Search This Blog

Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Japan's Largest Taxi Service Goes Offline After Cyberattack


Nihon Kotsu, Japan’s largest taxi operator, said that its systems were impacted in a cyberattack, causing the company to close down some of its infrastructure.

The incident happened last week and impacted business operations such as the company’s taxi dispatch system, currently offline.

Nihon Kotsu has an annual revenue of around $1 billion.

The company has 18,228 employees and has 8,588 taxis and over 2000 chauffeur vehicles.

Nihon Kotsu said in a statement, “We have confirmed that our internal systems were subjected to unauthorized external access (malware infection)”. It further added that “immediately after detecting the unauthorized access, we implemented emergency measures, such as disconnecting systems to prevent further damage.”

The impact

The company has closed down systems to offline to stop the threat but it has widely caused disruption in services.

The incident has disrupted web booking, car hire, reservation management, few internal systems, and telephone dispatch service.

Nihon Kotsu advised people to use the ‘GO’ taxi app instead, or use a taxi stand for booking a Nihon Kotsu vehicle. It is a major operational damage for a company that has one of  Tokyo’s biggest fleets but the manual working is still operational. The hire car reservation system is offline.

In a different announcement, Nihon Kotsu said that the “labor taxi” service for pregnant women is shut down in a few areas.

Investigation

The firm has brought in external cybersecurity experts to assist in investigating if there has been a data leak. The internal network has been separated to limit further spread.

Currently, no data leak has been confirmed and Nihon Kotsu will provide updates via official channels. “We are currently conducting a detailed investigation with specialized agencies into whether and to what extent data has been leaked. At this time, no information leak has been confirmed. However, in the unlikely event that we discover any leak or potential leak of personal information of our customers or related parties, we will promptly make an official announcement and contact those affected individually, in accordance with the law,” Nihon Kotsu said.

What next

Customers of Nihon Kotsu are cautioned not to click on any links in suspicious communications purporting to be from the company and not to open anything they receive. 

CrashStealer macOS Malware Uses Apple-Notarized App to Evade Security Checks



CrashStealer, a new macOS information-stealing malware named for Apple's Mac operating system, bypasses built-in security protections by using an Apple notarized application, demonstrating a growing trend of malicious actors utilizing legitimate software verification mechanisms in order to target Apple users. 

Jamf Threat Labs researchers discovered that the malware is distributed via a disk image named Werkbit.app that is signed and notarized by Apple. Due to the fact that the installer is notarized by Apple and has a valid developer ID, Gatekeeper security checks can be successfully passed by the installer, increasing user confidence and acceptance of the application.

In early May 2026, Jamf Threat Labs identified CrashStealer as a suspicious macOS sample uploaded to VirusTotal. Activated infections were detected by researchers in early July, indicating the malware had progressed from development to real-world deployment. 

Based on the timeline, the operators seem to have refined the malware before launching broader attacks on macOS. This macOS stealer is written in native C++, unlike many macOS stealers, which rely on AppleScript or Objective-C wrappers. As a result, CrashStealer is more difficult to analyze while ensuring enhanced performance. Researchers have reported that the malware validates the user's macOS login password. 

Once the password has been validated, the malware can unlock the user's login keychain and gain access to additional sensitive information. The attack chain is designed to keep the user's identity hidden. A GitHub repository is utilized by the malware to retrieve configuration data after the victim launches the installer, which is then used to download the final malicious payload. 

GitHub-hosted configurations contain instructions for downloading shell scripts that are responsible for retrieving the final malware payload from attacker-controlled infrastructure when the victim launches the installer. CrashStealer reduces its forensic footprint by decoding its contents during execution rather than storing them in plain text during execution. 

The CrashStealer application establishes persistence as a LaunchAgent, utilizes multiple anti-analysis techniques, and checks for installed security or forensic tools before harvesting data by employing multiple anti-analysis techniques. As a precaution, the malware masquerades as CrashReporter, Apple's legitimate crash reporting utility. 

By using Apple's bundle identifier, icon, and naming conventions, the malware makes malicious activity appear to be similar to legitimate system activity. This malware targets credentials stored in Chromium-based browsers as well as Mozilla Firefox, resulting in a significant increase in browsers affected. MetaMask, Phantom, Coinbase Wallet, Trust Wallet, Rabby, OKX Wallet, Exodus, Keplr, Solflare, Backpack, and MetaMask are among the many cryptocurrency wallet extensions that search for data. 

As part of the attack, CrashStealer attempts to extract information from 14 password managers, including 1Password, Bitwarden, LastPass, Dashlane, Keeper, KeePassXC, NordPass, Enpass, and RoboForm. In addition to collecting files from the user's Documents and Downloads folder, the malware compresses the data into a ZIP archive to reduce the possibility of interception. 

To protect the collected data, it is encrypted using AES-GCM before being transmitted via libcurl to an attacker-controlled server. CrashStealer is noted by researchers as encrypting each file before exfiltration, rather than protecting the entire archive. As a result of its use of industry-standard cryptographic techniques, the malware makes intercepted data significantly more difficult for defenders to analyze without the appropriate key to decrypt. 

Researchers at Jamf observed that the malware incorporates code obfuscation, encrypted strings, control-flow flattening, and layered anti-debugging techniques into its data exfiltration mechanism, making it significantly more resilient than typical information commodity thieves.

Investigators also discovered additional domains and operator infrastructure linked to the campaign, including a password-protected management panel that is believed to be used by the attackers. It has been demonstrated that CrashStealer is not a standalone malware sample, but is part of a coordinated operation. 

Researchers believe CrashStealer exemplifies a growing trend in macOS malware, demonstrating the combination of trusted software signing, multiple stages of delivery, sophisticated anti-analysis techniques, and strong encryption to make it more difficult to detect. Furthermore, the campaign emphasizes the growing tendency of attackers to exploit legitimate Apple security mechanisms for malicious delivery, reinforcing the need for users to verify software sources even when applications pass Gatekeeper checks. 

In CrashStealer, cybercriminals demonstrate the increasing use of trusted security mechanisms to avoid detection and compromise macOS systems by exploiting trusted security mechanisms to evade detection. Increasingly sophisticated methods of delivery and stronger encryption are being adopted by attackers; therefore, organizations and users need to remain vigilant by ensuring that they download software only from trusted sources, monitoring unusual activity, and updating their security solutions.

GoDaddy Challenges Indian Court Order Over Domain Privacy and Internet Governance Rules

 

A legal battle in India over online fraud could have major implications for privacy and regulation of the internet around the globe, as domain name registrar Go Daddy takes exception to a Delhi High Court ruling that would impose severe restrictions on domain registration, privacy, and trademark protection. 

The ruling comes in response to an uptick in cyber fraud in India. Government figures from last year show that authorities received 2.4 million fraud complaints, resulting in $2.4 billion in losses. In recent years, Amazon, McDonald’s, Microsoft, and other companies have taken legal action against fake websites that misled consumers into giving away personal information or making purchases. Last December, the Delhi High Court ordered removal of more than 1,100 fraudulent websites. 

With that, the court issued additional directives concerning the management of domain names and registrars. These mandates include forbidding registrars from offering privacy protection services by default, disclosing private domain owner information to third parties upon request if that party can demonstrate a “legitimate interest,” and prohibiting domain name registrations that use trademarks of others. Go Daddy argues in a petition to a larger bench of the Delhi High Court that those measures go significantly beyond what’s needed to combat fraud. 

The company believes such restrictions, if applied consistently, would disrupt internet governance worldwide. Go Daddy also objects to the requirement that domain ownership information be disclosed to anybody demonstrating a “legitimate interest.” The company argues in its petition that the language could prove too broad and that domain registrars shouldn’t be tasked with reviewing requests for domain owner information and deciding whether they meet a “legitimate interest” standard. The firm says the language could create “significant legal and operational challenges.” 

The company raises additional concerns about the order’s potential impact on international domain name sales, arguing that because the global internet isn’t bound by one jurisdiction, requiring local registrars to follow the kind of rules set out in the December ruling would, in essence, require them to follow Indian law for all international transactions. 

Go Daddy further argues that the privacy restrictions could run contrary to India’s data protection laws as well as the European Union’s General Data Protection Regulation (GDPR). By mandating that privacy protections be revoked by default for domain owners, India’s data laws and the GDPR would instead be weakened. 

Many internet governance experts believe the ruling places India at risk of negatively impacting citizens, particularly journalists, activists, bloggers, and small businesses, and that it fails to consider tactics bad actors will use to exploit weaknesses in the domain system. Other domain name registrars have raised similar objections to the December ruling, including Namecheap and Hosting Concepts. 

These companies expect that the ruling will spark similar actions in other jurisdictions. Delhi High Court is set to hear the challenges on July 16, with implications for the future of internet governance and fraud prevention measures yet to be determined.

How the Apple Copy-Paste Scam Can Give Attackers Remote Access to Your Mac

 


Apple users are being urged to exercise caution when following troubleshooting instructions found online after cybersecurity experts underlined a growing social engineering tactic that tricks victims into pasting malicious commands into the macOS Terminal application. Rather than exploiting a flaw in macOS itself, the scam relies on convincing users to voluntarily execute commands that can install malware, grant attackers remote access, or expose sensitive information stored on their devices.

Often referred to as a "copy-paste" scam, the technique targets users unfamiliar with Terminal, a command-line interface included with macOS that enables direct interaction with the operating system through text-based commands. While the application is commonly used by developers, system administrators and advanced users to automate tasks or manage system settings, executing unfamiliar commands without understanding their function can introduce significant security risks.

Unlike traditional malware campaigns that exploit software vulnerabilities, this attack depends almost entirely on social engineering. Cybercriminals impersonate trusted sources or create convincing troubleshooting scenarios to persuade victims that running a Terminal command is necessary to fix a technical issue, improve security or restore system performance. Once executed, however, the command may download malicious software, establish remote access, alter security settings or perform other unauthorized actions without the user's awareness.

Depending on the instructions provided, attackers could gain access to documents, photographs, emails, browser data, financial information, saved credentials and contact lists stored on the Mac. Some malicious scripts may also deploy keylogging software capable of recording everything a victim types, including usernames, passwords and other confidential information. In more severe cases, attackers could install ransomware or persistence mechanisms that allow them to retain access to the compromised system even after a restart.

Security researchers note that the scam can begin through multiple channels. Victims may receive phishing emails or text messages containing the malicious command, encounter it in online discussion forums disguised as a legitimate solution, or visit fraudulent websites presenting it as an official troubleshooting step. Attackers have also been observed posing as technical support representatives over the phone, carefully instructing victims to open Terminal and manually type commands under the pretense of resolving an issue.

The rise of generative artificial intelligence has introduced another avenue for abuse. Threat actors may intentionally publish malicious commands across public websites and discussion platforms in an effort to influence AI-powered assistants through a technique known as indirect prompt injection. If an AI system retrieves or references poisoned content while responding to a user's troubleshooting request, it could inadvertently recommend unsafe commands. Although AI tools continue to improve their safeguards, cybersecurity experts advise users to independently verify any command before executing it on their systems.

The attack typically follows a similar pattern. After directing a user to open the Terminal application located within the Utilities folder inside Applications, the attacker provides one or more commands and claims they are required to diagnose, repair or secure the computer. In reality, those commands may download remote administration tools, retrieve additional payloads from external servers, modify system configurations or provide unauthorized access to the attacker's infrastructure.

Because the attack depends on user participation rather than exploiting a software flaw, many victims may not immediately recognize they are being targeted. Individuals unfamiliar with Terminal often have little reason to question commands presented by someone claiming to represent Apple, a software vendor or a technical support service. Similarly, users searching online for solutions may encounter malicious instructions embedded within forum posts or copied across multiple websites, making them appear credible.

To help reduce the effectiveness of these attacks, Apple introduced additional safeguards in recent versions of macOS. When users who do not regularly work in Terminal attempt to paste commands copied from websites, messaging platforms, email applications or chatbots, the operating system may interrupt the action with a warning indicating that the pasted content could contain malware or compromise privacy. Rather than automatically executing the command, the prompt encourages users to reconsider before proceeding.

Apple has also expanded malware detection capabilities within Terminal. If the operating system identifies known malicious content or scripts, it can block execution and notify the user that the pasted command has been prevented because it poses a security risk. These protections are designed to slow down impulsive actions and reduce the likelihood of users unknowingly compromising their own systems.

Cybersecurity professionals emphasize that no security warning should replace careful judgment. Users should never execute Terminal commands they do not fully understand, regardless of whether the instructions originate from an email, text message, online forum, chatbot or unsolicited phone call. Requests accompanied by pressure tactics or claims that immediate action is required should be treated with particular suspicion, as creating a false sense of urgency remains one of the most common techniques used in phishing campaigns.

Experts also caution against assuming that information found on public forums or generated by AI assistants is inherently trustworthy. Malicious instructions can spread rapidly across the internet and may be reproduced by multiple sources, giving them an appearance of legitimacy. Verifying guidance through official Apple documentation or other trusted security resources before executing any command remains one of the most effective ways to avoid becoming a victim of Terminal-based social engineering attacks.

Anthropic Delays Claude Fable 5 Usage Credit Requirement Until July 19


 

A number of Anthropic's flagship AI model, Claude Fable 5, has been extended to eligible paid subscribers until July 19, 2026 for free access. This extension provides customers with another week of access while the company continues to expand its available computing capacity. This extension follows two previous extension of the deadline. 

As part of their initial announcement, Anthropic announced that Fable 5 would be available to subscribers through July 7, but that offer has since been extended to July 12. According to Anthropic, promotional access to the Claude Code system will now be available until 11:59:59 PM PT on July 19. Along with this extension, Anthropic has also continued to increase Claude Code weekly usage limits by 50%. 

The Fable 5 subscription model allows eligible subscribers to use up to 50% of their weekly allowance at no additional charge. It draws upon the same weekly usage pool as other Claude models, however Anthropic notes that Fable 5 consumes these limits more rapidly as a result of its greater computational requirements. When enabled by their organization, this promotion is available to Claude Pro, Max, Team, and premium seat-based Enterprise subscribers. 

The promotion does not apply to Free users, standard Enterprise seats, usage-based Enterprise plans, or API customers. Anthropic's ecosystem includes Claude Web, Mobile, Desktop, Claude Code, Claude Cowork, Claude Design, Claude for Microsoft 365, and Claude Tag, among others. Users can choose "Fable 5" from the model picker on Claude's web, desktop and mobile applications in order to begin using the model. 

For Claude Code, Fable 5 requires version 2.1.170 or later, while Claude Cowork users need the latest Claude Desktop application to access the feature. Versions 2.1.170 and later are required for Claude Code, while version 2.1.170 and higher are required for Claude Cowork. Upon reaching their complimentary Fable 5 allocation, users may elect to purchase usage credits to continue using the model or to switch to another Claude model that remains available under their current subscription limitations. 

According to Anthropic, this process is consistent across all versions of Claude Web, Mobile, Desktop, Claude Work, and Claude Code. If a user exceeds the complimentary allocation for Fable 5, they may purchase usage credits, which are billed separately from their subscription, or choose to make use of another Claude model without incurring additional charges in accordance with their remaining plan limits. 

In addition, Anthropic has assured its customers that current restrictions will only last for a short period of time. According to the company, Fable 5 will not be permanently removed from subscription plans and will be restored as soon as sufficient computing resources are available. It is evident that the demand for Claude Fable 5 continues to exceed the computational resources available to Anthropic. 

Anthropic is continuing to expand its infrastructure while offering premium subscribers access to its most advanced AI model without immediate additional costs by extending its temporary promotion. Once sufficient computing capacity is available, Fable 5 will be available as a standard subscription benefit once adequate computing capacity has been reached. 

Anthropic's latest extension reflects the increased demand for advanced generative AI models, as well as the challenges associated with rapid adoption of these models. While the temporary offer ensures continued access for eligible subscribers, it emphasizes the importance of scalable computing resources when AI companies attempt to strike a balance between innovation, performance, and user expectation.

UK Warns Parents: Limit Online Sharing of Kids’ Photos Amid AI Abuse Risks

 

UK authorities have issued urgent warnings to parents about sharing children’s photos online, as AI tools increasingly enable digital abuse and exploitation. The National Crime Agency (NCA) and the Internet Watch Foundation (IWF) say that ordinary images of kids can be misused by predators to create realistic, sexually explicit material using “nudification” apps and deepfake technology. While officials stress they are not dictating parenting choices, they want families to understand a risk that many may not realize exists. 

The scale of the problem is growing fast. In 2025, the IWF identified 8,029 AI-generated images and videos classified as realistic child sexual abuse material (CSAM), a 14% rise from the previous year. AI-generated abuse videos jumped from just 13 in 2024 to 3,440 in 2025, showing how quickly the threat is escalating as imaging models improve. Because these fakes can be so convincing, it is becoming harder for platforms and investigators to distinguish them from real abuse content, complicating removal efforts and victim support. 

In response, the NCA and IWF have published new guidance urging parents and carers to limit who can see images of their children online. Their advice includes setting social media accounts to private, using “close friends” lists for sharing family photos, and regularly reviewing older posts that might expose children’s images to strangers. The guidance also recommends a “social media audit,” asking parents to check whether a child’s face, body, or school uniform is visible online and whether those images can be deleted or made private. The NSPCC similarly advises that minors keep their social media profiles on private settings to reduce exposure. 

The UK government is also tightening laws and platform responsibilities. It has made it illegal to create, possess, or distribute AI tools designed to generate child sexual abuse imagery, with offenders facing up to five years in prison. Under the Online Safety Act, tech platforms must proactively remove such content, and new powers will allow authorized testers to assess AI models for their ability to produce CSAM before they reach the market. A government spokesperson confirmed that AI-generated CSAM is treated the same as real imagery under UK law and must be taken down swiftly. 

Beyond privacy settings, experts recommend open conversations with young people about AI, “deepfake” nudes, and image consent. Children should understand that once a photo is online, it can be copied, altered, and misused—even if they trusted the original audience. Guidance also outlines steps to take if a child is targeted or if manipulated images appear, including reporting to platforms and contacting the IWF or police. As AI continues to turbocharge digital abuse risks, cautious sharing and strong privacy habits are becoming essential parts of modern parenting.

Microsoft and Google Remove ModHeader After Finding Dormant Collector


ModHeader is a famous header-editing extension with over 1.6 million installs across Microsoft’s Edge and Google’ Chrome browser. 

Google and Microsoft remove the collector

Experts discovered a secret browsing-history collector built into its official store variant, and have withdrawn the ModHeader from Google and Microsoft.

An empty allow-list kept the collector switched off and it was dormant, and no proof has surfaced that it retrieved or sent even one browsing domain.

About the discovery

Stripe OLT, a UK cybersecurity organization analyzed the code against Google’s Web Store signature and verified the collector shipped within the authentic extension, not a fake one.

Stripe OLT’s study covers the Chrome build and its 900,000 users (an estimate); and Edge and its 700,000 users. Microsoft removed  the listing on July 3rd whereas Google pulled the Chrome listing a week after, on July 10th.

Attack tactic

Variant 7.0.18 still edits HTTP headers as shown. The same minimized background also consists of another system. On the first attempt, it makes a device fingerprint and deploys a hardcoded encryption key. As the user browses, it takes the domain from each page that user opens, encodes it, and gathers it locally, up to 1000 different domains.

Scheduler and other things

A scheduler combines your fingerprint with the encrypted list, uploads it to api.stanfordstudies[.]com, and deletes the local copy once a day. If the collector were turned on, browsers using it wouldn't all beacon at once because the upload time is offset per install. The same pipeline is described in separate teardowns by researcher Yunus Aydin on version 7.0.17 and HackIndex on version 7.0.18.

How does collector function

The collector functions only if your browser matches an entry on an internal allow-list, but the list ships empty. Every time, the check fails, and the pipeline stops before it gathers even a single domain. 

The small change is populating the list, without any click and no new permissions from the users, sent as a routine update. The endpoint URL, the scheduler, the storage logic, and the hardcoded key are all on the same device.

But not everything was silent. The extension pinged extensions-hub[.]com with the product, version, and browser when it was installed, updated, and uninstalled. 

Additionally, it was evident that the piece had been running because a script that runs on every page had already recorded actual request metadata in plain text to local storage. 

Compromised Jscrambler npm Releases Target Developer Environments with Cross-Platform Rust Infostealer

 



Developers and organizations using the Jscrambler npm package are being urged to audit their systems after multiple malicious releases were uploaded to the npm registry through a compromised publishing credential. The incident transformed a trusted development dependency into a malware delivery mechanism capable of stealing credentials, browser sessions, cryptocurrency wallets, and sensitive configuration files from Windows, macOS, and Linux systems. Jscrambler has confirmed the compromise was limited to its Code Integrity npm package and has advised users to upgrade to version 8.22.0 after revoking the affected publishing credentials and strengthening its release pipeline.

Security researchers first identified version 8.14.0 as the initial compromised release after discovering that it introduced a previously undocumented npm "preinstall" lifecycle hook. Unlike the legitimate 8.13.0 release, the malicious package included new files that were absent from Jscrambler's public source repository. During installation, the package silently unpacked and executed a native binary tailored to the victim's operating system, allowing the malware to run before developers ever interacted with the package itself. Socket detected the malicious release within minutes of publication, highlighting how quickly software supply chain attacks can unfold.

Technical analysis showed the package concealed separate native payloads for Linux, Windows, and macOS inside an obfuscated container embedded within the package. A lightweight loader selected the appropriate binary for the host operating system, wrote it to a temporary directory under a randomized filename, granted execution permissions where required, and launched it as a background process with minimal user visibility. Researchers also noted that these components never appeared in the project's public GitHub repository, suggesting the malicious code bypassed the project's normal development workflow and was introduced during package publication.

The payload itself is a Rust-based infostealer engineered to harvest assets commonly found on developer workstations and build infrastructure. Investigators found code targeting cloud credentials associated with AWS, Microsoft Azure, and Google Cloud, browser-stored passwords and cookies, cryptocurrency wallets, Bitwarden vault data, communication platforms such as Slack, Discord and Telegram, and developer secrets that could provide access to production environments. Researchers also observed the malware searching for configuration files belonging to AI-assisted development tools, including Claude Desktop, Cursor, Windsurf, Visual Studio Code and Zed, where API keys and Model Context Protocol credentials are frequently stored.

Beyond credential theft, the malware incorporated platform-specific capabilities intended to strengthen its foothold on compromised systems. Analysts found Linux-specific code interacting with eBPF, a kernel technology that allows programs to execute within the operating system kernel, although the precise purpose of this functionality remains under investigation. Windows and macOS variants incorporated persistence mechanisms designed to survive system reboots, while encrypted command-and-control communications complicated static analysis and hindered efforts to identify the attackers' infrastructure. Runtime monitoring also identified outbound connections associated with the campaign's command infrastructure.

The campaign expanded rapidly after the initial discovery. Additional malicious versions, including 8.16.0, 8.17.0, 8.18.0 and 8.20.0, were subsequently identified. While the earlier releases relied on npm's preinstall hook to execute the malware automatically during installation, later versions embedded the same payload directly into the package's runtime code. This change allowed the malware to execute when the package was imported or its command-line interface was launched, reducing the effectiveness of mitigations such as disabling lifecycle scripts during installation. Researchers described the shift as an example of attackers quickly adapting to evolving software supply chain defenses.

Further investigation by JFrog linked the malware to an evolved variant of the IronWorm infostealer. According to the researchers, the malware extends beyond information theft by attempting to propagate itself across the npm ecosystem. The code searches compromised systems for npm authentication tokens, validates the stolen credentials, identifies valuable packages, injects malicious components into package archives, and attempts to publish trojanized versions directly to the npm registry. JFrog also reported that the malware broadens its search to include VPN configurations, password managers, Tor-related files and directories associated with penetration testing frameworks, indicating an effort to compromise developers, security researchers and enterprise engineering teams alike.

The incident adds to a growing series of attacks targeting open source software distribution channels, where compromising trusted packages offers attackers access to developer workstations and CI/CD pipelines instead of directly attacking production systems. Because these environments often contain deployment credentials, signing keys, cloud secrets and proprietary source code, a single compromised dependency can expose far more than the application that depends on it. Researchers have increasingly warned that software supply chain attacks are shifting toward development infrastructure, making continuous dependency monitoring and rapid package verification critical components of modern software security.

Organizations that installed any affected version should immediately upgrade to Jscrambler 8.22.0 or later, investigate development workstations and build systems for signs of compromise, and assume any credentials accessible to the affected environment have been exposed. Security teams should rotate cloud credentials, npm and GitHub tokens, API keys, browser sessions and other secrets, inspect lockfiles and build logs for compromised package versions, and review systems for persistence artifacts before returning affected machines to service.

Zimbra Urges Immediate Update to Fix Critical Classic Web Client XSS Vulnerability

 

Zimbra has released a security update to address a critical vulnerability in the Zimbra Classic Web Client that could allow malicious actors to compromise user accounts and execute unauthorized code. The company recommends that customers install the latest update to mitigate the threat. The flaw is a stored cross-site scripting (XSS) vulnerability that could allow an unauthenticated attacker to execute malicious JavaScript in the browser of a user viewing a specially crafted email message. 

The problem exists in the Classic Web Client component of Zimbra Collaboration Suite. While no CVE identifier has been assigned yet, Zimbra warned that successful exploitation of the vulnerability would lead to the exposure of mailbox content and settings, as well as session details. A stored XSS vulnerability occurs when the application stores user-supplied input without proper sanitization and later displays it to other users. 

In this case, an attacker could utilize this flaw to deliver specially crafted email messages that would execute arbitrary JavaScript code in the browser of a user who opens this message in the Zimbra Classic Web Client. The malicious script would then steal the victim’s session and potentially access their mailbox content, modify account settings, or perform other actions. While Zimbra has not reported any confirmed attacks using this vulnerability, several similar XSS flaws in the Zimbra Collaboration Suite have been actively exploited in the past. 

Attackers have targeted the webmail platform multiple times to hijack the accounts of high-profile organizations, including the Brazilian military, with no success, according to Zimbra. Previously exploited flaws affecting the product are CVE-2025-27915, CVE-2023-37580, and CVE-2024-27443. Therefore, organizations must ensure they have applied the latest security update to address the newly discovered vulnerability. 

The Zimbra Collaboration Suite 10.1.19 release notes mention the fix for the stored XSS in the Classic Web Client. Users must always access the updated version of the webmail platform via HTTPS to avoid man-in-the-middle attacks and other threats. Moreover, security analysts recommend monitoring the email traffic for any signs of suspicious activity and reviewing account access logs for unauthorized changes. 

Users must not open any attachments or links in emails that seem suspicious as these may contain malicious scripts that target webmail clients. Organizations must ensure they apply all security updates to their collaboration platforms as they provide critical protection against potential threats. 

In this case, the newly discovered vulnerability is yet another reminder of the importance of timely software updates. Attackers will continue targeting collaboration platforms such as Zimbra webmail to compromise user accounts by exploiting flaws such as XSS.

Counterfeit USB Drives Spread China-Linked Virus in Japan’s Military

 

Counterfeit USB flash drives supplied to Japan’s Ground Self-Defense Force (JGSDF) in March 2024 spread a China-linked computer virus across secure military networks for nearly a year before the breach was finally detected. The incident, first reported by Japan’s Nikkei newspaper in June 2026, highlights how seemingly innocuous hardware can compromise even tightly controlled, air-gapped systems when supply-chain oversight and procurement protocols are insufficient. 

The infected drives were distributed to the JGSDF during earthquake relief operations in central Japan and were assumed to be legitimate, low-cost storage devices. An internal review later determined that six of eight USB sticks tested contained embedded malware that activated automatically upon insertion into a computer. Despite existing protocols that required scanning of external drives both upon receipt and during use, the infection remained undetected until February 2025, when a soldier in Itami, near Osaka, noticed unusually sluggish computer performance and initiated a diagnostic scan.

By that time, more than 50 of roughly 480 computers at the regional command had connected to the compromised drives, with nearly half of them handling classified information such as troop movements and operational plans. Forensic analysis by the JGSDF’s cyber defense unit revealed that the devices were counterfeit, using cheaper, slower microSD cards instead of standard memory chips and preloaded with malicious code. 

Security researchers linked the malware to Mustang Panda, also known as Earth Preta or Camaro Dragon, a China-associated advanced persistent threat (APT) group previously observed targeting government, education, and telecommunications sectors in Vietnam and Australia. Japanese officials stated there was no confirmed evidence of data exfiltration or external command-and-control communication, but the episode demonstrated how supply-chain compromises can silently bridge isolated networks without triggering conventional defenses. 

The fallout extended well beyond the military, as identical counterfeit USB drives were found circulating on major e-commerce platforms such as Amazon and Rakuten, priced 30 to 50 percent below authentic brands and traced to seller accounts in China. Reports of similar infections emerged in Japanese factories, research laboratories, and hospitals—environments that rely on removable media to transfer data across segmented or legacy systems. Security experts warn that such attacks exploit the tension between operational necessity and security policy: while outright bans on USB drives are often impractical in critical infrastructure, trusting removable media without rigorous, purpose-built validation leaves sensitive systems exposed to persistent threats. 

The JGSDF incident underscores three enduring lessons for organizations and governments: verify hardware provenance through trusted suppliers, treat all removable media as untrusted until scanned by dedicated security tools, and assume air gaps are permeable wherever physical media can cross them. For cybersecurity professionals and content creators tracking evolving threats, this case illustrates that supply-chain risk is not an abstract concept but a tangible vulnerability embedded in everyday devices—from USB sticks to firmware updates—demanding layered defenses that combine procurement discipline, technical controls, and continuous monitoring to protect critical networks.

Authentic GitHub Repository Can Trick AI Agents Into Installing Malware


An agentic AI coding tool built for making a GitHub repository and cloning could launch a malicious payload that stays hidden to AI agents, human reviewers, and security scanners. 

Malicious payload with no exploit code

Experts from Mozilla Zero Day Investigative Network (0DIN) AI security platform said that the exploit takes place without any warning, no exploit code, and no malicious command approved by anyone.

Experts showed how a threat actor could deploy an interactive shell on a developer’s system via Claude Code to launch a cloned project with no malicious code in the repository.

The attack tactic relies on three patterns that show no signs of exploit:

  • An authentic-looking GitHub repository with setup details, like deploying dependencies and starting the project.
  • The python package is then intentionally built to deny execution until it has started; it shows an error commanding the user to run pyhton3 -m axiom init. Claude code perceives it as a normal setup issue and automatically runs the instructed command while trying to recover from the error.
  • Executing python3 -m axiom init calls a shell script that retrieves the configuration value stored in a DNS TXT record controlled by the attacker, and is executed as a command.

About the technique

oDIN experts said that this technique requires no malicious parts in the cloned repository as the AI agent automates the full attack line, also comprising a level that impersonates a user error.

Once successful, the threat actor would get a shell with developer’s privileges, allowing them access to API keys, environment variables, making establish persistence, and local configuration files.

“Claude Code never decided to open a shell. It decided to fix an error. The reverse shell is three indirection steps away from anything Claude Code actually evaluated: an error message it trusted, a script that fetched a value, and a DNS record it never saw,” oDIN experts said. “The attacker now has an interactive shell running as the developer's own user.”

Future implications

Currently, the attack tactic is just a concept, but experts warn that hackers could effectively spread such GitHub repositories via fake job postings, direct messages, tutorials, and blog posts.

To avoid such exploits in future, oDIN researchers advise that AI agents should reveal the full deployment chain of setup instructions, like scripts and code retrieved dynamically at runtime. 

JadePuffer: First AI-Agent Ransomware Automates Entire Attack

 

Security researchers have identified JadePuffer as the first ransomware operation conducted entirely by an AI agent, marking a watershed moment in automated cyberattacks. Discovered by cloud security firm Sysdig, this incident demonstrates how large language model (LLM) agents can now execute complex intrusion campaigns without human intervention during the attack itself. 

Attack methodology 

The attack began by exploiting CVE-2025-3248, a critical remote code execution vulnerability in Langflow, an open-source platform for building LLM applications. Once inside the initial server, the AI agent systematically gathered intelligence, harvested credentials, and mapped the network to identify higher-value targets. It then pivoted to a production server running MySQL and Nacos configuration management, where it leveraged another known authentication bypass vulnerability to gain administrative access. 

What made JadePuffer particularly notable was its ability to detect and correct errors autonomously during the attack. When the agent's first attempt to create an administrator account failed, it analyzed the error and launched a corrected procedure just 31 seconds later, successfully modifying its credential generation approach. Sysdig researchers emphasized that this rapid self-correction capability is a strong indicator of genuine agentic behavior rather than a human operator using conventional automation tools. 

After securing access, JadePuffer encrypted more than 1,300 configuration elements in the database, deleted the original tables, and left a ransom note with a Bitcoin address and contact email. However, analysis revealed a disturbing detail: the encryption key was never stored or transmitted to any attacker-controlled server, suggesting victims could not recover their data even if they paid. Researchers believe this indicates the attack was oriented more toward data destruction than financial extortion, with claims of external backups appearing to be psychological pressure tactics without evidence of actual exfiltration. 

Security implications 

While JadePuffer has drawn attention to AI's role in cybercrime, experts stress that the fundamental vulnerability was poor security hygiene rather than the AI itself. Exposed credentials, unpatched vulnerabilities, default configurations, and excessive privileges enabled the agent to traverse the infrastructure within minutes. This incident underscores the urgent need for organizations to harden their AI application deployments, implement zero-trust architectures, and maintain rigorous patch management, as autonomous agents will increasingly exploit any weakness they encounter at machine speed.

Google Sent Earthquake Warnings Before Venezuela Tremor Reached Millions


In Venezuela, millions of Android users received earthquake alerts on their phones just minutes before two devastating 7.1 and 7.5 earthquakes struck, highlighting the increasing importance of smartphone-based early warning systems for disaster response. 


Google reported that its Android Earthquake Alerts System issued warnings to approximately 11.4 million people during the earthquakes in Venezuela. It was estimated that nearly 1.4 million users received the highest priority "Take Action" alerts, with warning times ranging from a few seconds to nearly two minutes based on their distance from the epicentre. 

Using Google's Android Earthquake Alert System, alerts were generated at the earliest signs of seismic activity and sent to affected areas prior to the strongest ground shaking. Warnings included an estimation of magnitude and an approximate distance from the epicentre to allow recipients to take immediate protective measures before destructive shaking began. 

Experts pointed out that Google did not predict the earthquake. The system detected primary seismic waves (P-waves), which are fast-moving and travel in advance of secondary waves (S-waves), which are stronger and more destructive. Within approximately three seconds after the earthquake began, stationary Android phones detected the initial P-waves, while Google's servers confirmed the event and began issuing alerts approximately six seconds later. 

As Nikhar Arora, Director at BOTS, explains, the magnitude shown in the initial alert is merely a preliminary estimate and can be revised if more seismic data becomes available. According to HR Anexi, Android smartphones are essentially a large-scale distributed sensor network. With their accelerometers, Android smartphones can detect unusual ground movement, allowing Google to analyze data from multiple nearby devices, estimate the location and magnitude of an earthquake, and send an alert rapidly. 

After launching the Android Earthquake Alerts System in California in 2020, Google expanded the system worldwide in 2021. In regions where monitoring infrastructure is limited, this platform uses data from national seismological agencies along with crowdsourced Android smartphone networks to identify earthquakes and to deliver rapid alerts. 

It is estimated that hundreds of millions of earthquake warnings have been delivered worldwide by the Android Earthquake Alerts System, thus significantly expanding access to early warning technology to areas without dedicated seismic alert infrastructure. With limited earthquake early warning infrastructure in Venezuela, Google's crowdsourced smartphone network was instrumental in estimating the location and intensity of an earthquake by analysing motion data from thousands of Android devices before stronger shaking reached nearby areas. 

A new debate has arisen over the role of technology in disaster management following the Venezuela incident. In his opinion, Hrishit Panthry, the Co-Founder of Envirocare Foundation, stated that smartphones have become a powerful tool for delivering emergency alerts directly to citizens. With the growth of cities and the interconnection of infrastructure, early-warning systems are becoming increasingly important as cities continue to expand. It is also believed that lessons can be applied beyond earthquakes.

A similar real-time warning technology would improve community resilience by facilitating faster communication during other natural disasters, such as flooding, severe storms, and extreme heat. Additionally, the incident highlighted differences between how earthquake alerts are delivered via smartphone platforms. The built-in sensors on Android devices can detect seismic activity in conjunction with official monitoring systems, while other platforms in many regions rely primarily on government-run alert systems for emergency notification.

Experts believe that the wider adoption of integrated warning technologies could help to further strengthen public safety. During the recent Venezuelan earthquakes, governments, scientists and technology companies have demonstrated how they are increasingly utilizing connected devices and real-time data in order to strengthen emergency response efforts. 

Although early warning systems cannot prevent earthquakes, experts say even a few seconds prior notice can assist in saving lives. During the Venezuela earthquake, advances in smartphone-based early warning systems were demonstrated as a major factor in improving disaster preparedness. 

Even though no technology can predict an earthquake in advance, rapid detection and timely alerts can provide crucial seconds to help reduce injuries and improve emergency responses. As these systems continue to evolve, collaboration among technology companies, scientists, and governments will be crucial to expanding access to life-saving warnings worldwide.

India Orders Telegram to Crack Down on Pirated Movies and OTT Content, Seeks Compliance Report

 

Ministry of Information and Broadcasting (MIB) has directed the messaging platform Telegram to take down the pirated films, OTT content and other audio-visual material uploaded on it. It also called upon the company to put in place measures to actively detect, report, disable and remove such unauthorized content from its platform instead of waiting for the government to notify it of alleged violations. 

As per the ministry's direction, the company was also asked to provide the details regarding steps taken by it against repeat offenders of copyright infringement on its platform like channels, groups, bots, admins, users and other entities. As per the notice sent by the ministry, the company was also asked to provide the details about its grievance redressal mechanism for film producers, OTT platforms, broadcasters, and law enforcement agencies concerning copyright infringements. 

At the same time, Telegram was also asked to suggest the steps it has taken to prevent, detect and remove the unauthorized copyrighted content. The ministry clarified that with the directions issued, there is an attempt to move to the next level in taking action against copyright infringement on online platforms. It emphasized that apart from responding to individual complaints, the onus is upon the companies to put in place robust systems to proactively prevent and detect such violations. 

The government has already taken down over 3,000 Telegram channels for hosting and distributing pirated content. However, it is felt that the step taken so far by blocking channels one by one is not an effective approach and the companies need to move to the next level. The ministry reminded Telegram that it was obliged to comply with the requirements of the Information Technology Act, 2000 and Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 concerning its responsibility as an intermediary platform. 

It observed that due diligence by the companies so that they are not host to any unlawful activities on their platforms cannot be left to the authorities to identify the channels hosting unlawful content. The ministry drew attention to the fact that violation of copyright laws in India is not only a civil wrong but also a punishable offence under Copyright Act, 1957 and Cinematograph Act, 1952. 

Therefore, continued availability of unauthorized content on Telegram, lack of adequate response as expected by the ministry, and failure to address the issues raised by it may trigger further regulatory actions. The latest initiative by the ministry reflects its commitment to protecting and promoting India's creator economy and the content ecosystem. 

It may be noted that the government has taken several steps to ensure that the rights of filmmakers, broadcasters, OTT platforms, producers, distributors and other content creators are protected against online piracy. By asking the online intermediaries to take more responsibility, the government is encouraging them to adopt better moderation practices in order to prevent the unlawful use of content on their platforms.

Centre Plans New Cybersecurity Norms for Electric Two- and Three-Wheelers to Address Battery Tampering Risks

 

The Central government is preparing to introduce new cybersecurity measures aimed at preventing unauthorised tampering with the batteries of electric two-wheelers and three-wheelers. The proposed regulations are expected to mandate stronger software security standards for electric scooters and e-rickshaws, including fully imported models, which have so far operated with limited cybersecurity oversight.

As part of the initiative, authorities are also considering banning mobile applications that can be used to exploit vulnerabilities in electric vehicles equipped with imported Chinese batteries. 

Officials from the Ministry of Heavy Industries and the Ministry of Electronics and Information Technology have reportedly held discussions on addressing these security concerns.

"The software security vulnerability will be plugged," a senior official told ET, adding downloads of mobile apps that can disturb e2w and e3w are expected to be curbed.

According to officials, the decision to restrict such software stems from the difficulty of individually fixing every electric two-wheeler and three-wheeler already in circulation. The software reportedly takes advantage of weaknesses in battery troubleshooting systems, enabling unauthorised users to interfere with vehicle operations.

Another official said electric rickshaws and low-speed electric scooters were initially permitted to encourage wider adoption of electric mobility. However, this also resulted in a significant influx of low-cost imported electric vehicles from China.

"A call has been taken to ensure more safety and software safeguards in new e2w and e3w sold in the country," the official said, adding roadworthy certificates will be issued only to new vehicle models that are free from such vulnerabilities.

The upcoming regulations are also expected to cover completely imported electric vehicles sold in India, ensuring they comply with the same cybersecurity and software safety requirements as locally manufactured models.

Operation Endgame Disrupts Global Cyber Crime Assembly Line


Private companies and international authorities have disrupted a malicious “assembly line” that let hackers steal millions of login details and theft of $47 million in ransom payments via extortion. The operation aimed at catching two tools that are used in online scams.

The first tool is called Amadey, a malware-as-a-service platform for disrupting devices and deploying infected payloads for ransomware and related attacks. Amadey was first discovered in 2018 and in 2025, it exploited GitHub as it stored system info from malicious devices and deployed custom payloads.

The second tool is called StealC, it is an infostealer-as-a-service tool that steals cryptocurrency wallets, browser extensions, authentication cookies, and login credentials.

Disrupting a crucial link in the cyberattacks chain

Amadey and StealC are distinct tools that function autonomously. They are widely used, but many people use them in their personal cybercrime operations. 

The tools depend on the same infrastructure to function. Microsoft made this link after analyzing the tools using AI. The discovery allowed Microsoft to stop both tools simultaneously.

“This action goes after the cybercrime ‘assembly line,’ where coordinated tools drive ransomware, financial fraud, and disruptions to public services. Amadey and StealC are often used alongside each other: Amadey helps attackers gain access to devices, while StealC steals passwords and sensitive information. Together, they form a critical link in the chain,” Microsoft said.

About the investigation

Companies gathered proof that the tools shared the same infrastructure and invoked RICO statutes against organized crime. This resulted in treating the two tools as part of a single scam. 

Microsoft has disrupted over 200 C2 servers and shut down criminal control of over 18,000 compromised computers. Europol also assisted in the operation to track down the culprits and recovered around 27 million stolen login details and found $47 million worth of crypto assets tied to cybercriminals.

“During this action, 326 servers and 142 domains were actioned by law enforcement and the private sector partners, severely crippling the malware’s distribution network. By taking down these tools simultaneously, the collaboration between law enforcement and private parties has increased friction for cybercriminals, making it harder for attacks to succeed, spread, or recover,”  Europol said.

Operation Endgame

Other firms that helped in “Operation Endgame” are ESET, IBM X-Force, ESET, Mitsui Bussan Secure Directions, and Bitsight. 

According to Europol, another tool that disrupted Operation Endgame was SocGholish. It is a malware installer tied to the Russian cybercrime group Evil Corp. that distributes via hacked websites. If you visit such sites, you will be tricked into installing malware apps mimicking as browser extensions or genuine software.  

IBM Explores Vertical Chip Architecture to Extend the Future of Semiconductor Scaling

 




IBM researchers have developed a new semiconductor architecture that could dramatically increase the number of transistors packed onto a silicon chip while improving both computing performance and energy efficiency. The company's experimental design, known as NanoStack, represents a departure from conventional chip scaling by expanding vertically instead of relying solely on shrinking transistor dimensions.

According to IBM, the new architecture has the potential to accommodate approximately 100 billion transistors on a silicon chip roughly the size of a fingernail. Although the technology remains in the research phase and is still years away from commercial manufacturing, the announcement underlines one of the industry's latest efforts to overcome the physical limitations confronting modern semiconductor development.

IBM says NanoStack is comparable to a 0.7-nanometre technology generation, placing it below the 1-nanometre threshold that has long been viewed as a significant milestone in chip manufacturing. While node names such as 2 nm or 0.7 nm no longer represent the exact physical dimensions of transistors, they generally indicate successive generations of manufacturing technology that deliver greater transistor density, improved performance, and lower power consumption.

In laboratory testing, IBM reported that its prototype achieved up to 50% higher performance than its previously demonstrated 2 nm research chip while consuming as much as 70% less energy under comparable conditions. Those improvements, if successfully translated into commercial manufacturing, could support faster artificial intelligence workloads, improve cloud computing efficiency, reduce power consumption in data centres, and extend battery life in mobile devices.

Rather than focusing exclusively on making individual transistors smaller, NanoStack introduces a new architectural approach by stacking multiple layers of transistors vertically. Traditional semiconductor manufacturing has primarily increased computing capability by placing more transistors across the surface of a silicon wafer. As transistor miniaturization approaches fundamental physical limits, researchers are increasingly exploring three-dimensional designs that use vertical space to continue increasing transistor density without proportionally expanding chip size.

Transistors serve as the fundamental electronic switches inside every processor, enabling calculations performed by smartphones, personal computers, gaming systems, enterprise servers, networking equipment, and the rapidly expanding infrastructure supporting artificial intelligence. As more transistors are integrated into a processor, chips are generally able to execute more operations simultaneously, improving computational performance across a wide range of applications.

The continued drive toward higher transistor density has historically been guided by Moore's Law, the observation that the number of transistors integrated onto a chip approximately doubles every two years. For decades, that trend has driven advances in computing performance while reducing the cost of processing power. However, maintaining that pace has become increasingly difficult as transistor dimensions approach atomic scales, where issues such as heat generation, electrical leakage, manufacturing complexity, and quantum effects become far more challenging to manage.

IBM's NanoStack architecture represents one possible response to those constraints by building upward rather than outward. Industry researchers often compare this concept to urban development. Instead of constructing additional houses across limited land, engineers create increasingly taller buildings to accommodate more occupants within the same footprint. Similarly, vertically stacking transistor layers allows exponentially more computing elements to occupy the same silicon area.

The concept also distinguishes IBM's research from other advanced semiconductor initiatives pursuing three-dimensional integration. While several major chip manufacturers have already adopted various forms of 3D packaging and transistor architectures, IBM's proposal seeks to extend vertical integration even further, reflecting the growing industry focus on architectural innovation as conventional transistor scaling becomes more difficult.

Despite its promise, vertically stacked semiconductor designs introduce substantial engineering challenges. Heat generated by densely packed transistors becomes more difficult to dissipate as additional layers are added, potentially affecting reliability and long-term performance. Extremely thin insulating materials separating transistors may also allow unintended electrical leakage, making it harder for components to switch cleanly between operating states. Engineers must additionally solve complex manufacturing problems involving layer alignment, interconnections between stacked components, power delivery, fabrication precision, and production yield before such architectures can be manufactured at commercial scale.

Although NanoStack remains an experimental technology, IBM's latest research illustrates how semiconductor innovation is evolving beyond simply reducing transistor size. Future advances are increasingly expected to depend on new chip architectures, advanced materials, and sophisticated three-dimensional integration techniques capable of delivering the computing performance required by artificial intelligence, high-performance computing, cloud infrastructure, and next-generation consumer electronics.

U.S. Security Expert Sentenced for Aiding BlackCat Ransomware Gang

 

A cybersecurity professional has become the third U.S. security expert sentenced to prison for aiding a ransomware gang, marking a significant escalation in insider threat cases involving incident response firms. Angelo Martino, a 41-year-old from Florida, pleaded guilty to providing confidential victim information to the BlackCat/Alphv cybercrime group while ostensibly working to help companies negotiate with attackers. 

Modus operandi 

Martino worked as a ransomware negotiator for DigitalMint, a Chicago-based incident response company hired by victims to minimize damage and negotiate lower payouts. Instead, he fed critical details to BlackCat operators, including insurance policy limits and negotiation strategies, enabling the gang to maximize ransom demands across five separate incidents. Prosecutors revealed that Martino also assisted co-conspirators Kevin Martin and Ryan Goldberg in deploying BlackCat ransomware against U.S. victims for six months in 2023, effectively becoming an affiliate of the criminal group. The trio earned more than $1.2 million from a single victim during this period. 

Martino faces up to 20 years in prison at his sentencing hearing scheduled for July 2026, following guilty pleas from Martin and Goldberg in late 2025, who each received four-year sentences in April 2026. Federal authorities have already seized $10 million worth of assets from Martino as part of the investigation. The Justice Department emphasized that Martino's actions directly assisted ransomware actors and increased the financial burden on victim organizations, undermining trust in the cybersecurity incident response ecosystem. 

Lessons for the Industry 

This case highlights a concerning trend of cybersecurity professionals exploiting their trusted positions to facilitate cybercrime, raising questions about vetting processes and oversight within incident response firms. Organizations are now urged to conduct thorough background checks on security personnel and implement strict compliance measures to prevent similar insider threats. The BlackCat/Alphv gang, once a dominant ransomware outfit, has been linked to numerous high-profile attacks, and this collusion scheme demonstrates how criminal groups increasingly target the defenders themselves. 

As the cybersecurity field grapples with this breach of trust, the Martino case serves as a stark reminder that even those hired to protect can become perpetrators. Companies must strengthen internal controls, monitor negotiator activities, and ensure transparency in ransomware response engagements. With sentencing underway and more cases potentially emerging, the industry faces a critical moment to restore confidence in its ability to defend against evolving ransomware threats without internal compromise.

Six U-Boot Vulnerabilities Could Enable Pre-Boot Code Execution and Persistent Firmware Attacks

 



Security researchers have identified six vulnerabilities in the widely deployed U-Boot bootloader that could allow attackers to execute malicious code during the earliest stages of a device's startup process. If successfully exploited, the flaws could enable firmware-level attacks capable of bypassing security protections before the operating system loads and establishing malware designed to remain on affected systems.

As one of the most widely used open-source bootloaders, U-Boot plays a fundamental role in the startup sequence of embedded Linux devices by initializing hardware and loading the operating system. It is integrated into a broad range of technologies, including enterprise server Baseboard Management Controllers (BMCs), networking equipment, industrial control systems, Internet of Things (IoT) devices, and numerous other embedded appliances.

Because the bootloader executes before the operating system and endpoint security tools become active, vulnerabilities at this stage can have far-reaching consequences. An attacker who gains control during the boot process may be able to interfere with the system's trusted startup sequence before conventional security controls have an opportunity to detect or prevent malicious activity.

One of U-Boot's primary security mechanisms is Verified Boot, which uses cryptographic signatures to verify the authenticity of firmware and operating system images before they are executed. During startup, only images signed with a trusted cryptographic key are intended to be loaded, helping prevent unauthorized or modified firmware from running on the device.

In a technical report published this week, firmware security company Binarly disclosed six vulnerabilities affecting U-Boot's Flattened Image Tree (FIT) signature verification code. The FIT framework is responsible for validating firmware images during the boot process, making it a critical component of the platform's chain of trust.

According to Binarly, researchers examined the verification logic because of its importance in maintaining firmware integrity during startup. Their analysis uncovered six distinct vulnerabilities ranging from denial-of-service conditions that can interrupt the boot process to flaws capable of enabling arbitrary code execution while processing untrusted firmware images.

The researchers said two of the vulnerabilities could potentially allow arbitrary code execution during firmware verification, while the remaining four can be exploited to trigger crashes during the boot process. Since these weaknesses affect the validation of firmware before the operating system starts, a successful exploit could allow malicious instructions to execute before higher-level security mechanisms become operational.

The disclosed vulnerabilities include a flaw identified as BRLY-2026-037 that can cause U-Boot to crash when processing a specially crafted firmware image and, under certain conditions, may also permit arbitrary code execution. BRLY-2026-038 is a memory corruption vulnerability that could enable attackers to execute malicious code during firmware signature verification. BRLY-2026-039 involves an out-of-bounds read that may force U-Boot to access memory beyond the firmware image, resulting in a system crash. BRLY-2026-040 is a null pointer dereference vulnerability that allows crafted firmware images to terminate the bootloader unexpectedly. BRLY-2026-041 stems from insufficient validation of externally stored firmware data and can also be used to crash vulnerable systems. The sixth flaw, BRLY-2026-042, involves unbounded recursion that can exhaust available stack memory and prevent the bootloader from completing the startup process.

Binarly noted that much of the affected code has been present since U-Boot version 2013.07, meaning the vulnerabilities could impact more than 50 stable releases of the project. Because many hardware manufacturers maintain customized downstream versions of U-Boot within their own firmware, the potential exposure extends beyond the upstream project to a large number of commercial products deployed across multiple industries.

If the arbitrary code execution vulnerabilities are successfully exploited, attackers could gain execution during one of the earliest phases of system initialization. Operating at this level may allow threat actors to alter the boot sequence, disable firmware security mechanisms, deploy persistent firmware malware, or perform other privileged actions before the operating system begins loading.

Firmware-based attacks can also be considerably more difficult to identify than malware operating within the operating system. Since malicious activity occurs before the operating system initializes, traditional endpoint security software and many monitoring tools may have limited visibility into the compromise, allowing malicious modifications to remain undetected for extended periods.

Binarly also noted that exploitation does not necessarily require physical access to a device. Systems equipped with Baseboard Management Controllers that support remote firmware updates could become vulnerable if an attacker first compromises the management interface. In such cases, a specially crafted firmware image could be uploaded and processed during the update process, potentially triggering the identified vulnerabilities.

The researchers reported all six vulnerabilities to the U-Boot maintainers and submitted patches addressing each issue. Those fixes have since been accepted into the project's upstream codebase. However, because U-Boot is incorporated into firmware by individual hardware manufacturers, vendors must integrate the patches into their own firmware releases before updates become available to customers.

Organizations operating embedded systems should monitor firmware advisories issued by their hardware vendors and apply security updates as they become available. Restricting access to firmware management interfaces, securing remote administration services such as BMCs, and verifying firmware authenticity before deployment can further reduce exposure while patches are being distributed.

Devices that have reached end-of-life or no longer receive firmware updates may remain permanently vulnerable, underscoring the long-term security challenges posed by legacy embedded systems that continue operating long after vendor support has ended.