Search This Blog

Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Latest News

GhostApproval Symlink Codes Could Run Malicious Codes in AI Coding Agents

Cyber security experts at Wiz discovered that a bug in six famous AI coding assistants allows a booby-trapped code project to silently take ...

All the recent news you need to know

Phishing Campaign Targets Marketing Professionals Using Fake Job Interviews from Top Global Brands

 

A sophisticated phishing campaign is targeting marketing professionals by posing as recruiters from more than 30 globally recognized brands, including Adobe, Netflix, Coca-Cola, OpenAI, Adidas, and Marriott. The attackers aim to steal Google account credentials by luring victims into fake job interview processes.

According to cybersecurity intelligence and threat hunting company Team Cymru, the operation exploits legitimate cloud-based platforms such as PeopleForce, a human resources service, and domains linked to Salesforce Marketing Cloud before redirecting users to malicious websites. To make the scam appear authentic, the threat actors are also using the names and profile pictures of actual recruiters from the companies they impersonate.

Will Thomas, senior advisor at Team Cymru, investigated the campaign and found that the phishing emails present themselves as recruitment messages. As he noted, the emails appear to be from “a recruiter looking to hire people for marketing roles.”

The investigation revealed that attackers have registered at least 34 domains designed to mimic prominent organizations across multiple industries. These include airlines and travel companies such as American Airlines, Booking.com, Delta Air Lines, and United Airlines; food and beverage giants Coca-Cola, PepsiCo, and Red Bull; fashion and luxury brands Adidas, Louis Vuitton, Sephora, and Levi’s; consulting and technology firms including Adobe, Aquent, ManpowerGroup, McKinsey & Company, and OpenAI; hospitality and marketing companies Marriott and Omnicom Group; as well as entertainment and sports brands like FIFA and Netflix.

Researchers found that the attackers rely on a technique known as nested redirects, where users are routed through several legitimate online services before ultimately reaching a fraudulent webpage. Although the phishing emails appear to originate from PeopleForce, the embedded links resolve to the exct[.]net domain, which is operated by Salesforce following its acquisition of ExactTarget, now known as Salesforce Marketing Cloud.

From there, victims are redirected through Wise Agent, a cloud-based customer relationship management (CRM) platform for real estate professionals, before arriving at the phishing website.

BleepingComputer reported that the campaign has been active for at least five months. Earlier versions reportedly used Outlook email addresses carrying the names of the companies being impersonated.

In one example, a phishing email claiming to be from Adidas recruiter Paulina Manzo invited recipients to schedule a discussion regarding a potential job opportunity. Clicking the scheduling link redirected users to the fraudulent domain adidas-hiring[.]com.

To proceed with booking the interview, victims are instructed to sign in with their Google accounts. Selecting the “Continue with Google” option launches what appears to be a genuine Google authentication window. However, the pop-up is actually created using HTML and CSS within the phishing page itself, a deception technique known as browser-in-the-browser (BitB).

By leveraging modern web development methods, attackers can closely replicate legitimate authentication prompts, making it difficult for users to distinguish fake login windows from real ones.

Researchers emphasized that the misuse of legitimate platforms does not necessarily indicate those services have been compromised. Instead, threat actors may have created valid accounts specifically for the campaign or used compromised credentials to configure redirect chains and phishing pages.

A complete list of the malicious domains associated with the campaign has been published in Will Thomas' GitHub analysis.

Mount Royal University says hackers stole and deleted files following June cyberattack





Mount Royal University (MRU) has confirmed that threat actors stole data and deleted files after breaching the university's network in a cyberattack that continues to affect recovery efforts weeks after the incident.

In an update published on its website, the Calgary-based public university said the attack occurred on June 17 and that internal technical teams are working alongside external cybersecurity specialists to investigate the intrusion, determine its full scope, and restore affected systems.

The cyberattack disrupted a wide range of university services, including internet connectivity, online platforms, and several internal systems used across campus. Recovery efforts remain ongoing, with the university warning that restoring all affected services may take several weeks or, in some cases, months.

According to the university's investigation, attackers gained unauthorized access to data stored on the institution's "H drive," a file storage system used by students and employees. Investigators have confirmed that files stored within certain folders were accessed and exfiltrated before the attackers deleted the original copies, a move that has further complicated recovery operations.

"We regret to inform our community that our investigation has now shown that data within certain folders on the University's 'H drive' was accessed and taken by an unauthorized actor," the university said in its advisory.

MRU said the affected folders contained information relating to current and former students, current and former employees, as well as other individuals whose data was stored within the impacted environment. The university has not yet disclosed the exact categories of information exposed or the total number of people affected.

The investigation also found that attackers deleted data stored on a separate departmental file storage system known as the "J drive." While the university said there is currently no evidence that information from the J drive was accessed or copied before it was erased, officials cautioned that recovering the deleted data remains an ongoing process and acknowledged that a complete restoration may not be possible.

The university has reported the incident to the Alberta Information and Privacy Commissioner and notified law enforcement authorities. Officials added that determining the precise impact for each affected individual will take time because the deletion of files has made forensic analysis more complex. Individuals whose information is confirmed to have been affected will receive direct notifications as the investigation progresses.

Responsibility for the attack has been claimed by the cybercrime group CMD Organization, which has published samples of what it alleges is stolen university data, including passport scans and other sensitive documents.

The group is demanding a ransom of 30 Bitcoin, valued at approximately $1.9 million at current exchange rates, and has reportedly given the university six days to respond before releasing additional data. CMD Organization also appears to operate an auction-based extortion model, advertising exclusive access to stolen datasets for the highest bidder through both clear web and dark web leak sites. At the time of writing, the group lists approximately 30 organizations on its extortion portal.

Founded more than a century ago, Mount Royal University currently serves about 11,560 students, including roughly 12,500 undergraduate learners.

As recovery work continues, the university said it will provide additional updates as more information becomes available. MRU is also offering two years of credit monitoring and identity theft protection to current employees and individuals who have worked at the university within the past five years.

AI Agent Executes End-to-End Ransomware Attack Without Human Intervention, Researchers Say

 

Cybersecurity researchers have uncovered what they believe is the first ransomware attack conducted by an autonomous artificial intelligence agent which they named JADEPUFFER. It is notable because the AI performed all stages of the attack, from targeting and compromising the system to installing and using ransomware, without requiring any human input. 

The researchers noted that JADEPUFFER targeted a vulnerability in the open-source application Langflow which was used to design and build various AI applications and tools. The vulnerability was already patched but many internet-facing instances of the application remained unpatching, giving the AI agent an entry point. Many such instances host API keys, cloud service credentials, and database tokens, making them an attractive target for bad actors.

After compromising the target, the AI agent began scanning the system for any valuable information, including cloud service credentials, wallet addresses, API keys, and database passwords. It also located a storage server which had default administrator credentials. Researchers noted that JADEPUFFER used this server as a foothold to pivot to other systems on the network. 

The AI agent managed to establish persistence on the compromised system by implanting a backdoor which sent out requests to a remote command and control server. It then lateraled to the production database server and used the administrative privileges to exploit another vulnerability in the system configuration service. 

It then created its own administration account in the server using a default signing key and altered other configurations in the system. JADEPUFFER proceeded to encrypt over 1300 configuration entries, deleting them before encrypting more data and displaying a ransom note demanding payment in Bitcoins. However, the researchers noted that the ransomware used a randomly generated encryption key which was only viewable once. 

In addition, the ransomware did not store or transmit the decryption key in any way, meaning that the victims would be unable to recover their data even if they paid the ransom. In addition to encrypting data, JADEPUFFER also deleted several databases after claiming that it had backed up the data elsewhere. However, researchers at Sysdig found no evidence that the data had been successfully backed up or transferred. This indicated that the attackers might have been trying to extort more money from the victims, potentially by threatening to delete all data or hinder recovery efforts. 

The researchers concluded that the ransomware attack was performed by an artificial intelligence due to the nature of certain observed behaviors. They noted that most of the ransomware’s behaviors were documented in natural language within the malware’s code, a practice common in many large language models. Additionally, the AI was able to resolve some of its own errors, such as failed authentication attempts, without requiring human intervention. The researchers estimated that over 600 discrete actions had been taken by the AI during the attack. 

The researchers added that while many of the techniques used by JADEPUFFER had been seen in other ransomware attacks, the fact that an autonomous AI agent had been able to use them in succession to launch a major ransomware attack was notable. They believe that such an attack has significant implications for the future of ransomware attacks, as it reduces the level of expertise needed to launch such an attack and allows attacks to occur at a much faster rate than would otherwise be possible. 

The researchers recommended that organizations reduce the risk of falling victim to similar attacks by ensuring that all software is updated to the latest versions, keeping administration systems offline when possible, protecting cloud service credentials, and monitoring systems for signs of unauthorized automated activity. Sysdig noted that JADEPUFFER was a warning about the potential threat posed by agentic AI ransomware in the future as the technology becomes more advanced.

Fake Paysafe and Skrill SDKs on npm and PyPI Steal Developer Credentials

 

A coordinated supply-chain attack has compromised developers by distributing 17 malicious packages on npm and PyPI that impersonate legitimate SDKs for Paysafe, Skrill, and Neteller payment services. These packages were designed to silently exfiltrate sensitive credentials, including API keys, AWS tokens, GitHub secrets, and npm tokens, to a command-and-control server hosted on Amazon Web Services. 

The threat actor published these fake SDKs with names closely resembling official payment integration libraries, such as paysafe-checkout, skrill-payments, and paysafe-api. While the packages expose expected APIs and return fake success responses to avoid detection, their real purpose is credential theft. The embedded malware scans the compromised environment for secrets and exfiltrates them to the attacker's server. 

Security researchers at Socket identified 13 malicious npm packages and four PyPI packages in this campaign. The npm packages were released in four versions (1.0.0 to 1.0.3), while the PyPI packages had only one malicious version (1.0.0). The full list includes well-known names like paysafe-js, paysafe-fraud, skrill-sdk, neteller, and paysafe-kyc. Developers who installed any of these packages risked having their secrets stolen, especially if they were working on payment integration projects for these services. The data theft module in the npm packages attempts exfiltration only if a Paysafe API key is present and activates when the fake SDK is called. The PyPI packages automatically activate the data theft routine upon initialization and do not require a Paysafe API key to be present at all. 

The malware incorporates basic anti-analysis features to avoid detection in sandboxed or virtualized environments. For instance, it halts execution if it detects fewer than two CPU cores or if the hostname or username suggests a virtual machine. To detect potential compromise, organizations should search their dependency trees for the listed package names and scan CI/CD logs for PAYSAFE_API_KEY in combination with these packages. Denying requests for these packages at the registry proxy level is also recommended to prevent accidental installation. If any of the listed packages were installed, developers are recommended to immediately rotate all secrets on any machine that imported or executed this package. 

The researchers also advise searching dependency trees for the package names used in the campaign and deny any requests for them at the registry proxy level. It is also recommended to look in the logs of Continuous Integration (CI) systems for PAYSAFE_API_KEY in combination with any of the listed package names. Additionally, teams should audit their project dependencies and CI/CD pipelines to ensure no traces of these malicious packages remain. Staying vigilant and verifying package sources before installation remains crucial to avoiding similar supply-chain attacks in the future. This incident highlights the growing sophistication of attackers targeting open-source repositories and the critical need for robust software supply-chain security practices. 

Developers must remain cautious when integrating third-party libraries into their projects, especially those related to financial services and payment processing. The use of automated dependency scanning tools and regular security audits can help identify and mitigate risks associated with malicious packages. Furthermore, organizations should implement strict access controls and monitoring for their CI/CD environments to detect and respond to potential credential theft attempts quickly. By adopting a proactive security posture and staying informed about emerging threats, the developer community can better protect itself against evolving supply-chain attacks.

Rogue Agent Bug Could Have Let Attackers Hack AI Conversations


A critical vulnerability in Google’s Dialogflow could have let a hacker exploit other Code-Block-enabled agents via one Code Block-power agent, in one Google Cloud project.

After this, the attacker could read chats, steal user data, and command bots to send hacker-written texts such as re-entering a password.

Discovery of the bug

Cyber security firm Varonis discovered the tactic and called it ‘Rogue Agent.’ The bug impacted only businesses that make agents with custom Code Blocks and Dialogflow’s Playbooks, which allows hackers to add their own Python. The attack was not remote, or unauthorized.

For the attack to happen, it required the dialogflow.playbooks.update green light one such agent, which restricts the hacker to an infected insider or a breached developer account, not some stranger on the web. From that point, the reach extended to every agent inside the project.

Google has patched the bug, and Varonis and Google have said there are no signs that the flaw was deployed in a real attack or campaign.

Single writable file prompted each agent Code Blocks

Dialogflow’s Code Blocks allows developers to add custom Python to a chatbot’s flow to test input, invoke defined tools, and control behavior. 

The code runs within a Google-operated Cloud Run environment, and every agent that uses Code Blocks in the similar Google Cloud project shares one incident of it. The customer cannot control or see the environment that Google runs, meanwhile Varonis discovered no real separation between the agents within it.

Attack tactic

When the agent runs a Code Block, the code is added to internal setup code and sent to Python’s exec()function. The functions and variables that block can touch are defined by the setup. 

Functions consist(), which makes the bot reply with a given string, whereas variables consist of a history of full chats and state for session information such as the session ID.

Varonis discovered code_execution_env.py, the file that does this wrapping, lying in the shared environment with write access. 

As the file was writable, a single Code Block could change it. The block downloads an altered code_execution_env.py from a threat actor-controlled server and overwrites the original within the running container.

After that, the attacker’s variant commands every Code Block deployment throughout every agent that shares the environment. The attacker’s code sits in the same place as the real code, with similar access to respond(), state, and history, 

Accenture Confirms Cyber Breach as Hacker Lists Alleged Company Data


 

Accenture, a global IT services firm, has confirmed experiencing a cybersecurity breach as a threat actor claimed to have stolen company data and was offering it for sale on a cybercrime forum. The breach claim was made in relation to the dataset which was offered for sale on July 6 on a cybercrime forum for the cryptocurrency Monero (XMR).

According to the listing, the stolen documents originated from Accenture's internal environment, and were described as an "Accenture Data Breach." A threat actor claiming to be "888" reported that in July 2026, more than 35 gigabytes of data were exfiltrated from Accenture's systems. This confirmation follows the allegations by the threat actor. It is possible that the exposed source code and cloud credentials could pose broader security risks if they are authentic, giving unauthorized access to development environments, cloud infrastructures, or software repositories. 

However, no public evidence is available to indicate whether the alleged credentials remain valid or have been misused. An Azure DevOps repository associated with an Accenture domain has been claimed to be accessed by the threat actor, according to a screenshot that the threat actor has published to support this claim. However, the extent and authenticity of the alleged data have not been independently verified. 

Accenture confirmed the security incident, but did not verify the threat actor's claims regarding the reported 35 gigabytes of stolen data or the alleged content of the dataset. Additionally, the company has not disclosed how the attackers gained access, whether any customer information was compromised, or whether any of the credentials exposed remain active.

In addition, Accenture declined to disclose how the attackers gained access to the company or whether customer information had been compromised. This incident follows prior claims of cybersecurity breaches involving Accenture. The same threat actor claimed in 2024 that employee data had been compromised as a result of a third-party breach. 

Accenture later dispute the scale of these claims, stating its review revealed that only limited employee information had been discovered and no evidence of compromises to its own systems or customer environments. It was also targeted by the LockBit ransomware group in 2021. Earlier, in 2021, the company announced a breach following a LockBit ransomware attack. 

Cybercriminals are increasingly using underground marketplaces to monetize stolen corporate data, which highlights the continued risks organizations face from credential theft and source code exposure. Additional information regarding the extent of the breach and potential consequences for customers remains unknown as investigations continue.

Investigations are ongoing, but it remains unclear what the full scope of the incident is. Accenture has confirmed that a security breach occurred but has stated that operations remain unaffected. However, questions remain regarding the authenticity of the alleged dataset, the means by which the data was compromised, and any potential impacts on customers.

Featured