Search This Blog

Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Centre Orders Blocking of Battery Management Apps Exploited to Disable E-Rickshaws


After the Central Government discovered that seven battery management system (BMS) mobile applications were being misused to remotely disable batteries in electric vehicles and e-rickshaws, the Central Government has ordered the blocking of those applications. In multiple locations across India, this disruption disrupted services and enabled extortion. 


MeitY Secretary S. has directed Google and Apple to remove seven identified applications from their respective app stores on Android and iOS by the Ministry of Electronics and Information Technology (MeitY). In order to ensure applications that may threaten public safety or facilitate unlawful activities are not made available to users, Krishnan said app marketplaces must exercise due diligence. 

In response to reports that battery management apps primarily developed by Chinese companies for monitoring lithium-ion battery packs were being exploited by e-rickshaw drivers to shut down the vehicles while passengers were aboard. Authorities stated that while the applications are designed for proper battery management, they can be misused if battery systems are not properly protected by passwords or PINs. 

In the government's view, removing these apps from digital platforms will not eliminate the vulnerability completely, since Bluetooth connectivity is required in place of internet access to exploit this vulnerability. Thus, even after apps are blocked, unsecured battery management systems remain vulnerable to unauthorized access. Video clips circulated on social media showing e-rickshaws suddenly stopping on public roads attracted nationwide attention to this issue. 

The existing certification standards for e-rickshaws in India do not include cybersecurity requirements, which can result in potential misuse of connected battery systems. This vulnerability has already led to criminal activity. Police in Ujjain, Madhya Pradesh, arrested a suspect who has been accused of remotely disabling batteries from e-rickshaws and demanding compensation from their drivers. 

Local authorities claim the accused abused the flaw by deliberately immobilizing vehicles and charging drivers for assistance. A criminal offence involving intentionally disabling vehicles is considered to be an offence and can be prosecuted under applicable provisions of the Bharatiya Nyaya Sanhita (BNS) relating to criminal mischief. 

Concerns have been raised regarding the cybersecurity risk associated with connected electric vehicles and battery management systems following the incident. In order to prevent such misuse and safeguard public transportation operations, observers say stronger security controls are needed to prevent similar misuse, including authentication mechanisms and cybersecurity standards for electric vehicle components. 

A government intervention highlights the challenges facing connected electric mobility in terms of cybersecurity. Since software increasingly controls the functions of critical vehicle systems, stronger security standards, authenticated access controls, and continuous oversight will be critical in protecting drivers, passengers, and public infrastructure.

Researchers Expose Veil#Drop: A Stealthy Malware Chain Delivering PureLog Stealer via Blogspot

 

 
Threat researchers at Securonix have identified an advanced, multi-layered malware delivery operation that leans on hacked websites and social-engineering tactics to plant information-stealing malware on victims' systems.

Tracked under the name Veil#Drop, the campaign chains together JavaScript launchers and PowerShell download routines to fetch and run malicious code hosted on Blogspot — a platform sitting on Google's reputable infrastructure, which helps the activity blend in with legitimate traffic.

The attack kicks off when a target opens a JavaScript file disguised to look like an ordinary document. Once triggered, the script fires off PowerShell commands built to slip past execution-policy restrictions, then reaches out to attacker-run Blogspot pages to pull down further payloads.

Those Blogspot-hosted stages carry out several actions at once: they show a decoy document to keep the victim unaware, shut down certain running processes, and decrypt hidden content. The unpacked code then spins up more Blogspot links and runs the next payloads straight from memory, leaving little behind on disk.

According to Securonix, a follow-on loader stores XOR-scrambled .NET assemblies inside oversized embedded data blocks. These are rebuilt and unscrambled only while the malware is running, a technique that frustrates static inspection and weakens signature-based defenses.

The operation is also engineered with redundancy in mind, relying on backup execution paths and misusing legitimate, Microsoft-signed Windows binaries (living-off-the-land binaries, or LOLBINs) to run code while sidestepping security tools. Securonix notes that the mix of compromised sites, files masquerading with multiple extensions, trusted cloud hosting, obfuscated payloads, reflective in-memory .NET loading, and LOLBIN abuse reflects a calculated push to dodge conventional antivirus products, minimize forensic traces, and stay hidden throughout the intrusion.

The endgame is infection with PureLog Stealer, a .NET-based data thief. Once installed, it profiles the compromised machine and begins scraping data from a wide range of browsers, including Google Chrome, Microsoft Edge, Firefox, Brave, Opera, and other Chromium-based options.

Its targets include saved credentials, cookies, autofill entries, session tokens, and browsing history, and it actively hunts for cryptocurrency wallet data on the device. Beyond browsers, PureLog Stealer can pull information from messaging apps, email clients, remote-access utilities, FTP tools, cloud-storage software, developer applications, and password managers. Everything it collects is bundled up and transmitted to attacker-controlled servers in encrypted form.

Because the stealer casts such a wide net, Securonix warns that compromising a single endpoint could open the door to a much larger breach, depending on the secrets — credentials, tokens, and keys — stored on that machine. In corporate settings, the firm points out, info-stealers often serve as the opening move in bigger campaigns, with harvested logins later fueling ransomware deployment, data-theft operations, business email compromise, or drawn-out espionage.

India Considers Separate AI Regulatory Framework as Government Signals Policy Shift

 

The Indian government is considering a law to govern artificial intelligence (AI) systems, signaling a shift from its previous approach of relying solely on existing information technology laws. Senior officials from the Ministry of Electronics and Information Technology (MeitY) stated that the current developments in this space are so significant that they require legislation. 

Speaking at an industry event this week, MeitY Secretary S. Krishnan said that consultations on laws governing AI had already begun. Both Krishnan and Union IT minister Ashwini Vaishnaw had previously stated that the government would consider separately legislating for AI at an appropriate time, and he added that the moment appeared to be now. 

Existing laws were largely sufficient to address deepfakes or AI-manipulated media, as well as misinformation, fraud, and other issues, he argued, but this was no longer the case as AI became more sophisticated and started to be integrated into critical industries. The new framework would provide guidance on the development of these systems while also protecting citizens, businesses, and critical infrastructure. 

While the government did not set a deadline for legislation, Krishnan noted that MeitY could begin drafting proposals for approval, with the framework then being debated and approved by Parliament. India is not alone in this endeavor as policymakers globally are considering steps to govern AI. A growing number of countries have been looking at laws and policies that seek to address potential risks to privacy, national security, intellectual property, and more while also encouraging innovation. 

The move also marks a notable shift in approach for India, which has largely promoted a lax regulatory environment for technology and adopted a voluntary approach to AI governance, with laws and policies focusing on promoting innovation and adopting existing frameworks for oversight. 

A separate law could add another layer of oversight while also supporting India’s broader ambitions in this space, including IndiaAI Mission, as it looks to promote and bolster its AI ecosystem alongside its digital transformation initiatives. 

Industry stakeholders will also be able to contribute to the process as the government considers its proposals. The law would promote responsible innovation and address risks posed by increasingly ubiquitous and sophisticated AI systems, officials added.

WhatsApp Appoints CRED Founder Kunal Shah as New Global Head

 

In a landmark move for the global tech industry, WhatsApp announced in June 2026 that its long-serving head Will Cathcart will step down, with Indian fintech founder Kunal Shah appointed as his successor. This transition marks the first time an Indian entrepreneur will lead one of the world's largest messaging platforms, which boasts over three billion monthly active users. The announcement coincides with Meta's substantial $900 million investment in Shah's credit-card rewards platform, CRED, valuing the fintech company at $4.5 billion. 

Will Cathcart has led WhatsApp since 2019, overseeing a period of rapid expansion and navigating complex challenges around encryption, misinformation, and regulatory scrutiny across multiple continents. During his seven-year tenure, the platform evolved from a simple messaging app into a comprehensive communication ecosystem with business tools, payments integration, and enhanced privacy features. 

Cathcart will not depart Meta entirely; instead, he transitions to a newly created division focused on developing next-generation consumer products using artificial intelligence technologies. Meta CEO Mark Zuckerberg expressed enthusiasm about continuing close collaboration with Cathcart in this innovative capacity, signaling the company's strategic pivot toward AI-driven product development. 

Kunal Shah, 42, is no stranger to building successful technology ventures, having previously co-founded FreeCharge—an online recharge platform acquired by Snapdeal in 2015—before launching CRED in 2018. CRED quickly became one of India's most prominent fintech platforms, offering a members-only credit-card payment and rewards service that recently achieved its first profitable quarter in 2026. 

As part of this leadership transition, Shah will relocate from Bengaluru to Meta's headquarters in Menlo Park, California, stepping away from day-to-day operations at CRED while remaining a shareholder. Miten Sampat, who has led strategy and finance at CRED since 2020, assumes the role of interim CEO. 

The $900 million investment secures Meta a 20 percent minority stake in CRED, reflecting the tech giant's confidence in Shah's vision and India's digital payments ecosystem. Shah emphasized on social media that Meta's investment does not grant access to CRED member data, maintaining the platform's privacy commitments. 

This deal positions Meta deeper into India's fintech landscape while leveraging Shah's expertise in building trusted, user-centric platforms—a critical asset as WhatsApp continues expanding its payment and business services globally. The timing underscores Meta's broader strategy of integrating financial services within its social and communication products, with Shah's appointment expected to accelerate WhatsApp's monetization efforts in emerging markets.

BeyondTrust Patches Four Vulnerabilities in Remote Support and PRA

 




BeyondTrust has released security updates to remediate four vulnerabilities affecting its Remote Support (RS) and Privileged Remote Access (PRA) solutions, including two Critical authentication bypass flaws that could allow attackers to gain unauthorized access to vulnerable appliances under specific deployment configurations. The products are commonly used by organizations to deliver remote technical support and manage privileged access to enterprise systems, making them attractive targets because they often provide administrative access to critical IT environments.

The most severe issues originate within the products' authentication mechanisms, which verify user identities before granting access. Because the vulnerabilities can be triggered before the authentication process is completed, successful exploitation may allow attackers to bypass an important security control without first supplying valid credentials.

One of the Critical vulnerabilities, tracked as CVE-2026-40138, carries a CVSS score of 9.2 and affects both BeyondTrust Remote Support and Privileged Remote Access. According to the advisory, the flaw stems from improper validation of authentication data within the authentication subsystem. Under specific authentication configurations, a network-positioned attacker could bypass access controls and obtain unauthorized access to the appliance, including accounts with elevated privileges.

BeyondTrust also addressed CVE-2026-40139, another Critical vulnerability assigned a CVSS score of 9.2 that impacts Remote Support. The issue results from improper processing of authentication requests and could enable an unauthenticated remote attacker to circumvent authentication controls and gain unauthorized access to affected appliances, including privileged accounts. Similar to CVE-2026-40138, exploitation depends on a particular authentication configuration being enabled, meaning the exposure varies according to how affected environments are deployed.

In addition to the authentication bypass flaws, the company disclosed CVE-2026-40140, a High-severity vulnerability with a CVSS score of 8.7 affecting the network communication subsystem. The issue arises from insufficient validation of client-supplied input and could allow an unauthenticated remote attacker to trigger a denial-of-service (DoS) condition, disrupting the availability of vulnerable appliances rather than providing direct access to them.

The fourth vulnerability, CVE-2026-40141, received a CVSS score of 8.5 and affects web application components within both Remote Support and Privileged Remote Access. Caused by inadequate validation of user-supplied input, the flaw could enable an authenticated user with limited privileges to access resources or information beyond their intended authorization. BeyondTrust noted that exploitation of this vulnerability is limited to accounts that already possess specific permissions.

The company said the vulnerabilities were identified during ongoing internal security assessments with assistance from publicly available artificial intelligence models, including Anthropic Claude Opus 4.8, alongside BeyondTrust's proprietary security research tooling. The use of AI-supported analysis reflects a growing trend of incorporating large language models into vulnerability research to assist security teams in identifying potential weaknesses alongside conventional testing techniques.

According to BeyondTrust, the most severe vulnerabilities could allow authentication bypass and unauthorized access when affected systems are configured in specific ways. The remaining flaws could result in service disruption, unintended access to data, or expanded privileges for authenticated users under defined conditions, potentially affecting the confidentiality, availability, and integrity of vulnerable systems.

The vulnerabilities have been resolved in Remote Support version 25.3.3 and later and Privileged Remote Access version 25.3.3 and later. Organizations running version 25.3.2 or earlier of either product are advised to upgrade to the latest available release to mitigate the disclosed risks.

BeyondTrust stated that it has not observed evidence of the newly disclosed vulnerabilities being exploited in the wild. Nevertheless, the company noted that its Remote Support and Privileged Remote Access products have previously been targeted by threat actors. Earlier vulnerabilities, including CVE-2024-12356 and CVE-2026-1731, were exploited to deploy web shells and backdoors on compromised appliances, demonstrating the continued interest of attackers in enterprise remote access infrastructure. Given that history and the privileged role these products play within enterprise environments, organizations are encouraged to apply the available security updates promptly to reduce their exposure to potential attacks.

Flipper Zero Firmware Continues With New Community Rules


Flipper Devices said it will continue the development of the Flipper Zero firmware, with more reliance on community contributions and a smaller internal team.

New devices 

The announcement came after Flipper decided on building new devices such as Flipper One open Linux platform, where the organization shifted to the community’s help to finish development.

Besides this, Flipper also launched a Buy Bar device for people with Attention Deficit Hyperactivity Disorder (ADHD) to reduce interruptions, which will be open for sale on July 14 in the US, U.K, Canada, and Europe.

Limited production 

Flipper Devices said that the genuine firmware for the Flipper Zero portable pen-testing device will still continue, but full-time feature production ends now.

The first major stable release- Flipper Zero Firmware 1.0, was announced in September last year, after three years of development. The latest stable launch is variant 1.4.3, out since December last year.

By then, the company felt that the firmware was matured, with APIs and a stable SDK and all features implemented safely.

Backlash from community

Recently, the team hinted that firmware development was shut down, resulting in strong backlash from people. “We've seen the strong reaction from the community over the idea that we've stopped developing the Flipper Zero firmware,” Flipper said in a blog post. "We want to address this and let you know that we've heard all your feedback and have decided to rethink our approach to maintaining the project and engaging with the community," Flipper added.

Flipper's response

To address the concerns, Flipper has made a new technique for the project that depends on closer communication with supporters to keep firmware development in process.

The project will continue with a few resources and in a new way to communicate with the community, such as:

  • Interactions will only happen via GitHub Discussions, where new requests may be voted too.
  • Flipper Zero requests will be seen weekly.
  • Community pull requests will be considered with strict review guidelines.
  • Firmware modifications to require compulsory integration and regression analysis, and will be open to the community. 

“We're moving all requests from the Flipper Zero community to GitHub Discussions. Now you can 🤚 vote for feature requests that really matter, so we can see what the community actually wants and prioritize them,” Flipper said.

Five Eyes Warn AI-Powered Cyberattacks Could Outpace Defenses Within Months


 

A Five Eyes intelligence alliance has issued an urgent warning, warning that advanced artificial intelligence could soon allow cyberattacks capable of overwhelming government and enterprise defenses. They urge companies to strengthen their cybersecurity before these threats become reality. 

The alliance, comprising the United States, the United Kingdom, Canada, Australia, and New Zealand, announced on Monday that frontier artificial intelligence models are expected to transform offensive and defensive cyber operations in the coming months, rather than years, according to the alliance. According to the agencies, rapidly advancing artificial intelligence capabilities are lowering the barriers to cybercrime by facilitating faster, more sophisticated attacks. 

Several recent U.S. restrictions on foreign access to Anthropic's most advanced AI systems were prompted by concerns about their cybersecurity capabilities. This warning comes amid growing concern over the security implications of next-generation AI models. It was requested by intelligence partners that governments and businesses strengthen their cyber resilience immediately. 

There are several recommended measures, including patching known software vulnerabilities, modernizing legacy infrastructure, enforcing stricter access controls, and investing in proactive security monitoring. In addition to acknowledging the trend of threat actors adopting artificial intelligence to accelerate cyber operations, the alliance also stressed that this technology can significantly strengthen defenses.

Security tools powered by artificial intelligence can be used to identify vulnerabilities earlier, detect suspicious activity in real-time, improve software quality, and respond to incidents more quickly. According to cybersecurity experts, the warning is of particular significance to small and medium-sized companies, which may lack the resources and mature security programs found in large corporations. 

AI-driven attacks are likely to present the greatest risk to organizations with outdated systems and weak security controls as they become more accessible. Furthermore, the statement highlights the growing debate on AI governance. The debate between governments and industry continues, however experts contend that regulatory efforts have not kept pace with the rapid development of frontier AI models. 

echnology leaders and security researchers have recently called for a more transparent and scientifically based approach to artificial intelligence risk assessment while ensuring defensive security capabilities continue to advance. A Five Eyes warning emphasizes that artificial intelligence is rapidly transforming the cyber threat landscape. 

Organizations that are proactive in strengthening their security posture and integrating artificial intelligence into their defense systems will have greater success defending themselves against the next generation of cyber threats. The Five Eyes warning reflects a growing consensus that artificial intelligence is transforming cyber threat landscapes at a historic pace. 

Organizations with a strong resilience strategy, modernized security infrastructure, and responsible adoption of AI-driven defenses will be better prepared to deal with the next generation of cyber threats as offensive capabilities evolve.

Proxy Servers Power More Than Cybersecurity, Emerging as a Backbone for AI and Digital Businesses

 

Proxy servers are commonly linked with cybersecurity and online privacy, with much of the public conversation focusing on their association with cybercrime. However, beyond these concerns, proxy servers have become an essential part of modern business operations, research activities and emerging technologies, particularly artificial intelligence (AI).

According to Proxyway's annual market report, which has tracked the commercial proxy server industry since 2019, proxy servers play a much larger role in the digital economy than many people realise.

Proxy servers are computers that allow users to access the internet through a different internet connection. By routing traffic through another device, users can obtain a different IP address, making it appear as though they are browsing from another location or internet service provider.

Although they share similarities with virtual private networks (VPNs), proxy servers differ in one important way. Businesses often operate multiple proxy servers simultaneously instead of relying on a single connection, enabling them to collect publicly available web data on a much larger scale, subject to the policies of individual websites.

Beyond cybersecurity, proxy servers have become a key part of legitimate commercial operations. A well-established industry now provides proxy services to businesses across the globe while working towards responsible self-regulation. Several leading providers generate significant annual revenues by offering enterprises tools for large-scale web access and data collection.

Proxyway surveyed 13 major proxy service providers and found that e-commerce remains the biggest area of demand. Businesses use proxy servers to monitor competitors' product listings and pricing, build price comparison platforms, analyse customer reviews to understand market sentiment and support other commercial intelligence activities.

Proxy servers are also used to detect counterfeit products across online marketplaces and verify that digital advertisements appear in the intended locations.

In the travel industry, proxy technology enables online travel agencies and hotel booking platforms to compare prices and secure competitive deals. Digital marketers rely on proxies to track search engine rankings across different locations, while cybersecurity professionals use them to identify malicious applications online. Researchers and academic institutions also depend on proxy networks to gather extensive datasets, including studies examining media representation of women in workplaces.

Supporting AI development

Proxy servers are increasingly becoming an important component of the AI ecosystem.

They help facilitate access to the vast volumes of web data needed to train and update large language models. As AI systems continue to evolve through regular retraining, proxy infrastructure supports ongoing data collection efforts.

The report also highlights the growing role of proxy servers in agentic AI, where autonomous AI systems perform tasks on behalf of users.

For several proxy providers, AI-focused clients now represent a substantial share of their customer base. One major industry participant has reported strong year-on-year growth driven partly by rising demand from AI companies, with annualised recurring revenue increasing significantly and further expansion expected, according to the report.

Industry experts stress that proxy servers themselves are neutral technologies whose impact depends on how they are used. Their applications range from cybersecurity investigations and academic research to commercial operations and AI development.

Many established providers have adopted measures to ensure responsible usage. Residential proxy networks are built by obtaining users' consent and offering compensation to participants who contribute their internet connections.

Providers also conduct customer verification, with some requiring identity documents and video-based authentication. Many restrict access to high-risk websites, including government and financial institutions, while continuously monitoring their networks for misuse.

Several companies have also come together under the Ethical Web Data Collection Initiative, a consortium that aims to promote responsible data collection practices, strengthen public confidence and encourage sustainable industry standards.

While debates continue around AI training practices and the use of publicly available web data, proxy servers remain an important part of the internet's infrastructure, quietly supporting many digital services that people use every day.

Sovereign File Architecture Gains Importance as Enterprises Rethink Cloud Data Control

 

Cloud computing changed enterprise IT by enabling organizations to achieve significant storage scalability and cost savings. Companies quickly embraced the idea of storing data in the cloud because of its flexibility and accessibility. However, because information remains on physical servers, companies are discovering that data is stored in a specific location subject to local legislation. 

This led to the concept of sovereign file architecture, one of the strategies by which organizations seek to store information considering jurisdiction as a critical factor. The data storage strategy is now focused on achieving file sovereignty and residency rather than convenience. Data sovereignty differs from privacy in that the former concerns the primary authority that possesses the right to store and access information, while the latter relates to its geographic location. 

While the early cloud computing innovators placed their data with the most accessible and cost-effective infrastructure, there was little information on where exactly it was stored. This created a sovereignty gap, as the organizations had limited insight into who could access the information and the applicable legal frameworks. At the same time, there are more data residency and sovereignty risks today as countries impose strict regulations and trade barriers while dealing with cybersecurity threats and geopolitical tensions. 

Data residency is a crucial consideration for many organizations, particularly those dealing with sensitive data and operating at a multinational level. Disasters, government restrictions, or geopolitical tensions may render some servers inaccessible, thus necessitating the need to store data in different jurisdictions. Enterprises are now prioritizing storage solutions that give them the most control by allowing them to migrate or place their information as they see fit. 

These factors are driving companies to adopt sovereign file architecture, which is designed to decouple file management from storage. By doing so, organizations satisfy the need to store data in several jurisdictions and maintain flexibility regarding where to store sensitive or non-sensitive information. Enterprises can also utilize a hybrid strategy consisting of private and public storage methods, thus balancing costs and file security. 

Sovereign file architecture allows organizations to remain compliant with the increasingly stringent data residency and sovereignty laws enforced by governments worldwide. Consequently, there is now a growing preference for sovereign file architectures over other options when considering factors such as transparency, legal protection, and control.

Chinese AI Model GLM 5.2 Pushes Open-Weight AI Forward

 




Chinese artificial intelligence company Z.ai, formerly known as Zhipu AI, has introduced GLM 5.2, an open-weight large language model that is attracting attention among developers for combining advanced AI capabilities with the flexibility to run on privately owned hardware. Unlike proprietary AI platforms such as ChatGPT and Claude, which are primarily accessed through cloud-based subscriptions, GLM 5.2 allows developers to download, customize, and deploy the model within their own computing environments, offering greater control over infrastructure, privacy, and operational costs.

The release comes as open-weight AI models continue to narrow the performance gap with leading commercial systems. While proprietary models have traditionally dominated the AI ecosystem with stronger reasoning capabilities, newer open-weight alternatives, including Meta's Llama family, Mistral, and now GLM 5.2, are demonstrating that many enterprise workloads no longer require exclusive reliance on premium cloud-hosted models. Businesses commonly use AI to summarize extensive document repositories, generate and debug software code, automate repetitive workflows, and retrieve information from internal knowledge bases, making cost-efficient deployment an increasingly important consideration.

Unlike fully open-source AI projects that typically publish training code, data processing pipelines, evaluation frameworks, and other development components, open-weight models primarily provide access to the trained model parameters. This enables organizations to fine-tune and integrate the model into their own applications while maintaining considerably more flexibility than closed AI services, where the underlying model remains inaccessible.

Interest in GLM 5.2 has also grown following demonstrations showing the model running locally on high-end Apple systems, including the Mac mini. Although these deployments require powerful hardware, they illustrate how advanced AI models are gradually becoming practical outside centralized cloud infrastructure. For organizations handling sensitive financial information, medical records, intellectual property, or confidential research, local deployment reduces the need to transmit data to third-party platforms, strengthening privacy protections while supporting regulatory compliance and data sovereignty requirements.

Despite its flexibility, GLM 5.2 remains an exceptionally demanding model. Built using a Mixture-of-Experts architecture containing between 744 billion and 753 billion parameters, the model occupies approximately 1.51TB of storage and memory in its original form. Developers therefore rely on quantization, a compression technique that reduces memory requirements by lowering the numerical precision of model weights. Even after aggressive optimization, approximately 240GB of memory is still required to load the model. GLM 5.2 also supports a one-million-token context window, allowing it to process entire software repositories, lengthy technical documentation, and extensive research collections within a single prompt, though doing so places additional demands on system memory.

As organizations continue evaluating how AI should be deployed across their operations, GLM 5.2 reflects a broader industry movement toward flexible AI ecosystems where proprietary, open-weight, and locally hosted models each serve different operational needs. Rather than replacing commercial AI platforms outright, models such as GLM 5.2 provide businesses with additional options to balance performance, cost, security, and data control as enterprise AI adoption continues to evolve.

Free VPNs and Streaming Apps Turn Your Device Into a Criminal Proxy

 

Free VPNs and streaming apps are quietly transforming everyday devices into tools for cybercriminals. Unwitting users are allowing their internet connections to be hijacked and used to mask illegal activity, exposing them to serious security and legal risks. While not all residential proxies are illegal, abusers take advantage of anonymity coupled with cheap, unauthorized residential proxies to perform tasks that may be unethical, if not outright illegal at times. 

Research from Infoblox Threat Intel indicates that the situation is more dire than previously assumed, as nearly two thirds (65%) of its Threat Defense Cloud customers made DNS queries to domains used to access or orchestrate residential proxy networks in 2026, totaling over 500 billion such queries per month. Criminals exploit these proxies for activities like fraud, online ad fraud, fake account creation, unauthorized data scraping, and bypassing regional restrictions on streaming platforms. Because their traffic blends in with legitimate user requests, businesses often struggle to identify and block these threats until real damage has occurred. 

Most users are unaware that their devices are being weaponized. Permission is either buried in the fine print of end-user license agreements or never properly obtained at all. Once inside a network, these apps can silently forward requests from threat actors, who benefit from the anonymity of a residential IP. Victims may later face issues such as flagged accounts, CAPTCHA overload, or extra verification steps, as their IP addresses get tagged by reputation systems for suspicious behavior. 

Certain categories of software are higher risk. Free VPNs, cheap IoT devices from unknown manufacturers, screen-recording or streaming software, and browser extensions can all serve as entry points for residential proxy abuse. These tools often lack transparency about their data and traffic practices, prioritizing monetization over user safety. 

Avoiding this is easier said than done, but there are ways to reduce susceptibility to this kind of abuse. A software audit should be your first line of defense. Knowing what runs on all your devices and whether it is trustworthy or not is key to preventing exposure. Investing in a router or software service that blocks such requests would also go a long way, as would leveraging Protective DNS to monitor your network. To start, users can also use services to monitor and check their IP's risk profile, allowing them to determine whether they are already a victim of abuse.

Council of Europe Data Breach Exposes Records of 10000 Employees After ShinyHunters Leak


 

Council of Europe is investigating a major data breach following the public release of approximately 297 GB of sensitive employee data by cybercriminal group ShinyHunters following the expiration of a ransom deadline. 

An archive has been leaked that contains information regarding more than 10,000 current and former employees, contractors, and job applicants dating from 15 years ago. As one of Europe's leading human rights organizations since 1949, the Council of Europe has been an official observer at the United Nations since 1949. It represents 46 member states and is a central force in promoting democracy, human rights, and the rule of law throughout Europe. 

Since the information it holds is sensitive, the breach of confidentiality is particularly significant. As reported by ShinyHunters, more than 429,000 files, including personnel data, were obtained from multiple Council departments, including human resources and administrative units. This was one of the largest breaches of personal data involving an intergovernmental organization in Europe. 

Information available indicates that payroll records, bank account information, medical information, tax information, social security information, salary histories, personnel files, and thousands of CVs were exposed. Due to the large size of the dataset, identity theft, financial fraud, and highly targeted phishing are significantly more likely to occur. It has been reported that the breach is related to CVE-2026-35273, a critical 9.8-severity zero-day vulnerability affecting Oracle PeopleSoft's Environment Management Hub (PSEMHUB). 

According to security researchers, the vulnerability allowed attackers to execute arbitrary code remotely without authentication. According to Google's Mandiant team, more than 100 organizations had actively exploited the vulnerability prior to Oracle's release of security guidance. Using the zero-day vulnerability in combination with older vulnerabilities, ShinyHunters obtained persistent access, migrated laterally through compromised environments, and exfiltrated data while posing as legitimate users. 

The exploit was conducted between May 27 and June 9, before mitigations were available. ShinyHunters has also altered its extortion strategy significantly following the Council of Europe declining to meet the ransom demand. In response to the Council's refusal to pay the ransom, ShinyHunters announced it would permanently distribute stolen datasets through multiple mirror sites and torrent networks, thereby reducing the likelihood of future takedown efforts.

In addition, the incident adds to the growing number of campaigns involving ShinyHunterS Researchers have recently linked the group to attacks targeting multiple organizations, while Google's threat intelligence team has linked the group's latest activity to widespread exploitation of the Oracle PeopleSoft zero-day vulnerability before mitigations were available. 

According to a brief statement issued by the Council of Europe, the organization was "investigating the matter and assessing the situation." Further comment was not provided. The organization has not yet announced a formal notification process or measures to protect individuals' identities. Zero-day exploitation and data extortion campaigns are becoming increasingly prevalent, with public disclosure increasingly taking precedence over traditional ransomware encryption. 

The threat of persistent leak strategies is increasing, which is why organizations are being urged to strengthen vulnerability management, accelerate patch deployment, and improve incident response to minimize both institutions and individuals' long-term risks.

Critical Bugs In Cursor IDE via Zero-Click Prompt Injection Can Launch RCE


CATO AI labs discovered two critical flaws in the famous AI code editor ‘Cursor’ that could result in remote code execution (RCE) outside the IDE’s sandbox. 

Duneslide

The IDE is employed by more than half of the Fortune 500. Both RCE flaws, called “DuneSlide,” were given a 9.8 CVSS score. The security bugs are tracked as CVE-2026-50548 and CVE-2026-50549.

The bugs demonstrated how prompt injection can move beyond the LLM layer and reveal classical bugs in code paths that were earlier not thought of as part of the attack surface.

A threat actor can exploit either of these bugs to overwrite critical system files (such as cursorsandbox binary), changing sandboxed comments into unsandboxed RCE and resulting in a full system hack on both the victim device and linked SaaS workspaces.

Key takeaways

Bugs found: Cato AI Labs found two separate, critical bugs in Cursor IDE, resulting in non-sandboxed RCEs on the victim’s system.

Arbitrary file write through prompt injection: Via zero-click prompt injection, these bugs could let a threat actor use zero-click prompt injections to write arbitrary files on the target’s local system.

Escaping sandbox and RCE: If leveraged, a threat actor can jump out of the terminal sandbox and attain a full RCE and a complete device exploit.

Zero-click attack vector: The exploit doesn’t need any prior user privileges or particular interaction. It is prompted when a target makes an “makes an innocuous prompt that inadvertently ingests a threat actor-controlled payload from an untrusted source, such as an MCP server or a web search result,” Cato AI Labs reported.

First vulnerability: Parameter altering

The first bug surfaces from how the sandbox creates its security boundaries based on tool parameters. If a sandbox command is executed, Cursor creates a seatbelt policy that allows writing into the present working directory.

This means that a remote hacker cannot command the working directory of a sandboxed operation because coding agents are a unique part of software. But, in this bug, a prompt injection works as the passageway to that part of the code.

Second vulnerability: Symlink failure

The second vulnerability is fully independent of the first and exists in Cursor’s file path resolution edge instances.  It allows hackers to avoid beyond-limits write restrictions via symbolic links.

In most traditional software, an external hacker cannot remotely generate symlinks on the target's system.  In this scenario, a prompt injection changed the Cursor agent to a bridgehead for non-trivial activities that end in a full system compromise. 

JadePuffer Uses AI to Streamline End to End Ransomware Operations


 

Researchers have discovered the first ransomware intrusion conducted almost entirely by an autonomous large language model (LLM) agent, further demonstrating how generative AI and cybercrime are convergent. 

Sysdig researchers were able to detect the campaign by analyzing an attack linked to the JadePuffer threat actor that exploited a critical vulnerability in Langflow to gain initial access. Following reconnaissance, credential harvesting, privilege escalation, lateral movement, persistence, and encryption of data, an AI agent was able to conduct these activities independently. 

Instead of operating as a scripted automation tool, the agent demonstrated an ability to assess its environment, recover from failed actions, and dynamically adjust its approach throughout the intrusion, which highlights a significant shift toward AI-assisted offensive operations with minimal direct human intervention.

During the intrusion, CVE-2025-3248 was exploited, which was a critical unauthenticated remote code execution vulnerability in Langflow that enabled arbitrary Python code execution when the deployment was exposed to the internet. Although patched in April and later added to CISA's Known Exploited Vulnerabilities catalog following active exploitation, internet-exposed Langflow instances remained attractive targets because they commonly stored cloud credentials, API tokens, and application secrets. 

The AI-driven operation then systematically extracted Langflow's PostgreSQL database and profiled the compromised host before expanding its reconnaissance to connected MinIO object storage, enumerating environment variables and sensitive configuration files, and harvesting available credentials. When an API returned XML instead of the expected JSON, the agent automatically adjusted its parsing logic and continued enumeration without manual intervention. 

The operation also established persistence through a cron job configured to contact attacker-controlled infrastructure every 30 minutes. Once persistence and reconnaissance were established, the AI agent moved to the destructive phase of the attack by dynamically refining its execution in response to its environment of target. 

A Sysdig analysis found that the ransomware model modified payloads to satisfy authentication checks, verified that User Defined Functions (UDFs) were present, and signaled that work had been completed before initiating ransomware activity. By using MySQL's AES_ENCRYPT() function, all 1,342 Nacos service configuration records were encrypted, the original configuration_info and history tables were removed, and a README_RANSOM table was created containing the extortion message, Bitcoin payment address, and Proton Mail contact information for negotiations. 

Although the ransom note claimed AES-256 encryption, Sysdig assessed the implementation more closely resembled AES-128 in ECB mode. In addition, the encryption key was generated locally, but was neither retained nor transmitted to attackers' infrastructure.

The researchers also noted the Bitcoin wallet embedded in the ransom instructions matched a public documentation address, suggesting that the LLM reproduced this address from its training data rather than generating an operational payment destination for the ransom. Each captured payload included an explanation in natural language explaining how the actions were carried out, demonstrating the agent's ability to interpret system feedback, diagnose errors, and revise its logic, rather than relying on repetitive scripted retries, throughout the intrusion.

Aside from rapid troubleshooting execution failures, Sysdig also documented the agent's ability to interpret error responses and alter its approach in real time. The model was observed to correct an unsuccessful authentication attempt within 31 seconds by identifying the root cause of the failure rather than repeating the same steps over and over again. There were over 600 distinct payloads recorded throughout the intrusion, which each reflected deliberate progression through sequential attack stages rather than static automation. 

A Bitcoin wallet incorporated into the ransom note was an unresolved anomaly, which precisely matched an address published in Bitcoin developer documentation, an address which is well known for its use. 

Investigators were unable to determine whether the address was reproduced from the training data or if it was deliberately selected by the operator since both references are readily available in technical resources. It is also indicative of a larger evolution in cyber operations assisted by artificial intelligence during the past year. Earlier claims of AI-powered ransomware, including PromptLock, were ultimately linked to controlled research rather than active criminal operations. 

The use of generative artificial intelligence in operational situations has become increasingly evident in recent incidents. Anthropic previously disclosed the use of its Claude Code assistant in extortion against at least 17 organizations under human supervision in an extortion campaign, followed by a largely autonomous state-linked espionage operation using artificial intelligence to develop exploits and facilitate data theft. 

Operator involvement was limited. Similar fabricated credentials were also observed in the JadePuffer campaign, reinforcing the possibility that the unusual Bitcoin addresses observed may have been the result of model hallucinations rather than deliberate malicious intent. Collectively, these incidents demonstrate the ways in which artificial intelligence is automating discrete phases of sophisticated intrusion, reducing the expertise and effort normally required to conduct large-scale offensive operations. 

From a defensive perspective, Sysdig recommends maintaining established security practices. Langflow deployments should be fully patched against CVE-2025-3248 and code execution interfaces should not be exposed directly to the internet. Secrets should be stored in dedicated secrets managers rather than accessible runtime environments. Additionally, the company recommends replacing default signing keys, restricting public exposure, preventing database connections from root accounts, as well as enforcing outbound network controls so that compromised hosts are not able to communicate with command and control systems.

According to Sysdig, autonomous agents are able to detect and exploit new vulnerabilities within hours of their disclosure, which makes runtime detection and behavioral monitoring equally critical as timely patch management.

It was reported by the researchers that indicators of compromise associated with the campaign were released in support of incident response efforts, including the use of CVE-2025-3248 as the initial entry vector, command-and-control infrastructure located at 45.131.66[.]106 with an ongoing beacon program, and a staging server located at 64.20.53[.]230. There are three ransom artifacts associated with the ransom attack, namely the table README_RANSOM, the wallet 3J98t1WpEZ73CNmQviecrnyiWrnqRhWNLy, and the email address e78393397[@]proton[.]me. 

JadePuffer is not regarded by Sysdig as introducing fundamentally new attack techniques, but the researchers consider it to be an important indicator of where offensive capabilities are heading. Creating an environment where autonomous AI agents can individually combine familiar exploitation methods into complete intrusion chains, making every exposed application server, configuration repository, and administrative interface available to the internet a far more attractive target than before. 

The evolution of ransomware has reached an important turning point with the launch of JadePuffer, as autonomous artificial intelligence agents are now capable of executing complex attacks without human assistance. 

AI infrastructure should be secured, credentials exposed to the internet must be rigorously managed, and runtime detection capabilities should be strengthened to identify adaptive behavior before it progresses into a full-scale compromise. With artificial intelligence-assisted attacks on the rise, proactive resilience is as important as rapid patching.

New Bad Epoll Bug Impacts Android and Linux, Allows Root Access


A recently found Linux kernel vulnerability called ‘Bad Epoll’ (CVE-2026-46242) allows an ordinary person without any special privilege to take complete command of a device as a root. This has impacted Linux systems, Android, and servers, and a patch is out to address the flaw. 

Bad Epoll was discovered in the same kernel code where Anthropic’s famous AI model, Mythos, discovered another vulnerability. 

The AI flagged one flaw but missed Bad Epoll. Expert Jaeyoung Chung discovered this one.

About Bad Epoll

Epoll is a Linux feature that allows a program to watch various network connections and files at once. You cannot switch it off as web browsers, network services, and servers, all rely on it.

The flaw is a ‘use-after-free’ bug, where two parts of the kernel clean up the same internal object at once. One cleans the memory while the other one writes it. This small friction allows hackers to attack kernel memory, then rise upward to root.

Detecting the bug

Timing is the catch. A random attempt nearly never lands in the window where the two pathways intersect since it is just roughly six machine instructions wide. On testing platforms, Chung's attack expands that window and tries again without crashing, achieving root roughly 99% of the time.

It is more serious since, according to his account, it can be triggered from within Chrome's renderer sandbox, which prevents nearly all other kernel problems, and it can reach Android, which is not possible with other Linux privilege bugs.

Chung sent the flaw as a zer0-day to Google’s kernelCTF program, and full details can be found on his Github. There are no indications that hackers have used it in real-time. At present, an android variant of compromise exists and the only working code is the kernelCTF PoC.

History of the bug

These two flaws go back to a single 2023 modification to the epoll code. According to Chung, Mythos discovered the first two, now labelled as CVE-2026-43074, with an early patch in 2026.

Additionally, Anthropic said that Mythos discovered linux kernel privilege-escalation bugs, but it did not relate the findings with Bad Epoll. Finding the first one was difficult as race-condition flaws are difficult to detect. But why did the AI miss the second flaw? 

Chung offers two likely reasons:

Small timing window

Lack of evidence during runtime 

North Korean PolinRider Campaign Spreads Malicious Packages Across npm, Go, Chrome, and Packagist

 

North Korean threat actors behind the Contagious Interview campaign have been observed persistently targeting software supply chains by distributing more than 100 malicious packages and browser extensions. Researchers note that the PolinRider campaign is targeting software developers and those in the cryptocurrency space by leveraging popular open-source repositories and developer tools. 

The cybersecurity researchers at Socket have discovered 108 unique malicious packages and browser extensions, resulting in 162 release artifacts. Within the discovered malicious code, the researchers have identified 19 npm packages, 10 Packagist (Composer) libraries, 61 Go modules, and one Google Chrome extension. Researchers note that the threat actors continue to compromise developer accounts and push out malicious code updates each time they gain access to a software repository. 

Researchers have linked the PolinRider campaign to the Contagious Interview supply chain attack, which has been actively targeting developers since at least 2023. In most cases, North Korean hackers impersonate recruiters or business partners on social media platforms and code repositories, luring targets into installing malicious software during the interview process. 

The PolinRider threat group was first detected this year when cybersecurity analysts identified hundreds of GitHub repositories with hidden JavaScript code that downloads an updated version of the BeaverTail malware. According to the researchers, almost 2000 GitHub repositories and 1000+ unique owners have been compromised by the PolinRider campaign as of April 2026. 

Researchers suggest that attackers are not compromising the GitHub servers directly but rather hijacking developer accounts on the platform. The initial access to the developer accounts is achieved through either the domain takeover or account recovery process. Attackers compromise the developers’ Visual Studio Code accounts or npm account, where they then install a malicious Visual Studio Code extension or an npm package. 

After the initial compromise, the attackers’ BeaverTail malware searches the project directory for the most common JavaScript configuration files and other relevant files such as Tailwind CSS, Next.js, Babel, and ESLint files. It then stealthily inserts malicious code into the files. Additionally, the malware tampers with the Git commit history to hide its tracks by overwriting commit messages and timestamps. 

The latest updates to the BeaverTail malware now download the second stage of encrypted payloads from the blockchain network. Attackers have been observed using TRON, Aptos, and BNB Smart Chain blockchain networks to host the payloads. The decrypted payloads then deploy remote access malware, including DEV#POPPER RAT and OmniStealer, to exfiltrate data from the compromised systems. Researchers recommend that developers who have installed any of the compromised packages should treat their systems as compromised.

The users should update their compromised accounts, including SSH keys and tokens, from a different machine if possible. Additionally, the developers should delete the malicious versions of the packages and re-install the project dependencies using a trusted package manager lock file. Lastly, the developers should review their commits, tasks, and files for any suspicious activities or unauthorized changes.

AI-Powered Antivirus: How Next-Gen Software Predicts and Stops Threats

 

Antivirus software has undergone a profound transformation, shifting from reactive signature matching to proactive behavior prediction. Where traditional tools once relied on databases of known malware fingerprints, modern solutions now leverage machine learning, behavioral analysis, and real-time monitoring to identify suspicious activity before an attack fully unfolds. This evolution is essential as cybercriminals deploy polymorphic code, fileless malware, and zero-day exploits faster than legacy defenses can adapt. 

Historically, antivirus programs functioned like a bouncer checking IDs against a blacklist of known troublemakers. If a file matched a stored signature, it was blocked; if not, it slipped through undetected. This model worked when malware evolved slowly, but today’s threat landscape moves at lightning speed. Polymorphic malware mutates its code with each infection, metamorphic variants rewrite themselves entirely, and zero-day attacks exploit freshly discovered vulnerabilities before patches exist. Signature databases, while still useful, increasingly lag behind the pace of malicious innovation, leaving systems exposed to novel or rapidly changing threats. 

Modern antivirus flips the script by focusing on behavior rather than identity. It monitors API calls, memory access patterns, encryption bursts, and unusual network traffic to spot anomalies. For instance, a process that suddenly begins locking files across a network, disabling security services, or contacting unfamiliar servers at odd hours raises red flags—even if it has no known signature. This behavior-first approach is critical against ransomware and fileless attacks that operate in memory or hijack legitimate tools to avoid detection. Anomaly detection establishes a baseline of “normal” system activity and alerts on deviations, enabling early intervention before damage spreads. 

Machine learning supercharges this capability by training models on vast datasets of both clean and malicious files. These algorithms learn subtle patterns linked to malware—suspicious code structures, odd execution paths, or risky permission requests—and assign risk scores to files and processes. Decision trees, support vector machines, and neural networks each contribute to layered evaluations that reduce false negatives for unseen threats. Companies like Microsoft, CrowdStrike, and SentinelOne deploy such models at scale, continuously refining them with telemetry from millions of endpoints. The result is a system that generalizes from past attacks to catch new ones, even without an exact signature match. 

The ultimate aim is prediction: intercepting malware in its earliest stages using sandboxing, dynamic analysis, and integration with broader security stacks like endpoint detection and response (EDR). Suspicious files are detonated in isolated environments to observe their behavior safely, while EDR tools trace attack chains across networks. Yet AI is a double-edged sword—attackers also use it to craft evasive malware that adapts to detection systems. False positives and privacy concerns from heavy telemetry remain challenges. For most users, built-in tools like Microsoft Defender and Apple’s XProtect offer strong baseline protection, but layered security and user vigilance against phishing are still essential.

Report Details Alleged $1 Million Payment to Kairos After Data Theft

 



A newly published investigation has offered an unusual look inside a cyber extortion case in which a U.S. government organization is believed to have paid about $1 million after attackers stole sensitive data from its network. The analysis, conducted by Rakesh Krishnan for Ransom-ISAC, draws on leaked negotiation conversations and cryptocurrency transaction records to reconstruct how the incident unfolded.

The case stands out because the attackers, operating under the name Kairos, do not appear to have used traditional ransomware. According to the report, investigators found no evidence that the group encrypted computer systems or provided victims with decryption keys. Instead, the attackers allegedly copied confidential files and demanded payment in exchange for keeping the stolen information private.

Although the report does not identify the victim by name, several details point toward Union County, Ohio. File names referenced during the negotiations included "Union.xlsx," "1 union co psi template.doc," and an archive labelled "union.rar." One collection of files reportedly came from the county prosecutor's office, with the attackers claiming that publishing those records could interfere with criminal cases. During the discussions, the victim also described itself as a small county government with limited financial resources.

The reported incident closely matches a cyberattack disclosed by Union County in May 2025. At the time, county officials announced that personal information belonging to 45,487 current and former employees and residents had been exposed. The compromised records included Social Security numbers, financial information, passport details, fingerprints, and other sensitive data. Neither Union County nor Kairos has publicly confirmed that the leaked negotiations relate to that breach.

The leaked conversations show that the negotiations continued for nearly a month. Kairos initially demanded $3 million, claiming to possess more than two terabytes of stolen information containing around 1.6 million files. The victim responded with progressively higher offers, beginning at $100,000 before increasing to $255,000 and later $430,000. The attackers eventually reduced their demand to $1 million while imposing strict payment deadlines and warning that the most sensitive files would be released if an agreement was not reached.

According to the investigation, the payment was made on June 13, 2025, using approximately 9.44 Bitcoin, valued at roughly $1 million at the time. Blockchain analysis traced the cryptocurrency through several digital wallets before portions of the funds reached addresses linked to the cryptocurrency exchanges Bybit and OKX, as well as the Russian cryptocurrency service BELQI. While blockchain records allow investigators to follow the movement of digital assets, they do not automatically reveal the identities of those controlling the wallets.

The report also questions the value of paying cybercriminals in exchange for promises to delete stolen information. Kairos reportedly supplied what it described as proof that the files had been removed. However, the evidence only showed that the group once possessed the data and could not verify that every copy had actually been destroyed. Security experts have long warned that organizations have no reliable way to confirm whether stolen information has been deleted after a ransom payment.

Beyond the individual case, the investigation reflects a wider change in the cybercrime ecosystem. An increasing number of threat groups are abandoning file encryption and relying solely on data theft and extortion to pressure victims into paying. Sophos reported that only about half of the ransomware incidents it investigated during 2025 involved data encryption, the lowest proportion recorded in six years. Groups such as the Silent Ransom Group have also carried out extortion campaigns targeting organizations by threatening to leak stolen information without deploying ransomware.

The Kairos negotiations also resemble tactics seen in previous cyber extortion cases. Researchers examining leaked internal communications from the Black Basta ransomware operation found similarly prolonged bargaining, with initial multimillion-dollar demands eventually ending in substantially lower settlements. Earlier leaks involving the Conti ransomware group provided comparable insight into how attackers negotiate payments behind the scenes.

Although Kairos' public leak site is no longer online and its last publicly known victim was recorded in June 2026, investigators observed cryptocurrency activity linked to the group's infrastructure as recently as May 2026. The continued movement of funds suggests that the disappearance of a leak site does not necessarily indicate that an operation has ceased.

The case offers several practical lessons for government agencies and other organizations. Strengthening multi-factor authentication, monitoring repeated failed login attempts, watching for unusually large outbound data transfers, separating highly sensitive records from other systems, and preparing a communication strategy before an incident occurs can all reduce the impact of cyber extortion. The investigation also reinforces a point repeatedly emphasized by incident responders: once data has been stolen, there is no dependable way to verify an attacker's promise that it has been permanently deleted.

Massive Azure CLI Password Spray Campaign Targets Microsoft 365, Over 81 Million Login Attempts Detected

 

Cybersecurity company Huntress has uncovered a large-scale password spray campaign targeting Microsoft 365 environments through the Azure CLI, resulting in millions of malicious login attempts and multiple account compromises.

According to the company, between June 12 and June 21, attackers carried out more than 81 million login attempts against customer environments. The campaign led to the compromise of 78 user accounts across 64 organizations.

During the two-week period, threat actors were found compromising between two and four accounts each day. However, activity surged around June 22, when 23 organizations were reportedly affected in a single spike.

Huntress' investigation revealed that the majority of the login attempts originated from Autonomous System (AS) 32167, which is associated with internet hosting provider LSHIY LLC.

“These attacks are part of a large wave of credential spray attacks across a few different ASNs. In the past six months, Huntress has observed the volume of credential spray attacks increase by over 155 times across our customer base,” the cybersecurity company says.

The company also observed a sharp increase in password spray attacks during late May and early June, impacting multiple organizations. Huntress believes the campaign primarily relied on previously compromised username-password combination lists.

As part of the attack, the threat actors exploited the OAuth Resource Owner Password Credentials (ROPC) authentication flow to validate user credentials. Although this authentication method has been deprecated in OAuth 2.1, it still allows attackers to obtain a new user-delegated access token when valid credentials are provided.

Because of this authentication flow, attackers were able to compromise accounts even when multi-factor authentication (MFA) was enabled, provided that MFA policies were not configured to protect the OAuth ROPC authentication process.

“ROPC is considered problematic for several reasons, but one of those reasons is that it doesn’t offer support for modern auth flows like MFA or SSO. That means, as we saw in this campaign, ROPC sends the password straight to the /token endpoint with no interactive MFA prompt,” Huntress explains.

Further analysis of the affected environments showed several weaknesses in MFA implementation. In some organizations, MFA was applied only to specific cloud applications or user groups. Others enforced MFA only for logins from untrusted locations, while some had deployed MFA policies that were never actively enforced.

“It’s worth noting that eight businesses impacted by the campaign had no MFA policy at all. While threat actors in this campaign were able to get in despite MFA being set up, the takeaway should not be that MFA doesn’t work at all; instead, organizations should ensure that their MFA policies are properly configured to address the authorization flow used across these incidents,” the cybersecurity firm notes.

Huntress also traced the attack traffic to IPv6 address ranges linked to LSHIY, an internet infrastructure provider registered in Hong Kong, Wuhan, China, and New York. Previous reports have also associated IPv6 ranges operated under AS32167 and AS955 with infrastructure originating from China.

The cybersecurity firm said it reported the malicious activity to LSHIY through the provider's abuse reporting mechanism but did not receive any response.

AI-Driven Software Development Demands a New Approach to Security Audits

 



Artificial intelligence is rapidly reshaping how software is built, enabling developers to generate code, automate repetitive tasks and accelerate application development. While these tools are helping organizations improve productivity, cybersecurity experts warn that they are also introducing new security and governance challenges that traditional software audits were never designed to address. As AI-generated code becomes more deeply embedded in development workflows, security leaders are being encouraged to expand software audits beyond compliance checks and evaluate how artificial intelligence influences the entire software development lifecycle (SDLC).

Unlike conventional audits, which primarily examine financial records, operational controls and regulatory compliance, modern software audits must determine how AI contributes to software development and whether its use introduces security risks before applications are deployed. This includes identifying which developers are using AI-powered coding assistants, understanding how frequently these tools are used, determining where AI-generated code enters development pipelines, and verifying that approved tools are being used responsibly. Collectively, these activities form what many security professionals now describe as the Agentic Development Lifecycle (ADLC), where governance extends beyond the software itself to the AI systems supporting its creation.

The need for stronger oversight is becoming increasingly urgent. Research has found that one in five organizations has experienced a serious security incident associated with AI-generated code, highlighting how limited visibility into AI-assisted development can expose organizations to unnecessary risk. Without a clear understanding of developer practices and AI tool adoption, Chief Information Security Officers (CISOs) face growing challenges in enforcing security policies, demonstrating regulatory compliance and providing boards with measurable assessments of AI-related risk.

Although AI coding assistants can significantly improve developer efficiency, security specialists caution that they should not be treated as autonomous software engineers. Studies comparing human developers with large language models (LLMs) show that leading AI models can effectively identify issues such as insecure coding patterns, code smells and certain design weaknesses. However, they continue to struggle with more complex security responsibilities, including denial-of-service protections, insufficient logging and permission management. As a result, experienced developers remain essential for reviewing AI-generated code, identifying inaccuracies and ensuring vulnerabilities are eliminated before software reaches production.

Security leaders also recommend that organizations adopt a structured auditing framework for AI-assisted development. This includes maintaining an inventory of approved AI coding tools, mapping AI-generated code to development activities, benchmarking models against known vulnerability patterns and monitoring integrations to ensure AI agents access only authorized tools and data sources. Regular vulnerability assessments, developer upskilling and risk-based evaluations can further help organizations identify skill gaps, strengthen governance and reduce the likelihood of preventable security incidents.

Ultimately, effective AI governance requires more than simply adopting new technologies. By combining continuous oversight with skilled human review and well-defined security policies, organizations can harness the productivity benefits of AI while maintaining secure software development practices. As AI becomes an increasingly permanent part of modern software engineering, comprehensive audits will play a central role in ensuring innovation does not come at the expense of security.