is not confined to the HazyBeacon campaign. Security teams have warned for years that trusted services are increasingly being repurposed for malware delivery, payload hosting, command routing and data theft. Attackers have used cloud storage, collaboration platforms, content delivery networks and developer tools to reduce the chance of detection. HazyBeacon extends that pattern into serverless functions, underlining how legitimate application features can be turned into espionage infrastructure.

Defensive measures include enforcing least-privilege access for cloud identities, restricting public Lambda Function URLs, reviewing resource-based policies, enabling CloudTrail across regions and alerting on unusual function creation or invocation patterns. Monitoring should also cover unexpected use of regions that do not match an organisation’s normal operations, abnormal outbound traffic from sensitive systems and unauthorised use of file-sharing services.

The article HazyBeacon targets Southeast Asia networks appeared first on Arabian Post.

The issue affects the search: handler used by Windows Explorer to process desktop search requests. A malicious link can direct the handler towards an attacker-controlled network path, causing the victim’s system to attempt authentication over SMB and transmit a Net-NTLMv2 hash before an error message appears. The attack requires user interaction, but researchers say it does not require malware installation, administrative privileges, developer mode, or complex exploitation.

The disclosure has drawn attention because the behaviour closely resembles a Windows Snipping Tool NTLM leakage bug patched on 14 April 2026 as CVE-2026-33829. That flaw carried a CVSS 3.1 score of 4.3 and was classified as moderate severity. The newly described Windows Search variant has not been assigned a CVE and was closed by Microsoft as below the servicing threshold, leaving administrators to rely on mitigations rather than a vendor patch.

The attack chain centres on Windows URI handlers, which allow applications and browsers to invoke local operating-system functions through specially formatted links. In this case, the search: handler accepts parameters that can reference a Universal Naming Convention path. When the path points to a remote SMB share controlled by an attacker, Windows may initiate NTLM authentication automatically. The exposed Net-NTLMv2 hash is not a plaintext password, but it can be used in relay attacks or subjected to offline cracking, depending on password strength and network controls.

Testing published by researchers showed that a standard Windows 11 Pro system could leak the hash after a single click in Microsoft Edge. The first invocation after logon was enough to trigger the exposure. The user received an access-denied style message only after the credential material had already left the device. That sequencing is significant for phishing scenarios because the victim may dismiss the prompt as a broken link while the attacker has already captured a usable authentication artefact.

The disclosure timeline places the finding in the weeks after Microsoft’s April patch for the Snipping Tool weakness. The Search handler issue was reported to Microsoft on 15 April 2026, reactivated after initial pushback, and later assessed as moderate severity. Researchers were told that only important and critical issues typically meet Microsoft’s threshold for immediate servicing, though exceptions can be made. The Snipping Tool case was treated as such an exception; the Search handler case was not.

Security teams are likely to view that distinction with caution because both weaknesses sit in the same broader class of NTLM coercion. The attack does not give an intruder direct control of a system on its own, but it can supply a foothold for follow-on activity in environments where outbound SMB is permitted, NTLM remains enabled, SMB signing is not enforced, or privileged users reuse weak passwords.

Windows Search protocol abuse is not new. Threat actors have previously used search-ms: and related handlers in phishing campaigns to make remote files appear inside familiar Windows Explorer search windows, often disguising malicious shortcuts as trusted documents. The new disclosure adds a credential-leakage dimension to a feature already known to be attractive for social engineering because it blends browser activity with native desktop behaviour.

The risk is higher for corporate networks that still allow workstations to initiate outbound SMB connections to the internet. Attackers can exploit that gap through email links, messaging platforms, compromised websites, or HTML content designed to trigger the handler. While modern browsers and mail gateways may block some suspicious URI schemes, defensive coverage is uneven, especially where older allow-lists or incomplete detection rules focus only on search-ms: and ignore search:.

Mitigation advice is now focused on reducing NTLM exposure across the environment. Blocking outbound SMB over TCP ports 445 and 139 from endpoints that do not require it is the most direct control. Enforcing SMB signing can limit relay opportunities, while disabling or restricting NTLM reduces the value of captured hashes. Organisations are also being urged to monitor mail, proxy and endpoint logs for search: and search-ms: links, which rarely have legitimate business use in external communications.

Administrators should treat the issue as part of a wider credential-leakage pattern rather than an isolated Windows Search flaw. Patch-based programmes that rely only on CVE feeds may miss moderate-rated behaviours that vendors do not service immediately. That creates a visibility gap for security teams, particularly where similar URI handler bugs are grouped as social-engineering risks despite their ability to trigger automatic authentication.

The article Windows Search flaw exposes credentials appeared first on Arabian Post.

The article Red Hat npm breach exposes cloud secrets appeared first on Arabian Post.

The activity was presented as a red team project, but the discovered framework pointed to stealthy post-exploitation operations, including ransomware deployment and data theft. The case shows how attackers are adapting tools used by legitimate developers and security testers to accelerate malware engineering, automate testing and identify weak points in enterprise defences.

The investigation began after an anomalous endpoint inside a customer environment triggered alerts linked to malicious payloads stored in a test directory. The files led analysts to a broader framework containing Cobalt Strike profiles designed to disguise beacon traffic as normal web requests, a Telegram-based command-and-control channel, Python scripts for shellcode injection and a Cloudflare Worker used to hide backend infrastructure.

Several Python scripts found in the environment appeared to have been partly generated with AI assistance. Many were written in Russian, though attribution remains unclear. The wider repository contained two main components: an automated Active Directory discovery panel and a malware-testing lab that evaluated payloads against endpoint security tools from Sophos, CrowdStrike and Microsoft Defender.

The Active Directory component did not appear to be a fully autonomous large language model conducting independent operations. Instead, it collected results from completed tasks, selected follow-up actions from predefined workflows, dispatched tasks to remote agents and then reassessed results. That distinction is important because the case points less to self-directed AI malware and more to human-directed automation using AI as a productivity layer.

The attacker’s testing environment used multiple Windows Server 2022 virtual machines. One machine was configured for testing against Sophos protection, another against CrowdStrike, and a third operated as a control system without EDR software. A fourth Ubuntu system hosted a Sliver post-exploitation command-and-control server. The structure mirrored a professional security lab, but the tooling and surrounding artefacts indicated offensive intent.

AI agents were assigned roles inside the framework. One Claude Opus 4.5 agent handled core coordination and rules for other agents, while additional agents were tasked with EDR testing, documentation, operational-security hardening, proxy stress testing and virtual machine deployment. The workflow used Model Context Protocol, an open standard that allows AI assistants to connect with external tools and data sources, to link agent output with Git repositories.

The attacker also used Cursor, an AI-native integrated development environment, during the software development process, and Ludus, a platform used to deploy virtualised security-testing environments, to provision the lab. These tools are not inherently malicious; their use in this case illustrates how dual-use technologies can be repurposed when guardrails are bypassed or misled by claims of legitimate red team work.

A modular Windows payload loader generator sat at the centre of the framework. It produced custom executables or DLLs by wrapping raw payloads in layers of encryption, evasion and alternative execution techniques. The tool was designed to generate payloads based on evasion methods specified through command-line options, allowing the operator to test different bypass strategies systematically.

Nearly 80 modules covering more than 70 techniques were developed for the platform. The agents’ own reports claimed that early attempts had a high failure rate but later iterations achieved broad success against the tested EDR agents. Analysts, however, found that the framework’s documented output did not fully support those claims, leaving uncertainty over whether the attacker overstated success or whether some evidence was missing.

The repository also showed that the attacker drew from public security research, including material on adversary simulation, detection bypasses and post-exploitation tradecraft. AI agents were instructed to read technical articles, extract techniques, map them to MITRE ATT&CK categories, prepare lab environments, execute tests and report findings. That pattern reflects a growing risk for defenders: public research intended to improve security can be rapidly converted into attack playbooks when combined with automation.

The article AI misuse sharpens EDR evasion threat appeared first on Arabian Post.

The San Francisco-based AI company plans to increase the number of Project Glasswing partners from about 50 to roughly 200 organisations across more than 15 countries, broadening access to a model designed to identify and help fix serious software vulnerabilities. The expansion comes as cyber researchers track a multi-stage macOS intrusion campaign attributed to Sapphire Sleet, a North Korean state-sponsored group also known as BlueNoroff and UNC1069.

The two developments underline a faster-moving security contest: defenders are turning to more powerful AI systems to find flaws before attackers exploit them, while state-linked cyber groups are using social engineering, fake software updates and trusted system tools to break into high-value targets without relying on conventional software exploits.

Project Glasswing was launched after Anthropic concluded that Claude Mythos Preview showed unusually strong capabilities in cybersecurity work, including vulnerability discovery, exploit analysis and testing of foundational systems. The company has said it does not plan to make the preview model generally available, citing the need for safeguards that can block dangerous outputs while still allowing legitimate security work.

Partners in the programme are expected to use the model for vulnerability detection, black-box testing of binaries, endpoint security and penetration testing. The effort includes model usage credits worth $100 million and funding support for open-source security groups, including Alpha-Omega, OpenSSF and the Apache Software Foundation. Anthropic has also said it will report publicly on lessons from the programme, including vulnerability remediation where disclosure rules allow.

The expansion is drawing attention from financial institutions, government agencies and critical infrastructure operators because advanced AI systems could change the pace at which software weaknesses are found and weaponised. Project Glasswing partners have already identified more than 10,000 flaws rated highly or critically severe, intensifying debate over whether restricted access to such models can strengthen defence without creating new risks.

That debate is gaining urgency as Sapphire Sleet continues to target people and organisations linked to digital assets. The group has been active since at least 2020 and is primarily associated with financially motivated operations aimed at cryptocurrency theft, blockchain-related intellectual property and access to high-value systems.

The macOS campaign uses professional lures rather than technical exploitation at the entry stage. Targets are contacted through platforms such as LinkedIn, Telegram, email or other business channels, where attackers pose as recruiters, investors or potential partners. Victims are then pushed towards a supposed video meeting and instructed to run a fake Zoom SDK update.

The malicious file, named to resemble a legitimate Zoom update, opens in macOS Script Editor. Its visible content appears benign, but the harmful code is hidden below thousands of blank lines. Once executed, the script uses trusted macOS tools such as osascript and curl to retrieve additional payloads, helping the attackers move through the infection chain while reducing the likelihood that the victim will notice anything unusual.

Security teams have identified credential theft, privacy control abuse, persistence and data exfiltration as core stages of the operation. One fake application presents a native-looking password prompt to capture the user’s login credentials. The malware then abuses macOS privacy controls, including the Transparency, Consent and Control database, to expand access and suppress prompts that might otherwise alert the user.

The campaign is designed to collect cryptocurrency wallets, browser extension data, Telegram session information, SSH keys, Apple Notes content and other sensitive files. Some malware components stage stolen material in temporary directories before compressing it and uploading it to remote servers. Other components create persistence through launch daemons, allowing malicious code to run when the system starts.

A separate investigation into UNC1069 activity found the group using fake Zoom meetings, compromised Telegram accounts and ClickFix-style prompts that instruct victims to run troubleshooting commands. The same playbook has also shown signs of AI-enabled social engineering, including the possible use of deepfake-style video in cryptocurrency-sector lures.

Apple has implemented protections to help detect and block infrastructure and malware associated with the macOS campaign after receiving technical details from security researchers. The case shows that macOS protections such as Gatekeeper, notarisation checks and quarantine enforcement can be weakened when users are persuaded to execute scripts or terminal commands themselves.

For financial and crypto organisations, the risk is especially acute because employees, developers, founders and investors often move between messaging apps, video calls, code repositories and wallet infrastructure. A single compromised endpoint can expose credentials, private keys, session tokens and internal project data.

Project Glasswing’s expansion reflects the defensive side of the same shift. AI models that can find complex software flaws at scale may help organisations harden systems faster, but their capabilities also raise questions about misuse, access controls and disclosure rules. As North Korean-linked groups continue to refine macOS-focused intrusion methods, the race between AI-assisted defence and human-led deception is becoming a central test for the cybersecurity industry.

The article Anthropic widens Glasswing as macOS threats rise appeared first on Arabian Post.

The campaign, tracked as TrapDoor, spans more than 384 package versions and artefacts. It targets developers working in cryptocurrency, DeFi, Solana, Sui, Move, AI tooling and cloud environments, where a single workstation can hold access to source code, deployment systems, private wallets and production infrastructure.

The attack is significant because it does not rely on exploiting a conventional software vulnerability. The packages themselves carry the malicious code. That means standard vulnerability scanners looking only for known CVEs may fail to flag the threat, even when the packages are present in lockfiles, build systems or developer machines.

TrapDoor used three separate execution paths, tailored to each ecosystem. Malicious npm packages relied on post-install scripts that run automatically after installation. PyPI packages executed remote JavaScript during import. Crates. io packages abused Rust build scripts, which run during compilation, giving the malware access to local files before developers interacted with the package code.

The campaign appears to have unfolded in waves from May 2026, with packages published under names designed to resemble legitimate security, blockchain and developer utilities. Names linked to wallet checking, DeFi risk scanning, deployment auditing, project bootstrapping and AI prompt or model tools helped the packages blend into workflows where developers may be testing new utilities quickly.

The npm side of the operation included a shared JavaScript payload known as trap-core. js. That payload scanned infected machines for SSH private keys, AWS credential files, GitHub tokens, browser profile data, environment variables, crypto wallet extensions and local configuration files. It also attempted to validate stolen AWS and GitHub credentials, filtering for usable access before exfiltration.

The malware went beyond one-time data theft. It attempted to create persistence through shell configuration files, Git hooks, cron jobs, systemd user services, SSH modifications and project files used by AI coding tools. That behaviour raises the risk that an infected machine could remain compromised after the developer deletes the original package.

One of the more unusual features of TrapDoor is its targeting of AI-assisted development environments. The payload planted or altered files such as. cursorrules and CLAUDE. md, which are used by coding assistants to understand project-specific context. Hidden instructions using zero-width Unicode characters could be placed inside those files, making malicious prompts difficult for developers to notice during normal review.

That technique reflects a shift in supply-chain attacks from simple dependency poisoning to manipulation of the full developer workspace. As engineering teams adopt AI coding tools, attackers are probing whether those tools can be influenced to run commands, inspect local secrets or help automate exfiltration under the appearance of routine security checks.

The Crates. io packages were aimed at Rust developers working with Sui and Move tooling. Their build. rs scripts searched for wallet keystores linked to Sui and Aptos environments, encrypted data and sent it to attacker-controlled infrastructure. Rust build scripts are often treated as normal build-time code, but they can read files and make network calls, making them a valuable route for attackers targeting blockchain developers.

The PyPI packages used import-time execution to fetch external JavaScript payloads. That design allowed attackers to separate the delivery package from the active malicious logic, giving them room to update behaviour without republishing new package versions. For teams relying on pinned dependency versions, that approach complicates response because the same installed package may call out to changing remote infrastructure.

TrapDoor comes amid growing concern over attacks on developer infrastructure rather than end-user devices. Engineering environments often contain secrets with broad privileges, including cloud keys, CI/CD tokens, package registry credentials and access to internal repositories. Compromise of one developer machine can become a path into build pipelines, production systems and private codebases.

The immediate priority for affected teams is to audit dependency files across package. json, requirements. txt, Cargo. toml and lockfiles for the listed malicious packages and versions. Machines or CI environments that installed suspect packages should be treated as potentially compromised. Credentials exposed on those systems, including AWS keys, GitHub tokens, SSH key pairs, wallet secrets and environment variables, should be rotated rather than merely rechecked.

The article TrapDoor exposes developer supply chains to credential theft appeared first on Arabian Post.

The flaw, tracked as CVE-2026-40933, affects Flowise deployments before version 3.1.0 and carries a 9.9 severity score. It stems from the way Flowise handles Model Context Protocol, or MCP, configurations in its Custom MCP tool. A malicious configuration can abuse the stdio transport to cause the server to launch attacker-controlled commands, turning a normal workflow import into a remote code execution event.

Flowise is a widely used open-source platform for building AI agents, chatbots and large language model workflows through a visual drag-and-drop interface. Its popularity among developers and enterprises has made it a key part of the fast-growing AI orchestration ecosystem, where low-code tools are increasingly connected to databases, cloud services, internal APIs and credential stores.

The exploit path is significant because it does not require a victim to run a workflow after import. A malicious chatflow can contain a Custom MCP configuration that executes as the imported canvas loads and Flowise tries to enumerate available MCP actions. That process can spawn the configured command on the server, giving the attacker operating-system-level execution under the privileges of the Flowise process.

Successful exploitation could allow an attacker to read files, access stored secrets, steal API keys, alter workflows, reach connected services or pivot into other parts of an organisation’s infrastructure. In containerised deployments, the impact could be severe if the Flowise process runs with elevated privileges or has access to host resources, volumes, environment variables or cloud credentials.

The issue is classed as post-authentication, meaning an attacker needs a valid account or must persuade an authorised user to import a malicious chatflow. That still leaves a broad attack surface in collaborative environments where teams exchange templates, import community workflows or allow multiple users to create and edit flows. A compromised user account, malicious insider or poisoned workflow shared through developer channels could provide the route needed for exploitation.

Flowise Cloud is not considered affected where stdio MCP is disabled. The principal risk applies to self-hosted open-source and enterprise instances, especially those exposed to the internet or deployed without strict user controls. Administrators are being urged to upgrade at least to version 3.1.0 and to review whether later versions and configuration changes fully address their threat model.

Security researchers have warned that input validation alone may not be sufficient because stdio MCP is inherently capable of launching local processes. The safer approach for many production environments is to disable stdio MCP where it is not essential, restrict Custom MCP use to trusted administrators, isolate Flowise from sensitive networks and run it with the least privileges needed for normal operation.

The disclosure also raises wider concerns about how AI agent platforms handle plugin-like features. MCP has been adopted to help AI systems connect to tools, files, repositories and external services. Its stdio transport is useful for local integrations because it launches a configured process and communicates over standard input and output. That same design becomes dangerous when untrusted or lower-trust users can influence the command being launched on a shared server.

Flowise has faced separate security scrutiny over earlier remote code execution and file access weaknesses, including flaws linked to CustomMCP handling, CSV processing and file read/write tools. Those cases underline a recurring pattern in AI workflow platforms: features designed for flexibility can become high-impact attack paths when they evaluate code, execute commands or connect to privileged services without strong isolation.

The timing is sensitive for enterprises racing to deploy AI agents in customer support, software development, data analysis and workflow automation. Many of these deployments connect AI orchestration platforms to production data, SaaS accounts and internal systems. A vulnerability in the orchestration layer can therefore produce consequences beyond the application itself, particularly where credentials are stored centrally or integrations have broad permissions.

Mitigation should begin with identifying all Flowise instances, checking installed versions and reviewing whether MCP features are enabled. Organisations should audit imported chatflows, inspect access logs for unusual imports or workflow changes, rotate credentials that may have been exposed, and ensure containers are not running as root. Network exposure should be reduced through VPNs, private access controls or identity-aware proxies.

The article Flowise server takeover risk widens appeared first on Arabian Post.

The vulnerability, tracked as CVE-2026-0257, affects GlobalProtect portal and gateway deployments in PAN-OS where authentication override cookies are enabled alongside a specific certificate configuration. Successful exploitation can allow a remote attacker without valid credentials to bypass security restrictions and establish an unauthorised VPN connection, potentially placing the intruder inside a protected network perimeter.

Palo Alto Networks published its advisory on 13 May and updated it on 29 May after becoming aware of limited exploit attempts against unpatched systems where mitigations had not been applied. The company now rates the issue as high severity, with a CVSS 4.0 score of 7.8 and an urgency level marked highest. The exploit maturity status has been changed to attacked, signalling confirmed abuse rather than a theoretical risk.

The flaw affects supported PAN-OS 10.2, 11.1, 11.2 and 12.1 branches below specific fixed releases. Prisma Access 10.2 and 11.2 are also covered by the advisory, with upgrades being applied through scheduled customer processes. Panorama and Cloud NGFW are not affected, narrowing the exposure to GlobalProtect portal and gateway configurations that meet the vulnerable conditions.

Security teams have been urged to upgrade immediately to fixed PAN-OS versions, including 12.1.4-h6 or 12.1.7 and later, 11.2.4-h17, 11.2.7-h14, 11.2.10-h7 or 11.2.12 and later, 11.1.4-h33, 11.1.6-h32, 11.1.7-h6, 11.1.10-h25, 11.1.13-h5 or 11.1.15 and later, and 10.2 fixed builds such as 10.2.7-h34, 10.2.10-h36, 10.2.13-h21, 10.2.16-h7 or 10.2.18-h6 and later. Older unsupported PAN-OS versions need migration to a supported fixed version.

The risk is elevated because VPN appliances sit at the edge of enterprise networks and often act as the first control point for remote staff, contractors and administrators. An authentication bypass at this layer can give attackers a foothold that bypasses normal username and password checks, even before lateral movement or data theft occurs. That makes exposure management, log review and rapid patching as important as the software fix itself.

Threat investigators observed successful exploitation across multiple customer environments, with the earliest confirmed activity dated 17 May. One wave involved suspicious cookie-based authentication to a local administrator account from infrastructure linked to a hosting provider. A second wave on 21 May involved VPN IP assignment after cookie authentication, giving the attacker network access through GlobalProtect.

No confirmed lateral movement was observed in the investigated environments, but the pattern underlines the danger for organisations that operate remote access infrastructure without strict monitoring and segmentation. The available evidence points to exploitation that depends on specific configuration conditions, rather than universal exposure across every PAN-OS deployment.

The vulnerability has also been added to the US Known Exploited Vulnerabilities catalogue, requiring covered federal civilian agencies to apply mitigations or stop using the affected product where mitigation is not available. The catalogue entry set a 1 June remediation deadline, reflecting the short window between public disclosure, observed exploitation and mandated action.

Palo Alto Networks has advised administrators to check GlobalProtect portal and gateway settings through the management interface and review whether authentication override cookies are generated or accepted. With the fix, systems configured to use such cookies will regenerate them through a more secure method. GlobalProtect users will need to re-authenticate once after an upgrade even if they previously held a valid cookie.

The case adds to a wider pattern of attacks against edge devices, where firewalls, VPN concentrators and identity gateways have become priority targets for espionage groups and financially motivated attackers. These systems are attractive because they combine internet exposure, privileged network placement and trusted status inside enterprise environments.

Organisations running affected Palo Alto Networks appliances are being advised to prioritise patching over routine maintenance cycles, review GlobalProtect authentication logs for unusual cookie-based logins, investigate unexpected local administrator activity, and verify whether any VPN sessions were created from unfamiliar hosting providers or geographic locations. Network segmentation and tighter administrator controls can reduce the damage if an attacker has already obtained access.

The article Palo Alto VPN flaw draws urgent patches appeared first on Arabian Post.

The campaign, tracked as Operation Dragon Weave, begins with a malicious ZIP archive carrying files designed to appear as official documents. Once opened, the archive can trigger a multi-stage infection chain that uses deceptive file names, script execution, DLL sideloading and a Rust-based loader before placing AZUREVEIL on the compromised system. The final payload gives attackers remote access, file-handling capabilities and routes communications through Microsoft Azure Blob Storage rather than a conventional command server.

The targeting pattern points to a focused espionage effort rather than broad criminal spam. The sectors identified in the campaign include government and public-sector bodies, research and academia, technology and software organisations, and financial services. The geographic focus on the Czech Republic and Taiwan is reinforced by region-specific lures, including Traditional Chinese file names and a Czech-language decoy document styled as an appointment notice from the Czech Social Security Administration.

The initial archive includes a shortcut file named to resemble a PDF notification and an executable disguised as a legitimate document. The Traditional Chinese filename translates as “Project Application Review Result Notification”, a formulation consistent with administrative correspondence. Security analysis found that the file set also contained a data folder with encrypted payload containers, scripts, a malicious UnityPlayer. dll used for sideloading and decoy PDF material intended to distract the victim while the malware chain runs in the background.

Two separate execution routes appear to have been prepared. One path starts when a victim clicks the Windows shortcut file, using the double extension “. pdf. lnk” to make the item look like a standard document. Another path relies on the victim launching the executable directly. Both routes converge on RuntimeBroker_update. exe, after which Windows loads the attacker-controlled UnityPlayer. dll placed in the same directory.

That DLL, dubbed RUSTCLOAK, is written in Rust and performs the next stage of the attack. The loader checks the computer name against a list of more than 100 known sandbox and analyst machine names, allowing it to stop execution if it detects a controlled analysis environment. Such anti-analysis checks are designed to limit exposure to automated malware sandboxes and delay defensive detection.

RUSTCLOAK then decrypts the embedded payload through several layers, including a custom RC4 process, Base64 decoding and SM4-CBC decryption. After decryption, it allocates memory, marks that memory as executable and runs the payload through Windows fibres rather than creating a new thread, a technique that may help reduce the visibility of the malware to endpoint monitoring tools. Analysts extracted an in-memory executable of about 103 KB, which was identified as AZUREVEIL.

AZUREVEIL’s most notable feature is its use of Azure Blob Storage for command-and-control. The agent communicates over HTTPS on port 443 with an Azure storage endpoint, allowing traffic to resemble normal enterprise cloud activity. That design removes the need for an obvious attacker-owned command server and complicates network-level detection, particularly in organisations that already rely heavily on Microsoft cloud infrastructure.

The malware can list directories and logical drives, read and move files, rename or delete data, upload stolen files to Azure Blob Storage and retrieve additional files from the command channel. It can also execute shell commands, list running processes and named pipes, configure or terminate processes, and support network and pivoting functions. These capabilities make it suitable for espionage operations where persistence, quiet data collection and flexible post-compromise activity are priorities.

The campaign also shows signs of careful operational planning. A hardcoded Shared Access Signature token found in the malware infrastructure was valid from 19 March 2026 to 19 March 2027, giving the operators a long window for interaction with the storage container. The token permissions allowed read, write, delete and upload operations, suggesting the cloud account was central to the attacker’s workflow rather than an incidental staging point.

Attribution remains cautious. The targeting, tooling and tradecraft have been assessed as linked with a China-based threat actor at moderate confidence, but no specific known group has been named. That restraint reflects the mixed nature of the techniques: some elements overlap with established espionage patterns, while other components, including the distinct Azure Blob Storage dead-drop mechanism and Adaptix-based payload structure, have not been widely documented in public reporting on China-linked activity.

The use of AdaptixC2 also fits a wider trend in which offensive security frameworks and red-team tools are repurposed by hostile actors. AdaptixC2 was built as a post-exploitation and adversarial emulation framework for legitimate testing, but security researchers have tracked its use in ransomware and espionage-linked campaigns. Its adoption by different operators illustrates how publicly available or dual-use tools can lower the cost of building capable intrusion chains while making attribution harder.

Taiwan has remained a sustained target for cyber operations tied to regional political and strategic tensions, while Czech institutions have also faced heightened scrutiny because of Prague’s engagement with Taiwan and broader European concerns over state-aligned cyber activity. Operation Dragon Weave brings those theatres together through carefully localised lures and a cloud-based communications method intended to blend into ordinary business traffic.

The campaign places fresh pressure on defenders to monitor legitimate cloud services for suspicious patterns rather than relying only on blocklists of known malicious infrastructure. Endpoint telemetry, behavioural detection, script execution controls, attachment filtering and cloud-access monitoring are all relevant to detecting attacks of this kind. Particular attention is likely to fall on unusual ZIP attachments, double-extension files, shortcut-based execution, unexpected DLL sideloading and outbound storage traffic that does not match normal organisational usage.

The article AZUREVEIL attacks expose cloud C2 blind spot appeared first on Arabian Post.

Technical analysis shows the malware is designed to operate quietly on compromised machines, using common Python libraries, Windows features and multi-threaded execution to run several data-collection functions at the same time. Its targets include saved browser passwords, cookies, text files, PDFs, Word documents, Excel files, screenshots and keyboard input, making it a broad surveillance tool rather than a narrow credential grabber.

The malware has been observed as a Windows-focused Python file known as Lethalcompany. py, with a size of just over 10 KB and a first-seen date in January 2026. Its compact size contrasts with the range of functions built into its code. Once launched, it establishes persistence, stages stolen data in temporary folders, compresses the material and sends it to attacker-controlled channels through Discord webhooks.

SolyxImmortal does not appear to rely on administrator privileges, zero-day exploits or self-spreading functions. That design is significant because it lowers the barrier for attackers and increases risk to individual users, small businesses and lightly monitored enterprise endpoints. The malware copies itself into a folder under the user’s AppData path and creates a registry Run key so that it restarts when the user logs back into Windows.

Its browser-theft module focuses on Chromium-based browsers such as Chrome, Edge and Brave. The malware looks for browser profile paths, extracts the master encryption key from the Local State file and uses Windows cryptographic functions to decrypt stored login entries. Credentials are then gathered in readable form before being prepared for exfiltration.

The malware also targets Firefox cookies by copying the browser’s cookies database where available. Session cookies have become a prized asset for cybercriminals because they can, in some circumstances, help attackers bypass normal login checks and multi-factor authentication. That makes cookie theft particularly dangerous for email, cloud services, banking portals and workplace collaboration tools.

Document harvesting is another part of SolyxImmortal’s value to attackers. The malware walks through the user’s home directory while excluding some system-heavy paths such as AppData, Windows, Program Files and temporary folders. It looks for files including. txt,. pdf,. docx and. xlsx formats, with file-size filters intended to collect usable documents while avoiding large or irrelevant material.

The surveillance functions deepen the risk. A keylogger records typed input and sends captured keystrokes at fixed intervals. Screen capture is triggered both by timing and by active-window keywords linked to logins, Gmail and banking activity. The presence of Turkish words in messages and keyword logic suggests a Turkish-language element in the malware’s development or operational use, although such code can be reused, modified or redistributed by other actors.

The use of Discord webhooks reflects a wider pattern in commodity cybercrime. Instead of maintaining dedicated command-and-control infrastructure, attackers abuse legitimate web services that are widely allowed across networks. This can reduce suspicion in traffic logs and complicate blocking decisions for organisations that use popular collaboration platforms.

The threat fits a broader shift towards identity-led cyberattacks. Infostealers have become a key source of passwords, session cookies and other authentication artefacts traded in underground markets. Such data can feed account takeover, fraud, corporate espionage and ransomware activity. Even when a malware infection is removed, stolen cookies, saved passwords and exposed documents can continue to create risk unless accounts are reset and active sessions are revoked.

For companies, SolyxImmortal underlines the weakness of relying only on password resets after a suspected stealer infection. Remediation must include browser session invalidation, token revocation, endpoint isolation, forensic review, password manager audits and checks for unauthorised mailbox or cloud-account rules. Security teams also need visibility into outbound traffic to webhooks and file-sharing services, especially where compressed archives are being sent from user endpoints.

Users face practical exposure because the malware can harvest data from ordinary browsing and document storage habits. Saving passwords in browsers, reusing credentials, downloading unverified files and running unknown scripts all increase the impact of an infection. Passkeys, hardware-backed authentication, endpoint protection, application control and regular browser updates can reduce the attack surface, but they do not remove the need for careful handling of downloads and attachments.

SolyxImmortal’s importance lies less in technical novelty than in operational efficiency. It shows how a small Python implant can assemble readily available libraries into a persistent surveillance tool capable of stealing credentials, monitoring activity and exporting selected files without sophisticated infrastructure. That combination makes it useful to lower-tier cybercriminals while still posing a serious risk to individuals and organisations that lack layered endpoint monitoring.

The article SolyxImmortal raises Windows credential theft risks appeared first on Arabian Post.

The campaign, tracked by security researchers as LLMShare, uses malicious search advertisements and search-engine manipulation to lure victims to pages that appear to be hosted on trusted AI domains. Once users click through, they are shown a fully designed web page carrying ChatGPT-style branding, including fake outage notices and prompts to download a supposed ChatGPT desktop application.

The tactic marks a shift in phishing and malware delivery. Rather than relying only on lookalike domains, attackers are embedding malicious narratives inside shared AI conversations or shared-content pages hosted on legitimate platforms. That gives the page a veneer of credibility at the exact moment users are being trained to trust chatbot-generated content, shared links and AI-assisted recommendations.

The fake pages do not appear to exploit a flaw in ChatGPT’s core model. Instead, they abuse features designed for collaboration and sharing. Shared links allow users to generate public URLs for conversations so that others can view or continue them. Attackers have turned that convenience into a delivery mechanism, using the credibility of the hosting domain to reduce suspicion before redirecting victims to malware downloads.

Victims are first drawn in through sponsored Google ads or poisoned search results. The ads and ranked pages are crafted to match common searches linked to ChatGPT access, software downloads, outage notices and desktop tools. After landing on the shared-content page, users are presented with polished branding and a message suggesting that a download is required to restore service or continue using the platform.

The malware has been distributed as a fake ChatGPT desktop application. Security researchers have warned that the same technique has also been observed with Claude shared content, indicating that attackers are not targeting one company alone but a wider pattern in how AI platforms handle public sharing, user trust and external links.

The campaign reflects a wider trend in which cybercriminals combine malvertising, SEO poisoning and brand impersonation with AI-related themes. Search ads remain a powerful entry point because they appear above organic results and can be made to resemble legitimate company listings. SEO poisoning adds another layer by pushing malicious or attacker-controlled pages higher in search rankings for popular queries.

For businesses, the risk is not limited to individual users downloading malware at home. Employees searching for AI tools, productivity software or help with ChatGPT errors may do so from corporate devices. A single successful download can expose credentials, browser sessions, cloud documents, messaging accounts or internal systems, depending on the malware payload and device permissions.

The campaign also shows how the growth of AI tools has created new social engineering opportunities. Attackers are moving quickly to exploit user habits formed around chatbots, including clicking shared conversation links, trusting AI-branded pages and following instructions displayed in polished web interfaces. Pages that appear to be simple shared chats can become staging points for malicious downloads, credential theft or redirection to attacker-controlled infrastructure.

Security teams are being urged to treat shared AI links with the same caution applied to shortened URLs, file-sharing links and unsolicited software installers. Controls such as blocking unapproved software downloads, inspecting sponsored search traffic, warning users about lookalike ads and restricting execution of unsigned applications can reduce exposure. Browser isolation and endpoint detection tools can also help identify suspicious redirects and downloads before malware is installed.

Users should avoid downloading applications from shared chat pages, sponsored ads or search results that do not clearly lead to the official provider. ChatGPT’s desktop and mobile applications should be obtained only from verified app stores or official product pages. The advertiser identity behind search ads should be checked carefully, especially when an ad claims to offer support, updates, outage fixes or downloads for a widely used service.

The abuse of shared content also places pressure on AI companies to strengthen defences around public-link features. Clearer warnings on shared pages, stronger detection of impersonation content, restrictions on risky download links and faster takedown processes could reduce the value of these pages to attackers. Enterprises using AI platforms may also need policies for when shared links are allowed, how employees should handle externally received AI conversations and which domains are trusted.

The incident arrives as phishing campaigns increasingly rely on familiar platforms rather than obscure websites. Attackers have used cloud storage, document-sharing services, collaboration tools and advertising networks to make malicious activity appear routine. AI platforms now face the same challenge: features built to make sharing easier can be repurposed by criminals seeking credibility, reach and speed.

The article Fake ChatGPT pages widen phishing threat appeared first on Arabian Post.

The activity has been linked by forensic investigators to infrastructure and tactics associated with Black Shadow, a long-running threat group assessed by Israeli authorities and private researchers as operating on behalf of Iran’s Ministry of Intelligence and Security. The operation marks a shift from data theft and public leak threats towards attacks that use legitimate administration tools to erase core systems from inside compromised networks.

The campaign’s most serious feature is its focus on recovery infrastructure. Attackers did not merely delete production data. They moved through virtualisation platforms, database management consoles, file servers and backup systems, including Veeam Backup & Replication environments, where deletion from disk can remove entire backup chains from repositories. That pattern points to an attempt to leave victims without the standard fallback options needed to restore services after an intrusion.

Investigators found that the attackers used both automated scripts and manual “hands-on keyboard” activity. In some cases, they opened the same consoles used by system administrators and clicked through deletion functions. In others, they ran scripts to enumerate assets and issue destructive commands across multiple databases and servers. This blend of automation and direct control enabled faster damage while allowing operators to adapt when they encountered unfamiliar environments.

Transport, maintenance, media, education, insurance and digital services organisations were among the entities identified in the wider investigation. One publicly documented case involved LA Metro, where an authenticated vCenter session was used to power off and delete a virtual machine from disk in March. The same operation later involved access to Windows disk management tools, where volumes were enumerated and partitions deleted. The incident affected rider-facing digital services, including delays in service alerts and problems loading fare through a mobile app.

Another case involved the South Florida Regional Transportation Authority, where attackers used remote access into an internet-facing environment, gained administrator-level control and used database tools to take systems offline before deleting database objects. File deletion utilities were also used against hosted sites and backup directories. The tactics illustrate how public infrastructure operators can face disruption even when attackers do not directly interfere with trains, tracks or physical control systems.

The Middle East dimension of the campaign is significant because Iran-linked groups have long used cyber operations for espionage, intimidation and retaliation. Black Shadow has previously been associated with hack-and-leak activity against Israeli targets, while other Iran-linked clusters have used password spraying, phishing, remote-access malware and destructive wipers across the region. The latest activity shows a growing willingness to combine stolen credentials, remote administration tools, custom scripts and public pressure campaigns.

Security teams are treating the attacks as a warning that backup systems are now frontline targets. Older recovery models often assumed that attackers would focus on encrypting or deleting production systems while backups remained available. The Black Shadow-linked operation challenges that assumption by showing how attackers can first obtain administrator privileges, then remove the very systems needed to rebuild.

The campaign also reflects a broader regional threat pattern. Iran-linked operators have targeted high-value sectors including transport, defence, aerospace, telecommunications, finance and government-linked organisations. Some campaigns use carefully tailored lures, including fake job offers and spoofed meeting invitations, to gain access. Others depend on leaked credentials, weak remote access controls or exposed management interfaces. Once inside, the same access can be used for espionage, data theft, public leaks or destructive action.

Cyber authorities and private researchers have urged organisations to tighten controls around privileged accounts, remote access platforms and backup consoles. The most urgent safeguards include enforcing multi-factor authentication, removing dormant administrator accounts, restricting management tools to hardened networks, segmenting backup infrastructure from production systems, using immutable or offline backups, and testing restoration procedures under attack conditions.

The use of legitimate tools makes detection harder. Commands issued from administrator consoles may not immediately appear malicious unless security teams monitor for unusual timing, unusual source locations, mass deletion activity or changes to backup repositories. Attackers can exploit this gap by moving slowly during the reconnaissance phase and then acting quickly when they begin deletion.

The destructive campaign also raises attribution challenges. Iran-linked cyber activity often involves overlapping state-linked operators, contractors and hacktivist brands that claim responsibility for attacks while obscuring the command chain. Public claims may exaggerate stolen data volumes or operational impact, but the technical evidence in the Black Shadow-linked cases shows real destructive capability and a clear intention to interfere with recovery.

The article Iran-linked cyber operators raise regional alarm appeared first on Arabian Post.

The article Instagram recovery flaw raises AI security alarm appeared first on Arabian Post.

The campaign centres on messages sent inside Signal from accounts posing as “Signal Support”. Targets are warned that their backed-up chats and media face permanent loss because of a supposed sync problem. They are then urged to paste their backup recovery key into the chat to “relink” their archive. The request is fraudulent. Anyone who shares the key risks exposing years of private conversations, attachments and media stored through Signal’s encrypted backup feature.

The attack does not appear to break Signal’s encryption or compromise its servers. It relies instead on social engineering, the long-favoured method of hackers seeking to bypass strong cryptography by manipulating the person using it. That distinction is important for Signal, whose reputation rests on end-to-end encryption, minimal data collection and resistance to surveillance. The vulnerability being exploited is not the code that protects messages in transit, but the trust users place in official-looking warnings.

Signal’s secure backup system was introduced as an opt-in feature to protect message history if a user loses a device or changes phones. It uses a 64-character recovery key generated on the user’s device. Signal says the key is not shared with its servers and cannot be reset, recovered or bypassed by the company. That design strengthens privacy, but it also makes the key an attractive target. Whoever obtains it may be able to restore and decrypt backed-up material if other account-access conditions are met.

The campaign has drawn attention because it targets a class of users who often rely on Signal for sensitive communications, including journalists, activists, political figures, government staff and civil society organisations. Security specialists have warned that stealing a recovery key may be only one part of a broader operation. Attackers may still need to gain control of an account, phone number, device setup process or related authentication step before accessing the archive. Even so, the lure marks a shift from attacks focused mainly on verification codes, PINs or device-linking QR codes towards attempts to steal backup secrets directly.

The timing is significant. Signal expanded secure backups across Android and iOS during the past year, offering a free tier for text messages and limited media, alongside a paid option with larger storage. The broader availability of backups gives users a way to preserve message history, but it also creates a new target for criminals and state-aligned operators. Encrypted backup systems often face a difficult balance: users want recoverability when phones are lost, while privacy advocates want providers to have no access to stored content. A recovery key solves part of that problem, but only if users recognise that it must never be shared.

The latest phishing wave follows a series of warnings this year about attacks on encrypted messaging apps. Security agencies in several countries have flagged campaigns in which hackers posed as support services or security bots to obtain verification codes, PINs or linked-device access. Some operations were linked to Russia-backed actors targeting officials, military personnel and journalists. Other campaigns have been more opportunistic, seeking access to high-value accounts through impersonation rather than technical exploits.

Signal has repeatedly advised users that its staff do not contact people through in-app messages, phone calls, SMS or social media to request account secrets. The company’s guidance is clear: any message claiming to be from Signal support or Signal security inside the app should be treated as a scam. Users are advised not to reply, not to share recovery keys or verification codes, and to report and block the account.

The phishing messages are effective because they exploit urgency. A warning about imminent data loss can push users into acting before they verify the request. The language used in such attacks is typically designed to sound technical but simple enough to follow: a sync issue, a backup failure, an account risk or a request to confirm ownership. This is a common pattern in credential theft, where attackers create a false deadline and present disclosure of a secret as the quickest way to avoid damage.

The article Signal backup keys become new phishing prize appeared first on Arabian Post.

The article Fake banking SDK exposes developer secrets appeared first on Arabian Post.

The warning has sharpened after multiple campaigns hit developer ecosystems during May, including a poisoned Visual Studio Code extension linked to Nx Console and a large-scale GitHub Actions operation known as Megalodon. Together, the incidents show how attackers are moving beyond conventional phishing and malware delivery to exploit integrated development environments, CI/CD workflows and automated build systems that often hold high-value secrets.

US cyber authorities have warned that the attacks are aimed at credentials, tokens and other secrets embedded across software development environments. The concern is that a single compromised tool can give intruders access to repositories, cloud accounts, package registries and deployment pipelines, creating a path from one developer workstation to broader enterprise infrastructure.

One of the most closely watched incidents involved Nx Console version 18.95.0, a Visual Studio Code extension used by developers working with Nx, a popular build platform for monorepos. The compromised version was published on May 18 through legitimate distribution channels after an attacker abused access tied to a trusted contributor. The malicious package was available for about 11 minutes on Microsoft’s Visual Studio Marketplace and about 36 minutes on Open VSX before being replaced.

Despite the short exposure window, the attack carried serious implications because Nx Console has more than 2.2 million installations. The malicious extension fetched and executed an obfuscated payload from a hidden GitHub commit after a developer opened a workspace. Security teams were told to assume compromise if the affected version had been installed, with rotation of credentials and review of developer machines treated as urgent steps.

The breach also underscored the problem of extension trust. Developers routinely install plugins that can read project files, interact with terminals, access environment variables and integrate with source control tools. Those permissions make productivity extensions attractive targets, particularly where organisations have not applied strict controls over which plugins can be installed on corporate devices.

A separate campaign, Megalodon, demonstrated how attackers can exploit automated deployment machinery at scale. Researchers documented 5,718 malicious commits pushed to 5,561 public GitHub repositories within a six-hour window on May 18. The injected GitHub Actions workflows were designed to harvest CI/CD secrets, cloud credentials, tokens and other sensitive material used by build and deployment systems.

The Megalodon activity differed from the Nx Console compromise because it focused directly on workflow files rather than developer desktop tooling. By modifying automation scripts, attackers sought to make credential theft appear as part of routine pipeline execution. That method is particularly dangerous because CI/CD jobs often run with elevated access to registries, cloud environments and production-adjacent systems.

Security specialists say the incidents point to a wider shift in attacker priorities. Source code is valuable, but the secrets around code are often more immediately useful. Access tokens, private keys, package publishing credentials and cloud access keys can allow attackers to move laterally, publish malicious updates, alter build outputs or maintain persistence across connected systems.

The GitHub-related breach tied to the compromised development extension has drawn attention because attackers claimed access to thousands of internal repositories. GitHub said the incident was contained and that there was no evidence customer repositories were affected. The company also rotated credentials, removed affected extensions and began deeper log analysis after the compromise was identified.

The cases have revived debate over whether software supply chain security has lagged behind the speed of modern development. Teams rely heavily on open-source packages, third-party extensions, automated testing, dependency bots and continuous deployment. Those tools shorten release cycles, but they also multiply points of trust inside engineering environments.

Defensive measures are now moving beyond standard malware scanning. Organisations are being urged to audit workflow files, monitor contributor behaviour, enforce least-privilege permissions for CI/CD jobs, restrict third-party extensions, review package update policies and rotate long-lived credentials. Static secrets inside pipelines are also coming under heavier scrutiny, with more teams shifting towards short-lived tokens and identity-based authentication.

The threat is difficult to contain because developer workflows are highly interconnected. A compromised package can affect an extension, an extension can expose a workstation, a workstation can leak repository credentials, and repository access can be used to poison automation. That chain gives attackers multiple ways to reach the same objective.

Enterprises with mature security programmes are now treating developer machines as privileged assets rather than ordinary endpoints. That means tighter device monitoring, approved extension lists, repository-level controls, protected branches, mandatory code review for workflow changes and rapid revocation processes when credentials are exposed.

The article Developer tools become supply chain targets appeared first on Arabian Post.

The activity, active since at least August 2025, has targeted military, government, civilian and business-related organisations through phishing emails, fake verification pages, fraudulent websites and custom malware. The operators are assessed to be Russian-speaking, working largely within Moscow time, and focused on intelligence-gathering objectives tied to the war in Ukraine. Investigators have not linked the group definitively to a previously known hacking unit, leaving its exact command structure unclear.

GREYVIBE’s significance lies less in elite technical capability than in its operational model. The group appears to have used large language models across several phases of its campaigns, from creating deceptive content and lure websites to developing obfuscators, loaders, backend infrastructure and post-compromise scripts. That pattern points to AI being embedded in the workflow rather than used as a one-off experiment.

The group has deployed several attack chains. One, known as PhantomMail, used spear-phishing emails containing links to malicious ZIP or RAR archives hosted on file-sharing services. Victims who opened the files saw decoy documents or error messages while malware executed in the background. Lures impersonated Ukraine-linked public bodies and critical sectors, including emergency, energy and communications entities.

Another route, PhantomClick, used fake CAPTCHA and ClickFix-style pages disguised as Zoom or civil-society websites. Victims were instructed in Ukrainian to run commands under the pretext of completing a Cloudflare-style security check, a tactic designed to make users infect their own systems while believing they were passing a routine verification step.

GREYVIBE also ran a campaign using fraudulent adult-club websites aimed at Ukraine-linked users. These sites delivered FallSpy Android spyware and Windows malware known as PhantomRelay and LegionRelay. Later versions added live-call features capable of capturing audio and video through WebRTC. Separate fake charity websites themed around drones and support for Ukraine’s armed forces shared infrastructure and tooling with the adult-club campaign, suggesting coordination across different lures.

The malware family used by GREYVIBE shows both ambition and uneven tradecraft. PhantomRelay is a PowerShell-based remote access tool that profiles infected machines and allows operators to run scripts and Windows commands. LegionRelay supports file enumeration, exfiltration, screenshots, browser data theft, Telegram and WhatsApp data collection and remote desktop setup. Several obfuscators and loaders associated with the group appear to have been developed with AI assistance.

Operational mistakes have shaped the assessment of GREYVIBE as a low-to-moderately sophisticated group. Indicators include design flaws in LegionRelay, development samples uploaded to public malware-scanning platforms, inconsistent operational security and traces suggesting links to the wider cybercrime ecosystem. The same PhantomRelay-related tooling has appeared in activity clusters beyond GREYVIBE, raising the possibility that the group includes current or former cybercriminal actors rather than a conventional state unit.

The Russia connection rests on a combination of language, timing, targets and objectives. Russian-language comments and administrative panels appeared in malware and backend artefacts. Operator machines were configured to Russian locale and UTC+3. Activity patterns matched Moscow working hours. The target set and intelligence-gathering focus aligned closely with Russian state interests, though investigators stopped short of classifying GREYVIBE as a confirmed state agency operation.

The use of ChatGPT, Google Gemini and image-generation platforms shows how generative AI is changing the economics of cyber operations. Attackers can generate polished phishing material, build credible websites, translate or localise content, create scripts, troubleshoot code and refactor malware faster than before. This does not remove the need for technical knowledge, but it lowers the barrier for groups that lack deep in-house engineering skills.

For defenders, the case adds pressure to rethink detection methods that rely heavily on stable malware signatures or repeated infrastructure patterns. AI-assisted actors can rewrite code, refresh lures and alter components more frequently, making old clustering techniques less dependable. Attribution becomes harder when malware families are generated, modified or shared across criminal and state-aligned ecosystems.

GREYVIBE’s campaigns also show how Ukraine remains a testing ground for cyber tactics that may later spread elsewhere. Mid-sized organisations, charities, civil-society groups and companies linked to geopolitically sensitive sectors face rising risk from actors that can scale deception without large technical teams. The same methods used against Ukraine-linked targets could be adapted for election interference, corporate espionage, sanctions evasion, financial theft or influence operations.

The article AI raises GREYVIBE threat against Ukraine appeared first on Arabian Post.

The move gives Chrome users and organisations a stronger layer of protection after login, where many account takeovers now occur even when passwords and multi-factor authentication have already been passed. DBSC links a user’s authenticated web session to the device on which it was created, making stolen cookies far less useful when copied to another machine.

The feature, previously tested in beta for Google Workspace environments, is now enabled by default for Google Workspace customers using Chrome on Windows. It is also being made available to Workspace Individual subscribers and personal Google account users, with a gradual rollout that began on May 25 and may take up to 60 days to become visible across eligible environments.

Session cookies allow websites to remember that a user has already signed in, reducing the need for repeated logins. That convenience has also made them a prime target for information-stealing malware. Once attackers obtain valid cookies, they can sometimes bypass password prompts and additional authentication checks, gaining access to email, cloud storage, financial dashboards, business tools and social media accounts without needing the victim’s password.

DBSC changes that model by using cryptographic proof tied to the original device. During a protected session, Chrome generates a public and private key pair, with the private key stored in hardware-backed security where available, such as the Trusted Platform Module on Windows. Servers can then require Chrome to prove possession of that private key before issuing or refreshing short-lived session cookies.

The practical effect is that a stolen cookie alone should no longer be enough to maintain access from a separate device. Attackers attempting to reuse exfiltrated cookies would face an additional barrier because they would not have the non-exportable private key held on the victim’s machine. That makes large-scale resale or automated abuse of stolen session tokens more difficult.

Google has framed the shift as a move from reactive detection to preventive defence. Traditional anti-abuse systems often rely on spotting suspicious activity after session theft has occurred, using signals such as device changes, unusual locations, behavioural anomalies or risk scoring. DBSC seeks to reduce the value of stolen tokens before they can be used elsewhere.

The update arrives as session theft has become a central concern for enterprise security teams. Infostealer malware families have grown more capable at harvesting browser data, credentials, authentication tokens and cookies from infected machines. Such tools are commonly distributed through phishing, fake software downloads, malicious advertisements, compromised websites and deceptive files sent to employees or creators.

For Workspace administrators, the general availability release removes the need to manually enable DBSC through the Admin console. The feature is on by default, and there is no end-user setting to switch it on. Administrators can monitor DBSC binding events through audit logs in the security investigation tool, giving security teams more visibility into when session binding is applied.

The feature can also work alongside context-aware access controls, allowing organisations to apply more granular account protections based on device, user and session signals. That combination is likely to appeal to large enterprises, schools and public-sector bodies seeking to reduce the risk of account compromise without adding visible friction for users.

DBSC is designed to be additive rather than disruptive for websites adopting the technology. Developers can integrate it into existing authentication systems by registering a device-bound session, using short-lived cookies and adding a refresh mechanism that validates possession of the device-held key. Where secure key storage is not available, the system can fall back to standard behaviour rather than breaking the user’s login flow.

The standard is still developing through the Web Application Security Working Group, and broader adoption will depend on implementation by browsers, identity providers and major web platforms. Google has indicated that support will expand to macOS in a forthcoming Chrome release, where secure hardware such as the Secure Enclave can be used for key protection.

Security specialists are likely to treat DBSC as an important hardening measure rather than a complete answer to account takeover. It does not remove the need for endpoint protection, patch management, phishing-resistant authentication, malware detection and user training. If malware remains active on a user’s machine, attackers may still be able to act locally inside the live session, even if they cannot easily export the session for use elsewhere.

The technology also does not replace passkeys or multi-factor authentication. Instead, it addresses a different stage of the attack chain. Passkeys and strong authentication help protect the login process, while DBSC focuses on protecting what happens after login by limiting the portability of session credentials.

For businesses, the change could reduce the impact of credential theft campaigns that target cloud accounts and browser-stored tokens. Compromised business accounts are often used to access sensitive files, reset passwords, launch invoice fraud, steal customer data or pivot deeper into corporate systems. Tying sessions more closely to trusted devices makes such attacks harder to scale.

Chrome’s large share of the browser market gives the rollout broader significance. If more web services adopt DBSC and other browsers implement compatible protections, session binding could become a standard part of web authentication architecture. That would mark a shift away from long-lived bearer cookies, which have long remained valuable to attackers precisely because possession of the token can be treated as proof of identity.

The article Chrome strengthens defences against account hijacking appeared first on Arabian Post.

Tracked as CVE-2026-0257, the flaw affects PAN-OS firewalls and Prisma Access environments where GlobalProtect portal or gateway services are configured with authentication override cookies and a vulnerable certificate setup. Successful exploitation allows an unauthenticated remote attacker to bypass normal VPN authentication controls and establish an unauthorised GlobalProtect connection, creating a path into protected corporate networks.

The US Cybersecurity and Infrastructure Security Agency added the vulnerability to its Known Exploited Vulnerabilities catalogue on May 29, 2026, signalling that exploitation has moved beyond theoretical risk. The inclusion places additional pressure on federal agencies and contractors, while serving as a wider warning to private-sector organisations that internet-facing VPN infrastructure remains a preferred entry point for threat actors.

Palo Alto Networks has assigned the issue a high severity rating, with a CVSS 4.0 score of 7.8 and its highest suggested urgency level. The company has said it is aware of limited exploit attempts against unpatched PAN-OS devices where mitigations had not been applied. Security researchers have separately observed successful exploitation across several customer environments, with the earliest activity identified on May 17.

The vulnerability is significant because GlobalProtect is commonly used to provide remote access to enterprise networks. While the flaw does not provide remote code execution by itself and does not automatically grant arbitrary administrative control over the firewall, unauthorised VPN access can still expose internal systems, applications and user environments that would otherwise be shielded from the public internet.

Observed attacker behaviour points to forged authentication cookies being used to impersonate legitimate access. Security teams investigating compromised environments found suspicious cookie-based logins involving local administrative accounts, generic hostnames and spoofed identifiers. Some affected systems accepted forged authentication attempts without completing a full VPN session, while others assigned VPN addresses and gave attackers a foothold inside internal networks.

Two waves of activity have drawn particular attention. One set of attacks involved infrastructure associated with a low-cost hosting provider and suspicious cookie authentication to a local admin account. A later wave used different hosting infrastructure and showed evidence of VPN IP assignment after cookie-based authentication. The activity underlines the speed with which attackers can move once a working exploit path is validated.

The exposure is not universal. A firewall must have GlobalProtect portal or gateway enabled, authentication override cookies in use, and a specific certificate configuration for the vulnerability to be exploitable. Organisations that do not rely on the affected authentication override configuration face lower risk, but administrators are being urged to verify settings rather than assume they are unaffected.

Affected PAN-OS branches include 12.1, 11.2, 11.1 and 10.2, depending on the exact maintenance release installed. Fixed versions include PAN-OS 12.1.4-h6 or 12.1.7 and later, 11.2.4-h17, 11.2.7-h14, 11.2.10-h7 or 11.2.12 and later, 11.1.4-h33, 11.1.6-h32, 11.1.7-h6, 11.1.10-h25, 11.1.13-h5 or 11.1.15 and later, and 10.2.7-h34, 10.2.10-h36, 10.2.13-h21, 10.2.16-h7, 10.2.18-h6 and later. Prisma Access 10.2 and 11.2 environments are also covered by fixed releases and customer upgrade schedules.

Cloud NGFW and Panorama are not affected by CVE-2026-0257. That distinction is important for large organisations running mixed Palo Alto Networks estates, as remediation priorities will depend on product type, software version and configuration.

Mitigation guidance focuses on two immediate steps where rapid patching cannot be completed at once. Administrators can disable authentication override by unchecking the relevant options for generating and accepting cookies in GlobalProtect portal and gateway settings. They can also generate and use a dedicated certificate solely for authentication override cookies, ensuring that the certificate is not reused for the portal, gateway or other functions.

Patching remains the preferred course because fixed releases regenerate authentication override cookies using a more secure method. Users may need to re-authenticate after an upgrade even if a valid cookie exists, but that one-time disruption is being weighed against the risk of unauthorised VPN access.

Security teams are also being advised to inspect GlobalProtect authentication logs for unusual cookie-based logins, unexpected local account usage, unknown hostnames, spoofed MAC addresses and connections from hosting providers not normally associated with legitimate users. The most useful defensive approach combines software upgrades, configuration review, log analysis and threat hunting across internal systems that may have been reachable through an unauthorised VPN session.

The article Palo Alto VPN flaw draws urgent patching appeared first on Arabian Post.