A new banking trojan known as TCLBANKER has been quietly making rounds, and its delivery method is as clever as it is concerning. Attackers are using a trojanized version of a legitimate, digitally signed installer to slip malware onto victims’ machines without raising immediate suspicion.

The campaign, tracked as REF3076, bundles a malicious MSI installer inside a ZIP file and exploits the trust people place in recognizable software names.

The infection begins when a victim runs what appears to be a legitimate Logitech application installer. Inside the package, threat actors have weaponized the Logi AI Prompt Builder, abusing a technique called DLL sideloading to sneak a malicious file into the process. Once the application starts, it automatically loads the harmful DLL without the user ever knowing anything went wrong.

Analysts at Elastic Security Labs identified this new Brazilian banking trojan, assessing it to be a significant evolution of an older malware family known as MAVERICK and SORVEPOTEL. The campaign appears to be in its early stages, with developer artifacts and an incomplete phishing page suggesting the attackers are still actively building out their infrastructure.

TCLBANKER primarily targets users in Brazil, specifically those who visit banking, fintech, and cryptocurrency websites. The trojan monitors the victim’s browser in real time, watching for visits to any of 59 targeted financial domains.

Hackers Abuse Signed Logitech Installer

When a match is found, it opens a live connection to the attacker’s command server and puts the operator in full control.

The scope of potential damage goes well beyond simple credential theft. The malware can display fake full-screen overlays that look like real banking interfaces, freeze the apparent desktop to confuse victims, and kill the Task Manager to prevent users from ending the malicious process. It is a coordinated operation designed to make fraud feel seamless from the attacker’s side.

The attackers took care to make the infection chain look as normal as possible. The malicious ZIP file contains an MSI installer that mimics the legitimate Logi AI Prompt Builder, a real Flutter-based application.

When installed, the trojanized package drops a fake DLL called screen_retriever_plugin.dll, which masquerades as a genuine Flutter plugin and gets loaded automatically at startup.

The loader inside this DLL is packed with tricks to avoid detection. It checks whether the system is running inside a sandbox or virtual machine, verifies that the user’s default language is Brazilian Portuguese, and even measures timing to catch emulation frameworks that speed up sleep calls.

If anything seems off, the malware simply stops running without leaving obvious traces. This environment-gating approach means the payload only decrypts itself on real, qualifying machines.

Self-Spreading Worm Modules Amplify the Threat

What makes TCLBANKER particularly dangerous is not just what it does on a single machine, but how far it can spread from there. The malware comes with two worm modules designed to send itself to the victim’s contacts using channels those contacts already trust.

The first hijacks the victim’s active WhatsApp Web session in the browser, silently messaging Brazilian contacts with a link to download the malware. The second abuses Microsoft Outlook through automation, sending phishing emails directly from the victim’s own email account.

Because these messages come from real, known senders, they are far harder for security filters to catch. The Outlook bot first harvests the victim’s contact list, then sends targeted emails that look completely authentic.

Elastic researchers noted that all command and file-serving infrastructure runs on Cloudflare Workers under a single account, making it easy for operators to rotate infrastructure quickly when needed.

Organizations and individuals can take several steps to reduce exposure. Keeping security software updated ensures the latest detection signatures are in place.

Being cautious about ZIP files or MSI installers received through messaging apps or email, even from known contacts, is critical given this trojan’s self-spreading behavior. Monitoring for unusual scheduled tasks, unexpected DLL loads alongside legitimate software, and suspicious outbound connections can also help flag infections early.

Indicators of Compromise (IoCs):-

Type	Indicator	Description
SHA-256	701d51b7be8b034c860bf97847bd59a87dca8481c4625328813746964995b626	TCLBanker loader component (screen_retriever_plugin.dll)
SHA-256	8a174aa70a4396547045aef6c69eb0259bae1706880f4375af71085eeb537059	TCLBanker loader component (screen_retriever_plugin.dll)
SHA-256	668f932433a24bbae89d60b24eee4a24808fc741f62c5a3043bb7c9152342f40	TCLBanker loader component (screen_retriever_plugin.dll)
SHA-256	63beb7372098c03baab77e0dfc8e5dca5e0a7420f382708a4df79bed2d900394	TCLBanker initial ZIP file (XXL_21042026-181516.zip)
Domain	campanha1-api.ef971a42[.]workers.dev	TCLBanker C2
Domain	mxtestacionamentos[.]com	TCLBanker C2
Domain	documents.ef971a42.workers[.]dev	TCLBanker file server
Domain	arquivos-omie[.]com	TCLBanker phishing page (under development)
Domain	documentos-online[.]com	TCLBanker phishing page (under development)
Domain	afonsoferragista[.]com	TCLBanker phishing page (under development)
Domain	doccompartilhe[.]com	TCLBanker phishing page (under development)
Domain	recebamais[.]com	TCLBanker phishing page (under development)

Note: IP addresses and domains are intentionally defanged (e.g., [.]) to prevent accidental resolution or hyperlinking. Re-fang only within controlled threat intelligence platforms such as MISP, VirusTotal, or your SIEM.

Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.

The post Hackers Abuse Signed Logitech Installer to Deploy TCLBANKER Banking Trojan appeared first on Cyber Security News.

A new open-source cybersecurity platform called DarkMoon has emerged as a significant advancement in autonomous penetration testing.

It provides security teams and DevSecOps professionals with a fully AI-powered vulnerability assessment system. DarkMoon integrates over 50 specialized offensive security tools, all managed through a controlled execution interface.

DarkMoon is an automated penetration testing platform that uses artificial intelligence to orchestrate complete security assessments without manual intervention.

Unlike traditional vulnerability scanners, DarkMoon deploys a multi-agent AI architecture where specialized sub-agents reason, plan, and execute real offensive security operations through a controlled Model Context Protocol (MCP) interface, a gatekeeper layer that ensures the AI never directly touches the underlying system.

The platform aligns with recognized security frameworks, including ISO 27001, NIST SP 800-115, and the MITRE ATT&CK methodology, making it a standards-compliant option for organizations seeking repeatable, evidence-based assessments.

DarkMoon AI-Powered Platform

When a target is provided via the command line, DarkMoon automatically progresses through a multi-phase assessment: discovering open ports and services, fingerprinting the technology stack, modeling the attack surface, and then deploying specialized sub-agents based on what it detects.

The platform dynamically triggers agents tailored to discovered technologies:

• CMS Agent — activates for WordPress, Drupal, Joomla, Magento, and Moodle environments
• Stack-Specific Agent — targets PHP, Node.js, Flask, ASP.NET, Spring Boot, and Ruby on Rails
• Active Directory Agent — covers NetExec, BloodHound, and 30+ Impacket scripts
• Kubernetes Agent — uses kubectl, Kubescape, and Kubeletctl
• GraphQL Agent — handles GraphQL-specific attack surfaces
• Headless Browser Agent — deployed when browser rendering is required

Multiple agents can execute in parallel across a hybrid infrastructure, significantly accelerating assessment timelines compared to sequential manual testing.

DarkMoon ships with a purpose-built Docker image housing over 50 compiled security tools organized by category.

Port scanning is handled by Naabu and Masscan; web application testing leverages Nuclei, ffuf, sqlmap, Arjun, and wafw00f; reconnaissance uses Subfinder, Katana, Waybackurls, and httpx; CMS testing relies on WPScan and CMSeeK; and network enumeration employs Hydra, dig, and SNMP tooling.

All tools are accessible inside the Docker toolbox without path configuration — the AI reasons and plans, the MCP controls execution, and the Docker container runs the tools in isolation.

DarkMoon is designed for security teams running continuous automated testing, DevSecOps engineers integrating security into CI/CD pipelines, bug bounty hunters accelerating target analysis, and security researchers exploring adaptive attack surfaces in real time.

The platform supports bug bounty mode natively, with command-line flags such as FOCUS, EXCLUDE, SEVERITY, and FORMAT=h1 interpreted directly by the AI agent.

DarkMoon is available on GitHub at github.com/ASCIT31/Dark-Moon and requires only Docker, Docker Compose, and an LLM API key from providers such as Anthropic, OpenAI, or OpenRouter with local model support via Ollama and llama.cpp also available.

The platform represents a broader industry trend toward autonomous AI-driven penetration testing that scales beyond the limits of human-only security teams.

Cybercriminals now enter through your suppliers instead of your front door – Free Webinar

The post DarkMoon AI-Powered Autonomous Penetration Testing Platform With 50+ Tools appeared first on Cyber Security News.

Trellix, the global cybersecurity firm formed from the merger of McAfee Enterprise and FireEye, has confirmed unauthorized access to a portion of its source code repository, with the RansomHouse ransomware group formally claiming responsibility for the attack.

Trellix reported a data breach involving unauthorized access to a portion of its source code repository, which was disclosed publicly around May 2, 2026.

Upon discovering the intrusion, Trellix immediately engaged leading forensic experts to investigate and has notified law enforcement authorities.

In an official statement published on its website, the company said: “Based on our investigation to date, we have found no evidence that our source code release or distribution process was affected, or that our source code has been exploited”.

The RansomHouse ransomware group formally named Trellix on its dark web leak site, claiming the compromise occurred on April 17, 2026.

The group published multiple screenshots reportedly demonstrating access to Trellix’s internal services and management dashboards, though they have not specified the volume of data exfiltrated or its nature.

Notably, RansomHouse listed the breach status as “Evidence Depends on You,” a hallmark tactic used to pressure victims into negotiations before releasing stolen data publicly.

RansomHouse is a sophisticated ransomware-as-a-service (RaaS) group known for deploying a unique ransomware variant called Mario ESXi, whose code shares lineage with the leaked Babuk ransomware source code, alongside a tool called MrAgent to target both Windows and Linux-based virtualized environments.

The group typically targets VMware ESXi infrastructure and exploits weak domain credentials and monitoring systems to gain privileged access.

RansomHouse distinguishes itself by positioning itself as a “professional mediator community,” often seeking payment for data deletion rather than decryption.

The full extent of the data exposure remains unspecified, and Trellix has not confirmed whether corporate or customer data beyond source code was accessed.

Preliminary investigations indicate no evidence that the software distribution pipeline or customer-facing products were tampered with.

The incident highlights the growing trend of ransomware groups targeting cybersecurity vendors themselves, organizations whose proprietary source code, if weaponized, could have far-reaching consequences for enterprise defenses globally.

Cybercriminals now enter through your suppliers instead of your front door – Free Webinar

The post Trellix Breach – RansomHouse Claims Access to Parts of Source Code appeared first on Cyber Security News.

A sophisticated new malware framework called PCPJack has been found actively targeting cloud environments across the internet, hunting for exposed services and stripping away credentials at scale.

The worm zeroes in on Docker, Kubernetes, Redis, and MongoDB deployments, turning misconfigured or vulnerable systems into footholds for credential theft and financial fraud. What sets it apart from most cloud-targeting malware is its unusual decision to skip cryptocurrency mining entirely, suggesting the operators are focused on a different kind of profit.

PCPJack starts its infection chain with a shell script called bootstrap.sh, which runs quietly on Linux-based cloud systems. That script prepares the environment, installs Python, downloads six specialized modules, sets up persistence, and launches the main orchestrator.

One of its first actions is to scan for and actively remove all traces of a rival threat group called TeamPCP, essentially taking over compromised machines that someone else had already infected, making it unusually competitive among cloud threat actors.

Researchers at SentinelOne identified PCPJack as a credential theft framework with worm-like spreading capabilities. According to SentinelOne security researcher Alex Delamotte, the toolset “harvests credentials from cloud, container, developer, productivity, and financial services, then exfiltrates the data through attacker-controlled infrastructure while attempting to spread to additional hosts.”

The research team believes the actor behind PCPJack may be a former TeamPCP member who left the group and started their own separate operation, given the technical overlap found between both campaigns.

The malware collects an unusually wide range of secrets, including SSH keys, Slack tokens, WordPress database credentials, OpenAI and Anthropic API keys, cloud provider tokens, and cryptocurrency wallet files.

It then encrypts all stolen data using X25519 ECDH and ChaCha20-Poly1305 before sending it to a Telegram channel, broken into small chunks to comply with message size limits. The attacker even tracks whether their cleanup of TeamPCP infections was successful, signaling deliberate and targeted competitive intent rather than opportunistic attack behavior.

PCPJack’s Worm-Like Propagation and CVE Exploitation

PCPJack spreads by actively scanning external cloud infrastructure for exposed services including Docker, Kubernetes, Redis, MongoDB, and RayML. The worm downloads hostname data from Common Crawl parquet files and uses them as scanning targets, letting it discover new victims without hardcoding any addresses directly into the code.

This design allows the attacker to cover up to 104 million potential entries during each cycle without requiring centralised coordination.

The worm exploits five publicly known vulnerabilities to break into new systems. These include CVE-2025-29927, an authentication bypass in Next.js middleware; CVE-2025-55182, a server-side deserialization flaw in React and Next.js known as “React2Shell”; CVE-2026-1357, an unauthenticated file upload vulnerability in WPVivid Backup; CVE-2025-9501, a PHP injection flaw in W3 Total Cache; and CVE-2025-48703, a shell injection issue in CentOS Web Panel.

Once inside, the worm harvests SSH keys and moves laterally by enumerating Kubernetes clusters and Docker daemons, then replicating itself to every reachable host.

Sliver Backdoor and Enterprise-Wide Credential Targeting

SentinelOne’s analysis also uncovered a Sliver-based backdoor on the attacker’s staging server, compiled in three variants to support x86_64, x86, and ARM system architectures. This backdoor grants the operator persistent remote access even after initial exploitation ends.

The binaries are saved locally as update.bin, update-386.bin, and update-arm.bin, designed to blend in with legitimate system maintenance file names to avoid immediately raising suspicion.

Beyond cloud infrastructure, PCPJack also targets messaging platforms, financial services, and enterprise productivity tools. The malware scans for credentials tied to services like Discord, DigitalOcean, Grafana Cloud, Google API, HashiCorp Vault, and 1Password, expanding potential damage far beyond a single environment. This wide reach points toward extortion, spam campaigns, and credential resale as the most likely endgame.

To reduce exposure, security teams should enforce multi-factor authentication across all cloud accounts and services. Using IMDSv2 in AWS environments is recommended to prevent metadata theft, and proper authentication must be enforced for Docker and Kubernetes API endpoints.

Organisations should follow least-privilege principles, avoid storing secrets in plaintext, and regularly audit environment variables and configuration files for sensitive data.

Indicators of Compromise (IoCs):-

Type	Indicator	Description
URL	hxxps://spm-cdn-assets-dist-2026[.]s3[.]us-east-2[.]amazonaws[.]com	Payload host (PAYLOAD_HOST) used by bootstrap.sh to download additional modules
URL	hxxps://cdn[.]cloudfront-js[.]com:8443/u	Credential exfiltration endpoint; typosquats CloudFront over ports 8443/7443
File	bootstrap.sh	Initial dropper shell script; sets up working directory, installs Python, downloads payloads
File	monitor.py (worm.py)	Main orchestrator script; manages all modules, credential theft, propagation, and C2 via Telegram
File	utils.py (parser.py)	Credential extraction and categorisation module
File	_lat.py (lateral.py)	Lateral movement module; targets SSH, Kubernetes, Docker, Redis, RayML, and MongoDB
File	_cu.py (crypto_util.py)	Credential encryption module; uses X25519 ECDH and ChaCha20-Poly1305
File	_cr.py (cloud_ranges.py)	Collects IP ranges for AWS, GCP, Azure, Cloudflare, Cloudfront, and Fastly; refreshes every 24 hours
File	_csc.py (cloud_scan.py)	External cloud port scanner; targets Docker, Kubernetes, MongoDB, RayML, and Redis
File	check.sh	Secondary shell script on attacker infrastructure; detects CPU architecture and fetches Sliver binary
File	extractor.py	Credential extraction script targeting environment variables from cloud services
File	run_script.py	Script downloaded and executed via Telegram RUN command from attacker C2
File	update.bin	Sliver backdoor binary compiled for x86_64 (64-bit) systems
File	update-386.bin	Sliver backdoor binary compiled for x86 (32-bit) or 32-bit containers
File	update-arm.bin	Sliver backdoor binary compiled for ARM processor architectures
Directory	/var/lib/.spm/	Hidden working directory created by bootstrap.sh on compromised systems
File	/var/tmp/apt-daily-upgrade	Local path where Sliver binary (update.bin) is saved to blend with system processes
CVE	CVE-2025-29927	Authentication bypass in Next.js middleware via crafted header
CVE	CVE-2025-55182	Server Actions deserialization flaw in React and Next.js (“React2Shell”)
CVE	CVE-2026-1357	Unauthenticated file upload in WPVivid Backup plugin
CVE	CVE-2025-9501	PHP injection in W3 Total Cache via cached mfunc comment
CVE	CVE-2025-48703	Shell injection in CentOS Web Panel Filemanager changePerm functionality

Note: IP addresses and domains are intentionally defanged (e.g., [.]) to prevent accidental resolution or hyperlinking. Re-fang only within controlled threat intelligence platforms such as MISP, VirusTotal, or your SIEM.

Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.

The post New PCPJack Worm Targets Docker, Kubernetes, Redis, and MongoDB for Credential Theft appeared first on Cyber Security News.

A new and evolving threat has caught the attention of cybersecurity researchers worldwide. A Windows-based information stealer known as NWHStealer has resurfaced with a more sophisticated delivery chain, now using the Bun JavaScript runtime as part of its infection process.

This shift makes it clear that the attackers behind this campaign are actively experimenting with lesser-known tools to stay ahead of security defenses.

NWHStealer is a Rust-based malware capable of stealing sensitive data from infected Windows systems. It spreads through Node.js scripts, MSI installers, and fake software downloads hosted on trusted platforms such as GitHub, GitLab, SourceForge, and Itch.io. Since it blends into legitimate-looking software packages, many users unknowingly download and run it without any suspicion.

Analysts at Malwarebytes identified the new delivery method during routine threat hunting activities.

Researcher Gabriele Orini noted that attackers have now incorporated Bun, a modern JavaScript toolkit built as a high-performance alternative to Node.js, into the malware’s delivery chain. Its relative newness in security circles makes it particularly appealing to attackers trying to slip past detection.

Once inside a system, NWHStealer is highly capable. It collects system information, steals saved browser data and passwords, drains cryptocurrency wallets, and targets applications like Discord, Steam, and FTP clients such as FileZilla.

It can also inject malicious code into browser processes, bypass Windows User Account Control, persist through scheduled tasks, and pull new command-and-control addresses from Telegram to keep the operation alive after partial takedowns.

The scale of this campaign is notable. Attackers continue to create fresh profiles on legitimate platforms to push new lures, making it difficult for moderators to respond quickly. The combination of data theft, persistence, and self-updating infrastructure makes NWHStealer a serious threat to both everyday users and organizations.

Bun Loader, Anti-VM Checks, and Encrypted C2

The infection begins with a ZIP archive disguised as a game trainer, software crack, or utility tool. Detected archive names include MOUSE_PI_Trainer_v1.0.zip, FiveM Mod.zip, TradingView-Activation-Script-0.9.zip, and AutoTune 2026.zip.

Inside sits Installer.exe, which carries JavaScript code bundled with the Bun runtime hidden within its .bun section.

The malicious JavaScript is divided into two key files. The first, sysreq.js, runs PowerShell and WMI commands to check whether the system is a real machine or a virtual one. It inspects CPU count, disk space, screen resolution, hardware manufacturers, and even the username, using a scoring system to decide whether to proceed with infection or stop entirely. This anti-VM layer is designed to avoid detection in automated security analysis environments.

The second file, memload.js, handles communication with the attacker’s command-and-control server. Strings and configurations are encrypted using XOR combined with base64 encoding, making static analysis much harder. The loader sends a report containing the victim’s public IP, system details, and a screenshot to the C2, then fetches an AES-encrypted payload and deploys NWHStealer directly into memory with minimal traces on disk.

Some analyzed ZIP files also include a secondary loader called dw.exe inside a folder labeled “DW.” A Readme.txt inside the archive tells users to run dw.exe manually if the main installer fails, giving attackers a fallback option if the primary C2 server goes offline. This dual-loader setup reflects a deliberate backup plan to ensure delivery regardless of temporary disruptions.

Staying Safe From NWHStealer

Given how widely this stealer is distributed, users should take practical steps to protect themselves. Only download software from official, verified sources and avoid file-sharing platforms unless the publisher’s identity and reputation are clearly established.

Always check a file’s digital signature before running it, as legitimate software will carry consistent, verifiable signing details.

It is also worth inspecting any downloaded archive before opening it. Malicious archives often have unusual file structures, mismatched content, or naming patterns that do not match what was advertised.

Staying cautious with downloads that seem too good to be true, whether a game cheat, a software activator, or a free tool, remains one of the most effective defenses against threats like NWHStealer.

Indicators of Compromise (IoCs):-

Type	Indicator	Description
Domain	whale-ether[.]pro	NWHStealer C2 server
Domain	cosmic-nebula[.]cc	NWHStealer C2 server
Domain	silent-harvester[.]cc	Bun Loader C2 server
Domain	silent-orbit[.]cc	Bun Loader C2 server
Domain	support-onion[.]club	Bun Loader C2 server
SHA-256	d3a896f450561b2546b418b469a8e10949c7320212eb1c72b48e2b1e37c34ba5	Malicious file hash
SHA-256	96fe4ddfe256dc9d2c6faea7c18e2583cd9d9c0099a4ad2cf082f569ee8379f4	Malicious file hash
SHA-256	3710fb27d2032ef1eb1252ebf5c4dd516d2b2c0a83fb82c664c89e504b990fa9	Malicious file hash
SHA-256	33d07aa24b217f27df6a483295c817da198e12511a6989bcc6b917feaf8e491d	Malicious file hash
SHA-256	5427b4cefb329ed0e9585b3ce58a2788baf87e3b0c7221373f9bbd5f32c85b62	Malicious file hash
SHA-256	308da9f49ffa1d1744e428b567792ab22712159974e9da8d8e0414ecd81de93e	Malicious file hash
SHA-256	021838f30a43026084978bce187c165c6b640d8d474ec009d48078d21ec62025	Malicious file hash
SHA-256	c8e96b55f13435c4b43b7209d2403f1a0e0f9deb05edc50e0f777430be693b07	Malicious file hash
SHA-256	0614c4cc6375ab6bdcdd2dfa913a67d32c3e8be9b95a4a2aa09bb131b98191c8	Malicious file hash
SHA-256	0020999b2e3e4d1b2cfb69e4df9440d3ce05d508573889fdc12b724ce75a0cd8	Malicious file hash
SHA-256	0fa42df08cc467ec52b2d388b5575114a8ec067d13f6b1a653ec33fe879f88ca	Malicious file hash
SHA-256	15f79980650393d182f81cd6e389210568aa1f5f875e515efe6cb9485d64b7fb	Malicious file hash
SHA-256	20454ba58d509300fd694ae6159db4efa1b7ff965f98c29e7d087e20f96578c1	Malicious file hash

Note: IP addresses and domains are intentionally defanged (e.g., [.]) to prevent accidental resolution or hyperlinking. Re-fang only within controlled threat intelligence platforms such as MISP, VirusTotal, or your SIEM.

Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.

The post New NWHStealer Delivery Chain Uses Bun Loader, Anti-VM Checks, and Encrypted C2 appeared first on Cyber Security News.

Mozilla has fixed a total of 423 Firefox security bugs in April 2026 alone, a figure nearly 20 times higher than its monthly average of about 21 bugs throughout 2025, driven by a groundbreaking agentic AI pipeline built around Anthropic’s Claude Mythos Preview and other large language models.

The surge was triggered by Mozilla’s early access to Claude Mythos Preview, which identified 271 of the 423 vulnerabilities fixed in April.

These were primarily shipped as part of Firefox 150, released on April 21, 2026, with additional fixes flowing into Firefox 149.0.2, 150.0.1, and 150.0.2. Of the 271 bugs attributed to Claude Mythos Preview in Firefox 150, 180 were rated sec-high, 80 were sec-moderate, and 11 were sec-low, meaning most were vulnerabilities exploitable via normal user behavior, such as simply visiting a malicious webpage.

Mozilla Patches 423 Firefox 0-Day

Beyond the 271 AI-identified bugs, the remaining 152 fixes included 41 externally reported bugs and 111 discovered through internal techniques, split roughly equally between Claude Mythos fixes shipped in other releases, bugs found with other AI models, and conventional fuzzing.

Anthropic’s own Frontier Red Team was separately credited with three standalone CVEs: CVE-2026-6746, CVE-2026-6757, and CVE-2026-6758.

Mozilla publicly disclosed 12 representative bug reports to demonstrate the depth of AI analysis.

These include a 15-year-old flaw in the <legend> HTML element (Bug 2024437), triggered by meticulous orchestration of recursion stack depths and cycle collection edge cases, and a 20-year-old use-after-free (UAF) in Firefox’s XSLT engine (Bug 2025977) where reentrant key() calls caused a hash table to free its backing store while a raw pointer remained in use.

Several bugs represent critical sandbox escape primitives, including a race condition over IPC allowing a compromised content process to manipulate IndexedDB refcounts to trigger a UAF (Bug 2021894), and a raw NaN crossing an IPC boundary masquerading as a tagged JavaScript object pointer to achieve a parent-process fake-object primitive (Bug 2022034).

One exploit even simulates a malicious DNS server by intercepting glibc function calls to trigger a buffer over-read during HTTPS Record and ECH parsing (Bug 2023958).

These sandbox escape bugs are notoriously difficult to surface via traditional fuzzing methods, making AI coverage particularly valuable for this attack surface.

Mozilla’s approach evolved from early static-analysis experiments using GPT-4 and Claude Sonnet 3.5, which produced too many false positives to be practical.

The breakthrough came with agentic harness systems that not only generate bug hypotheses but also create reproducible proof-of-concept test cases to dynamically validate them. This eliminated speculative false positives and made large-scale deployment feasible.

The pipeline was built atop Mozilla’s existing fuzzing infrastructure and parallelized across multiple ephemeral virtual machines, each assigned to hunt for vulnerabilities within a specific target file.

Mozilla integrated the full security bug lifecycle into the system: deduplication against known issues, triage, patch tracking, and release management.

Over 100 contributors worked to review, test, and ship the resulting patches, a testament to the sustained operational scale required.

Key Vulnerability Breakdown

Bug ID	Type	Age / Severity
2024437	HTML <legend> UAF via edge case orchestration	15-year-old bug, sec-high
2025977	XSLT reentrant key() hash table UAF	20-year-old bug, sec-high
2021894	IPC race condition → IndexedDB UAF → sandbox escape	sec-high
2022034	NaN-as-JS-pointer IPC deserialization → sandbox escape	sec-high
2026305	rowspan=0 HTML table 16-bit bitfield overflow	sec-high, evaded fuzzers for years
2029813	RLBox in-process sandbox escape via verification gap	sec-high

Equally notable is what the AI pipeline failed to exploit, not due to limitation, but because of effective prior hardening.

Audit logs revealed numerous AI-driven attempts to exploit prototype pollution for sandbox escapes, all blocked by Mozilla’s earlier architectural decision to freeze JavaScript prototypes by default. This provided direct, measurable validation of previously shipped defense-in-depth mitigations.

Mozilla’s guidance is direct: any software project can begin using an agentic harness with a modern model today.

The initial prompts can be simple, essentially directing the model to find a bug in a specific code region and build a test case, with iteration improving effectiveness over time.

Mozilla plans to integrate this pipeline into its continuous integration (CI) system to scan incoming patches as they land, extending coverage from file-based to patch-based scanning.

Cybercriminals now enter through your suppliers instead of your front door – Free Webinar

The post Mozilla Patches 423 Firefox Vulnerabilities with Claude Mythos and Other AI Models appeared first on Cyber Security News.

Spring Cloud Config provides crucial server-side and client-side support for externalized configuration in distributed systems.

Recently, the Spring development team disclosed four security vulnerabilities impacting the Spring Cloud Config Server.

These flaws range from medium to critical severity, exposing environments to unauthorized arbitrary file access, cloud secrets leakage, and logging misconfigurations.

Because centralized configuration servers often hold sensitive keys for an entire microservice architecture, system administrators must immediately review and patch their infrastructure.

Spring Cloud Vulnerabilities

Directory Traversal Vulnerabilities

The most severe issue is CVE-2026-40982, a critical directory traversal vulnerability affecting the platform.

The Spring Cloud Config module allows applications to serve both text and binary files over the network.

An attacker can exploit this module by sending a specially crafted URL to the server, thereby bypassing restricted directories and accessing arbitrary files on the host system.

Security researchers Swapnil Paliwal, the AxiomCode security team, August 829, and rash18mi responsibly identified and reported this critical flaw.

Target GCP Secrets and Git Directories

Two additional high-severity vulnerabilities threaten Spring Cloud Config deployments.

CVE-2026-40981 affects organizations that use Google Secrets Manager as the backend for their configuration server.

Malicious actors can craft specific requests to the config server, exposing sensitive secrets from unintended Google Cloud Platform projects.

Meanwhile, CVE-2026-41002 introduces a time-of-check-time-of-use attack surface.

This vulnerability specifically targets the server’s base directory used to clone Git repositories.

Threat actors can manipulate files during the cloning process due to this race condition.

Security researcher Yu Bao from PayPal received credit for discovering and reporting this Git-related vulnerability.

Trace Logging Exposes Sensitive Information

A medium-severity vulnerability (CVE-2026-41004) affects the server’s internal logging mechanisms.

When administrators enable trace logging, the system inadvertently writes sensitive information in plain text directly to the log files.

This misconfiguration could expose credentials or configuration secrets to unauthorized internal users who possess read access to the system logs.

All four vulnerabilities impact the same branches of the Spring Cloud Config ecosystem.

The affected release lines include 3.1.x, 4.1.x, 4.2.x, 4.3.x, and 5.0.x. Older, unsupported versions of the software also remain highly vulnerable to these exploits.

Users must upgrade immediately to secure their environments against potential compromise.

The Spring team has released patched versions across their different support tiers.

Open-source software users must upgrade to 4.3. x environments to version 4.3.3 and their 5.0. x environments to version 5.0.3.

Enterprise support customers have access to dedicated fixes in versions 3.1.14, 4.1.10, and 4.2.7.

If immediate patching is impossible for the GCP secrets vulnerability, administrators can implement a temporary configuration workaround.

By setting the spring.cloud.config.server.gcp-secret-manager.token-mandatory=true property, the server forces clients to send a valid token.

The system then verifies this token to ensure the client actually has legitimate access to the requested project secrets.

Cybercriminals now enter through your suppliers instead of your front door – Free Webinar

The post Critical Spring Vulnerabilities Expose Arbitrary Files and GCP Secrets appeared first on Cyber Security News.

Dirty Frag is a newly disclosed, CVE-pending Linux kernel local privilege escalation (LPE) vulnerability that chains two separate page-cache write flaws, the xfrm-ESP Page-Cache Write and the RxRPC Page-Cache Write, to achieve root access on virtually all major Linux distributions, with a public exploit already in the wild following an embargo break on May 7, 2026.

Dirty Frag belongs to the same vulnerability class as Dirty Pipe and Copy Fail (CVE-2026-31431), but targets the frag member of the kernel’s struct sk_buff rather than struct pipe_buffer.

Discovered and reported by security researcher Hyunwoo Kim (@v4bel), the vulnerability exploits the zero-copy send path where splice() plants a reference to a read-only page cache page, such as /etc/passwd or /usr/bin/su — into the frag slot of a sender-side skb.

Dirty Frag Linux Vulnerability

The receiver-side kernel code then performs in-place cryptographic operations directly on top of that frag, permanently modifying the page cache in RAM.

Every subsequent read to that file sees the corrupted version, even though the unprivileged attacker was granted only read access.

Unlike race-condition exploits, Dirty Frag is a deterministic logic bug that requires no timing window, does not panic the kernel on failure, and carries an extremely high success rate.

xfrm-ESP Page-Cache Write resides in esp_input(), the IPsec ESP receive path. When an skb is non-linear but lacks a frag list, the code skips the mandatory skb_cow_data() buffer allocation step and jumps directly to in-place AEAD decryption on the attacker-planted frag.

Using the XFRMA_REPLAY_ESN_VAL netlink attribute, the attacker can control both the location (file offset) and the value (4 bytes) of each store operation, enabling them to overwrite arbitrary bytes of /usr/bin/su‘s page cache with a static root-shell ELF 192 bytes written across 48 chunks of 4 bytes each.

Authentication failure (-EBADMSG) is returned afterward, but the page cache write has already persisted. This variant requires the ability to create a user namespace (unshare(CLONE_NEWUSER)).

RxRPC Page-Cache Write resides in rxkad_verify_packet_1(), which performs an in-place single-block pcbc(fcrypt) decryption on the first 8 bytes of the RxRPC payload.

Because skb_to_sgvec() converts the splice-pinned page cache page directly into the SGL, the attacker-controlled page becomes both src and dst.

The 8-byte store value is fcrypt_decrypt(C, K), where K is a freely specifiable session key registered via add_key("rxrpc", ...) — an operation requiring no privileges at all.

The attacker brute-forces K in user space until the desired plaintext (e.g., turning /etc/passwd line 1’s password field into an empty string) is produced, enabling PAM nullok authentication bypass.

Neither vulnerability alone covers all Linux environments:

• ESP variant: Available on most distros but requires user namespace creation — blocked on some Ubuntu configurations via AppArmor policy.
• RxRPC variant: No namespace privilege required, but rxrpc.ko is absent on most distros like RHEL 10.1 by default — yet ships and auto-loads on Ubuntu.

Chaining the two exploits closes both blind spots, achieving root on essentially every major distribution. The exploit first attempts the ESP path; if unshare(CLONE_NEWUSER) fails, it automatically falls back to the RxRPC path targeting /etc/passwd.

Affected Distributions and Kernel Versions

The ESP vulnerability has been present since commit cac2661c53f3 (January 2017), and the RxRPC flaw since 2dc334f1a63a (June 2023), giving the chain an effective window of approximately 9 years. Confirmed affected distributions include:

• Ubuntu 24.04.4 (kernel 6.17.0-23-generic)
• RHEL 10.1 (kernel 6.12.0-124.49.1.el10_1.x86_64)
• openSUSE Tumbleweed (kernel 7.0.2-1-default)
• CentOS Stream 10 (kernel 6.12.0-224.el10.x86_64)
• AlmaLinux 10 (kernel 6.12.0-124.52.3.el10_1.x86_64)
• Fedora 44 (kernel 6.19.14-300.fc44.x86_64)

The ESP variant patch using the SKBFL_SHARED_FRAG flag to ensure splice-pinned pages always route through skb_cow_data() — was merged into the netdev tree on May 7, 2026.

The final merged patch was based on a shared-frag approach submitted by Kuan-Ting Chen. The RxRPC patch, which adds || skb->data_len to the existing skb_cloned() gate to force isolation of non-linear skbs, remains unmerged upstream.

No CVE identifiers have been assigned for either flaw as of publication, due to the premature embargo break by an unrelated third party on May 7, 2026 .

Immediate Mitigation

Since distribution-level patches are not yet available, administrators should immediately disable the affected kernel modules using the following command:

bashsh -c "printf 'install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n' > /etc/modprobe.d/dirtyfrag.conf; rmmod esp4 esp6 rxrpc 2>/dev/null; true"

This blacklists and unloads the esp4, esp6, and rxrpc modules, disrupting IPsec and RxRPC functionality as a trade-off.

Systems that rely on IPsec VPN tunnels should weigh operational impact carefully before applying the workaround and prioritize applying distribution-backported kernel patches once available.

The complete technical write-up and PoC exploit code are available at the researcher’s GitHub repository.

Cybercriminals now enter through your suppliers instead of your front door – Free Webinar

The post Dirty Frag Linux Vulnerability Let Attackers Gain Root Privileges – PoC Released appeared first on Cyber Security News.

Vercel has released an extensive set of security advisories for Next.js, addressing more than a dozen vulnerabilities, including denial-of-service, middleware bypass, server-side request forgery, and cross-site scripting.

The flaws affect Next.js versions 13.x through 16.x using the App Router, as well as React Server Components packages for versions 19.x.

CVE-2026-23870: Denial of Service via React Server Components

A high-severity denial-of-service vulnerability tracked as CVE-2026-23870 affects React Server Components packages for versions 19.x and all Next.js App Router deployments on versions 13.x, 14.x, 15.x, and 16.x.

A specially crafted HTTP request sent to any App Router Server Function endpoint, when deserialized, can trigger excessive CPU usage, resulting in denial-of-service attacks in unpatched environments.

The issue is rooted in the React “Flight” protocol’s deserialization logic, which fails to adequately enforce structural or type constraints on inbound payloads.

Middleware and Proxy Authorization Bypass

Three separate advisories GHSA-267c-6grr-h53f, GHSA-26hh-7cqf-hhc6, and GHSA-492v-c6pp-mqqv address middleware bypass vulnerabilities in App Router applications.

Specially crafted .rsc and segment-prefetch URLs can resolve to the same page without being matched by intended middleware rules, allowing protected content to be accessed without proper authorization checks.

The fix now includes App Router transport variants when generating middleware matchers, ensuring middleware protections apply consistently to all request types, including prefetch variants.

Until an upgrade is possible, developers should enforce authorization directly in the underlying route or page logic rather than relying solely on middleware.

CVE-2026-44578: SSRF via WebSocket Upgrade Requests

Tracked as CVE-2026-44578 and covered under GHSA-c4j6-fc7j-m34r, this high-severity flaw enables server-side request forgery through crafted WebSocket upgrade requests on self-hosted Node.js deployments.

An attacker can manipulate the server into proxying requests to arbitrary internal or external destinations, potentially exposing internal services or cloud metadata endpoints, a particularly dangerous scenario in cloud-native environments.

Vercel-hosted deployments are explicitly noted as unaffected. The fix applies the same safety checks to WebSocket upgrade handling that already existed for standard HTTP requests.

CVE-2026-44573: Pages Router i18n Middleware Bypass

CVE-2026-44573 (GHSA-36qx-fr4f-26g5) affects applications using the Pages Router with i18n configured alongside middleware-based authorization.

Locale-less /_next/data/<buildId>/<page>.json requests bypass middleware entirely, enabling attackers to retrieve server-side rendered JSON for protected pages without passing authorization checks.

The matcher logic has been updated to apply consistent matching across both prefixed and unprefixed data routes.

Beyond the high-severity flaws, Vercel also patched several moderate and low-severity issues.

These include cross-site scripting vulnerabilities in App Router applications using CSP nonces (GHSA-ffhc-5mcf-pf4q) and in beforeInteractive scripts with untrusted input (GHSA-gx5p-jg67-6x7h), a denial-of-service bug in the Image Optimization API (GHSA-h64f-5h5j-jqjh), and cache poisoning issues in React Server Component responses (GHSA-wfc6-r584-vfw7, GHSA-vfv6-92ff-j949).

A connection exhaustion DoS in Cache Components (GHSA-mg66-mrh9-m8jx) and cache poisoning of middleware redirects (GHSA-3g8h-86w9-wvmq) round out the advisory list.

Organizations running affected Next.js versions should prioritize upgrading immediately.

For teams unable to upgrade right away, the recommended interim mitigations include enforcing authorization within individual route or page logic rather than relying on middleware alone, blocking WebSocket upgrades at the reverse proxy or load balancer level, and restricting server egress to known internal networks.

Cybercriminals now enter through your suppliers instead of your front door – Free Webinar

The post Multiple Critical Vulnerabilities Patched in Next.js and React Server Components appeared first on Cyber Security News.

Ivanti has issued a critical security advisory for its Endpoint Manager Mobile (EPMM) product, disclosing multiple actively exploited vulnerabilities, including CVE-2026-6973, and urging all on-premises EPMM customers to apply patches immediately.

At the time of disclosure, Ivanti confirmed active exploitation of CVE-2026-6973, a vulnerability that requires admin authentication to succeed.

The flaws exclusively affect the on-premises EPMM product and are not present in Ivanti Neurons for MDM, Ivanti’s cloud-based unified endpoint management solution, Ivanti EPM, Ivanti Sentry, or any other Ivanti products.

Exploitation activity has been described as “very limited” at the time of public disclosure, though the company strongly warned that advanced AI models have dramatically collapsed the time-to-exploit window from days to mere hours after a vulnerability becomes public.

In a notable shift in vulnerability management strategy, Ivanti disclosed that it has integrated multiple advanced large language model (LLM) AI systems into its product security and engineering red team processes.

This integration has enhanced the capabilities of its internal security teams to identify and remediate vulnerabilities that traditional static analysis (SAST) and dynamic analysis (DAST) tools typically miss.

Ivanti acknowledged that some of the vulnerabilities being disclosed today were discovered directly through this AI-assisted process. The company maintains a “human in the loop” policy to verify all automated or agentic findings, ensuring responsible use of AI in its security program.

Ivanti’s EPMM has been a recurring target for sophisticated threat actors. CISA has flagged at least 31 Ivanti defects on its Known Exploited Vulnerabilities (KEV) catalog since late 2021, and at least 19 defects across Ivanti products have been exploited in the past two years alone.

Previous zero-day campaigns against EPMM include CVE-2025-4427 and CVE-2025-4428 in May 2025, and CVE-2023-35078 and CVE-2023-35082 in 2023, with some attacks attributed to Chinese state-sponsored threat groups.

The consistent targeting of EPMM underscores the product’s high-value position in enterprise mobile device management infrastructure.

The vulnerabilities disclosed in Ivanti’s May 2026 security advisory affect only on-premises EPMM deployments. Organizations running cloud-based Ivanti Neurons for MDM are not impacted.

Ivanti has published detailed remediation instructions through its official Security Advisory, with patch packages that the company says take only seconds to apply and cause no downtime.

Mitigations

Ivanti strongly urges all on-premises EPMM administrators to take immediate action:

• Apply the available security patch to all EPMM on-premises instances without delay
• Monitor Apache access logs at /var/log/httpd/https-access_log for signs of attempted or successful exploitation.
• Implement network segmentation to restrict EPMM administrative interfaces to trusted networks only.
• Review and harden mobile device management policies to reduce the overall attack surface
• Subscribe to Ivanti’s Security Blog and the Ivanti Innovators Hub for real-time vulnerability alerts

Ivanti cautioned that as AI-driven tooling becomes further embedded in its security processes, customers should expect an increase in vulnerability disclosures, a transparency initiative the company frames as a proactive step toward more resilient products rather than a sign of weakening security posture.

Cybercriminals now enter through your suppliers instead of your front door – Free Webinar

The post New Ivanti EPMM 0-Day Vulnerability Actively Exploited in Attacks appeared first on Cyber Security News.

Hackers are using convincing fake pages for Claude AI to trick users into running malware on their own systems. The campaign, known as “InstallFix” or the Fake Claude Installer threat, marks a sharp shift in how cybercriminals exploit the trust people place in artificial intelligence tools.

Instead of targeting software vulnerabilities, these attackers are targeting human behavior, knowing that users will follow installation steps without question.

The method is simple and effective. Attackers set up fake Claude AI installation pages and use paid Google Ads to push those pages to the top of search results.

When someone searches for “Claude Code” or “Claude Code install,” a sponsored link appears first, looking exactly like a trusted result. One click leads to a fraudulent site that provides step-by-step instructions with commands tailored to the user’s operating system, either Windows or macOS.

Researchers at Trend Micro identified and documented the campaign, noting that the malware is not a simple infection. It is a multi-stage attack chain that collects system information, disables security features, creates scheduled tasks to survive reboots, and connects to attacker-controlled servers for further instructions.

Confirmed attacks span the United States, Malaysia, the Netherlands, and Thailand, hitting industries from government and education to electronics and food and beverage.

How the Fake Installer Attack Works

What makes this campaign especially dangerous is that it targets both technical and non-technical users. Developers who work with command-line tools are often comfortable copying setup commands from documentation pages, and non-technical users are equally likely to follow on-screen steps that look official. The attackers crafted these fake pages to closely resemble a real Claude installation guide, making the deception very hard to spot.

The threat goes beyond a single download. After the user runs the malicious command, the infection unfolds across multiple stages, each designed to evade detection and remain hidden. Trend Micro’s telemetry confirmed outbound network connections to attacker-controlled servers, and the indicators found align closely with those tied to RedLine Stealer campaigns from 2023.

The attack begins with a Google Ads placement that intercepts users searching for Claude Code. The fake landing page uses a technique called ClickFix, presenting an OS-specific command framed as a required installation step. On Windows, running the command triggers a hidden chain beginning with mshta.exe, a legitimate Windows tool that attackers commonly abuse to execute remote payloads.

The downloaded file, named claude.msixbundle, appears to be a genuine Microsoft package with valid Marketplace signatures, allowing it to pass basic security checks. Embedded inside is an HTA payload that silently executes a VBScript, with the window resized to zero pixels so nothing appears on screen.

That script launches obfuscated PowerShell commands through the SysWOW64 subsystem, bypassing detection by reconstructing the word “powershell” at runtime using split variables.

The stager generates a unique ID for the victim machine by hashing the computer name and username together. It uses this hash to build a custom command-and-control URL for each victim, fetching the final payload from a subdomain on oakenfjrod[.]ru. This per-victim URL approach makes bulk network-level blocking extremely difficult to execute.

Persistence, Data Theft, and RedLine Stealer Connections

Once the shellcode runs in memory, the malware establishes persistence by creating scheduled tasks, allowing it to survive reboots and keep running silently. Dynamic analysis showed the malware reaching out to external IP addresses, collecting browser data, and targeting e-wallet applications installed on the infected machine.

The indicators tied to this campaign match techniques and infrastructure previously linked to RedLine Stealer.

To reduce risk, organizations should block known malicious domains and IP addresses at the firewall and use DNS filtering to prevent users from reaching suspicious or newly registered domains. Legacy scripting tools like mshta.exe should be restricted wherever possible.

Users should also be trained to avoid running commands from sites reached through sponsored search results, to verify download pages against official vendor websites, and to rely on trusted package managers like npm, pip, brew, or winget rather than manual scripts from unknown sources.

Indicators of Compromise (IoCs):-

Type	Indicator	Description
Domain	download-version[.]1-5-8[.]com	Malicious domain hosting the fake claude.msixbundle payload
Domain	oakenfjrod[.]ru	Attacker-controlled C&C domain; victim-unique subdomains used for Stage 4 payload delivery
URL	hxxps[://]download-version[.]1-5-8[.]com/claude[.]msixbundle	Download URL for the ZIP/HTA polyglot malicious package
URL	https://[nipple].oakenfjrod[.]ru/cloude-91267b64-989f-49b4-89b4-984e0154d4d1	Victim-unique C&C URL used to fetch and execute the final in-memory payload
File Name	claude.msixbundle	Malicious payload disguised as a Claude AI installer; ZIP/HTA polyglot file
File Name	Claude.msixbundle.zip	Malicious archive containing obfuscated VBScript payload embedded in an HTML file
SHA1	811fbf0ff6b6acabe4b545e493ec0dd0178a0302	Hash of the recovered Stage 5 payload file (content execution not confirmed)
SHA256	2f04ba77bb841111036b979fc0dab7fcbae99749718ae1dd6fd348d4495b5f74	SHA256 hash of the Stage 5 payload
IP Address	104[.]21[.]0[.]95	Outbound C&C IP observed during dynamic analysis
IP Address	185[.]177[.]239[.]255	Outbound C&C IP observed during dynamic analysis
IP Address	77[.]91[.]97[.]244	IP address contacted over HTTPS port 443; TCP SYN requests observed; resolved to hosted-by[.]yeezyhost[.]net

Note: IP addresses and domains are intentionally defanged (e.g., [.]) to prevent accidental resolution or hyperlinking. Re-fang only within controlled threat intelligence platforms such as MISP, VirusTotal, or your SIEM.

Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.

The post Hackers Using Fake Claude AI Installer Pages to Trick Users Into Running Malware on Their Systems appeared first on Cyber Security News.

Phone-based scams are evolving faster than most security filters can keep up with. Attackers are now leaning heavily on Voice over Internet Protocol (VoIP) numbers that disappear before detection systems can flag them, leaving users exposed and defenders scrambling.

These scam campaigns arrive through email, where attackers embed phone numbers directly into message bodies, subject lines, and file attachments.

The goal is simple: get the recipient to call a fraudulent number and hand over sensitive personal or financial details. By keeping victims on a live call, scammers can manipulate targets far more effectively than a link or attachment alone ever could.

Researchers at Cisco Talos identified that this shift toward phone-oriented attack delivery, known as telephone-oriented attack delivery (TOAD), has become one of the leading tactics in modern email threats.

Their analysis, covering a study window from late February to late March 2025, found that the largest scam campaigns all relied on VoIP infrastructure to operate at scale with minimal cost.

Scammers Game the System With VoIP Numbers

What makes VoIP so appealing to scammers is how easily numbers can be obtained and discarded in bulk. With API-driven provisioning available from a small number of providers, threat actors spin up hundreds of numbers quickly, use them briefly, and abandon them before reputation systems catch on. The median phone number lifespan observed during the study was roughly 14 days.

The impact goes well beyond individual users. Organized scam call centers are running campaigns that impersonate major brands like PayPal, Geek Squad, McAfee, and Norton LifeLock, all while directing victims to the same centralized fraudulent operation.

This infrastructure is deliberately built to resist tracing, blending seamlessly into legitimate telecom networks worldwide.

Scammers are not randomly picking phone numbers. They deliberately acquire large sequential blocks of numbers, often by purchasing Direct Inward Dialing (DID) blocks from providers.

When one number gets flagged, they simply rotate to the next in the sequence, a tactic known as sequential number grouping that keeps operations running without interruption.

Cisco Talos found that six of the ten largest campaigns detected during the study period relied entirely on VoIP infrastructure. Sinch was identified as the most commonly abused CPaaS provider, referring to communications-platform-as-a-service companies offering programmable APIs for voice and messaging. These platforms are built for automation and high call volumes, which makes them attractive and widely exploited tools for large-scale scam operations.

The reuse patterns are equally calculated. Of 1,962 unique phone numbers analyzed, 68 were reused across multiple consecutive days. Scammers often apply a cool-down period, pausing a number for several days before bringing it back into a new campaign. This timing is designed to outlast update cycles of third-party reputation services, which can take days to distribute fresh intelligence.

Recycling Lures to Stay Under the Radar

One of the most telling tactics Cisco Talos documented is the recycling of the same phone number across completely unrelated lures. A single number might appear in emails posing as an order confirmation, a subscription renewal, and a financial alert all within a short span. This deliberate variation in lure type helps attackers avoid patterns that automated filters would otherwise quickly detect.

In one campaign, the same number was embedded in both HEIC and PDF attachment formats, showing how attackers avoid relying on a single delivery method. HEIC files, commonly associated with iPhone photos, were used to bypass traditional file-type detection while maintaining high image quality. Talos confirmed seeing campaigns with even broader attachment variety, underscoring just how adaptable these threat actors have become.

Security and telecom teams are advised to move beyond email sender filtering, which grows less effective as senders cycle rapidly through disposable domains. Talos recommends treating phone numbers as primary indicators of compromise and applying clustering techniques to connect seemingly unrelated campaigns that share the same phone infrastructure. Real-time reputation monitoring across communication channels and active collaboration between telecom providers are among the most effective steps toward stopping these organized scam networks.

Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.

The post Scammers Use Short-Lived VoIP Numbers and Reuse Windows to Defeat Reputation-Based Blocking appeared first on Cyber Security News.

A sophisticated China-linked hacker group known as UAT-8302 has been quietly targeting government agencies across South America and southeastern Europe, using a mix of custom malware and widely available open-source tools to steal sensitive data.

The group has been active since at least late 2024 and stepped up its operations against government bodies in southeastern Europe through 2025. Their goal is clear: get in, stay hidden, and walk out with as much information as possible.

What makes UAT-8302 particularly dangerous is its ability to blend in. By pairing legitimate cloud services and open-source tools with custom-built malware, the group makes it harder for defenders to separate genuine network activity from a hostile intrusion.

The attackers display a high level of patience, conducting deep and methodical reconnaissance on every endpoint they can reach before pushing further into the target environment. This careful, deliberate approach is widely recognized as a hallmark of state-sponsored threat operations targeting high-value government infrastructure.

Researchers at Cisco Talos identified UAT-8302 as a China-nexus advanced persistent threat group tasked primarily with gaining and maintaining long-term access to government and related entities around the world.

Talos analysts assessed with high confidence that the group shares tooling with several previously disclosed China-nexus clusters, including a threat cluster they track as LongNosedGoblin. The overlap in tools and techniques points to a close operational relationship between these groups.

UAT-8302’s Custom Malware Arsenal

The post-compromise activity follows a familiar and thorough playbook. Once inside a network, the group collects credentials, gathers Active Directory information, and maps out the entire environment before deploying additional malware.

Tools like Impacket, custom PowerShell scripts, and open-source scanning engines are used to discover every reachable endpoint. This approach ensures that attackers fully understand the scope of the environment they now control before deciding on their next move.

The variety of malware families deployed by UAT-8302 shows the group has access to a well-stocked toolkit. The group deploys NetDraft, a .NET-based backdoor linked to the FinDraft and SquidDoor family, alongside an updated version of the CloudSorcerer backdoor and the VSHELL implant. In one documented intrusion, the group also deployed SNAPPYBEE and ZingDoor together, a tactic independently highlighted by Trend Micro in 2024 reporting on similar China-linked activity.

NetDraft is one of the most notable tools in UAT-8302’s arsenal. It is delivered through a DLL side-loading technique where a benign executable loads a malicious DLL-based loader, which then decodes and runs NetDraft within an existing process on the compromised system.

The malware uses the Microsoft Graph API to communicate with its OneDrive-based command-and-control server, allowing it to blend into normal cloud traffic and avoid detection. Talos tracks the embedded helper library used by NetDraft as “FringePorch.”

CloudSorcerer version 3 behaves differently depending on which process it runs inside. If injected into “dnapimg.exe,” it collects system details and pivots into explorer.exe to receive commands through a named pipe channel.

If running inside “spoolsv.exe,” it contacts a GitHub repository to pull down command-and-control information. This shape-shifting behavior makes detection harder for conventional security tools. Talos also noted the use of SNOWRUST, a Rust-based variant of the SNOWLIGHT stager seen in intrusions attributed to other China-nexus clusters.

Open-Source Tools and Lateral Movement

UAT-8302 relies heavily on open-source tools when moving through compromised networks. After gaining initial access, the group runs scanning tools including gogo, naabu, httpx, and PortQry to map services across internal networks and discover new systems to pivot toward.

Credentials are harvested from MobaXterm sessions and Active Directory using tools like adconnectdump.py and SharpGetUserLoginRDP.

To maintain persistent backdoor access, the group deploys Stowaway, a proxy tunneling tool written in Simplified Chinese, routing outside traffic into infected hosts within the enterprise. SoftEther VPN clients were also observed in use.

Government agencies should keep endpoint detection tools updated to flag these threat signatures, monitor outbound traffic to cloud platforms like OneDrive and GitHub for unusual patterns, and regularly audit scheduled tasks and DLL side-loading behavior across all managed endpoints.

Indicators of Compromise (IoCs):-

Type	Indicator	Description
SHA256	1139b39d3cc151ddd3d574617cf11360812785019 7e9695fef0b6d78df82d6ca	NetDraft / FringePorch
SHA256	e56c49f42522637f401d15ac2a2b6f3423bfb2d5d37d071f0172ce9dc688d4b	NetDraft / FringePorch
SHA256	51f0cf80a56f322892eed3b9f5ecae45f143132360 0edbaea5cd1f28b437f6f2	NetDraft / FringePorch
SHA256	35b2a5260b21ddb145486771ec2b1e4dc1f5b7f2275309e139e4abc1da0c614b	VSHELL
SHA256	199bd156c81b2ef4fb259467a20eacaa9d861eeb2 002f1570727c2f9ff1d5dab	VSHELL
SHA256	071e662fc5bc0e54bcfd49493467062570d0307dc46f0fb51a68239d281427c6	ZingDoor
SHA256	74098b17d5d95e0014cf9c7f41f2a4e4be8baefc2b0eb42d39ae05a95b08ea5	gogo
SHA256	2b627f6afe1364a7d0d832ccba87ef33a8a39f30a70a5f395e2a3cb0e2161cb3	gogo
SHA256	7c593ca40725765a0747cc3100b43a29b88ad1708ef77e915ab02686c0153001	Stowaway
SHA256	f859a67ceebc52f0770a222b85a5002195089ee442eac4bea761c29be994e2ea	Stowaway
SHA256	7d9c70fc36143eb33583c30430dcb40cf9d306067594cc30ffd113063acd6292	anypoxy
SHA256	57GER1bb59491f7289b94ab0130d7065d74d2459a802a7550ebf8cd0828f0a09c4d38	PortQry scan tool
SHA256	843f8aea7842126e906cadbad8d81fa456c184fb5372c6946978a4fe115edb1c	DracuLoader
SHA256	4109f15056414f25140c7027092953264944664480dd53f086acb8e07d9fccab7	SoftEther VPN
SHA256	3dec6703b2cbc6157eb67e80061d27f9190c8301c9dd60eb0be1e8b096482d7e7	SoftEther VPN
SHA256	9f115e9b32111e4dc29343a2671ab10a2b38448657b24107766dc14ce528fceb	SharpGetUserLoginRDP
SHA256	b19bfca2fc3fdabf0d0551c2e66be895e49f92aedac56654b1b0f51ec66e74042	SharpGetUserLoginRDP
SHA256	45cd169bf9cd7298d972425ad0d4e98512f29de4560a155101ab7427e4f4123f4	PortQry
SHA256	fb6cebadd49d202c8c7b5cdd641bd16aac8258429e8face365a94bd32e253b00	PortQry
Domain	www[.]drivelivelime[.]com	NetDraft C2 domain
URL	hxxps[://]www[.]drivelivelime[.]com/x	NetDraft C2 URL
URL	hxxps[://]www[.]drivelivelime[.]com/p	NetDraft C2 URL
Domain	msiidentity[.]com	C2 domain
URL	hxxps[://]msiidentity[.]com/pw	C2 URL
Domain	trafficmanagerupdate[.]com	C2 domain
URL	hxxp[://]trafficmanagerupdate[.]com/index[.]php	C2 URL
Domain	update-kaspersky[.]workers[.]dev	C2 domain (Cloudflare Worker)
IP Address	85[.]209[.]156[.]3	Stowaway proxy / C2 server
URL	hxxp[://]85[.]209[.]156[.]3:8080/wagent[.]exe	Malware download URL
URL	hxxp[://]85[.]209[.]156[.]3:8082/wagent[.]exe	Malware download URL
IP Address	185[.]238[.]189[.]41	C2 server
IP Address	103[.]27[.]108[.]55	C2 server
IP Address	38[.]54[.]32[.]244	Malware staging server
URL	hxxp[://]38[.]54[.]32[.]244/Rar[.]exe	RAR archive download
IP Address	45[.]140[.]168[.]62	C2 server
IP Address	88[.]151[.]195[.]133	C2 server
IP Address	156[.]238[.]224[.]82	C2 server
IP Address	45[.]135[.]135[.]100	C2 server (anypoxy)

Note: IP addresses and domains are intentionally defanged (e.g., [.]) to prevent accidental resolution or hyperlinking. Re-fang only within controlled threat intelligence platforms such as MISP, VirusTotal, or your SIEM.

Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.

The post UAT-8302 Uses Custom Malware and Open-Source Tools to Steal Data From Government Agencies appeared first on Cyber Security News.

WatchGuard has released urgent security updates to address multiple high-severity vulnerabilities affecting the WatchGuard Agent on Windows.

The most critical of these flaws allows authenticated local attackers to escalate their privileges to the highest system level, granting them complete control over the compromised machine.

Additional vulnerabilities discovered in the software include network-based buffer overflows that can trigger severe denial-of-service conditions.

Chained Local Privilege Escalation

The most severe security advisory, WGSA-2026-00013, highlights two vulnerabilities: CVE-2026-6787 and CVE-2026-6788.

These flaws, with a high CVSS score of 8.5, involve chained agent service vulnerabilities in the Windows client.

When an attacker successfully links these exploits together, they can execute a local privilege escalation attack to gain NT AUTHORITY\SYSTEM access.

Obtaining this level of unrestricted access enables threat actors to turn off security monitoring tools, deploy persistent malware, extract sensitive endpoint data, or create new hidden administrative accounts.

Another significant privilege escalation vulnerability, tracked as CVE-2026-41288, holds a CVSS score of 7.3.

This specific flaw stems from an incorrect permission assignment within the patch management component of the WatchGuard Agent.

An authenticated local user can exploit this structural misconfiguration to seamlessly elevate their privileges from a standard user to SYSTEM level.

This indicates that even a highly restricted, low-privileged employee account could fully compromise the local endpoint device if the software remains unpatched.

Alongside the privilege escalation risks, WatchGuard engineers also addressed two stack-based buffer overflow vulnerabilities residing in the agent’s discovery service.

Tracked under CVE-2026-41286 and CVE-2026-41287, both vulnerability variants carry a CVSS score of 7.1.

Unlike the privilege escalation bugs, which require local access, these overflow flaws allow unauthenticated attackers situated on the same local network to send specially crafted requests that overflow memory buffers.

A successful exploit immediately crashes the agent service, causing a denial-of-service state that temporarily blinds the endpoint’s security management and monitoring capabilities, potentially paving the way for further network attacks.

According to the official WatchGuard advisories, all four vulnerabilities impact the WatchGuard Agent on Windows versions up to and including 1.25.02.0000.

WatchGuard explicitly notes that there are currently no available mitigations or technical workarounds to prevent exploitation without applying the official software patch.

To protect endpoint environments against both local privilege escalation and network-based service disruptions, cybersecurity organizations and IT administrators should immediately update their fleets to WatchGuard Agent on Windows version 1.25.03.0000.

Cybercriminals now enter through your suppliers instead of your front door – Free Webinar

The post WatchGuard Agent Vulnerabilities Let Attackers Grant Full SYSTEM Privileges on Windows appeared first on Cyber Security News.

Five dangerous vulnerabilities in Redis expose Redis Cloud, Redis Software, and all open-source community editions to potential remote code execution, giving authenticated attackers a direct path to compromise affected systems.

All require authenticated access to exploit, but successful exploitation can lead to arbitrary code execution, full system compromise, data exfiltration, or service disruption.

The advisory, released on May 5, 2026, was published by Riaz Lakhani as part of Redis’s continued security initiatives. Four flaws were rated High severity with CVSS scores of 7.7, while one received a Medium severity score of 6.1.

Redis RCE Vulnerabilities

CVE-2026-23479 is a use-after-free vulnerability in the unblock client flow.

When a blocked client is evicted while re-executing a blocked command, the code fails to handle the error returned by processCommandAndResetClient, allowing an authenticated user to trigger a use-after-free condition and potentially execute remote code.

CVE-2026-25243 affects the Redis RESTORE command. An authenticated user can trigger an invalid memory access by sending a specially crafted serialized payload, potentially leading to arbitrary code execution within the Redis server context.

Independent researcher Emil Lerner discovered the double-free variant, and Joseph Surin identified an integer overflow and out-of-bounds read in VectorSets.

CVE-2026-25588 and CVE-2026-25589 are closely related flaws in the RESTORE command when used with the RedisTimeSeries and RedisBloom modules, respectively.

Both allow authenticated attackers to trigger invalid memory accesses via crafted serialized payloads, resulting in the same RCE impact.

Joseph Surin, John Stephenson, and Annie Nie discovered the TimeSeries flaw; Daniel Firer and Joseph Surin identified multiple RedisBloom issues, including out-of-bounds reads and writes, integer overflow, and heap buffer overflow.

CVE-2026-23631 is a medium-severity Lua use-after-free flaw. An authenticated user can exploit the master-replica synchronization mechanism to trigger the vulnerability.

It specifically affects Redis replicas configured with replica-read-only disabled and exists across all Redis versions with Lua scripting enabled. Researcher Yoni Sherez (@yoyosh__) discovered this flaw.

All Redis Cloud deployments have already been patched with no customer action required. For self-managed deployments, all Redis OSS/CE releases are affected. The following fixed versions have been released:

Redis OSS/CE: 6.2.22, 7.2.14, 7.4.9, 8.2.6, 8.4.3, and 8.6.3. Redis Software versions up to and including 8.0.6 are impacted, with fixes available in builds 8.0.10-64, 7.22.2-79, 7.8.6-253, 7.4.6-279, and 7.2.4-153.

Module-specific fixes include RedisTimeSeries v1.12.14, v1.10.24, v1.8.23, and RedisBloom v2.8.20, v2.6.28, v2.4.23.

How to Protect Your Redis Instance

Redis confirms there is no evidence of active exploitation in the wild as of publication.

However, organizations running self-managed instances should act immediately. Key mitigations include:

Upgrading to the latest fixed release is the primary remediation step. Downloads are available at redis.io/downloads.

Beyond patching, administrators should restrict network access using firewalls and network policies to allow only trusted sources.

Strong authentication must be enforced across all instances, and Redis protected-mode should remain enabled in CE and OSS deployments.

User permissions should follow the principle of least privilege, limiting access to potentially dangerous commands.

Indicators of potential exploitation include unauthorized access attempts, unexplained server crashes with Lua engine stack traces, anomalous command execution by the redis-server user, and unexpected changes to Redis configuration or persistent files.

Several vulnerabilities were discovered through Wiz’s ZeroDay.Cloud platform in partnership with Redis.

Reflecting the growing role of collaborative bug bounty and vulnerability research programs in proactively securing widely deployed open-source infrastructure.

Cybercriminals now enter through your suppliers instead of your front door – Free Webinar

The post Critical Redis Vulnerabilities Enables Remote Code Execution Attacks appeared first on Cyber Security News.

A critical zero-day vulnerability in Palo Alto Networks PAN-OS software has been actively exploited by a likely state-sponsored threat actor since at least April 2026, the company revealed in a security advisory published on May 6, 2026.

Tracked as CVE-2026-0300, the flaw is a buffer overflow vulnerability residing in the User-ID Authentication Portal, also known as the Captive Portal service of PAN-OS, and it allows an unauthenticated remote attacker to execute arbitrary code with root privileges on PA-Series and VM-Series firewalls by sending specially crafted network packets.

The vulnerability enables unauthenticated remote code execution (RCE) against internet-facing PAN-OS deployments where the User-ID Authentication Portal is exposed to untrusted networks.

Upon successful exploitation, attackers can inject shellcode directly into an nginx worker process, granting them deep, persistent access to the underlying system. Prisma Access, Cloud NGFW, and Panorama appliances are not affected.

Risk is significantly elevated when the Authentication Portal is publicly reachable, making network segmentation and access restriction the most immediate mitigation step.

Palo Alto Networks’ Unit 42 threat intelligence team is tracking exploitation activity under the cluster designation CL-STA-1132, attributed to a likely state-sponsored actor.

The campaign timeline reveals a deliberate, methodical approach beginning April 9, 2026, when unsuccessful exploitation attempts were logged against a PAN-OS device.

One week later, the attackers successfully achieved RCE and injected shellcode. Immediately following the compromise, they conducted aggressive log destruction, clearing crash kernel messages, deleting nginx crash entries and records, and removing crash core dump files to impair forensic detection.

Four days after initial compromise, the attackers deployed multiple tools with root privileges and began Active Directory enumeration using service account credentials harvested from the firewall, targeting the domain root and DomainDnsZones.

Evidence of ptrace injection and SetUserID (SUID) privilege-escalation binaries was subsequently deleted from audit logs to further reduce their footprint.

On April 29, 2026, the attackers executed a SAML flood attack against the first compromised device, causing a secondary device to be promoted to Active status, inheriting the same internet-facing traffic configuration.

RCE was then achieved on this second device by downloading and deploying two open-source tunneling tools.

Earthworm and ReverseSocks5 for Post-Exploitation

The attackers relied exclusively on publicly available tooling rather than on proprietary malware, a deliberate choice that minimized the likelihood of signature-based detection.

EarthWorm, an open-source network tunneling tool written in C supporting Windows, Linux, macOS, and ARM/MIPS platforms, was used to establish covert SOCKS5 proxy tunnels and multi-hop cascaded network paths (MITRE ATT&CK T1090, T1572).

Earthworm has previously been linked to threat clusters including Volt Typhoon, APT41, UAT-8337, and CL-STA-0046.

ReverseSocks5 was used to establish outbound connections from compromised devices to an attacker-controlled controller, bypassing firewall and NAT restrictions to route traffic into the internal network via a SOCKS5 proxy tunnel.

Organizations should take one of the following immediate actions. First, restrict User-ID Authentication Portal access exclusively to trusted internal zones, and disable Response Pages in the Interface Management Profile on any L3 interface reachable from untrusted or internet-facing traffic. Second, if the Authentication Portal is not operationally required, disable it entirely.

Indicators of Compromise

Indicator	Type	Description
67.206.213[.]86	IP Address	Attacker Infrastructure
136.0.8[.]48	IP Address	Attacker Infrastructure
146.70.100[.]69	IP Address	C2 Staging Server
149.104.66[.]84	IP Address	Attacker Infrastructure
hxxp[:]//146.70.100[.]69:8000/php_sess	URL	EarthWorm Download URL
hxxps[:]//github[.]com/Acebond/ReverseSocks5/releases/download/v2.2.0/ReverseSocks5-v2.2.0-linux-amd64.tar[.]gz	URL	ReverseSocks5 Download URL
e11f69b49b6f2e829454371c31ebf86893f82a042dae3f2faf63dcd84f97a584	SHA-256 Hash	EarthWorm Binary
Safari/532.31 Mozilla/5.5 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Edg/138.0.0.0	User Agent	Attacker User Agent String
/var/tmp/linuxap, /var/tmp/linuxda, /var/tmp/linuxupdate	File Path	Tunneling Tool Artifacts
/tmp/.c	File Path	Unidentified Python Script
/tmp/R5, /var/R5	File Path	ReverseSocks5 Binary Paths

Cybercriminals now enter through your suppliers instead of your front door – Free Webinar

The post Palo Alto Networks Firewall Zero-Day RCE Vulnerability Exploited in the Wild Since April appeared first on Cyber Security News.

Hackers are using fake Google ads to steal login credentials from ManageWP users, GoDaddy’s popular platform for managing WordPress websites from a single dashboard. The campaign, which researchers have dubbed “WrongPress,” plants a fraudulent sponsored search result directly above the real ManageWP listing, trapping users before they even realize something is wrong.

ManageWP is widely used by web developers, digital agencies, and enterprises who need to oversee dozens or even hundreds of client websites at once. Because a single account can control that many sites, stealing one set of credentials gives an attacker a massive foothold into an entire web portfolio.

According to WordPress.org, the ManageWP Worker plugin is active on more than one million websites, making the stakes extraordinarily high.

The attack begins the moment a user types “managewp” into Google. The malicious sponsored result appears at the very top of the page, sitting right above the legitimate one.

Researchers at Guardio Labs were the first to identify this campaign and raise the alarm, warning that even cautious users could fall for the trap simply because the fake result appears so convincingly placed.

Still Google for your account login? Beware not to "WrongPress"!
We found yet another Google Ads phish, this time abusing search results for ManageWP, GoDaddy's WordPress admin platform. The fake result sits right on top of the real one, and one click later you're in an AiTM… pic.twitter.com/RtBTN0L5PE

— Guardio Labs (@GuardioLabs) May 6, 2026

What makes this campaign especially difficult to spot is that the fake login page is a near-perfect copy of the real ManageWP screen. There are no obvious red flags for the average user. By the time a victim types their username and password, those credentials have already been silently sent to an attacker-controlled Telegram channel.

Hackers Abuse Google Ads

Guardio Labs confirmed at least 200 unique victims at the time of writing and has been actively reaching out to alert those affected. The research team also managed to infiltrate the attacker’s command-and-control infrastructure, giving them a rare look at the full scale of how this operation runs in real time.

The infection chain is built to dodge Google’s ad review systems and the suspicion of real users alike. When a victim clicks the malicious ad, they first pass through a cloaker, a tool that filters out automated inspectors while letting genuine users through. This step helps the attackers conceal who actually authorized the sponsored result and avoid triggering Google’s ad inspection mechanisms.

Once the cloaker approves a genuine visitor, they are redirected to a fake ManageWP login page where the adversary-in-the-middle, or AiTM, technique takes over. The attacker’s server acts as a live go-between, forwarding stolen credentials to the real ManageWP platform in real time.

The victim is then shown a fake prompt asking for their two-factor authentication code, which the attacker uses simultaneously to complete the actual login, rendering 2FA completely useless.

The operation is managed through a command-and-control server that gives the attacker a live dashboard for steering ongoing phishing sessions. Guardio Labs noted the kit appears to be a private framework rather than a commodity tool sold on underground forums. Embedded in the code was also a Russian-language disclaimer in which the author denies responsibility for illegal activity and prohibits targeting systems based in Russia.

The Broader Risk to WordPress Site Owners

The danger here extends far beyond a single stolen password. Because ManageWP is a centralized hub, one compromised account can hand an attacker control over hundreds of websites simultaneously. Guardio Labs head researcher Nati Tal confirmed that each account typically hosts hundreds of sites, meaning attackers could inject malware, redirect traffic, or harvest visitor data at a sweeping scale.

Security experts advise avoiding sponsored search results when navigating to login pages for services you use regularly. Bookmarking the official URL or typing it directly into the browser address bar is a far safer habit. Users should also monitor their accounts for unexpected logins and consider adopting phishing-resistant authentication methods, such as hardware security keys, where supported.

The WrongPress campaign is a reminder that even routine actions like Googling a login page can carry serious risk. As attackers grow more creative with search advertising abuse, verifying where a link actually leads before clicking has never mattered more.

Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.

The post Hackers Abuse Google Ads to Steal Users GoDaddy ManageWP login Credentials appeared first on Cyber Security News.

A new wave of fraudulent Android apps quietly racked up millions of downloads on Google Play before being taken down. These apps, now tracked under the name CallPhantom, promised users something irresistible: the ability to look up the call history of any phone number. What they actually delivered was nothing more than fake data and a very real financial loss.

The scheme worked by exploiting a simple but powerful hook. People are naturally curious about who has called a specific number, and these apps claimed to deliver that information instantly.

Users were shown what looked like partial results and then prompted to pay to unlock the full call history. That history was entirely fabricated right from the start.

Researchers at WeLiveSecurity identified and reported 28 such fraudulent applications on the Google Play Store.

Their analysis found the apps had been cumulatively downloaded over 7.3 million times before Google removed them following ESET’s disclosure in December 2025.

The apps primarily targeted Android users in India and the broader Asia-Pacific region. Many came with India’s country code pre-selected and supported UPI, a payment system widely used across India. A screenshot of the fabricated call history data was even included in the app’s Play Store listing, presented as proof the app actually worked.

Fake Call History Apps on Google Play

Despite looking different on the surface, all 28 apps shared the same core purpose: generate fake communication data and charge victims for access. Subscription packages ranged from weekly to yearly, with the highest price reaching up to $80.

The CallPhantom apps fell into two main clusters. The first group had hardcoded names, country codes, and call log templates embedded directly in their code. These were combined with randomly generated phone numbers and shown to users as partial results, pushing them to pay to see more.

The second cluster asked users to enter an email address, claiming the retrieved call history would be delivered there. No data was generated until after payment, and even then, nothing real was ever sent. The apps had no actual capability to access call logs, SMS records, or WhatsApp data from any device.

This shows how deeply the deception was built into the code, with fixed names and timestamps baked in before the app ever reached a user’s phone.

Three payment methods appeared across the apps. Some used Google Play’s official billing system. Others redirected users to third-party UPI apps, with payment details either hardcoded or fetched dynamically from a Firebase real-time database, letting operators swap receiving accounts at will.

A third method embedded payment card checkout forms directly inside the app, violating Google Play’s payments policy and making refunds significantly harder.

Bypassing Refunds and Staying Under the Radar

One of the most deliberate tactics used by CallPhantom was steering users toward payment channels Google could not reverse. When payments went through third-party UPI apps or direct card entry inside the app, Google had no ability to cancel transactions or issue refunds. Victims were left fully dependent on external payment providers or the scam developers themselves.

In at least one case, the app sent deceptive notifications styled as email alerts, falsely claiming call history results had arrived. Tapping the notification led straight to a subscription screen, keeping the pressure on even after users had exited without paying.

Anyone who subscribed through Google Play’s official billing system may be eligible for a refund, as existing subscriptions were canceled when the apps were removed. Requests must fall within Google’s allowed refund window. For purchases made outside Google Play, contacting the payment provider or card issuer directly to dispute the charge is the recommended step.

The most practical protection is verification before downloading. Checking developer credibility, reading user reviews carefully, and staying skeptical of apps claiming to access private data belonging to other people are all steps that help avoid traps like these.

Indicators of Compromise (IoCs):-

Type	Indicator	Description
SHA-1 Hash	799AA5127CA54239D3D4A14367DB3B712012CF14	all.callhistory.detail.apk — Android/CallPhantom
SHA-1 Hash	56A4FD71D1E4BBA2C5C240BE0D794DCFF709D9EB	calldetaila.ndcallhisto.rytogetan.ynumber.apk — Android/CallPhantom
SHA-1 Hash	EC5E470753E76614CD28ECF6A3591F08770B7215	callhistoryeditor.callhistory.numberdetails.calleridlocator.apk — Android/CallPhantom
SHA-1 Hash	77C8B7BEC79E7D9AE0D0C02DEC4E9AC510429AD8	com.all_historydownload.anynumber.callhistorybackup.apk — Android/CallPhantom
SHA-1 Hash	9484EFD4C19969F57AFB0C21E6E1A4249C209305	com.any.numbers.calls.history.apk — Android/CallPhantom
SHA-1 Hash	CE97CA7FEECDCAFC6B8E9BD83A370DFA5C336C0A	com.anycallinformation.datadetailswho.callinfo.numberfinder.xapk — Android/CallPhantom
SHA-1 Hash	FC3BA2EDAC0BB9801F8535E36F0BCC49ADA5FA5A	com.app.call.detail.history.apk — Android/CallPhantom
SHA-1 Hash	B7B80FA34A41E3259E377C0D843643FF736803B8	com.basehistory.historydownloading.xapk — Android/CallPhantom
SHA-1 Hash	F0A8EBD7C4179636BE752ECCFC6BD9E4CD5C7F2C	com.call.detail.caller.history.xapk — Android/CallPhantom
SHA-1 Hash	D021E7A0CF45EECC7EE8F57149138725DC77DC9A	com.call.of.any.number.apk — Android/CallPhantom
SHA-1 Hash	04D2221967FFC4312AFDC9B06A0B923BF3579E93	com.callapp.historyero.apk — Android/CallPhantom
SHA-1 Hash	CB31ED027FADBFA3BFFDBC8A84EE1A48A0B7C11D	com.calldetails.smshistory.callhistoryofanynumber.apk — Android/CallPhantom
SHA-1 Hash	C840A85B5FBAF1ED3E0F18A10A6520B337A94D4C	com.callhistory.anynumber.chapfvor.history.xapk — Android/CallPhantom
SHA-1 Hash	BB6260CA856C37885BF9E952CA3D7E95398DDABF	com.callhistory.calldetails.callerids…callhistorymanager.apk — Android/CallPhantom
SHA-1 Hash	55D46813047E98879901FD2416A23ACF8D8828F5	com.callhistory.callhistoryany.call.apk — Android/CallPhantom
SHA-1 Hash	E23D3905443CDBF4F1B9CA84A6FF250B6D89E093	com.callhistory.callhistoryyourgf.apk — Android/CallPhantom
SHA-1 Hash	89ECEC01CCB15FCDD2F64E07D0E876A9E79DD3CE	com.callinformative.instantcallhistory…callinfo.xapk — Android/CallPhantom
SHA-1 Hash	8EC557302145B40FE0898105752FFF5E357D7AC9	com.cddhaduk.callerid.block.contact.xapk — Android/CallPhantom
SHA-1 Hash	6F72FF58A67EF7AAA79CE2342012326C7B46429D	com.easyranktools.callhistoryforanynumber.apk — Android/CallPhantom
SHA-1 Hash	28D3F36BD43D48F02C5058EDD1509E4488112154	com.getanynumberofcallhistory…findcalldetailsofanynumber.xapk — Android/CallPhantom
SHA-1 Hash	47CEE9DED41B953A84FC9F6ED556EC3AF5BD9345	com.chdev.callhistory.xapk — Android/CallPhantom
SHA-1 Hash	9199A376B433F888AFE962C9BBD991622E8D39F9	com.name.factor.apk — Android/CallPhantom
SHA-1 Hash	053A6A723FA2BFDA8A1B113E8A98DD04C6EEF72A	com.pdf.maker.pdfreader.pdfscanner.apk — Android/CallPhantom
SHA-1 Hash	4B537A7152179BBA19D63C9EF287F1AC366AB5CB	com.phone.call.history.tracker.apk — Android/CallPhantom
SHA-1 Hash	87F6B2DB155192692BAD1F26F6AEBB04DBF23AAD	com.pixelxinnovation.manager.apk — Android/CallPhantom
SHA-1 Hash	583D0E7113795C7D68686D37CE7A41535CF56960	com.rajni.callhistory.apk — Android/CallPhantom
SHA-1 Hash	45D04E06D8B329A01E680539D798DD3AE68904DA	com.sbpinfotech.findlocationofanynumber.xapk — Android/CallPhantom
SHA-1 Hash	34393950A950F5651F3F7811B815B5A21F84A84B	sc.call.ofany.mobiledetail.apk — Android/CallPhantom
IP Address	34.120.160[.]131	Firebase-hosted C2 IP, Google LLC, first seen 2025
IP Address	34.120.206[.]254	Firebase-hosted C2 IP, Google LLC, first seen 2025
Domain	call-history-7cda4-default-rtdb.firebaseio[.]com	Firebase real-time database used for C2 communication
Domain	call-history-ecc1e-default-rtdb.firebaseio[.]com	Firebase real-time database used for C2 communication
Domain	ch-ap-4-default-rtdb.firebaseio[.]com	Firebase real-time database used for payment URL delivery
Domain	chh1-ac0a3-default-rtdb.firebaseio[.]com	Firebase real-time database used for payment URL delivery

Note: IP addresses and domains are intentionally defanged (e.g., [.]) to prevent accidental resolution or hyperlinking. Re-fang only within controlled threat intelligence platforms such as MISP, VirusTotal, or your SIEM.

Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.

The post 28 Fake Call History Apps on Google Play with 7.3M+ Downloads Trick Users to Steal Payments appeared first on Cyber Security News.

A fresh wave of malicious packages has been quietly spreading through the NuGet ecosystem, one of the most widely used registries in the .NET developer world. Five rogue packages have been discovered posing as legitimate Chinese software libraries, secretly stealing browser credentials, SSH private keys, and cryptocurrency wallet data.

The attack takes a clever approach. Instead of creating obviously suspicious packages, the threat actor built each malicious library on top of real, functional code that developers in Chinese enterprise environments would recognize.

By mimicking trusted tools like AntdUI, a popular WinForms component library, the packages appear legitimate enough to pass casual inspection.

Researchers at Socket.dev identified all five packages, published under a single NuGet account named bmrxntfj. The packages accumulated approximately 64,784 downloads across all versions, placing tens of thousands of developer machines and CI/CD build systems at risk. The campaign traces back to at least September 2025, with all five packages still live at the time of writing.

What makes this campaign persistent is the version rotation technique the operator used. Out of 224 total versions published, 219 were deliberately hidden from public search. By keeping only one version visible while regularly swapping in fresh ones, the attacker invalidated hash-based detection and forced security teams to constantly update their blocklists.

Any developer workstation or build server that ran a package restore referencing these five IDs has potentially been exposed since late 2025. That long lifespan and high download count make this one of the more quietly damaging supply chain threats discovered this year.

Malicious NuGet Packages

The payload fires through a .NET module initializer, which the runtime calls automatically when a matching assembly loads. No user interaction is needed beyond a routine package restore. Once triggered, the malware uses JIT hooking to replace the compiler’s dispatch pointer, gaining control over every method compiled afterward.

A second-stage infostealer named we4ftg.exe then executes. It targets saved credentials across 12 Chromium-based browsers including Chrome, Edge, Brave, Firefox, and Opera, collecting passwords, autofill data, session cookies, and payment cards. It handles both legacy and AppBound Chrome encryption formats, confirming the payload has been recently maintained.

Cryptocurrency assets are a major focus. Browser extension wallets including MetaMask, TronLink, Phantom, Trust Wallet, and Coinbase Wallet are targeted, along with desktop applications like Exodus, Electrum, Atomic, Guarda, Ledger, and Binance. SSH private keys, Outlook profiles, Steam credentials, and files from Documents, Desktop, and Downloads are also collected.

All harvested data is staged under a folder path mimicking a legitimate Microsoft OneDrive directory. Legitimate OneDrive never creates a file by that specific name, making its presence a clear detection signal. Data is then sent to a command-and-control server registered 33 days before the NuGet publishing burst began.

C2 Infrastructure and Attribution

The primary C2 domain resolves to a server in Amsterdam operated through a virtual hosting provider. Its nameservers run through Njalla, a privacy registrar frequently used by threat actors to obstruct takedown requests. The domain was engineered to resemble a legitimate DNS provider so it would blend into routine firewall logs.

A secondary domain linked to an Alibaba Cloud server in Shanghai appears to host the attacker’s development environment. It produced no hits in public malware databases and was not observed receiving stolen data.

Attribution was confirmed through a unique RSA-1024 key embedded in every .NET Reactor-protected package. That same key appeared in four other malicious files on VirusTotal, including memory dumps predating the NuGet campaign by weeks. Labels on those files point to known malware families including Lumma, Quantum, AgentRacoon, and ArrowRAT.

Developers should immediately check project and lock files for any reference to IR.DantUI, IR.Infrastructure.Core, IR.Infrastructure.DataService.Core, IR.iplus32, or IR.OscarUI. Any machine that restored these packages should be treated as compromised, with all credentials, API keys, SSH keys, and wallet seeds rotated. Security teams should configure alerts for connections to the known C2 domain and watch for unexpected file creation at the OneDrive staging path.

Indicators of Compromise (IoCs):-

Type	Indicator	Description
NuGet Package	IR.DantUI	Malicious package impersonating AntdUI
NuGet Package	IR.Infrastructure.Core	Malicious package impersonating Chinese enterprise library
NuGet Package	IR.Infrastructure.DataService.Core	Malicious package impersonating Chinese enterprise library
NuGet Package	IR.iplus32	Malicious package impersonating iplus32 library
NuGet Package	IR.OscarUI	Malicious package impersonating Chinese UI library
NuGet Account	bmrxntfj	Threat actor publisher account
Domain	dns-providersa2[.]com	Primary C2 domain (registered 2026-03-12)
URL	https://dns-providersa2[.]com/check	C2 beacon and operator validation endpoint
URL	https://dns-providersa2[.]com/upload	Exfiltration upload endpoint
IP Address	62[.]84[.]102[.]85	VDSINA VPS, ASN 216071, Amsterdam
Domain	git[.]justdotrip[.]com	Operator development infrastructure (Alibaba Cloud Shanghai)
IP Address	47[.]100[.]60[.]237	Alibaba Cloud Shanghai, operator dev server
Nameserver	1-you.njalla[.]no	Njalla nameserver for C2 domain
Nameserver	2-can.njalla[.]in	Njalla nameserver for C2 domain
Nameserver	3-get.njalla[.]fo	Njalla nameserver for C2 domain
File Path	C:\ProgramData\Microsoft OneDrive\keys.dat	Malware staging path for harvested data
File Name	we4ftg.exe	Second-stage infostealer binary
File Name	s4.exe	Rip-scraper memory dump (live stealer capture)
SHA-256	e1869d6571894f058dd4ab2b66f060628dc364ee8e29afbd2323c95e5002fb8e	s4.exe hash
SHA-256	8f7aa15c77bde94087bb74dfc072e25212797b313731b4cad0ded3e152268dcf	we4ftg.exe hash
SHA-256	34e2d63b5db7e24c808711c2ca0c0a42afde97a0086d7d81609110c002d18d7c	IR.DantUI v2.1.55 encrypted stage-2 resource
SHA-256	b8543b2a1ad8862ebfef18924cf5444d2adfee996939963f4fc2748c582cf9a9	IR.Infrastructure.Core v2.1.55 encrypted stage-2 resource
SHA-256	b8fa1b2fade45304c003909e375d2519ea447b498b7d93fe7c50db014d30f4fa	IR.Infrastructure.DataService.Core v2.1.55 encrypted stage-2 resource
SHA-256	019e6c2cf58386039133981f3377b085fbd70c98ae8613c7c6a4f10a9f2d9824	IR.iplus32 v2.1.55 encrypted stage-2 resource
SHA-256	596c453c9dbb7240f1ce05cc025496524ce7c538c23a9b2171174bf32b5691a1	IR.OscarUI v2.1.55 encrypted stage-2 resource
Chrome Extension ID	nkbihfbeogaeaoehlefnkodbefgpgknn	MetaMask wallet extension
Chrome Extension ID	ibnejdfjmmkpcnlpebklmnkoeoihofec	TronLink wallet extension
Chrome Extension ID	bfnaelmomeimhlpmgjnjophhpkkoljpa	Phantom wallet extension
Chrome Extension ID	egjidjbpglichdcondbcbdnbeeppgdph	Trust Wallet extension
Chrome Extension ID	hnfanknocfeofbddgcijnmhnfnkdnaad	Coinbase Wallet extension
Git Commit Hash	efb675de4b3af3dac3c9cae91075fd7cc2f4f98e	Shared commit hash across campaign packages
NuGet Tag	Iplusus	Shared package tag used across campaign

Note: IP addresses and domains are intentionally defanged (e.g., [.]) to prevent accidental resolution or hyperlinking. Re-fang only within controlled threat intelligence platforms such as MISP, VirusTotal, or your SIEM.

Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.

The post Malicious NuGet Packages Target Browser Credentials, SSH Keys, and Crypto Wallets appeared first on Cyber Security News.

VM2 has been hit by 11 critical vulnerabilities, putting countless applications that rely on it at risk of executing untrusted code.

Affecting all versions up to 3.11.1, each flaw provides attackers with a clear path out of the sandbox and into the host system, with full command execution capabilities. Worse, two of the eleven remain completely unpatched.

vm2 is a Node.js npm package that executes untrusted JavaScript inside an isolated container, powering everything from code execution platforms and CI pipelines to plugin engines and multi-tenant cloud services.

Its entire security model rests on one promise: keep malicious code inside, keep the host safe. Researchers have now shredded that promise across eleven distinct techniques, exposing just how thin the walls of that container truly were.

The library’s core promise that code running inside a VM instance cannot reach the host system has been fundamentally broken by these disclosures, with all vulnerabilities enabling full remote code execution (RCE) on the underlying host.

vm2 Node.js Library Vulnerabilities

Among the most severe issues is CVE-2026-24118, which exploits __lookupGetter__ behavior to escape the sandbox. At the same time, CVE-2026-24120 bypasses Promise species protections to execute commands via child_process.execSync.

Another flaw, CVE-2026-24781, abuses Node.js’ util module. Inspect internals to expose raw host objects and bypass VM2’s proxy isolation layer.

Newer JavaScript features also introduced attack paths. CVE-2026-26332 leverages DisposableStack and SuppressedError mechanics in Node.js v24 to expose the host Function object.

CVE-2026-26956 targets Node.js v25 using a WebAssembly try_table instruction that bypasses vm2’s sanitization entirely. Researchers demonstrated full root-level code execution through this technique.

Additional vulnerabilities exploit prototype chains and module loading logic. CVE-2026-43997 and CVE-2026-44006 abuse util. Inspect and prototype traversal to achieve sandbox escapes.

CVE-2026-43999 bypasses vm2’s built-in module restrictions using Module._load(), even when child_process is explicitly blocked.

Prototype pollution also remains a serious concern. CVE-2026-44005 allows attackers to modify shared host prototypes, such as Object. prototype and Function. prototype, potentially impacting the entire Node.js process.

A dangerous configuration flaw tracked as GHSA-8hg8-63c5-gwmx revealed that enabling nesting: true effectively defeats require: false, allowing sandboxed code to create unrestricted inner VMs and achieve full RCE despite security restrictions.

Most concerning, two critical vulnerabilities, CVE-2026-44008 and CVE-2026-44009, remain unpatched in versions up to 3.11.1.

These flaws exploit how array species are handled and exception logic to expose host-side objects and regain unrestricted access to the host Function constructor.

CVE ID	Affected Versions	Patched Version
CVE-2026-24118	≤ 3.10.4	3.11.0
CVE-2026-24120	≤ 3.10.3	3.10.5
CVE-2026-24781	≤ 3.10.3	3.11.0
CVE-2026-26332	≤ 3.10.4	3.11.0
CVE-2026-26956	3.10.4	3.10.5
CVE-2026-43997	≤ 3.10.5	3.11.0
CVE-2026-43999	3.10.5	3.11.0
CVE-2026-44005	3.9.6–3.10.5	3.11.0
CVE-2026-44006	≤ 3.10.5	3.11.0
CVE-2026-44008	≤ 3.11.1	No patch available
CVE-2026-44009	≤ 3.11.1	No patch available
—	≤ 3.11.0	3.11.1

According to reports published by patriksimek on GitHub, the eleven vulnerabilities highlight ongoing weaknesses in vm2’s sandbox security model, putting applications that execute untrusted code at significant risk.

Operators should immediately upgrade VM2 to version 3.11.1 to address all currently patched vulnerabilities.

For CVE-2026-44008 and CVE-2026-44009, no fix is available, and teams should consider disabling VM2-based sandboxing altogether, replacing it with kernel-level isolation technologies such as Docker, gVisor, or Firecracker microVMs.

Developers must avoid the nesting: true option and wildcard built-in configurations, such as ['*', '-child_process'], in any environment running untrusted code.

Given the sheer volume and diversity of these bypass techniques, spanning JavaScript prototype manipulation, WebAssembly exception handling, Promise species overwriting, and built-in module loading.

vm2’s JavaScript-only isolation model should be considered fundamentally insufficient for high-security use cases.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post Critical vm2 Node.js Library Vulnerabilities Enables Arbitrary Code Execution Attacks appeared first on Cyber Security News.