Search This Blog

Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Latest News

Free VPNs and Streaming Apps Turn Your Device Into a Criminal Proxy

  Free VPNs and streaming apps are quietly transforming everyday devices into tools for cybercriminals. Unwitting users are allowing their i...

All the recent news you need to know

Council of Europe Data Breach Exposes Records of 10000 Employees After ShinyHunters Leak


 

Council of Europe is investigating a major data breach following the public release of approximately 297 GB of sensitive employee data by cybercriminal group ShinyHunters following the expiration of a ransom deadline. 

An archive has been leaked that contains information regarding more than 10,000 current and former employees, contractors, and job applicants dating from 15 years ago. As one of Europe's leading human rights organizations since 1949, the Council of Europe has been an official observer at the United Nations since 1949. It represents 46 member states and is a central force in promoting democracy, human rights, and the rule of law throughout Europe. 

Since the information it holds is sensitive, the breach of confidentiality is particularly significant. As reported by ShinyHunters, more than 429,000 files, including personnel data, were obtained from multiple Council departments, including human resources and administrative units. This was one of the largest breaches of personal data involving an intergovernmental organization in Europe. 

Information available indicates that payroll records, bank account information, medical information, tax information, social security information, salary histories, personnel files, and thousands of CVs were exposed. Due to the large size of the dataset, identity theft, financial fraud, and highly targeted phishing are significantly more likely to occur. It has been reported that the breach is related to CVE-2026-35273, a critical 9.8-severity zero-day vulnerability affecting Oracle PeopleSoft's Environment Management Hub (PSEMHUB). 

According to security researchers, the vulnerability allowed attackers to execute arbitrary code remotely without authentication. According to Google's Mandiant team, more than 100 organizations had actively exploited the vulnerability prior to Oracle's release of security guidance. Using the zero-day vulnerability in combination with older vulnerabilities, ShinyHunters obtained persistent access, migrated laterally through compromised environments, and exfiltrated data while posing as legitimate users. 

The exploit was conducted between May 27 and June 9, before mitigations were available. ShinyHunters has also altered its extortion strategy significantly following the Council of Europe declining to meet the ransom demand. In response to the Council's refusal to pay the ransom, ShinyHunters announced it would permanently distribute stolen datasets through multiple mirror sites and torrent networks, thereby reducing the likelihood of future takedown efforts.

In addition, the incident adds to the growing number of campaigns involving ShinyHunterS Researchers have recently linked the group to attacks targeting multiple organizations, while Google's threat intelligence team has linked the group's latest activity to widespread exploitation of the Oracle PeopleSoft zero-day vulnerability before mitigations were available. 

According to a brief statement issued by the Council of Europe, the organization was "investigating the matter and assessing the situation." Further comment was not provided. The organization has not yet announced a formal notification process or measures to protect individuals' identities. Zero-day exploitation and data extortion campaigns are becoming increasingly prevalent, with public disclosure increasingly taking precedence over traditional ransomware encryption. 

The threat of persistent leak strategies is increasing, which is why organizations are being urged to strengthen vulnerability management, accelerate patch deployment, and improve incident response to minimize both institutions and individuals' long-term risks.

Critical Bugs In Cursor IDE via Zero-Click Prompt Injection Can Launch RCE


CATO AI labs discovered two critical flaws in the famous AI code editor ‘Cursor’ that could result in remote code execution (RCE) outside the IDE’s sandbox. 

Duneslide

The IDE is employed by more than half of the Fortune 500. Both RCE flaws, called “DuneSlide,” were given a 9.8 CVSS score. The security bugs are tracked as CVE-2026-50548 and CVE-2026-50549.

The bugs demonstrated how prompt injection can move beyond the LLM layer and reveal classical bugs in code paths that were earlier not thought of as part of the attack surface.

A threat actor can exploit either of these bugs to overwrite critical system files (such as cursorsandbox binary), changing sandboxed comments into unsandboxed RCE and resulting in a full system hack on both the victim device and linked SaaS workspaces.

Key takeaways

Bugs found: Cato AI Labs found two separate, critical bugs in Cursor IDE, resulting in non-sandboxed RCEs on the victim’s system.

Arbitrary file write through prompt injection: Via zero-click prompt injection, these bugs could let a threat actor use zero-click prompt injections to write arbitrary files on the target’s local system.

Escaping sandbox and RCE: If leveraged, a threat actor can jump out of the terminal sandbox and attain a full RCE and a complete device exploit.

Zero-click attack vector: The exploit doesn’t need any prior user privileges or particular interaction. It is prompted when a target makes an “makes an innocuous prompt that inadvertently ingests a threat actor-controlled payload from an untrusted source, such as an MCP server or a web search result,” Cato AI Labs reported.

First vulnerability: Parameter altering

The first bug surfaces from how the sandbox creates its security boundaries based on tool parameters. If a sandbox command is executed, Cursor creates a seatbelt policy that allows writing into the present working directory.

This means that a remote hacker cannot command the working directory of a sandboxed operation because coding agents are a unique part of software. But, in this bug, a prompt injection works as the passageway to that part of the code.

Second vulnerability: Symlink failure

The second vulnerability is fully independent of the first and exists in Cursor’s file path resolution edge instances.  It allows hackers to avoid beyond-limits write restrictions via symbolic links.

In most traditional software, an external hacker cannot remotely generate symlinks on the target's system.  In this scenario, a prompt injection changed the Cursor agent to a bridgehead for non-trivial activities that end in a full system compromise. 

JadePuffer Uses AI to Streamline End to End Ransomware Operations


 

Researchers have discovered the first ransomware intrusion conducted almost entirely by an autonomous large language model (LLM) agent, further demonstrating how generative AI and cybercrime are convergent. 

Sysdig researchers were able to detect the campaign by analyzing an attack linked to the JadePuffer threat actor that exploited a critical vulnerability in Langflow to gain initial access. Following reconnaissance, credential harvesting, privilege escalation, lateral movement, persistence, and encryption of data, an AI agent was able to conduct these activities independently. 

Instead of operating as a scripted automation tool, the agent demonstrated an ability to assess its environment, recover from failed actions, and dynamically adjust its approach throughout the intrusion, which highlights a significant shift toward AI-assisted offensive operations with minimal direct human intervention.

During the intrusion, CVE-2025-3248 was exploited, which was a critical unauthenticated remote code execution vulnerability in Langflow that enabled arbitrary Python code execution when the deployment was exposed to the internet. Although patched in April and later added to CISA's Known Exploited Vulnerabilities catalog following active exploitation, internet-exposed Langflow instances remained attractive targets because they commonly stored cloud credentials, API tokens, and application secrets. 

The AI-driven operation then systematically extracted Langflow's PostgreSQL database and profiled the compromised host before expanding its reconnaissance to connected MinIO object storage, enumerating environment variables and sensitive configuration files, and harvesting available credentials. When an API returned XML instead of the expected JSON, the agent automatically adjusted its parsing logic and continued enumeration without manual intervention. 

The operation also established persistence through a cron job configured to contact attacker-controlled infrastructure every 30 minutes. Once persistence and reconnaissance were established, the AI agent moved to the destructive phase of the attack by dynamically refining its execution in response to its environment of target. 

A Sysdig analysis found that the ransomware model modified payloads to satisfy authentication checks, verified that User Defined Functions (UDFs) were present, and signaled that work had been completed before initiating ransomware activity. By using MySQL's AES_ENCRYPT() function, all 1,342 Nacos service configuration records were encrypted, the original configuration_info and history tables were removed, and a README_RANSOM table was created containing the extortion message, Bitcoin payment address, and Proton Mail contact information for negotiations. 

Although the ransom note claimed AES-256 encryption, Sysdig assessed the implementation more closely resembled AES-128 in ECB mode. In addition, the encryption key was generated locally, but was neither retained nor transmitted to attackers' infrastructure.

The researchers also noted the Bitcoin wallet embedded in the ransom instructions matched a public documentation address, suggesting that the LLM reproduced this address from its training data rather than generating an operational payment destination for the ransom. Each captured payload included an explanation in natural language explaining how the actions were carried out, demonstrating the agent's ability to interpret system feedback, diagnose errors, and revise its logic, rather than relying on repetitive scripted retries, throughout the intrusion.

Aside from rapid troubleshooting execution failures, Sysdig also documented the agent's ability to interpret error responses and alter its approach in real time. The model was observed to correct an unsuccessful authentication attempt within 31 seconds by identifying the root cause of the failure rather than repeating the same steps over and over again. There were over 600 distinct payloads recorded throughout the intrusion, which each reflected deliberate progression through sequential attack stages rather than static automation. 

A Bitcoin wallet incorporated into the ransom note was an unresolved anomaly, which precisely matched an address published in Bitcoin developer documentation, an address which is well known for its use. 

Investigators were unable to determine whether the address was reproduced from the training data or if it was deliberately selected by the operator since both references are readily available in technical resources. It is also indicative of a larger evolution in cyber operations assisted by artificial intelligence during the past year. Earlier claims of AI-powered ransomware, including PromptLock, were ultimately linked to controlled research rather than active criminal operations. 

The use of generative artificial intelligence in operational situations has become increasingly evident in recent incidents. Anthropic previously disclosed the use of its Claude Code assistant in extortion against at least 17 organizations under human supervision in an extortion campaign, followed by a largely autonomous state-linked espionage operation using artificial intelligence to develop exploits and facilitate data theft. 

Operator involvement was limited. Similar fabricated credentials were also observed in the JadePuffer campaign, reinforcing the possibility that the unusual Bitcoin addresses observed may have been the result of model hallucinations rather than deliberate malicious intent. Collectively, these incidents demonstrate the ways in which artificial intelligence is automating discrete phases of sophisticated intrusion, reducing the expertise and effort normally required to conduct large-scale offensive operations. 

From a defensive perspective, Sysdig recommends maintaining established security practices. Langflow deployments should be fully patched against CVE-2025-3248 and code execution interfaces should not be exposed directly to the internet. Secrets should be stored in dedicated secrets managers rather than accessible runtime environments. Additionally, the company recommends replacing default signing keys, restricting public exposure, preventing database connections from root accounts, as well as enforcing outbound network controls so that compromised hosts are not able to communicate with command and control systems.

According to Sysdig, autonomous agents are able to detect and exploit new vulnerabilities within hours of their disclosure, which makes runtime detection and behavioral monitoring equally critical as timely patch management.

It was reported by the researchers that indicators of compromise associated with the campaign were released in support of incident response efforts, including the use of CVE-2025-3248 as the initial entry vector, command-and-control infrastructure located at 45.131.66[.]106 with an ongoing beacon program, and a staging server located at 64.20.53[.]230. There are three ransom artifacts associated with the ransom attack, namely the table README_RANSOM, the wallet 3J98t1WpEZ73CNmQviecrnyiWrnqRhWNLy, and the email address e78393397[@]proton[.]me. 

JadePuffer is not regarded by Sysdig as introducing fundamentally new attack techniques, but the researchers consider it to be an important indicator of where offensive capabilities are heading. Creating an environment where autonomous AI agents can individually combine familiar exploitation methods into complete intrusion chains, making every exposed application server, configuration repository, and administrative interface available to the internet a far more attractive target than before. 

The evolution of ransomware has reached an important turning point with the launch of JadePuffer, as autonomous artificial intelligence agents are now capable of executing complex attacks without human assistance. 

AI infrastructure should be secured, credentials exposed to the internet must be rigorously managed, and runtime detection capabilities should be strengthened to identify adaptive behavior before it progresses into a full-scale compromise. With artificial intelligence-assisted attacks on the rise, proactive resilience is as important as rapid patching.

New Bad Epoll Bug Impacts Android and Linux, Allows Root Access


A recently found Linux kernel vulnerability called ‘Bad Epoll’ (CVE-2026-46242) allows an ordinary person without any special privilege to take complete command of a device as a root. This has impacted Linux systems, Android, and servers, and a patch is out to address the flaw. 

Bad Epoll was discovered in the same kernel code where Anthropic’s famous AI model, Mythos, discovered another vulnerability. 

The AI flagged one flaw but missed Bad Epoll. Expert Jaeyoung Chung discovered this one.

About Bad Epoll

Epoll is a Linux feature that allows a program to watch various network connections and files at once. You cannot switch it off as web browsers, network services, and servers, all rely on it.

The flaw is a ‘use-after-free’ bug, where two parts of the kernel clean up the same internal object at once. One cleans the memory while the other one writes it. This small friction allows hackers to attack kernel memory, then rise upward to root.

Detecting the bug

Timing is the catch. A random attempt nearly never lands in the window where the two pathways intersect since it is just roughly six machine instructions wide. On testing platforms, Chung's attack expands that window and tries again without crashing, achieving root roughly 99% of the time.

It is more serious since, according to his account, it can be triggered from within Chrome's renderer sandbox, which prevents nearly all other kernel problems, and it can reach Android, which is not possible with other Linux privilege bugs.

Chung sent the flaw as a zer0-day to Google’s kernelCTF program, and full details can be found on his Github. There are no indications that hackers have used it in real-time. At present, an android variant of compromise exists and the only working code is the kernelCTF PoC.

History of the bug

These two flaws go back to a single 2023 modification to the epoll code. According to Chung, Mythos discovered the first two, now labelled as CVE-2026-43074, with an early patch in 2026.

Additionally, Anthropic said that Mythos discovered linux kernel privilege-escalation bugs, but it did not relate the findings with Bad Epoll. Finding the first one was difficult as race-condition flaws are difficult to detect. But why did the AI miss the second flaw? 

Chung offers two likely reasons:

Small timing window

Lack of evidence during runtime 

North Korean PolinRider Campaign Spreads Malicious Packages Across npm, Go, Chrome, and Packagist

 

North Korean threat actors behind the Contagious Interview campaign have been observed persistently targeting software supply chains by distributing more than 100 malicious packages and browser extensions. Researchers note that the PolinRider campaign is targeting software developers and those in the cryptocurrency space by leveraging popular open-source repositories and developer tools. 

The cybersecurity researchers at Socket have discovered 108 unique malicious packages and browser extensions, resulting in 162 release artifacts. Within the discovered malicious code, the researchers have identified 19 npm packages, 10 Packagist (Composer) libraries, 61 Go modules, and one Google Chrome extension. Researchers note that the threat actors continue to compromise developer accounts and push out malicious code updates each time they gain access to a software repository. 

Researchers have linked the PolinRider campaign to the Contagious Interview supply chain attack, which has been actively targeting developers since at least 2023. In most cases, North Korean hackers impersonate recruiters or business partners on social media platforms and code repositories, luring targets into installing malicious software during the interview process. 

The PolinRider threat group was first detected this year when cybersecurity analysts identified hundreds of GitHub repositories with hidden JavaScript code that downloads an updated version of the BeaverTail malware. According to the researchers, almost 2000 GitHub repositories and 1000+ unique owners have been compromised by the PolinRider campaign as of April 2026. 

Researchers suggest that attackers are not compromising the GitHub servers directly but rather hijacking developer accounts on the platform. The initial access to the developer accounts is achieved through either the domain takeover or account recovery process. Attackers compromise the developers’ Visual Studio Code accounts or npm account, where they then install a malicious Visual Studio Code extension or an npm package. 

After the initial compromise, the attackers’ BeaverTail malware searches the project directory for the most common JavaScript configuration files and other relevant files such as Tailwind CSS, Next.js, Babel, and ESLint files. It then stealthily inserts malicious code into the files. Additionally, the malware tampers with the Git commit history to hide its tracks by overwriting commit messages and timestamps. 

The latest updates to the BeaverTail malware now download the second stage of encrypted payloads from the blockchain network. Attackers have been observed using TRON, Aptos, and BNB Smart Chain blockchain networks to host the payloads. The decrypted payloads then deploy remote access malware, including DEV#POPPER RAT and OmniStealer, to exfiltrate data from the compromised systems. Researchers recommend that developers who have installed any of the compromised packages should treat their systems as compromised.

The users should update their compromised accounts, including SSH keys and tokens, from a different machine if possible. Additionally, the developers should delete the malicious versions of the packages and re-install the project dependencies using a trusted package manager lock file. Lastly, the developers should review their commits, tasks, and files for any suspicious activities or unauthorized changes.

AI-Powered Antivirus: How Next-Gen Software Predicts and Stops Threats

 

Antivirus software has undergone a profound transformation, shifting from reactive signature matching to proactive behavior prediction. Where traditional tools once relied on databases of known malware fingerprints, modern solutions now leverage machine learning, behavioral analysis, and real-time monitoring to identify suspicious activity before an attack fully unfolds. This evolution is essential as cybercriminals deploy polymorphic code, fileless malware, and zero-day exploits faster than legacy defenses can adapt. 

Historically, antivirus programs functioned like a bouncer checking IDs against a blacklist of known troublemakers. If a file matched a stored signature, it was blocked; if not, it slipped through undetected. This model worked when malware evolved slowly, but today’s threat landscape moves at lightning speed. Polymorphic malware mutates its code with each infection, metamorphic variants rewrite themselves entirely, and zero-day attacks exploit freshly discovered vulnerabilities before patches exist. Signature databases, while still useful, increasingly lag behind the pace of malicious innovation, leaving systems exposed to novel or rapidly changing threats. 

Modern antivirus flips the script by focusing on behavior rather than identity. It monitors API calls, memory access patterns, encryption bursts, and unusual network traffic to spot anomalies. For instance, a process that suddenly begins locking files across a network, disabling security services, or contacting unfamiliar servers at odd hours raises red flags—even if it has no known signature. This behavior-first approach is critical against ransomware and fileless attacks that operate in memory or hijack legitimate tools to avoid detection. Anomaly detection establishes a baseline of “normal” system activity and alerts on deviations, enabling early intervention before damage spreads. 

Machine learning supercharges this capability by training models on vast datasets of both clean and malicious files. These algorithms learn subtle patterns linked to malware—suspicious code structures, odd execution paths, or risky permission requests—and assign risk scores to files and processes. Decision trees, support vector machines, and neural networks each contribute to layered evaluations that reduce false negatives for unseen threats. Companies like Microsoft, CrowdStrike, and SentinelOne deploy such models at scale, continuously refining them with telemetry from millions of endpoints. The result is a system that generalizes from past attacks to catch new ones, even without an exact signature match. 

The ultimate aim is prediction: intercepting malware in its earliest stages using sandboxing, dynamic analysis, and integration with broader security stacks like endpoint detection and response (EDR). Suspicious files are detonated in isolated environments to observe their behavior safely, while EDR tools trace attack chains across networks. Yet AI is a double-edged sword—attackers also use it to craft evasive malware that adapts to detection systems. False positives and privacy concerns from heavy telemetry remain challenges. For most users, built-in tools like Microsoft Defender and Apple’s XProtect offer strong baseline protection, but layered security and user vigilance against phishing are still essential.

Featured