Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

phishing
Black Basta Ransomware Custom Malware Email Helpdesk Social Engineering Microsoft Teams phishing

UNC6692 Uses Microsoft Teams Impersonation to Deploy SNOW Malware

 



A newly tracked threat cluster identified as UNC6692 has been observed carrying out targeted intrusions by abusing Microsoft Teams, relying heavily on social engineering to deliver a sophisticated and multi-stage malware framework.

According to findings from Mandiant, the attackers impersonate internal IT help desk personnel and persuade employees to accept chat requests originating from accounts outside their organization. This method allows them to bypass traditional email-based phishing defenses by exploiting trust in workplace collaboration tools.

The attack typically begins with a deliberate email bombing campaign, where the victim’s inbox is flooded with large volumes of spam messages. This is designed to create confusion and urgency. Shortly after, the attacker initiates contact through Microsoft Teams, posing as technical support and offering assistance to resolve the email issue.

This combined tactic of inbox flooding followed by help desk impersonation is not entirely new. It has previously been linked to affiliates of the Black Basta ransomware group. Although that group ceased operations, the continued use of this playbook demonstrates how effective intrusion techniques often persist beyond the lifespan of the original actors.

Separate research published by ReliaQuest shows that these campaigns are increasingly focused on senior personnel. Between March 1 and April 1, 2026, 77% of observed incidents targeted executives and high-level employees, a notable increase from 59% earlier in the year. In some cases, attackers initiated multiple chat attempts within seconds, intensifying pressure on the victim to respond.

In many similar attacks, victims are convinced to install legitimate remote monitoring and management tools such as Quick Assist or Supremo Remote Desktop, which are then misused to gain direct system control. However, UNC6692 introduces a variation in execution.

Instead of deploying remote access software immediately, the attackers send a phishing link through Teams. The message claims that the link will install a patch to fix the email flooding problem. When clicked, the link directs the victim to download an AutoHotkey script hosted on an attacker-controlled Amazon S3 bucket. The phishing interface is presented as a tool named “Mailbox Repair and Sync Utility v2.1.5,” making it appear legitimate.

Once executed, the script performs initial reconnaissance to gather system information. It then installs a malicious browser extension called SNOWBELT on Microsoft Edge. This is achieved by launching the browser in headless mode and using command-line parameters to load the extension without user visibility.

To reduce the risk of detection, the attackers use a filtering mechanism known as a gatekeeper script. This ensures that only intended victims receive the full payload, helping evade automated security analysis environments. The script also verifies whether the victim is using Microsoft Edge. If not, the phishing page displays a persistent warning overlay, guiding the user to switch browsers.

After installation, SNOWBELT enables the download of additional malicious components, including SNOWGLAZE, SNOWBASIN, further AutoHotkey scripts, and a compressed archive containing a portable Python runtime with required libraries.

The phishing page also includes a fake configuration panel with a “Health Check” option. When users interact with it, they are prompted to enter their mailbox credentials under the assumption of authentication. In reality, this information is captured and transmitted to another attacker-controlled S3 storage location.

The SNOW malware framework operates as a coordinated system. SNOWBELT functions as a JavaScript-based backdoor that receives instructions from the attacker and forwards them for execution. SNOWGLAZE acts as a tunneling component written in Python, establishing a secure WebSocket connection between the compromised machine and the attacker’s command-and-control infrastructure. SNOWBASIN provides persistent remote access, allowing command execution through system shells, capturing screenshots, transferring files, and even removing itself when needed. It operates by running a local HTTP server on ports 8000, 8001, or 8002.

Once inside the network, the attackers expand their control through a series of post-exploitation activities. They scan for commonly used network ports such as 135, 445, and 3389 to identify opportunities for lateral movement. Using the SNOWGLAZE tunnel, they establish remote sessions through tools like PsExec and Remote Desktop.

Privilege escalation is achieved by extracting sensitive credential data from the system’s LSASS process, a critical Windows component responsible for storing authentication information. Attackers then use the Pass-the-Hash technique, which allows them to authenticate across systems using stolen password hashes without needing the actual passwords.

To extract valuable data, they deploy tools such as FTK Imager to capture sensitive files, including Active Directory databases. These files are staged locally before being exfiltrated using file transfer utilities like LimeWire.

Mandiant researchers note that this campaign reflects an evolution in attack strategy by combining social engineering, custom malware, and browser-based persistence mechanisms. A key element is the abuse of trusted cloud platforms for hosting malicious payloads and managing command-and-control operations. Because these services are widely used and trusted, malicious traffic can blend in with legitimate activity, making detection more difficult.

A related campaign reported by Cato Networks underlines similar tactics, where attackers use voice-based phishing within Teams to guide victims into executing a PowerShell script that deploys a WebSocket-based backdoor known as PhantomBackdoor.

Security experts emphasize that collaboration platforms must now be treated as primary attack surfaces. Controls such as verifying help desk communications, restricting external access, limiting screen sharing, and securing PowerShell execution are becoming essential defenses.

Microsoft has also warned that attackers are exploiting cross-organization communication within Teams to establish remote access using legitimate support tools. After initial compromise, they conduct reconnaissance, deploy additional payloads, and establish encrypted connections to their infrastructure.

To maintain persistence, attackers may deploy fallback remote management tools such as Level RMM. Data exfiltration is often carried out using synchronization tools like Rclone. They may also use built-in administrative protocols such as Windows Remote Management to move laterally toward high-value systems, including domain controllers.

These intrusion chains rely heavily on legitimate software and standard administrative processes, allowing attackers to remain hidden within normal enterprise activity across multiple stages of the attack lifecycle.

Read more »
Vulnerabilities and Exploits
Anthropic AI Mythos Security Risk Threat Intelligence Vulnerabilities and Exploits

Anthropic's Mythos: AI-Powered Vulnerability Discovery Forces Cybersecurity Reckoning

 

Anthropic’s Mythos is less a single “hacker AI” than a signal that cybersecurity is entering a new phase. The real reckoning is not that one model can break everything at once, but that software weakness will be found faster, cheaper, and at greater scale than defenders are used to. Anthropic’s own testing says Mythos can identify and chain serious vulnerabilities across major operating systems and browsers, which is why the company withheld public release and limited access to select organizations for defense work.

That shift matters because security teams have long relied on human pace. Vulnerability research, exploit development, patch validation, and incident response usually move slower than attackers would like; Mythos compresses that timeline. Anthropic says the model can uncover subtle, long-standing flaws, including issues that survived years of automated testing and human review. That does not mean every discovered flaw becomes an immediate catastrophe, but it does mean the window between “bug found” and “weaponized” could shrink dramatically.

Threat analysts believe that AI’s biggest cybersecurity impact may come from existing tools, not only from frontier models like Mythos. Even before Mythos, attackers and defenders were already using AI agents to generate code, search for weaknesses, and automate parts of exploitation and remediation. So the danger is not a sudden cliff where the world changes overnight; it is a steady acceleration that makes old security assumptions look outdated. In that sense, Mythos is a spotlight, not the whole show. 

A second layer of concern is organizational. Anthropic is giving Mythos to more than 40 companies and several security-focused groups so they can test their own systems and harden critical software. That defensive access may help, but it also reveals an uncomfortable reality: the same capabilities that strengthen security can also lower the barrier for misuse if they spread beyond controlled settings. This creates pressure on companies to treat AI as part of the threat model rather than as a productivity add-on. 

Threat analysts ultimately argues for a change in mindset. Security can no longer be an afterthought or a compliance layer added at the end of development. If AI can find and chain vulnerabilities at machine speed, then “secure by design” has to become the default, with better code practices, stronger testing, faster patching, and tighter controls around high-risk AI systems. Mythos may not trigger the exact cybersecurity crisis many people imagined, but it does force a more serious one: software defense must evolve as quickly as software attack.
Read more »
macOS
AI Chatbot AI Security Axios ChatGPT. OpenAI Cyber Attacks Digital Supply Chain Risk macOS

OpenAI Tightens macOS Security After Axios Supply Chain Attack and Physical Threat Incident

 

Security updates rolled out by OpenAI for macOS apps follow discovery of a flaw tied to the common Axios library. Because of risks exposed through a software supply chain breach, checks on app validation tightened noticeably. One outcome: stronger safeguards now guide distribution methods across desktop platforms. Verification steps increased where imitation attempts once slipped through. The company says the hacked Axios package entered a dev process via an automated pipeline, possibly revealing key signing methods tied to macOS app authentication. 

Though worries emerged over software trustworthiness, OpenAI stated no signs exist of leaked user information, breached internal networks, or tampering with its source files. Starting May 8, older versions of OpenAI’s macOS apps will no longer be supported. Updates are now mandatory, not optional. The shift pushes users toward newer releases as a way to tighten defenses. Functionality depends on using recent builds - this cuts openings for tampering. Fake or modified copies become harder to spread when outdated clients stop working. 

Security improves when only authenticated software runs. Protection rises when unverified versions fade out. Keeping systems current closes gaps exploited by malicious actors. Outdated installations pose higher risk, so access ends automatically. Upgraded versions meet stricter validation standards. Support withdrawal isn’t arbitrary - it aligns with safety priorities. 

Continued operation requires compliance with updated requirements. It could be part of a broader pattern - security incidents tied to groups connected with North Korea have recently focused on infiltrating software development environments through indirect routes. Instead of breaking into main platforms, attackers often manipulate components already trusted within workflows. This shift toward subtle intrusion methods has made early identification more difficult. Detection lags because weaknesses hide inside approved tools. 

One sign points to coordinated efforts stretching across multiple targets. The method avoids obvious entry, favoring quiet access over force. Compromised updates act like unnoticed messengers. Such strategies thrive where verification is light. Hidden flaws emerge only after deployment. Trust becomes the weak spot. Observers note similar tactics appearing elsewhere in recent breaches. Indirect pathways now draw more attention than frontal assaults. Stealth matters more than speed. Systems appear intact until downstream effects surface. Monitoring grows harder when threats arrive disguised as normal operations. 

Besides digital safety issues, OpenAI now faces growing real-world dangers. In San Francisco, law enforcement took someone into custody after a suspected firebomb was thrown close to Chief Executive Sam Altman’s home, followed by further warnings seen near corporate offices. Though nobody got hurt, the events point to rising friction tied to artificial intelligence development. OpenAI collaborates with authorities, addressing risks across online and real-world domains. Strengthening internal safeguards remains an ongoing effort, shaped by evolving challenges. 

Instead of waiting for incidents, recent steps like requiring updated macOS versions aim to build confidence in their systems. This move comes before any verified leaks occur - its purpose lies in prevention, not damage control. OpenAI pushes further into business markets right now, with growing income expected from ad tech powered by artificial intelligence along with corporate offerings. 

At the same time, efforts such as the “Trained Access for Cyber” project move forward, delivering advanced cybersecurity tools driven by machine learning to carefully chosen collaborators. Still, the event highlights how today's cyber threats are becoming harder to manage, as flaws in shared software meet tangible dangers in practice. 

Notably, OpenAI’s actions follow a wider trend across tech - companies now prioritize tighter checks, quicker updates, sometimes reworking entire defenses before problems spread.
Read more »
WireGuard
cybersecurity risk Kernel Level Security Microsoft security Open Source Security Software Supply Chain VeraCrypt VPN security Windows Driver Signing WireGuard

Open Source Security Tools impacted by Microsoft Account Suspensions


 

Several widely trusted security tools have been affected by the disruption beyond routine enforcement, including the distribution pipelines. Microsoft suspended developer accounts associated with VeraCrypt, WireGuard, and Windscribe without any prior technical clarification, effectively preventing them from accessing Microsoft's code signing and update delivery systems. 

Practically, this disruption hinders the delivery of authenticated binaries, delays incremental updates, and restricts timely responses to emerging vulnerabilities. Since Windows environments are reliant on timely security updates to maintain their security, such a halt can pose a serious risk to users who utilize these tools for encryption, tunneling, and secure communication. 

As a result of the incident, open-source maintainers and contributors have stepped up to respond, raising concerns over opaque enforcement mechanisms and the lack of transparency in the remediation process. Microsoft acknowledges the issue in public forums following the escalation. A representative has stated that internal teams are actively reviewing the suspensions and working towards restoring the affected accounts. 

Still, there has been no clear indication of a timeline for doing so. This initial disruption set the stage for a deeper pattern that soon began to unfold across multiple projects. As the scope of the disruption became clearer, what initially appeared to be isolated enforcement actions began to reveal a broader and more coordinated pattern affecting multiple high-impact projects. 

Timeline of Account Suspension and Developer Impact

The sequence of events provides critical insight into how the disruption unfolded and why it quickly escalated beyond a routine compliance issue. Rather than being an isolated administrative action, the sequence of events underpinning the suspensions suggest a systemic enforcement anomaly. There was no preceding warning, audit flag, or remediation notice given to the maintainers of critical open-source security projects as to the sudden access restrictions across their Microsoft developer accounts in early April 2026. 

VeraCrypt's lead developer, Mouhinir Idrassi, first reported the problem, which involved the termination of his long-standing account that had previously been used to sign Windows drivers and bootloaders. The pattern became more evident as similar constraints began to surface across other critical projects. 

A similar barrier arose for Jason Donenfeld, the architect of WireGuard, as he attempted to push a significant Windows update that had been in development for a long time. Several similar accounts surfaced over the course of several years. As similar access loss confirmed by Windscribe, attention quickly shifted to the systems that govern these access controls.

While the timeline highlights the outward symptoms of the disruption, the underlying cause appears to originate from internal policy enforcement mechanisms. 

Policy Enforcement and Verification Breakdown

It is Microsoft's Windows Hardware Program, a critical trust framework governing kernel-mode driver distribution that is at the core of the disruption. 

Unless Windows systems are signed with cryptographic signatures, low-level drivers cannot be loaded, effectively halting deployment within the operating system. This dependency effectively places a centralized control layer over the distribution of low-level software, amplifying the impact of any disruption within the system. 

Developers have consistently denied receiving any formal notification regarding identity verification, despite statements made by Scott Hanselman that multiple communication attempts had been made over the preceding months, as a result of a policy revision introduced in late 2023. However, this assertion contrasts sharply with developer accounts, where no actionable or verifiable communication trail was observed. 

A notable point is that Donenfeld completed the required validation workflow through Microsoft’s designated third-party provider, which confirmed successful validation. However, his account remains inaccessible, raising concerns about inconsistencies between verification status and enforcement actions in Microsoft’s developer identity infrastructure. 

The inconsistencies further heightened scrutiny of the implementation of enforcement policies. Clarification emerging around the incident indicates the suspensions were not arbitrary, but linked to a tightening of Microsoft's compliance enforcement within its developer identity framework, even though critical communication and verification reconciliation gaps appear to have been exposed during the execution. 

Some maintainers have claimed that either the mandated verification steps were already complete or that no actionable notification was ever received, so affected parties have been forced to go through an extended appeals process that has reportedly lasted several weeks. As concerns escalated publicly, senior leadership intervention became necessary to address the growing uncertainty within the developer community.

As the situation became public, Pavan Davuluri responded directly, acknowledging the issue and informing us that internal teams are working on remediation. The enforcement is tied to an October policy update of the Windows Hardware Program, which required partners who had not re-verified their accounts since April 2024 to re-verify their identities. 

In spite of Microsoft's claims that multiple notification channels, including email alerts and in-platform prompts, were used to signal the transition, the company has concurrently conceded these mechanisms failed to reliably reach all stakeholders, particularly within open-source projects that have high impact. 

Moreover, Davuluri stated that Microsoft has contacted VeraCrypt and WireGuard developers directly in order to restore account access, framing the episode as a lapse in operational processes that will inform future policy changes. Despite the ongoing restoration efforts, signing capabilities are expected to be restored shortly, so users can resume getting security patches promptly.

However, beyond policy and process, the technical consequences of this disruption began to raise more immediate concerns. 

Security Implications and Systemic Risk Exposure 

It is important to note that the incident, in addition to interrupting update pipelines immediately, introduces a more consequential risk vector related to trust anchors and certificate lifecycle management within the Windows ecosystem. 

As Microsoft plans to revoke the certificate authority used to sign the VeraCrypt bootloader, existing trusted binaries may be invalidated, affecting system integrity. Users of VeraCrypt are facing a significant threat to system integrity. As a consequence of the revocation, encrypted systems may experience boot-time failures once the update takes effect unless timely access is provided to re-sign and redistribute an updated boot component, effectively locking users out of their environments.

Having highlighted the severity of this scenario, Mounir Idrassi notes that the inability to restore a valid trust chain could render the software non-viable for deployment on Windows. This marked the first publicly visible indication that the issue was not limited to routine account enforcement, but potentially rooted in deeper systemic controls. 

Moreover, the implications of the breach extend beyond encryption alone, extending into network security dependencies as a whole. This exposure is similar within the networking stack, since WireGuard underpins a wide range of privacy-focused services, including Mullvad, Proton VPN, and Tailscale implementations. It has been highlighted by Jason Donenfeld that any emerging security vulnerabilities within the Windows driver layer would not be patchable under current constraints, leaving a substantial user base at risk. 

While alternative platforms, such as Linux and macOS, are unaffected by the incident due to their independent distribution and signing models, the concentration of users on Windows greatly magnifies the effect, effectively isolating critical security updates from the largest segment of the install base. These risks together indicate a deeper architectural dependency within the Windows ecosystem, and more broadly, underscore a structural dependency embedded within the Windows security architecture. 

During kernel mode execution, compliance with Microsoft's driver signing requirements is enforced via centralized infrastructure and developer account controls through centralized infrastructure. MemTest86, a tool that goes beyond encryption and VPN software, suggests a systemic vulnerability rather than a domain-specific vulnerability. Any disruption within the Partner Center or associated identity systems may cascade into a complete halt to software deployment at the kernel level, which is incapable of returning to normal operation. 

For security practitioners, this reinforces a long-standing concern that critical open-source tools remain operationally dependent on a single vendor-controlled distribution and trust pipeline, despite being decentralized in development. In turn, this structural dependency frames the incident's broader impact on the industry as a whole. 

A wider reassessment of how critical security tools interact with centralized platform controls is likely to follow the episode, particularly in environments where a single security authority controls execution at the deepest layers of the system. Developers and security teams should be aware of the importance of operational resilience strategies, including diversifying distribution channels and contingency signing arrangements, as well as establishing clearer audit visibility into compliance status within vendor ecosystems. 

The rule also places renewed responsibility on platform providers to ensure that enforcement mechanisms are not only technically effective but also operationally transparent, with verifiable communication trails and fail-safe recovery mechanisms. In the midst of remediation, the industry's longer-term success will depend on whether these disruptions lead to structural improvements that balance platform security with the continuity of the tools that are designed to safeguard it.
Read more »
login data
Artificial Intelligence Credentials Data Breach login data

Why Stolen Passwords Are Now the Biggest Cyber Threat

 



Organizations today often take confidence in hardened perimeters, well-configured firewalls, and constant monitoring for software vulnerabilities. Yet this defensive focus can overlook a more subtle reality. While attention remains fixed on preventing break-ins, attackers are increasingly entering systems through legitimate access points, using valid employee credentials as if they belong there.

This shift is not theoretical. Current threat patterns indicate that nearly one out of every three cyber intrusions now involves the use of real login credentials. Instead of forcing entry, attackers authenticate themselves and operate under the identity of trusted users. In practical terms, this allows them to function like an ordinary colleague within the system, making their actions far less likely to trigger suspicion.

Credential theft itself has existed for years, but its scale and execution have changed dramatically. Artificial intelligence has removed many of the barriers that once limited these attacks. Phishing campaigns, which previously required careful design and technical effort, can now be generated rapidly and in large volumes. At the same time, stolen usernames and passwords can be automatically tested across multiple platforms, allowing attackers to validate access almost instantly. This combination has created a form of intrusion that appears routine while expanding at a much faster pace.

The ecosystem behind these attacks has also evolved into a structured and highly organized market. Certain actors specialize in collecting credentials, others focus on verifying them, and many sell confirmed access through underground platforms. Importantly, the buyers are no longer limited to financially motivated groups. State-linked actors are also acquiring such access, using it to conduct operations that resemble conventional cybercrime, thereby making attribution more difficult.

This level of organization becomes especially dangerous in supply chain environments. Modern businesses rely on interconnected systems, vendors, and third-party services. Within such networks, a single compromised credential can act as a gateway into multiple systems. Attackers understand this interconnected structure and actively collaborate, sharing tools, scripts, and access to maximize efficiency while minimizing risk.

In contrast, defensive efforts often remain fragmented. Security teams frequently operate within isolated frameworks, with limited information sharing across organizations. Cultural challenges, including reluctance to disclose incidents, further restrict transparency. As a result, attackers benefit from collaboration, while defenders struggle to identify patterns across incidents.

Artificial intelligence has further transformed how credential-based attacks are carried out. Previously, executing such operations at scale required advanced technical expertise, including writing scripts to validate login attempts and maintaining stealth within a network. Today, automated tools can handle these tasks. Attackers can deploy stolen credentials across platforms almost instantly. Once access is gained, AI-driven tools can replicate normal user behavior, such as typical login times, navigation patterns, and file interactions. Whether conducting broad password-spraying campaigns or targeted intrusions, attackers can now move at a speed and level of sophistication that traditional defenses were not designed to counter.

At the same time, the supply of stolen credentials is increasing. Research shows that information-stealing malware, a primary method used to capture login data, has risen by approximately 84 percent over the past year. This surge, combined with easier exploitation methods, is widening a critical detection gap for security teams.

Closing this gap requires a fundamental rethinking of detection strategies. Traditional systems often fail when an attacker is already authenticated and operating within expected conditions, such as normal working hours. To address this, organizations must begin monitoring identity threats earlier in the attack lifecycle. This includes integrating intelligence from underground forums and illicit marketplaces into active defense systems. When compromised credentials are identified externally, immediate actions such as password resets and enforced multi-factor authentication should be triggered before those credentials are used internally.

Authentication methods themselves must also evolve. Widely used approaches like SMS codes and push notifications are increasingly vulnerable to interception through advanced attack techniques. More secure alternatives, including hardware-based authentication keys and certificate-driven systems, offer stronger protection because they cannot be easily intercepted or replicated. If an authentication factor can be captured in transit, it cannot be considered fully secure.

Another necessary shift is moving away from one-time authentication. Traditional systems grant ongoing trust after a single successful login. In contrast, modern security models rely on continuous verification, where user behavior is assessed throughout a session. Indicators such as unusual file access, sudden geographic changes, or inconsistencies in typing patterns can reveal compromise even after initial authentication.

Help desk operations have also emerged as a growing vulnerability. Advances in AI-driven voice synthesis now allow attackers to convincingly impersonate employees during account recovery requests. A simple “forgot password” call can become an entry point if verification processes are weak. Strengthening these processes through additional identity checks outside standard channels is becoming essential.

Organizations must also address the issue of identity sprawl. Over time, systems accumulate unused accounts, third-party integrations, and service credentials that may not follow standard security controls. Many of these accounts rely on static credentials, bypass multi-factor authentication, and are rarely updated. Conducting regular audits, enforcing least-privilege access, and assigning clear ownership and expiration policies to each account can exponentially reduce exposure.

When a credential is identified as compromised, the response must be immediate and comprehensive. This goes beyond simply changing a password. Security teams should review all activity associated with that identity, particularly within the preceding 48 hours, to determine whether unauthorized actions have already occurred. A valid login should be treated with the same level of urgency as any confirmed malware incident.

The growing reliance on credential-based attacks reflects a deliberate turn by adversaries toward methods that are efficient, scalable, and difficult to detect. These attacks exploit trust rather than technical weaknesses, allowing them to bypass even the most robust perimeter defenses.

If organizations continue to treat identity as a one-time checkpoint rather than an ongoing signal, they risk overlooking early indicators of compromise. Strengthening identity-focused defenses and adopting continuous verification models will be critical. Without this shift, breaches will continue to occur in ways that appear indistinguishable from everyday business activity, making them harder to detect until the damage has already been done.

Read more »
financial systems
AI Risks AI technology Anthropic Anthropic AI Cyber Security Financial Cybersecurity financial systems

Wall Street Banks Test Anthropic Mythos AI as Regulators Warn of Rising Cybersecurity Threats

 

Now showing up in high-security finance circles: early tests of cutting-edge AI aimed at boosting cyber resilience, driven by rising regulator unease over smart-tech dangers. Leading the charge - an emerging system called Mythos, developed by Anthropic, notable not just for spotting code flaws but also for actively probing them under controlled conditions. 

Hidden flaws in financial networks now draw attention through Mythos, offering banks an early look ahead of potential breaches. Rather than waiting, some begin using artificial intelligence to mimic live hacking attempts across vast operations. What was once passive observation shifts toward active testing - driven by machines that learn attacker behavior. Instead of just alarms after intrusion, systems predict paths criminals might follow. Tools evolve beyond fixed rules into adaptive models shaped by constant simulation. Security transforms quietly - not with fanfare - but through repeated digital trials beneath the surface. 

What's pushing these tests forward? Part of it comes from alerts issued by American regulatory bodies, highlighting rising risks tied to artificial intelligence in cyber threats. As AI systems grow sharper, officials warn they might empower attackers to run breaches automatically, uncover system weaknesses faster, then strike vital operations - banks included - with greater precision. Though subtle, the shift marks a turning point in how digital dangers evolve. 

One reason Mythos stands out is its ability to analyze enormous amounts of code quickly. Because it detects hidden bugs others miss, security teams gain deeper insight into weak spots. What makes the model unusual is how it links separate issues to map multi-step exploits. Although some worry such power could be misapplied, financial institutions find value in testing systems against lifelike threats. Most cyber specialists point out the banking world faces extra risk because everything links together, holding valuable information. 

A small flaw might spread widely, disrupting transactions, markets, sometimes personal records. Tools powered by artificial intelligence - Mythos, for example - might detect weaknesses sooner than traditional methods. Meanwhile, regulatory bodies urge stricter supervision along with more defined guidelines governing AI applications in finance. What worries them extends beyond outside dangers - to include internal weaknesses that might emerge if AI tools lack proper governance inside organizations. 

While safety is a priority, so too is preventing system failures caused by weak oversight structures. Restricting entry to Mythos, Anthropic allows just certain groups to test the system under tight conditions. While some push fast progress, others slow down - this move leans toward care over speed. Responsibility shapes how strong tools spread, not just what they can do. 

Though Wall Street banks assess artificial intelligence for cyber protection, one fact stands out - threats shift faster than ever. Those who blend AI into security efforts might stay ahead; however, success depends on steady monitoring, strong protective layers, and constant updates when new dangers appear.
Read more »
Social Media Regulation
AI Bill Cyber Security Deepfake Controls digital safety karnataka Social Media Regulation

Karnataka Unveils AI-Driven Bill to Enforce Swift Social Media Safety

 

Karnataka is set to revolutionize social media regulation with the draft Karnataka Responsible Social Media & Digital Safety Bill, 2026, submitted to Chief Minister Siddaramaiah. Prepared by the Karnataka State Policy and Planning Commission (KSPPC), this legislation emphasizes artificial intelligence (AI), rapid content moderation, and robust user protections, marking India's first state-level, AI-compliant, citizen-centric digital safety framework. S Mohanadass Hegde, a KSPPC member, highlighted its potential to foster responsible digital citizenship amid rising AI-driven threats. 

The primary focus is  on tackling AI-generated content and deepfakes through mandatory labelling, precise legal definitions, and strict penalties for misuse. Platforms face enforceable timelines, required to remove harmful content within 24 to 48 hours, shifting from advisory central guidelines to binding state actions. This departs from national laws like the Information Technology Act, 2000, and IT Rules, 2021, which prioritize due diligence without such tight deadlines.

The bill establishes the Karnataka Digital Safety & Social Media Regulatory Authority to monitor compliance and address region-specific digital risks swiftly. Users gain rights to report harmful content, access time-bound grievance redressal, and protections against harassment and misinformation. Hegde noted that localized oversight enables faster responses than central bodies, enhancing enforcement through tech tools like fake news detection, deepfake tracking, and real-time dashboards. 

Prevention takes center stage with a digital awareness and media literacy program promoting fact-checking, critical thinking, and responsible online behavior. This educational push targets mental well-being, particularly for youth vulnerable to harmful trends and addiction risks, balancing punishment with proactive measures. A team member emphasized education as key to curbing violations before they escalate. Implementation unfolds in phases: initial awareness and institutional setup, followed by technology integration and full enforcement. Slated for legal vetting and monsoon session introduction in June-July 2026, the draft positions Karnataka as a leader in decentralized digital governance, offering a blueprint for other states amid evolving AI challenges.
Read more »
Threat Detection
Botnet Activity Cyber Threats Command And Control Data Breach Endpoint Protection Network Security Ransomware SystemBC Malware Threat Detection

SystemBC Infrastructure Breach Sheds Light on The Gentlemen Ransomware Network


 

Parallel to this, operators appear to employ public channels to reinforce coercion, selectively disclosing victim information in order to increase pressure and speed up payment, demonstrating a hybrid strategy combining technical sophistication with calculated psychological advantage. 

Check Point recently conducted an analysis which further contextualizes the scale of the operation, revealing that telemetry from a SystemBC command-and-control node reveals that 1,570 compromised systems have been compromised. As a covert access facilitator, the malware’s architecture is designed to establish SOCKS5-based tunneling within infected environments while maintaining communication with its control infrastructure via RC4-encrypted channels, which enable the malware to establish secure communication with its control infrastructure. 

Aside from providing persistent remote access, this also allows for staged delivery of secondary payloads, which may be deployed either on the disk or directly in memory. This complicates traditional detection mechanisms. Since surfacing in July 2025, The Gentlemen have rapidly expanded their operational tempo, with hundreds of victims publicly listed on its leak infrastructure, emphasizing both the efficiency and effectiveness of its affiliate model as well as its double-extortion strategies. 

There is still no definitive indication of the initial intrusion vector, but observed attack patterns suggest the use of exposed services and credential compromise followed by a structured intrusion lifecycle that incorporates reconnaissance, propagation, and the deployment of tools, including frameworks such as Cobalt Strike and SystemBC. 

There is particular concern regarding the group's demonstration of the use of Group Policy Objects by the group to propagate malicious components across domains, which indicates a degree of post-exploitation control which allows attackers to scale their impact quickly and remain stealthy. In addition to providing important context for its role within this campaign, the broader technical background of SystemBC traces to at least 2019 when it was designed as a covert SOCKS5 tunneling and proxying malware family. 

In the past several years, its evolution into a payload delivery mechanism has made it particularly appealing to ransomware operators, who have exploited its ability to discreetly deploy and execute secondary tools within compromised environments. It has been observed that, despite partial disruption attempts by law enforcement in 2024, SystemBC's infrastructure has proven highly resilient, and previous threat intelligence indicates sustained activity at scale, including the compromise of large numbers of commercial virtual private servers used to relay malicious traffic. 

It is currently being discovered that the majority of victims associated with its deployment are located in enterprise-intensive regions such as the United States, the United Kingdom, Germany, Australia, and Romania, which confirms the assessment that infections are largely the result of human-operated intrusions rather than indiscriminate mass exploitation. It has been observed that the attack workflows reflect a high degree of operational control following compromise in the observed incidents. 

Researchers found that attackers operated using domain controllers with elevated administrative privileges to validate credentials, perform reconnaissance, and move laterally. A variety of tools associated with advanced intrusion sets was deployed to facilitate the extension of access across networked systems, often through remote procedure calls, including credential harvesting utilities such as Mimikatz and adversary simulation frameworks such as Cobalt Strike. 

As a result of preparing and propagating the ransomware payload internally, such as Group Policy Objects, the malware was executed almost simultaneously across domain-joined assets. In the encryption routine, unique ephemeral keys are generated per file through the use of elliptic curve key exchange, combined with high-speed symmetric encryption, and partial encryption strategies are applied to optimize execution time on larger datasets. 

In addition to encrypting files, this malware systematically disables databases, backup services, and virtualisation processes, including forcefully shutting down virtual machines in ESXi environments as well as deleting shadow copies of data and system logs to hinder recovery and forensic investigation. There is still some uncertainty as to the precise role of SystemBC within The Gentlemen's broader operational stack, particularly the question of whether it is centrally managed or affiliate-driven. 

The convergence of proxy malware, post-exploitation frameworks, and a significant botnet footprint suggests a maturing and modular threat model. Researchers conclude that this integration indicates that the transition toward structured and scaleable attack orchestration is being initiated, supported by shared infrastructure and tools. 

The defensive guidance also incorporates signature-based detection artifacts like YARA rules and detailed indicators of compromise in order to assist organizations in identifying and mitigating similar intrusion patterns before they escalate into a full-scale ransomware attack. SystemBC has a long history of providing covert SOCKS5 tunnelling and traffic proxying services as a malware family dating back to at least 2019 that provides important context for its role within this campaign.

Due to its evolution into a payload delivery mechanism, it proved to be particularly valuable to ransomware operators. These operators were able to discreetly introduce and execute secondary tooling within compromised systems. Although law enforcement attempted to partially disrupt SystemBC's infrastructure in 2024, the infrastructure that underpins it has demonstrated notable resilience, as prior threat intelligence indicates sustained activity, including compromises of large volumes of virtual private servers, which are often used to relay malicious traffic.

It is currently being discovered that the majority of victims associated with its deployment are located in enterprise-intensive regions such as the United States, the United Kingdom, Germany, Australia, and Romania, which confirms the assessment that infections are largely the result of human-operated intrusions rather than indiscriminate mass exploitation. It has been observed that the attack workflows reflect a high degree of operational control following compromise in the observed incidents. 

It is noted by investigators that threat actors appeared to use domain controllers with elevated administrative privileges to validate credentials, conduct reconnaissance, and control lateral movement. In order to extend access across networked systems, often by way of remote procedure calls, sophisticated tools used to perform credential harvesting such as Mimikatz and adversary simulation frameworks such as Cobalt Strike have been deployed, including credential harvesting utilities such as Mimikatz. 

It was possible to stage and propagate ransomware payloads internally and deploy them using native mechanisms such as Group Policy Objects, resulting in near-simultaneous execution across domain-joined assets. The encryption routine itself uses a hybrid cryptographic model combining elliptic curve key exchange with high-speed symmetric encryption, generating individual ephemeral keys for each file and applying partial encryption strategies to optimize execution time on larger datasets. 

It is believed that this integration indicates a move toward more structured and scalable attack orchestration supported by shared infrastructure and tools. The defensive guidance includes detailed indications of compromise as well as signature-based detection artifacts such as YARA rules, which provide organizations with the ability to identify and mitigate similar intrusion patterns before they develop into large-scale ransomware attacks.
Read more »
Vulnerability Scanner
Artificial Intelligence DARWIS darwis taka Vulnerability Vulnerability Scanner

DARWIS Taka: A Web Vulnerability Scanner with AI-Powered Validation


DARWIS Taka, a new web vulnerability scanner, is now available for free and runs via Docker. It pairs a rules-based scanning engine with an optional AI layer that reviews each finding before it reaches the report, aimed squarely at the false-positive problem that has dogged vulnerability scanning for years.

Built in Rust, Taka ships with 88 detection rules across 29 categories covering common web vulnerabilities, and produces JSON or self-contained HTML reports.  Setup instructions, the Docker configuration, and documentation are published on GitHub at github.com/CSPF-Founder/taka-docker.

Two modes of AI validation

Taka's AI layer runs in one of two modes. In passive (evidence-analysis) mode, the model reviews the data the scanner already collected and returns a verdict without sending any further traffic to the target. In active mode, the AI acts as a second-stage tester: it proposes a small number of targeted follow-up requests, such as paired true and false payloads for a suspected SQL injection, Taka executes them, and the responses are fed back to the AI for differential analysis. Active mode is more decisive on borderline findings but generates additional traffic.

In both modes, every result is tagged with a verdict (confirmed, likely false positive, or inconclusive), a confidence score, and the AI's written reasoning. The report surfaces those labels alongside a summary of how many findings fell into each bucket. Nothing is dropped silently, so reviewers see what the AI believed and why, and can focus triage on the findings marked confirmed.

The validation layer currently supports Anthropic and OpenAI. The project team has tested Taka extensively with Anthropic's Claude Sonnet, which gave the best balance of reasoning quality and speed in their evaluation, and recommends it for the strongest results. AI validation is optional; without a key, Taka runs as a standard scanner with its own false-positive controls.

Scoring by evidence, not by single matches

Most scanners trigger on the first matcher that fires, which is why a single stray string in a response can produce a flood of bogus alerts. Taka uses a weighted scoring system instead. Each matcher in a rule, whether a status code, a regex, a header check, or a timing comparison, carries an integer weight reflecting how strong a signal it is. The rule declares a detection threshold, and a finding is raised only when the combined weight of the matchers that fired meets or exceeds that threshold.

Built to run against real systems

A circuit breaker halts scanning against hosts showing signs of distress, per-host rate limiting caps concurrent requests, and a passive mode disables all attack payloads for environments where only non-intrusive checks are acceptable. Three scan depth levels (quick, standard, deep) trade coverage against runtime, while a two-phase execution model keeps time-based blind rules from interfering with the rest of the scan.

A web interface ships with the tool for launching scans, inspecting findings alongside the raw evidence, and revisiting results.

Only the optional AI validation requires a third-party API key, supplied by the user. Taka is aimed at security engineers, penetration testers, bug bounty hunters, DevSecOps teams, and developers who want a scanner that respects their triage time.

Full setup instructions are available at github.com/CSPF-Founder/taka-docker.

Read more »
Privacy
AI integration Artificial Intelligence Email Gemini Gmail Google Privacy

Google Expands Gemini in Gmail, Forcing Billions to Reconsider Privacy, Control, and AI Dependence

 




Google has introduced one of the most extensive updates to Gmail in its history, warning that the scale of change driven by artificial intelligence may feel overwhelming for users. While some discussions have focused on surface-level changes such as switching email addresses, the company has emphasized that the real transformation lies in how AI is now embedded into everyday tools used by nearly two billion people. This shift requires far more serious attention.

At the center of this evolution is Gemini, Google’s artificial intelligence system, which is being integrated more deeply into Gmail and other core services. In a recent update shared through a short video message, Gmail’s product leadership acknowledged that the rapid pace of AI innovation can leave users feeling overloaded, with too many new features and decisions emerging at once.

Gmail has traditionally been built around convenience, scale, and seamless integration rather than strict privacy-first principles. Although its spam filters and malware detection systems are widely used and generally effective, they are not flawless. Importantly, Gmail has not typically been the platform users turn to for strong privacy assurances.

The introduction of Gemini changes this bbalance substantially. Google has clarified that it does not use email content to train its AI models. However, the way these tools function introduces new concerns. Features that automatically draft emails, summarize conversations, or search inbox content require access to emails that may contain highly sensitive personal or professional information.

To address this, Google describes Gemini as a temporary assistant that operates within a limited session. The company compares this interaction to allowing a helper into a private room containing your inbox. The assistant completes its task and then exits, with the accessed information disappearing afterward. According to Google, Gemini does not retain or learn from the data it processes during these interactions.

Despite these assurances, concerns remain. Even if the data is not stored long term, granting a cloud-based AI system access to private communications introduces an inherent level of risk. Additionally, while Google has denied automatically enrolling users into AI training programs, many of these AI-powered features are expected to be enabled by default. This shifts responsibility to users, who must actively decide how much access they are willing to allow.

This is not a decision that can be ignored. Once AI tools become integrated into daily workflows, they are difficult to remove. Relying on default settings or delaying action could result in long-term dependence on systems that users may not fully understand or control.

Shortly after promoting these updates, Gmail experienced a disruption that affected its core functionality. Users reported delays in sending and receiving emails, and Google acknowledged the issue while working on a fix. Initially, no estimated resolution time was provided. Later the same day, the company confirmed that the issue had been resolved.

According to Google’s official status update, the disruption was fixed on April 8, 2026, at 14:49 PDT. The cause was identified as a “noisy neighbor,” a term used in cloud computing to describe a situation where one service consumes excessive shared resources, negatively impacting the performance of others operating on the same infrastructure.

With a user base of approximately two billion, even a short-lived outage becomes of grave concern. More importantly, it emphasises the scale at which Gmail operates and reinforces why decisions around AI integration are critical for users worldwide.

The central issue now facing users is the balance between convenience and security. Google presents Gemini as a helpful and well-behaved assistant that enhances productivity without overstepping boundaries. However, like any guest given access to a private space, it requires clear rules and careful oversight.

This tension becomes even more visible when considering Google’s parallel efforts to strengthen security. The company recently expanded client-side encryption for Gmail on mobile devices. While this may sound similar to end-to-end encryption used in messaging apps, it is not the same. This form of encryption operates at an organizational level, primarily for enterprise users, and does not provide the same device-specific privacy protections commonly associated with true end-to-end encryption.

More critically, enabling this additional layer of encryption dynamically limits Gmail’s functionality. When it is turned on, several features become unavailable. Users can no longer use confidential mode, access delegated accounts, apply advanced email layouts, or send bulk emails using multi-send options. Features such as suggested meeting times, pop-out or full-screen compose windows, and sending emails to group recipients are also disabled.

In addition, personalization and usability tools are affected. Email signatures, emojis, and printing functions stop working. AI-powered tools, including Google’s intelligent writing and assistance features, are also unavailable. Other smart Gmail features are disabled, and certain mobile capabilities, such as screen recording and taking screenshots on Android devices, are restricted.

These limitations exist because encrypted data cannot be accessed by AI systems. As a result, users are forced to choose between stronger data protection and access to advanced features. The same mechanisms that secure information also prevent AI tools from functioning effectively.

This reflects a bigger challenge across the technology industry. Privacy and security measures often limit the capabilities of AI systems, which depend on access to data to operate. In Gmail’s case, these two priorities do not align easily and, in many ways, directly conflict.

From a wider perspective, this also highlights a fundamental limitation of email itself. The technology was developed in an earlier era and was not designed to handle modern cybersecurity threats. Its underlying structure lacks the robust protections found in newer communication platforms.

As artificial intelligence becomes more deeply integrated into everyday tools, users are being asked to make more informed and deliberate decisions about how their data is used. While Google presents Gemini as a controlled and temporary assistant, the responsibility ultimately lies with users to determine their comfort level.

For highly sensitive communication, relying solely on email may no longer be the safest option. Exploring alternative platforms with stronger built-in security may be necessary. Ultimately, this moment represents a critical choice: whether the convenience offered by AI is worth the level of access it requires.

Read more »
Security Risk
CISO Burnout Cyber Security Executive Stress Cyber Resilience Security Risk

CISO Burnout Is Costing Businesses More Than Money

 

Businesses are increasingly feeling the financial and operational impact of CISO burnout, as overstretched security leaders make slower decisions, miss critical signals, and eventually leave their roles. The pressure of rising cyber threats, regulatory demands, and limited resources is turning the CISO position into a high‑turnover, high‑cost liability rather than a strategic asset. 

Why CISOs are burning out 

CISOs today face an “always‑on” workload, with AI‑driven attacks, expanding digital estates, and constant audits leaving little room for rest. Many report chronic stress, decision fatigue, and missed family events, while still working well beyond contracted hours to keep up. Boards often understand the pressure in theory, but fail to translate this into better staffing, budgets, or clearer priorities.

When a burned‑out CISO resigns or takes extended leave, firms pay not only recruitment and onboarding costs, but also the hidden price of lost productivity and disrupted projects. One expert estimates total CISO replacement costs can exceed 200% of salary when incident‑related losses, staff turnover, and delayed IT initiatives are factored in. Incidents that might have been caught earlier are more likely to slip through, raising breach‑related expenses and reputational damage. 

Impact on security and board confidence 

Burnout erodes cyber resilience by weakening threat detection, slowing crisis‑time decisions, and degrading communication of risk to the board. As CISOs disengage, security can become an afterthought, initiatives stall, and internal morale in security teams drops. This visibly undermines confidence at the top, making it harder to secure long‑term investment in modern security programs.

To break the cycle, companies must invest in prevention: realistic job design, adequate headcount, clear mandates, and mental‑health support. Some firms are shifting toward fractional or portfolio‑style CISOs, spreading responsibility and reducing single‑point pressure. Firms that treat CISO well‑being as a core part of risk management will likely see better retention, stronger security posture, and lower overall breach‑related costs.
Read more »
exploitable flaws
AI Chatbot AI Security AI security flaw AI technology Anthropic Anthropic AI Cyber Attacks exploitable flaws

Anthropic AI Cyberattack Capabilities Raise Alarm Over Vulnerability Exploitation Risks

 

Now emerging: artificial intelligence reshapes cybersecurity faster than expected, yet evidence from Anthropic shows it might fuel digital threats more intensely than ever before. Recently disclosed results indicate their high-level AI does not just detect flaws in code - it proceeds on its own to take advantage of them. This ability signals a turning point, subtly altering what attacks may look like ahead. A different kind of risk takes shape when machines act without waiting. What worries experts comes down to recent shifts in how attacks unfold. 

One key moment arrived when Anthropic uncovered a complex spying effort. In that case, hackers - likely backed by governments - didn’t just plan with artificial intelligence; they let it carry out actions during the breach itself. That shift matters because it shows machine-driven systems now doing tasks once handled only by people inside digital invasions. Surprisingly, Anthropic revealed what its newest test model, Claude Mythos Preview, can do. The firm says it found countless serious flaws in common operating systems and software - flaws that stayed hidden for long stretches of time. Not just spotting issues, the system linked several weaknesses at once, building working attack methods, something usually done by expert humans. 

What stands out is how little oversight was needed during these operations. What stands out is how this combination - spotting weaknesses and acting on them - marks a notable shift. Not just incremental change, but something sharper: specialists like Mantas Mazeika point to AI-powered threats moving into uncharted territory, with automated systems ramping up attack frequency and reach. Another angle emerges through Allie Mellen's observation - the gap between detecting a flaw and weaponizing it shrinks fast under AI pressure, cutting response windows for companies down to almost nothing. Among the issues highlighted by Anthropic were lingering flaws in OpenBSD and FFmpeg - examples surfaced through the model’s analysis - alongside intricate sequences of exploitation targeting Linux servers. 

With such discoveries, questions grow about whether current defenses can match accelerating threats empowered by artificial intelligence. Now, Anthropic is holding back public access entirely. Access goes only to a select group of tech firms through a special program meant to spot weaknesses early. The move comes as others in tech worry just as much about misuse. Safety outweighs speed when the stakes involve advanced systems. Still, experts suggest such progress brings both danger and potential. Though risky, new tools might help uncover flaws early - shielding networks ahead of breaches. 

Yet success depends on collaboration: firms, officials, and digital defenders must reshape how they handle code fixes and protection strategies. Without shared initiative, gains could falter under old habits. Now shaping the digital frontier, advancing AI shifts how threats emerge and respond. With speed on their side, those aiming to breach systems find new openings just as quickly as protectors build stronger shields. Staying ahead means defense must grow not just faster, but smarter - matching each leap taken by adversaries before gaps widen.
Read more »
Session Hijacking
Browser Security cyber theft Cybersecurity Threats Data protection Device Bound Session Credentials Endpoint security Google Chrome security Infostealer Malware Session Hijacking

Chrome Advances User Protection with new Infostealer Mitigation Features


 

Google Chrome has taken a significant step toward hardening browser-level authentication security in response to the growing threat landscape by introducing Device Bound Session Credentials in its latest Windows update. 

As part of Chrome 146, this mechanism has been developed to address a long-standing vulnerability in web session management by preventing authenticated sessions from being portable across devices. It is based on the use of hardware-backed trust anchors that bind session credentials directly to the user's machine, thereby significantly increasing the barrier to attackers attempting to reuse stolen authentication tokens. 

With the implementation of cryptographic safeguards at the device level, the update reflects a broader shift in browser security architecture towards reducing the impact of credential theft rather than merely addressing it. This foundation is the basis for Device Bound Session Credentials, which generate a unique public/private key pair within secure hardware components, such as the Trusted Platform Module of Windows systems, which is used to authenticate sessions.

By design, session credentials cannot be replicated or transferred even if they are compromised at the software layer, as these keys are not exportable. With the feature now available to Windows users, and Mac OS support expected in subsequent versions, it addresses the mechanics of modern session hijacking. 

A typical attack scenario involves the execution of malicious payloads which launch informationstealer malware, which harvests cookies stored on your browser or intercepts newly established sessions unknowingly. For example, LummaC2 is one of the prominent infostealer malware families. 

The persistence of these cookies often beyond a single login instance gives attackers a durable means of unauthorized access, bypassing traditional authentication controls such as passwords and multi-factor authentication systems, and allowing them to bypass these controls. 

In addition to disrupting the attack chain at a structural level, Chrome's latest enhancement also limits the reuse and monetization of stolen session data across threat actor ecosystems by cryptographically anchoring session validity to the originating device.

Initially introduced in 2024, the underlying security model combines authentication with hardware integrity in order to ensure that authentication is linked to a user identity as well as hardware integrity. By cryptographically assuring each active session with device-resident security components, such as the Trusted Platform Module on Windows and Secure Enclave on macOS, this is accomplished. 

The hardware-supported environment generates and safeguards asymmetric key pairs that are used to encrypt and validate session data, while the private key is strictly not transferable. Consequently, even if session artifacts such as cookies were to be extracted from the browser, they would not be capable of being reused on another system without the appropriate cryptographic context. 

By ensuring that session validity is intrinsically linked to the device that generated it, this design shifts the attack surface fundamentally. During the lifecycle of a session, the mechanism introduces an additional verification layer. It is essential for the browser to demonstrate possession of the private key associated with the short-lived session cookies to the server in order to grant and renew them. 

Rather than being a static token, each session is effectively a continuously validated cryptographic exchange. The system defaults to conventional session handling in environments without secure hardware support, preserving backward compatibility. 

Early telemetry indicates that the approach is already altering attacker economics by a measurable decline in session theft attempts. As part of the collaboration between Microsoft and the organization, the architecture is designed to evolve into an open web standard, while also incorporating privacy-centric safeguards. 

The use of device-specific, non-reusable keys prevents cross-site correlations of user activity by design, enhancing both security and privacy without adding additional tracking vectors to the system. The framework is designed to integrate easily with existing web architectures without imposing significant operational overhead upon service providers on an implementation level. 

Google Chrome assumes responsibility for key management, cryptographic validation, and dynamic cookie rotation for hardware-bound session security, resulting in minimal backend modification needed to implement hardware-bound session security. 

In this manner, the protocol maintains compatibility with traditional session handling models while simultaneously adding an additional layer of trust beneath them. Additionally, the protocol is designed according to strict principles of data minimization: only a per-session public key is shared for authentication, thus preventing the exposure of persistent device identifiers and minimizing the risk of cross-site tracking. 

Under the supervision of the World Wide Web Consortium and Microsoft, the Web Application Security Working Group has developed this open standard in consultation with identity platform providers such as Okta, ensuring interoperability across diverse authentication ecosystems. After a controlled deployment in 2025, early results indicate a significant decrease in session hijacking incidents. This reinforces our confidence in its broader rollout, which is now available for Windows in Chrome 146 and is anticipated for macOS in the near future. 

At the same time, development efforts are underway to extend capabilities to federated identity models, enable cross-origin key binding, and utilize existing trusted credentials, such as mutual TLS and hardware security keys, while exploring software-based alternatives to broaden enterprise adoption. Despite the introduction of hardware-based protections, adversarial adaptation has not been eliminated. 

There have been emerging bypass techniques targeted at Chrome's Application-Bound Encryption layer, largely through the misuse of internal debugging interfaces that were originally intended to facilitate the development and remote management of Chrome. It is possible to circumvent traditional safeguards by enabling remote debugging over designated ports, which enables attackers to extract cookies directly from the browser rather than resorting to more detectable methods such as memory scraping and process injection.

With regard to this method, observed with infostealer strains such as Phemedrone, it is comparatively stealthy since it takes advantage of legitimate browser functionality to evade conventional detection mechanisms. Browser processes initiated with debugging flags and anomalous activity targeting common ports such as 9222 are indications of compromise. 

The Application-Bound Encryption technology was initially adopted for Windows environments, however similar techniques have been demonstrated to bypass protections across macOS and Linux environments, as well as native credential storage systems. Despite the ongoing efforts to comprehensively attribute malware families, the underlying vector suggests an overall pattern of exploitation that could be replicated across the threat landscape if comprehensive attribution remains incomplete. 

As a result, security teams will note that there remains a persistent “cat-and-mouse” dynamic in identity and access management, in which defensive innovations are quickly countered with countermeasures. Within weeks of the initial release of the feature, bypass strategies were emerging, demonstrating the need to monitor continuously, harden configurations, and apply layered defense strategies in order to maintain session-based authentication integrity. 

The development illustrates the broader need for organizations to move beyond single-layer defenses and adopt a multi-tiered, multi-layered security posture. While hardware-bound session protection represents a significant advancement, its effectiveness ultimately depends on complementary controls across the environment. 

Consequently, security teams should enforce strict browser configurations, monitor for anomalous debugging activity, and restrict the access to remote management interfaces. Further reducing the window of exploitation can be achieved by integrating endpoint detection with identity-aware access controls, as well as shortening session lifespans and ensuring continuous authentication checks. 

The browser vendors should continue to refine these mechanisms, so enterprises should align their defensive strategies accordingly. Session security should be treated as an evolving discipline requiring ongoing vigilance and adaptive response, rather than a fixed safeguard.
Read more »
Vulnerabilities and Exploits
ai model files CERT LLMs SGlang Vulnerabilities and Exploits

Critical SGLang Vulnerability Allows Remote Code Execution via Malicious AI Model Files

 



A newly disclosed high-severity flaw in SGLang could enable attackers to remotely execute code on affected servers through specially crafted AI model files.

The issue, tracked as CVE-2026-5760, has received a CVSS score of 9.8 out of 10, placing it in the critical category. Security analysts have identified it as a command injection weakness that allows arbitrary code execution.

SGLang is an open-source framework built to efficiently run large language and multimodal models. Its popularity is reflected in its development activity, with more than 5,500 forks and over 26,000 stars on its public repository.

According to the CERT Coordination Center, the flaw affects the “/v1/rerank” endpoint. An attacker can exploit this functionality to run malicious code within the context of the SGLang service by using a specially designed GPT-Generated Unified Format (GGUF) model file.

The attack relies on embedding a malicious payload inside the tokenizer.chat_template parameter of the model file. This payload uses a server-side template injection technique through the Jinja2 templating engine and includes a specific trigger phrase that activates the vulnerable execution path.

Once the victim downloads and loads the model, often from repositories such as Hugging Face, the risk becomes active. When a request reaches the “/v1/rerank” endpoint, SGLang processes the chat template using its templating engine. At that moment, the injected payload is executed, allowing the attacker to run arbitrary Python code on the server and achieve remote code execution.

Security researcher Stuart Beck traced the root cause to unsafe template handling. Specifically, the framework uses a standard Jinja2 environment instead of a sandboxed configuration. Without isolation controls, untrusted templates can execute system-level code during rendering.

The attack unfolds in a defined sequence: a malicious GGUF model is created with an embedded payload; it includes a trigger phrase tied to the Qwen3 reranker logic located in “entrypoints/openai/serving_rerank.py”; the victim loads the model; a request hits the rerank endpoint; and the template is rendered using an unsafe environment, leading to execution of attacker-controlled Python code.

This vulnerability falls into the same class as earlier issues such as CVE-2024-34359, a critical flaw in llama_cpp_python, and CVE-2025-61620, which affected another model-serving system. These cases highlight a recurring pattern where unsafe template or model handling introduces execution risks.

To mitigate the issue, CERT/CC recommends replacing the current template engine configuration with a sandboxed alternative such as ImmutableSandboxedEnvironment. This would prevent execution of arbitrary Python code during template rendering. At the time of disclosure, no confirmed patch or vendor response had been issued.

From a broader security lens, this incident reinforces a growing concern in AI infrastructure. Model files are increasingly being treated as trusted inputs, despite their ability to carry executable logic. As adoption expands, organizations must validate external models, restrict execution environments, and continuously monitor inference systems to reduce the risk of compromise.

Read more »
Healthcare Cyber Attack
ChipSoft ransomware attack Cyber Attacks cybersecurity in healthcare CyberSecurity Ransomware Attacks Healthcare Cyber Attack

ChipSoft Ransomware Attack Disrupts Dutch Healthcare Systems and HiX EHR Services

 

A sudden cyberattack targeting ChipSoft triggered widespread interruptions in essential health IT operations throughout the Netherlands, leading officials to isolate key network segments. While public access tools went down, medical staff also lost functionality within core administrative environments - prompting urgent questions around resilience under pressure and protection of sensitive records. 

Because of the cyberattack, ChipSoft shut down multiple services such as Zorgportaal, HiX Mobile, and Zorgplatform to limit possible damage. Hospitals across the nation rely on ChipSoft's main system, HiX, making it a key player in digital medical records. As a result, clinics received warnings urging them to cut connections to ChipSoft platforms until safety is confirmed. Preventive steps like these aim to reduce risks while experts handle the breach. 

Later came confirmation via local news outlets, following early signals from public posts on the web. A company-issued message raised concern, citing signs of intrusion into operational systems. This notice hinted at data exposure without confirming full compromise. Not long afterward, official classification arrived: Z-CERT labeled it a ransomware event. Coordination across impacted health entities started under their guidance. Outages began spreading through several hospitals after the incident unfolded. Sint Jans Gasthuis in Weert felt effects early, followed by disruptions at Laurentius Hospital in Roermond. Digital tools slowed down or stopped working altogether at VieCuri Medical Center in Venlo. 

Flevo Hospital in Almere also saw restricted system availability soon afterward. Even though certain departments kept running, performance gaps between locations revealed deeper weaknesses. When cyber incidents strike, medical technology networks often struggle more than expected. Healthcare tech firms often serve many hospitals at once, making them prime targets for ransomware attacks. 

When one falls victim, consequences tend to ripple through linked facilities without warning. Patient treatment slows down, daily operations stumble, records become unreachable. Despite mentioning efforts to reduce harm, ChipSoft has shared little about what information might be exposed. Confirmation on how deep the breach goes remains absent so far. After this event came several earlier breaches across medical tech companies worldwide - proof of rising exposure. 

With hospitals shifting more operations online, criminals now zero in on those holding vast amounts of vital data. Sometimes it's not about speed but access; value draws attention over time. Systems once isolated now face constant probing from distant actors watching for gaps. Right now, work continues to regain control - officials alongside digital defense units are measuring harm while bringing services back online. 

This breach by ChipSoft highlights once more how vital strong cyber protections are within medical infrastructure, since short outages might lead to severe outcomes beyond screens.
Read more »
Subscribe to: Comments (Atom)