Search This Blog

Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Dutch Authorities Arrest Multiple Suspects in Global Investment Fraud Investigation


 

Dutch authorities have arrested multiple suspects as part of an international investigation into an alleged investment fraud network that investigators believe defrauded victims worldwide through fake online investment schemes, with the operation at one point generating more than €100 million in monthly proceeds.

According to the Dutch Police, the criminal organization is suspected of operating an extensive network of approximately 20 call centers staffed by more than 700 individuals who allegedly posed as professional financial advisers. Investigators said the operation targeted victims across multiple countries, with teams assigned to specific regions and responsibilities to maximize the effectiveness of the fraudulent campaigns.

The investigation's primary suspect, a 46-year-old dual Israeli-Polish national, was arrested in Poland on May 26 before being extradited to the Netherlands, where he has been placed in pre-trial detention. Dutch authorities allege that he played a central technical role in building and maintaining the infrastructure that enabled the organization to conduct its activities while making it more difficult for law enforcement agencies to identify those involved.

Police also noted that publicly available information indicates the suspect had previously faced prosecution in connection with cyberattacks targeting several foreign government organizations. Authorities now believe he occupied an indispensable position within the investment fraud network.

The investigation expanded further between July 7 and July 10, when law enforcement officers arrested several Dutch and Belgian nationals in Cyprus, Greece, and Belgium for their suspected involvement in the scheme. Officials said the investigation remains active and additional arrests are possible as authorities continue to identify other members of the organization.

Investigators describe the alleged operation as a highly organized criminal enterprise that functioned similarly to a legitimate international business. Multiple call centers reportedly operated under centralized coordination while individual teams focused on victims in different countries. Employees allegedly used false identities, pseudonyms, and technical measures designed to conceal both their real identities and their physical locations during communications with potential victims.

According to investigators, the fraud relied heavily on long-term social engineering rather than immediate financial deception. Victims were first approached by individuals presenting themselves as experienced investment advisers who gradually established trust through repeated conversations. Once that trust had been developed, victims were encouraged to invest relatively small amounts through professional-looking online investment platforms that appeared to display genuine market activity and growing returns.

Authorities said these platforms did not reflect legitimate investments. Instead, the displayed profits were fabricated to create the impression of successful trading and encourage victims to continue depositing larger sums. Many of the payments were made using cryptocurrency, making it incredibly more difficult to recover stolen funds after they had been transferred. While victims believed their portfolios were increasing in value, investigators said the money was instead diverted directly to the criminal organization.

Dutch investigators have linked at least 550 fraud reports and approximately €25 million in reported losses in the Netherlands to the organization. Belgian authorities have also connected around 200 complaints to the same network. Police believe these figures represent only a fraction of the total impact, estimating that the operation may have claimed tens of thousands of victims globally, with many individuals losing more than €10,000 each.

Authorities believe the organization has been active since at least 2021 and employed sophisticated operational security practices to avoid detection. Investigators said members routinely relied on pseudonyms, concealed calling locations, and other technical methods to obscure their identities while communicating with victims.

The investigation ultimately progressed after authorities traced digital evidence, including IP addresses, financial transaction routes, and other forensic artifacts that helped identify critical infrastructure associated with the operation. The examination of technical equipment provided investigators with additional insight into how the organization functioned and helped establish the locations of several suspects.

Dutch Police said the investigation was conducted in cooperation with international law enforcement partners, while commercial service providers also assisted in disrupting elements of the group's digital infrastructure. Authorities emphasized that efforts to identify additional suspects and victims remain ongoing.

Police have also warned the public to remain cautious of so-called recovery services that claim they can retrieve money lost to investment scams. Investigators noted that, in some cases, such offers are themselves fraudulent attempts to exploit victims a second time by demanding additional payments under the false promise of recovering stolen funds.

Govt: Kudankulam Data Breach Did Not Impact Nuclear Security, No Immediate Review Planned

 

The Centre has attempted to reassure the public that the data breach incident involving electronic files of the Kudankulam Nuclear Power Plant (KKNPP) has no implication on the nation’s nuclear security or reactor operations. Union Minister of State for Atomic Energy Jitendra Singh stated that the breach did not affect any sensitive nuclear facility or infrastructure. 

Singh stated during an interaction with reporters on the sidelines of the press conference on July 16 that there was no need for an immediate security review since the breach did not concern nuclear activities or reactors. Nuclear Power Corporation of India Limited (NPCIL), which manages the Kudankulam plant, claimed that the data breach incident did not disclose any sensitive information about reactors. 

“In the given scenario, the data breach is related to the Engineering, Procurement and Construction (EPC) contract for the Common Services–Balance of Plant (BoP) package for Units 3 and 4 under Implementation Agreement 7 (IA-7),” the NPCIL stated. It added that the EPC contract is signed with Reliance Infrastructure via a public tender process in 2018 for Kudankulam NPP. “The balance of plant involves many elements such as auxiliary systems, services, and infrastructure like cooling towers, which are comparable to those in conventional thermal power stations,” NPCIL noted.

It added that the BoP does not contain any nuclear power plant equipment or components or safety and security features. “In this context, NPCIL is not contemplating any First Information Report (FIR) as the cyber-attack was on the data of Reliance Infrastructure,” an NPCIL spokesperson said. They added that the information shared with Reliance Infrastructure during the tendering procedure included indicative drawings and technical specifications on the common services balance of plant, typically provided to all bidders. “This information did not include any sensitive nuclear safety information,” the spokesperson added. 

NPCIL stated that Reliance Infrastructure develops engineering drawings using the technical specifications and drawings provided by NPCIL in coordination with original equipment manufacturers (OEMs) for the approval process. The breach of data came after Reuters reported that ransomware group World Leaks exfiltrated more than 19,000 files from servers hosting Kudankulam Nuclear Power Plant, covering the 2016 fiscal year through mid-2025. 

According to the report, the documents contain details on control, cooling, and ventilation systems, suppliers, inspections conducted by Indian and Russian personnel, meeting records, and insurance data. The breach was attributed to a server managed by data centre infrastructure provider Yotta, hosted by third-party Reliance Group, which was responsible for the EPC contract for the Kudankulam NPP, admitting that the attack resulted in a partial data breach. 

Tamil Nadu-based Kudankulam Nuclear Power Plant currently operates two 1,000 MW VVER reactors and is set to commission four more reactors under the Russian technical collaboration agreement. The project aims to make Kudankulam one of India’s largest nuclear power parks with a total capacity of 6,000 MW. The data breach incident does not appear to affect the nuclear security or safety of the nation, as the government and NPCIL continue to emphasize. 

The breach did, however, raise concerns about the safety of digital assets and data security in various contracts, including those of critical infrastructure like Kudankulam NPP.

Bengaluru Housewife’s WhatsApp Hacked; Morphed Obscene Videos Shared Online

 

A 42-year-old housewife in Bengaluru has fallen victim to a disturbing cybercrime after her WhatsApp account was hacked and morphed obscene videos were shared online, triggering widespread outrage and highlighting the growing threat of digital harassment against women. The incident came to light when the woman’s contacts began receiving explicit, AI-generated videos from her account, causing severe emotional trauma and reputational damage. City cyber police have registered a case and launched an investigation to identify the perpetrators behind the breach. 

The attack appears to follow a pattern seen in recent Bengaluru cybercrime cases, where hackers gain unauthorized access to victims’ messaging apps through deceptive tactics. In many instances, culprits trick individuals into sharing one-time passwords (OTPs) or clicking malicious links sent via SMS or WhatsApp, enabling remote control over their devices. Once inside, attackers use AI-powered tools to morph personal photos or videos into sexually explicit content, which is then circulated among the victim’s contacts or posted on social media. Such violations not only invade privacy but also weaponize technology to intimidate and shame victims, particularly women. 

This case is part of a troubling trend of gendered cyber harassment in Karnataka. Just months earlier, in April 2026, a 24-year-old woman in Bengaluru accused her cousin of using AI to morph her images into nude visuals and posting them on a fake Facebook profile. Another housewife was blackmailed with morphed photos after downloading a fraudulent loan app in 2024. These incidents underscore how rapidly evolving deepfake and morphing technologies are being misused to exploit victims, often with long-lasting psychological and social consequences. 

Legal recourse for such crimes exists under India’s Information Technology Act and the Bharatiya Nyaya Sanhita (BNS), including sections addressing sexual harassment, identity theft, and publishing sexually explicit material. In several recent cases, Bengaluru’s cybercrime police have successfully traced culprits through digital footprints and arrested suspects, including a group of four men who morphed and circulated photos of seven women, some of them minors. However, experts caution that legal processes can be slow, and many survivors hesitate to report incidents due to stigma, fear of retaliation, or lack of awareness about their rights. 

Safety recommendations 

Cybersecurity experts urge users to adopt proactive measures to protect their digital identities. Enabling two-factor authentication on WhatsApp, never sharing OTPs or verification codes, and avoiding unknown links or file downloads are critical first steps. Regularly updating apps, using strong passwords, and being cautious about the personal information shared online can significantly reduce risk. For those affected, immediate actions include reporting the incident to local cybercrime cells, preserving evidence such as screenshots and message logs, and seeking support from trusted friends or counselors. As digital threats grow more sophisticated, public awareness and robust security practices are essential to safeguard privacy and dignity in an increasingly connected world.

AI-Assisted TuxBot v3 Evolution Botnet Targets IoT Devices With Modular Multi-Channel Attack Framework


Cybersecurity researchers have uncovered a previously undocumented Internet of Things (IoT) botnet framework named TuxBot v3 Evolution, which appears to have been partially developed with the help of a large language model (LLM). However, researchers found that the AI-assisted code contained multiple implementation flaws, indicating the malware is still under development.

"While the AI complied with their request to generate botnet code, it included a safety disclaimer that the developer failed to remove before shipping," Palo Alto Networks Unit 42 said. "Although the LLM clearly aided in constructing the botnet, several functions in the analyzed samples failed to work correctly."

According to Palo Alto Networks' Unit 42 researchers, a manual review of the code could have easily corrected many of these issues, suggesting that more refined versions of the malware may already exist in the wild.

The TuxBot v3 Evolution framework is built using several interconnected components, including a C-based bot agent capable of cross-compiling across architectures such as ARM, MIPS, MIPSEL, MIPS64, x86_64, PowerPC, and RISC-V. It also features a Go-based command-and-control (C2) server equipped with a DDoS-for-hire management panel, a custom exploit virtual machine, Docker-based testing infrastructure, and an automated build system.

The bot agent is designed to brute-force Telnet credentials using a database of 1,496 username-password combinations while exploiting known vulnerabilities affecting more than 30 IoT device families. For communication, the malware relies on an encrypted TCP channel and incorporates multiple fallback mechanisms, including a SHA512-based domain generation algorithm (DGA), peer-to-peer (P2P) gossip protocol secured with Ed25519 signatures, Internet Relay Chat (IRC), DNS TXT queries, and HTTP polling.

Researchers traced the botnet's origins to code borrowed from multiple malware families, including Mirai, AISURU, and Wuhan, while also identifying portions adapted from the open-source MHDDoS Python DDoS toolkit. One malware sample was uploaded to VirusTotal on January 20, 2026, indicating the framework has existed for at least six months. Evidence also suggests development began approximately a year earlier after the threat actor cloned the MHDDoS repository from GitHub.

"According to the framework's description, the TuxBot developer built what they called a professional-grade C2 framework platform with a multi-user admin panel, automated deployment, and modular attack capabilities," researchers Chris Navarrete, Asher Davila, and Doel Santos said.

The Go-based C2 server listens on three separate TCP ports to perform different functions. Port 1999 (or 31337) handles encrypted communication with infected bots, port 2222 provides operators with an interactive SSH shell, and port 9999 offers a JSON-based interface for programmatic management.

After infecting a device, TuxBot executes a structured initialization process. This includes retrieving the C2 address through a multi-layered communication system, activating anti-debugging and anti-virtual machine protections, concealing its process name, establishing persistence, and launching several attack modules.

These modules support distributed denial-of-service (DDoS) attacks, terminate competing malware, establish communications through IRC, HTTP, DNS, and P2P channels, scan services including Telnet, SSH, HTTP, and Android Debug Bridge (ADB), deploy a SOCKS5 proxy, and reserve functionality for cryptocurrency mining.

Researchers also found that the malware's HTTP scanner is capable of maintaining up to 128 concurrent connections to identify vulnerable web interfaces. Persistence mechanisms include systemd services, cron jobs, and watchdog processes that ensure the malware remains active even after system reboots.

"Multiple files contain raw LLM chain-of-thought reasoning left verbatim in comments," Unit42 said. "These comments are the LLM's internal reasoning as it worked through porting tasks. This reasoning is complete with self-interruptions, decisions, and references to 'the user' (meaning the developer who prompted the LLM)."

Although TuxBot v3 Evolution remains an unfinished project, researchers believe its modular architecture and AI-assisted development demonstrate how threat actors can rapidly build sophisticated malware with limited resources. The framework combines multiple C2 communication channels, a custom exploit virtual machine, and a Go-based DDoS-for-hire panel into a single platform.

"Shared infrastructure with Kaitori v3.9 and AISURU tooling places the TuxBot operator within the Keksec ecosystem," Unit 42 concluded. "This group is known for running multiple IoT botnet variants in parallel. TuxBot appears to be another variant in that portfolio. It's one that aims to go beyond the usual Mirai fork with its encrypted C2, its DGA, and a modular exploit system, even though that system does not work yet in the version we recovered."

The findings come shortly after researchers identified two additional botnets, RustDuck and AryStinger, which have been targeting routers, IP cameras, Android TV boxes, and inadequately secured servers to build networks capable of launching DDoS attacks and conducting reconnaissance activities.

Windows 11 KB5101650 and KB5099414 Updates Released With Security Fixes and New Features


 

A cumulative update for Windows 11 based on Patch Tuesday July 2026 is now available, with KB5101650 for versions 25H2 and 24H2 and KB5099414 for version 23H2. As well as addressing 571 security vulnerabilities, the mandatory updates also improve the usability, accessibility, and performance of the operating system. 

Using the Microsoft Update Catalog or by navigating to Settings > Windows Update and selecting Check for updates, users may download the updates manually, following installation. As a result of the installation, Windows 11 build numbers have been updated to 26200.8875 (25H2), 26100.8875 (24H2), and 22631.7376 (23H). It is noteworthy to note the wider rollout of Point-in-Time Restore, which allows users to restore their systems to a previous state in a more efficient manner. 

Aside from new features, Microsoft has introduced several security-focused improvements as part of the July Patch Tuesday release, as well as enhanced controls for enterprise administrators. As a result of improved device targeting in the update, more eligible systems will be able to receive updated Secure Boot certificates automatically via Windows Update, thus expanding Secure Boot certificate deployment. 

Moreover, Microsoft has also upgraded the built-in curl command-line utility to version 8.21.0, which provides additional security features. In addition to reducing unnecessary notifications and taskbar badges, this update also disables automatic opening on hover, and provides more customization options for Widgets. There are several additional improvements to File Explorer, including quicker launch times, improved responsiveness, enhanced support for complex file paths, and new quick actions such as Open File Location and Ask Copilot for work and school accounts. 

Several additional features have been added to enhance accessibility, including a Screen Tint feature which reduces eye strain and improved Magnifier controls that provide the ability to set precise zoom levels for the Magnifier. 

A number of languages are now supported by Voice Access and Voice Typing, including French, German, and Spanish. These languages now support real-time grammar, punctuation, and recognition enhancements, enhancing dictation accuracy. In addition to improving connectivity and hardware reliability, the release also enhances Bluetooth performance by improving device pairing time, microphone synchronization, voice calls that are more reliable, and LE Audio accessory stability.

With networking enhancements, Wi-Fi crashes are reduced, VPN compatibility is improved, virtualization networks are strengthened, and network settings are preserved during operating system upgrades. The security of Remote Desktop (RDP) has also been enhanced by supporting SHA-2 certificate thumbprints for trusted RDP publishers, while maintaining SHA-1 only for backward compatibility. 

In order to reduce phishing risks and prepare for eventually terminating SHA-1 support, organizations are encouraged to migrate to stronger SHA-256 certificates and update Group Policy settings for Remote Desktop files. Furthermore, the cumulative update resolves a compatibility issue that was caused by the June 2026 security update, which prevented third-party applications using OLE Automation from launching Microsoft Office or opening Office files. 

A further step to strengthen network security was taken by Microsoft by implementing stricter registration requirements for Transport Driver Interfaces (TDI). This may affect applications that rely on unregistered third-party TDI transports. Additionally, improved HD Audio reliability, stability of the Start menu, graphics performance on multiple monitors, Windows Subsystem for Linux (WSL) network improvements, improved printer installation that uses the Internet Printing Protocol (IPP) by default, and enhanced touchpad customization options are also included. 

Microsoft has reported no known issues with this month's Patch Tuesday update, which makes it a relatively stable release in comparison with previous Patch Tuesday releases. Considering the large number of security fixes included, users are encouraged to install the updates immediately to ensure protection against recently disclosed vulnerabilities. Also included in this update is a minor modification to the handling of keyboard shortcuts in Windows by altering how hotkey cleanup is conducted. 

There is a possibility that, in rare cases, certain built-in Windows experiences may temporarily cease to respond to specific keyboard shortcuts after installation. Restarting the affected application should typically resolve the issue, and users may also report persistent problems through the Feedback Hub.

Patch Tuesday updates in July 2026 reinforce Microsoft's ongoing commitment to enhancing the security, stability, and user experience of Windows 11. Hundreds of vulnerabilities have been addressed along with new features and reliability enhancements. Users and organizations are encouraged to install the updates as soon as possible to ensure optimal protection.

RabbitMQ Flaw Exposes OAuth Secrets, Risks Full Broker Takeover

 

A serious vulnerability in RabbitMQ is threatening enterprise messaging systems by allowing attackers to steal OAuth secrets and take full control of brokers. Tracked as CVE-2026-57219, the flaw has a CVSS score of 8.7 and affects popular RabbitMQ versions used across organizations for asynchronous communication and event-driven architectures. 

Discovered by security researchers at Miggo, the vulnerability stems from an obsolete HTTP API endpoint, GET /api/auth, within RabbitMQ's management plugin. When the management plugin is enabled and OAuth 2 is configured using the management.oauth_client_secret setting, the endpoint returns the broker's confidential OAuth client secret to anyone who can reach it, without requiring authentication. Attackers can then exchange this secret for an administrator token, gaining complete control over every message, queue, user, and broker setting in the deployment.

The affected versions span all releases from 3.13.0 onwards, including branches 4.0, 4.1, and 4.2, up to the patched versions 3.13.15, 4.0.20, 4.1.11, and 4.2.6. Enterprises running RabbitMQ in cloud environments, multi-tenant architectures, or setups where the management interface has been inadvertently exposed to the internet face the highest risk. Installations without the management plugin or those not using the specific OAuth client secret configuration are not vulnerable, but many production systems do rely on these features for identity integration and centralized access control. 

In addition to the primary flaw, RabbitMQ also addressed a second, medium-severity vulnerability, CVE-2026-57221, which allows any authenticated user to bypass tenant isolation and read statistics about queues and exchanges across virtual hosts. While this does not permit data modification, it enables attackers with low-level access to perform reconnaissance, map an organization's messaging topology, and plan more targeted follow-up exploits. Both vulnerabilities have existed in the codebase since early 2024, but there is currently no evidence of active exploitation in the wild. 

Mitigation tips 

Organizations using RabbitMQ should prioritize applying the latest patches immediately, as software updates are the only reliable way to close the /api/auth endpoint and fix the authorization bypass. Until patches can be deployed, administrators should restrict network access to the management plugin, block internet exposure, and monitor for suspicious API requests. 

After updating, it is critical to rotate OAuth client secrets, because the vulnerability may have already leaked credentials that remain valid even after the software is fixed. With enterprise messaging at the core of modern application workflows, prompt remediation is essential to prevent potential data breaches and operational disruptions.

Researchers Find Claude for Chrome Flaws That Could Let Malicious Extensions Trigger Sensitive Google Tasks




Researchers at Manifold Security have disclosed two security weaknesses in Anthropic's Claude for Chrome extension that could allow another browser extension with access to the Claude website to trigger predefined AI-powered actions involving a user's Gmail, Google Docs and Google Calendar.

According to the researchers, the issues remain present in version 1.0.80 of the extension despite earlier mitigations introduced after the disclosure of the "ClaudeBleed" vulnerability. While Anthropic restricted how external webpages can communicate with the extension, Manifold says the underlying trust boundary that determines whether a user intentionally initiated an action has not been fully addressed.

The findings do not indicate that arbitrary websites can directly read a user's email or documents. Instead, the attack requires another browser extension that already has permission to execute scripts on the claude.ai domain. If such an extension is malicious or becomes compromised, it could abuse Claude's existing capabilities to initiate AI tasks that access a user's connected Google services.


Forged clicks can initiate predefined Claude actions

Following the earlier ClaudeBleed disclosure, Anthropic replaced unrestricted prompt handling with a fixed allowlist of predefined onboarding tasks. Rather than allowing external callers to submit arbitrary prompts, the extension now recognizes only nine task identifiers embedded within its code.

Among these are demonstration workflows for third-party services such as DoorDash, Salesforce and Zillow, along with tasks that interact with Gmail, Google Docs and Google Calendar. This design significantly narrows the attack surface because outside scripts can no longer provide custom instructions for Claude to execute.

However, Manifold Security found that the mechanism responsible for launching these tasks can still be manipulated.

The researchers explain that a content script running within the extension monitors the Claude webpage for clicks on a specific onboarding element. When a click occurs, the script reads the associated task identifier and forwards it to the extension, which opens Claude's side panel with the corresponding workflow prepared.

The problem lies in how those clicks are validated. Instead of confirming that the event originated from an actual user interaction, the extension accepts any matching click event, including one generated programmatically by JavaScript.

Modern browsers provide an "event.isTrusted" property that distinguishes genuine user actions from synthetic events created by scripts. According to Manifold, the extension does not verify this property before processing the request.

As a result, another extension capable of interacting with the Claude webpage can dynamically create the required element, assign one of the approved task identifiers and dispatch an artificial click event. Because the extension treats the event as legitimate, Claude opens the selected workflow as though the user had manually initiated it.

The researchers demonstrated this behavior using a short proof-of-concept script executed within the Claude page, showing that synthetic click events marked as untrusted were still accepted by the extension.


Approval settings determine the level of risk

Whether the forged action progresses beyond this point depends largely on how the extension has been configured.

For users operating under Claude's default "Ask before acting" setting, the extension still presents an approval prompt before carrying out actions involving Gmail, Google Docs or Google Calendar. This additional confirmation prevents automatic execution, although users could still unknowingly approve an attacker-triggered request.

The risk increases considerably for users who have enabled the optional "Act without asking" mode. In this configuration, the extension can perform supported tasks without requesting further confirmation, allowing attacker-triggered workflows to execute automatically.

Manifold assigned a CVSS severity score of 7.7 under the default approval model and 9.6 when unattended execution is enabled.

The researchers say a straightforward mitigation would be to reject any click event that was not generated by a genuine user, preventing scripts from activating these workflows through synthetic browser events.


Researchers identify second permission-handling concern

Manifold also disclosed a separate issue involving how the extension initializes permission settings when its side panel loads.

According to the researchers, if the panel starts with a specific URL parameter indicating that permission checks should be skipped, the extension immediately enters a mode that bypasses user approval for supported actions.

Although users receive a warning indicating that Claude now has broader authority to perform actions on their behalf, the privileged session has already been established by the time the notification appears.

The researchers emphasize that this second issue is not directly exploitable under current conditions because the parameter can presently be generated only by the extension itself. Nevertheless, they argue that any future vulnerability allowing a lower-privileged component to influence this parameter could eliminate the remaining approval barrier and enable silent execution.

Potential attack paths discussed by the researchers include future message-handling flaws, panel initialization bugs or cross-site scripting vulnerabilities that could expose the parameter to untrusted input.

To reduce that risk, Manifold recommends that the extension ignore permission-related values supplied through URLs and instead always initialize new sessions in approval mode.

The researchers classify the forged-task technique as an example of indirect prompt injection within the OWASP Top 10 for Large Language Model Applications because an attacker manipulates the AI agent into executing one of its own predefined workflows rather than supplying new instructions directly.

They also associate the unattended execution scenario with excessive agency, referring to AI systems that are granted broad authority to perform sensitive actions with minimal user oversight.

According to the report, these behaviors occur regardless of whether users are running Claude Opus, Sonnet or Fable, indicating that the weaknesses originate in the browser extension rather than the underlying language models.


Issues remain unresolved months after disclosure

Manifold Security reported both vulnerabilities to Anthropic on May 21 while testing version 1.0.72 of the extension. Anthropic acknowledged the reports the following day.

The forged-click issue was closed on the basis that it fell within the scope of the previously reported ClaudeBleed investigation, which Anthropic indicated remained open while a more comprehensive solution was being developed.

The permission-handling report was classified as informational because the relevant parameter was intended for workflows that users had already configured for unattended execution.

Despite those responses, Manifold says it found the same vulnerable code paths unchanged after examining version 1.0.80 released on July 7.

As of July 14, the researchers noted that no CVE identifier had been assigned to either issue and Anthropic had not published a public advisory addressing the findings.

The latest research follows a series of security concerns involving AI-powered browser agents.

Earlier this year, researchers disclosed ClaudeBleed, a vulnerability that allowed websites to inject prompts into Claude for Chrome by exploiting how the extension trusted requests originating from the Claude website itself rather than verifying which script generated them.

LayerX, which originally disclosed ClaudeBleed, described the issue as a classic "confused deputy" problem, where software possessing legitimate privileges unknowingly performs actions on behalf of an untrusted requester.

Security researchers have also identified comparable trust-boundary weaknesses affecting other Anthropic products, including Claude Code, demonstrating broader challenges associated with AI agents that can directly interact with browsers, developer environments and online accounts.

The latest findings reinforce the importance of carefully validating user intent before granting AI assistants access to sensitive online services. As AI-powered browser agents become increasingly capable of interacting with email, documents and productivity platforms, researchers argue that ensuring those actions genuinely originate from users remains one of the most critical security controls.

Pentagon Pauses CMMC Phase Two Rollout for 60-Day Review of Cybersecurity Program

 

The US Department of Defense (DoD) has decided to suspend the implementation of the cybersecurity maturity model certification (CMMC) second phase on a temporary basis. The DoD will conduct a 60-day review before continuing with the implementation of the new cybersecurity requirements that were supposed to take effect in November 2026. Chief information officer of the Department of War (DoW), Kirsten Davies, stated that the CMMC pause gives an opportunity to “remove burdensome requirements while still maintaining national security.” 

Davies emphasized that DoD’s phase one requirements as well as all the regulations regarding the protection of information, are still in full force until further notice. Additionally, Davies noted that the creation of the CMMC Review and Reform Task Force charged with soliciting feedback from industry constituencies ahead of any reconsideration of the program will contribute to burden reduction. 

In particular, the task force will ensure that small businesses and nontraditional contractors are not overly burdened by certification requirements, thus facilitating their participation in defense contracting. Undersecretary of War for Acquisition and Sustainment Michael Duffey stated that the DoD wants to prevent “small manufacturers from being shut out of the defense market due to the cost and complexity of the CMMC.” 

The cybersecurity maturity model certification policy sets out cybersecurity requirements for defense industrial base (DIB) companies and contractors. The CMMC 2.0 requirement is applicable to all DoD contractors and subcontractors handling Federal Contract Information (FCI) or Controlled Unclassified Information (CUI). 

The newly implemented CMMC 2.0 cybersecurity requirements came into full force on November 10, 2025, and will be implemented in phases. During phase one, which was completed on November 10, 2025, organizations had to conduct self-assessments for Level 1 and some Level 2 contract work. Level 1 of the CMMC 2.0 covers the protection of FCI and requires a minimal level of cybersecurity maturity, while Level 2 covers the protection of CUI and includes the security requirements of the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171. 

On the other hand, Level 3 includes more stringent measures to protect against advanced persistent threats to sensitive DIB information. As of November 10, 2026, the beginning of the second phase, organizations will be required to undergo third-party assessment organization (TPO) certification for many Level 2 contracts. One of the reasons for postponing the second-phase implementation, as stated by officials, is the shortage of TPOs accredited to certify organizations ahead of the November 10, 2026 deadline. 

Under the initially established schedule, the third phase of the CMMC 2.0 implementation was set to begin in 2027. It included the introduction of Level 3 requirements for organizations that handle sensitive information and will affect most DoD contracts in Fiscal Year (FY) 2028. Finally, the fourth phase was supposed to ensure complete transition to the new framework in order to meet all CMMC requirements. 

As a result of the 60-day review, DoD officials will make recommendations on revising the CMMC 2.0 in order to reduce the burden on industry while addressing warfighters’ and authorizers’ needs in terms of enhanced cybersecurity.

Japan's Largest Taxi Service Goes Offline After Cyberattack


Nihon Kotsu, Japan’s largest taxi operator, said that its systems were impacted in a cyberattack, causing the company to close down some of its infrastructure.

The incident happened last week and impacted business operations such as the company’s taxi dispatch system, currently offline.

Nihon Kotsu has an annual revenue of around $1 billion.

The company has 18,228 employees and has 8,588 taxis and over 2000 chauffeur vehicles.

Nihon Kotsu said in a statement, “We have confirmed that our internal systems were subjected to unauthorized external access (malware infection)”. It further added that “immediately after detecting the unauthorized access, we implemented emergency measures, such as disconnecting systems to prevent further damage.”

The impact

The company has closed down systems to offline to stop the threat but it has widely caused disruption in services.

The incident has disrupted web booking, car hire, reservation management, few internal systems, and telephone dispatch service.

Nihon Kotsu advised people to use the ‘GO’ taxi app instead, or use a taxi stand for booking a Nihon Kotsu vehicle. It is a major operational damage for a company that has one of  Tokyo’s biggest fleets but the manual working is still operational. The hire car reservation system is offline.

In a different announcement, Nihon Kotsu said that the “labor taxi” service for pregnant women is shut down in a few areas.

Investigation

The firm has brought in external cybersecurity experts to assist in investigating if there has been a data leak. The internal network has been separated to limit further spread.

Currently, no data leak has been confirmed and Nihon Kotsu will provide updates via official channels. “We are currently conducting a detailed investigation with specialized agencies into whether and to what extent data has been leaked. At this time, no information leak has been confirmed. However, in the unlikely event that we discover any leak or potential leak of personal information of our customers or related parties, we will promptly make an official announcement and contact those affected individually, in accordance with the law,” Nihon Kotsu said.

What next

Customers of Nihon Kotsu are cautioned not to click on any links in suspicious communications purporting to be from the company and not to open anything they receive. 

CrashStealer macOS Malware Uses Apple-Notarized App to Evade Security Checks



CrashStealer, a new macOS information-stealing malware named for Apple's Mac operating system, bypasses built-in security protections by using an Apple notarized application, demonstrating a growing trend of malicious actors utilizing legitimate software verification mechanisms in order to target Apple users. 

Jamf Threat Labs researchers discovered that the malware is distributed via a disk image named Werkbit.app that is signed and notarized by Apple. Due to the fact that the installer is notarized by Apple and has a valid developer ID, Gatekeeper security checks can be successfully passed by the installer, increasing user confidence and acceptance of the application.

In early May 2026, Jamf Threat Labs identified CrashStealer as a suspicious macOS sample uploaded to VirusTotal. Activated infections were detected by researchers in early July, indicating the malware had progressed from development to real-world deployment. 

Based on the timeline, the operators seem to have refined the malware before launching broader attacks on macOS. This macOS stealer is written in native C++, unlike many macOS stealers, which rely on AppleScript or Objective-C wrappers. As a result, CrashStealer is more difficult to analyze while ensuring enhanced performance. Researchers have reported that the malware validates the user's macOS login password. 

Once the password has been validated, the malware can unlock the user's login keychain and gain access to additional sensitive information. The attack chain is designed to keep the user's identity hidden. A GitHub repository is utilized by the malware to retrieve configuration data after the victim launches the installer, which is then used to download the final malicious payload. 

GitHub-hosted configurations contain instructions for downloading shell scripts that are responsible for retrieving the final malware payload from attacker-controlled infrastructure when the victim launches the installer. CrashStealer reduces its forensic footprint by decoding its contents during execution rather than storing them in plain text during execution. 

The CrashStealer application establishes persistence as a LaunchAgent, utilizes multiple anti-analysis techniques, and checks for installed security or forensic tools before harvesting data by employing multiple anti-analysis techniques. As a precaution, the malware masquerades as CrashReporter, Apple's legitimate crash reporting utility. 

By using Apple's bundle identifier, icon, and naming conventions, the malware makes malicious activity appear to be similar to legitimate system activity. This malware targets credentials stored in Chromium-based browsers as well as Mozilla Firefox, resulting in a significant increase in browsers affected. MetaMask, Phantom, Coinbase Wallet, Trust Wallet, Rabby, OKX Wallet, Exodus, Keplr, Solflare, Backpack, and MetaMask are among the many cryptocurrency wallet extensions that search for data. 

As part of the attack, CrashStealer attempts to extract information from 14 password managers, including 1Password, Bitwarden, LastPass, Dashlane, Keeper, KeePassXC, NordPass, Enpass, and RoboForm. In addition to collecting files from the user's Documents and Downloads folder, the malware compresses the data into a ZIP archive to reduce the possibility of interception. 

To protect the collected data, it is encrypted using AES-GCM before being transmitted via libcurl to an attacker-controlled server. CrashStealer is noted by researchers as encrypting each file before exfiltration, rather than protecting the entire archive. As a result of its use of industry-standard cryptographic techniques, the malware makes intercepted data significantly more difficult for defenders to analyze without the appropriate key to decrypt. 

Researchers at Jamf observed that the malware incorporates code obfuscation, encrypted strings, control-flow flattening, and layered anti-debugging techniques into its data exfiltration mechanism, making it significantly more resilient than typical information commodity thieves.

Investigators also discovered additional domains and operator infrastructure linked to the campaign, including a password-protected management panel that is believed to be used by the attackers. It has been demonstrated that CrashStealer is not a standalone malware sample, but is part of a coordinated operation. 

Researchers believe CrashStealer exemplifies a growing trend in macOS malware, demonstrating the combination of trusted software signing, multiple stages of delivery, sophisticated anti-analysis techniques, and strong encryption to make it more difficult to detect. Furthermore, the campaign emphasizes the growing tendency of attackers to exploit legitimate Apple security mechanisms for malicious delivery, reinforcing the need for users to verify software sources even when applications pass Gatekeeper checks. 

In CrashStealer, cybercriminals demonstrate the increasing use of trusted security mechanisms to avoid detection and compromise macOS systems by exploiting trusted security mechanisms to evade detection. Increasingly sophisticated methods of delivery and stronger encryption are being adopted by attackers; therefore, organizations and users need to remain vigilant by ensuring that they download software only from trusted sources, monitoring unusual activity, and updating their security solutions.

GoDaddy Challenges Indian Court Order Over Domain Privacy and Internet Governance Rules

 

A legal battle in India over online fraud could have major implications for privacy and regulation of the internet around the globe, as domain name registrar Go Daddy takes exception to a Delhi High Court ruling that would impose severe restrictions on domain registration, privacy, and trademark protection. 

The ruling comes in response to an uptick in cyber fraud in India. Government figures from last year show that authorities received 2.4 million fraud complaints, resulting in $2.4 billion in losses. In recent years, Amazon, McDonald’s, Microsoft, and other companies have taken legal action against fake websites that misled consumers into giving away personal information or making purchases. Last December, the Delhi High Court ordered removal of more than 1,100 fraudulent websites. 

With that, the court issued additional directives concerning the management of domain names and registrars. These mandates include forbidding registrars from offering privacy protection services by default, disclosing private domain owner information to third parties upon request if that party can demonstrate a “legitimate interest,” and prohibiting domain name registrations that use trademarks of others. Go Daddy argues in a petition to a larger bench of the Delhi High Court that those measures go significantly beyond what’s needed to combat fraud. 

The company believes such restrictions, if applied consistently, would disrupt internet governance worldwide. Go Daddy also objects to the requirement that domain ownership information be disclosed to anybody demonstrating a “legitimate interest.” The company argues in its petition that the language could prove too broad and that domain registrars shouldn’t be tasked with reviewing requests for domain owner information and deciding whether they meet a “legitimate interest” standard. The firm says the language could create “significant legal and operational challenges.” 

The company raises additional concerns about the order’s potential impact on international domain name sales, arguing that because the global internet isn’t bound by one jurisdiction, requiring local registrars to follow the kind of rules set out in the December ruling would, in essence, require them to follow Indian law for all international transactions. 

Go Daddy further argues that the privacy restrictions could run contrary to India’s data protection laws as well as the European Union’s General Data Protection Regulation (GDPR). By mandating that privacy protections be revoked by default for domain owners, India’s data laws and the GDPR would instead be weakened. 

Many internet governance experts believe the ruling places India at risk of negatively impacting citizens, particularly journalists, activists, bloggers, and small businesses, and that it fails to consider tactics bad actors will use to exploit weaknesses in the domain system. Other domain name registrars have raised similar objections to the December ruling, including Namecheap and Hosting Concepts. 

These companies expect that the ruling will spark similar actions in other jurisdictions. Delhi High Court is set to hear the challenges on July 16, with implications for the future of internet governance and fraud prevention measures yet to be determined.

How the Apple Copy-Paste Scam Can Give Attackers Remote Access to Your Mac

 


Apple users are being urged to exercise caution when following troubleshooting instructions found online after cybersecurity experts underlined a growing social engineering tactic that tricks victims into pasting malicious commands into the macOS Terminal application. Rather than exploiting a flaw in macOS itself, the scam relies on convincing users to voluntarily execute commands that can install malware, grant attackers remote access, or expose sensitive information stored on their devices.

Often referred to as a "copy-paste" scam, the technique targets users unfamiliar with Terminal, a command-line interface included with macOS that enables direct interaction with the operating system through text-based commands. While the application is commonly used by developers, system administrators and advanced users to automate tasks or manage system settings, executing unfamiliar commands without understanding their function can introduce significant security risks.

Unlike traditional malware campaigns that exploit software vulnerabilities, this attack depends almost entirely on social engineering. Cybercriminals impersonate trusted sources or create convincing troubleshooting scenarios to persuade victims that running a Terminal command is necessary to fix a technical issue, improve security or restore system performance. Once executed, however, the command may download malicious software, establish remote access, alter security settings or perform other unauthorized actions without the user's awareness.

Depending on the instructions provided, attackers could gain access to documents, photographs, emails, browser data, financial information, saved credentials and contact lists stored on the Mac. Some malicious scripts may also deploy keylogging software capable of recording everything a victim types, including usernames, passwords and other confidential information. In more severe cases, attackers could install ransomware or persistence mechanisms that allow them to retain access to the compromised system even after a restart.

Security researchers note that the scam can begin through multiple channels. Victims may receive phishing emails or text messages containing the malicious command, encounter it in online discussion forums disguised as a legitimate solution, or visit fraudulent websites presenting it as an official troubleshooting step. Attackers have also been observed posing as technical support representatives over the phone, carefully instructing victims to open Terminal and manually type commands under the pretense of resolving an issue.

The rise of generative artificial intelligence has introduced another avenue for abuse. Threat actors may intentionally publish malicious commands across public websites and discussion platforms in an effort to influence AI-powered assistants through a technique known as indirect prompt injection. If an AI system retrieves or references poisoned content while responding to a user's troubleshooting request, it could inadvertently recommend unsafe commands. Although AI tools continue to improve their safeguards, cybersecurity experts advise users to independently verify any command before executing it on their systems.

The attack typically follows a similar pattern. After directing a user to open the Terminal application located within the Utilities folder inside Applications, the attacker provides one or more commands and claims they are required to diagnose, repair or secure the computer. In reality, those commands may download remote administration tools, retrieve additional payloads from external servers, modify system configurations or provide unauthorized access to the attacker's infrastructure.

Because the attack depends on user participation rather than exploiting a software flaw, many victims may not immediately recognize they are being targeted. Individuals unfamiliar with Terminal often have little reason to question commands presented by someone claiming to represent Apple, a software vendor or a technical support service. Similarly, users searching online for solutions may encounter malicious instructions embedded within forum posts or copied across multiple websites, making them appear credible.

To help reduce the effectiveness of these attacks, Apple introduced additional safeguards in recent versions of macOS. When users who do not regularly work in Terminal attempt to paste commands copied from websites, messaging platforms, email applications or chatbots, the operating system may interrupt the action with a warning indicating that the pasted content could contain malware or compromise privacy. Rather than automatically executing the command, the prompt encourages users to reconsider before proceeding.

Apple has also expanded malware detection capabilities within Terminal. If the operating system identifies known malicious content or scripts, it can block execution and notify the user that the pasted command has been prevented because it poses a security risk. These protections are designed to slow down impulsive actions and reduce the likelihood of users unknowingly compromising their own systems.

Cybersecurity professionals emphasize that no security warning should replace careful judgment. Users should never execute Terminal commands they do not fully understand, regardless of whether the instructions originate from an email, text message, online forum, chatbot or unsolicited phone call. Requests accompanied by pressure tactics or claims that immediate action is required should be treated with particular suspicion, as creating a false sense of urgency remains one of the most common techniques used in phishing campaigns.

Experts also caution against assuming that information found on public forums or generated by AI assistants is inherently trustworthy. Malicious instructions can spread rapidly across the internet and may be reproduced by multiple sources, giving them an appearance of legitimacy. Verifying guidance through official Apple documentation or other trusted security resources before executing any command remains one of the most effective ways to avoid becoming a victim of Terminal-based social engineering attacks.

Anthropic Delays Claude Fable 5 Usage Credit Requirement Until July 19


 

A number of Anthropic's flagship AI model, Claude Fable 5, has been extended to eligible paid subscribers until July 19, 2026 for free access. This extension provides customers with another week of access while the company continues to expand its available computing capacity. This extension follows two previous extension of the deadline. 

As part of their initial announcement, Anthropic announced that Fable 5 would be available to subscribers through July 7, but that offer has since been extended to July 12. According to Anthropic, promotional access to the Claude Code system will now be available until 11:59:59 PM PT on July 19. Along with this extension, Anthropic has also continued to increase Claude Code weekly usage limits by 50%. 

The Fable 5 subscription model allows eligible subscribers to use up to 50% of their weekly allowance at no additional charge. It draws upon the same weekly usage pool as other Claude models, however Anthropic notes that Fable 5 consumes these limits more rapidly as a result of its greater computational requirements. When enabled by their organization, this promotion is available to Claude Pro, Max, Team, and premium seat-based Enterprise subscribers. 

The promotion does not apply to Free users, standard Enterprise seats, usage-based Enterprise plans, or API customers. Anthropic's ecosystem includes Claude Web, Mobile, Desktop, Claude Code, Claude Cowork, Claude Design, Claude for Microsoft 365, and Claude Tag, among others. Users can choose "Fable 5" from the model picker on Claude's web, desktop and mobile applications in order to begin using the model. 

For Claude Code, Fable 5 requires version 2.1.170 or later, while Claude Cowork users need the latest Claude Desktop application to access the feature. Versions 2.1.170 and later are required for Claude Code, while version 2.1.170 and higher are required for Claude Cowork. Upon reaching their complimentary Fable 5 allocation, users may elect to purchase usage credits to continue using the model or to switch to another Claude model that remains available under their current subscription limitations. 

According to Anthropic, this process is consistent across all versions of Claude Web, Mobile, Desktop, Claude Work, and Claude Code. If a user exceeds the complimentary allocation for Fable 5, they may purchase usage credits, which are billed separately from their subscription, or choose to make use of another Claude model without incurring additional charges in accordance with their remaining plan limits. 

In addition, Anthropic has assured its customers that current restrictions will only last for a short period of time. According to the company, Fable 5 will not be permanently removed from subscription plans and will be restored as soon as sufficient computing resources are available. It is evident that the demand for Claude Fable 5 continues to exceed the computational resources available to Anthropic. 

Anthropic is continuing to expand its infrastructure while offering premium subscribers access to its most advanced AI model without immediate additional costs by extending its temporary promotion. Once sufficient computing capacity is available, Fable 5 will be available as a standard subscription benefit once adequate computing capacity has been reached. 

Anthropic's latest extension reflects the increased demand for advanced generative AI models, as well as the challenges associated with rapid adoption of these models. While the temporary offer ensures continued access for eligible subscribers, it emphasizes the importance of scalable computing resources when AI companies attempt to strike a balance between innovation, performance, and user expectation.

UK Warns Parents: Limit Online Sharing of Kids’ Photos Amid AI Abuse Risks

 

UK authorities have issued urgent warnings to parents about sharing children’s photos online, as AI tools increasingly enable digital abuse and exploitation. The National Crime Agency (NCA) and the Internet Watch Foundation (IWF) say that ordinary images of kids can be misused by predators to create realistic, sexually explicit material using “nudification” apps and deepfake technology. While officials stress they are not dictating parenting choices, they want families to understand a risk that many may not realize exists. 

The scale of the problem is growing fast. In 2025, the IWF identified 8,029 AI-generated images and videos classified as realistic child sexual abuse material (CSAM), a 14% rise from the previous year. AI-generated abuse videos jumped from just 13 in 2024 to 3,440 in 2025, showing how quickly the threat is escalating as imaging models improve. Because these fakes can be so convincing, it is becoming harder for platforms and investigators to distinguish them from real abuse content, complicating removal efforts and victim support. 

In response, the NCA and IWF have published new guidance urging parents and carers to limit who can see images of their children online. Their advice includes setting social media accounts to private, using “close friends” lists for sharing family photos, and regularly reviewing older posts that might expose children’s images to strangers. The guidance also recommends a “social media audit,” asking parents to check whether a child’s face, body, or school uniform is visible online and whether those images can be deleted or made private. The NSPCC similarly advises that minors keep their social media profiles on private settings to reduce exposure. 

The UK government is also tightening laws and platform responsibilities. It has made it illegal to create, possess, or distribute AI tools designed to generate child sexual abuse imagery, with offenders facing up to five years in prison. Under the Online Safety Act, tech platforms must proactively remove such content, and new powers will allow authorized testers to assess AI models for their ability to produce CSAM before they reach the market. A government spokesperson confirmed that AI-generated CSAM is treated the same as real imagery under UK law and must be taken down swiftly. 

Beyond privacy settings, experts recommend open conversations with young people about AI, “deepfake” nudes, and image consent. Children should understand that once a photo is online, it can be copied, altered, and misused—even if they trusted the original audience. Guidance also outlines steps to take if a child is targeted or if manipulated images appear, including reporting to platforms and contacting the IWF or police. As AI continues to turbocharge digital abuse risks, cautious sharing and strong privacy habits are becoming essential parts of modern parenting.

Microsoft and Google Remove ModHeader After Finding Dormant Collector


ModHeader is a famous header-editing extension with over 1.6 million installs across Microsoft’s Edge and Google’ Chrome browser. 

Google and Microsoft remove the collector

Experts discovered a secret browsing-history collector built into its official store variant, and have withdrawn the ModHeader from Google and Microsoft.

An empty allow-list kept the collector switched off and it was dormant, and no proof has surfaced that it retrieved or sent even one browsing domain.

About the discovery

Stripe OLT, a UK cybersecurity organization analyzed the code against Google’s Web Store signature and verified the collector shipped within the authentic extension, not a fake one.

Stripe OLT’s study covers the Chrome build and its 900,000 users (an estimate); and Edge and its 700,000 users. Microsoft removed  the listing on July 3rd whereas Google pulled the Chrome listing a week after, on July 10th.

Attack tactic

Variant 7.0.18 still edits HTTP headers as shown. The same minimized background also consists of another system. On the first attempt, it makes a device fingerprint and deploys a hardcoded encryption key. As the user browses, it takes the domain from each page that user opens, encodes it, and gathers it locally, up to 1000 different domains.

Scheduler and other things

A scheduler combines your fingerprint with the encrypted list, uploads it to api.stanfordstudies[.]com, and deletes the local copy once a day. If the collector were turned on, browsers using it wouldn't all beacon at once because the upload time is offset per install. The same pipeline is described in separate teardowns by researcher Yunus Aydin on version 7.0.17 and HackIndex on version 7.0.18.

How does collector function

The collector functions only if your browser matches an entry on an internal allow-list, but the list ships empty. Every time, the check fails, and the pipeline stops before it gathers even a single domain. 

The small change is populating the list, without any click and no new permissions from the users, sent as a routine update. The endpoint URL, the scheduler, the storage logic, and the hardcoded key are all on the same device.

But not everything was silent. The extension pinged extensions-hub[.]com with the product, version, and browser when it was installed, updated, and uninstalled. 

Additionally, it was evident that the piece had been running because a script that runs on every page had already recorded actual request metadata in plain text to local storage. 

Compromised Jscrambler npm Releases Target Developer Environments with Cross-Platform Rust Infostealer

 



Developers and organizations using the Jscrambler npm package are being urged to audit their systems after multiple malicious releases were uploaded to the npm registry through a compromised publishing credential. The incident transformed a trusted development dependency into a malware delivery mechanism capable of stealing credentials, browser sessions, cryptocurrency wallets, and sensitive configuration files from Windows, macOS, and Linux systems. Jscrambler has confirmed the compromise was limited to its Code Integrity npm package and has advised users to upgrade to version 8.22.0 after revoking the affected publishing credentials and strengthening its release pipeline.

Security researchers first identified version 8.14.0 as the initial compromised release after discovering that it introduced a previously undocumented npm "preinstall" lifecycle hook. Unlike the legitimate 8.13.0 release, the malicious package included new files that were absent from Jscrambler's public source repository. During installation, the package silently unpacked and executed a native binary tailored to the victim's operating system, allowing the malware to run before developers ever interacted with the package itself. Socket detected the malicious release within minutes of publication, highlighting how quickly software supply chain attacks can unfold.

Technical analysis showed the package concealed separate native payloads for Linux, Windows, and macOS inside an obfuscated container embedded within the package. A lightweight loader selected the appropriate binary for the host operating system, wrote it to a temporary directory under a randomized filename, granted execution permissions where required, and launched it as a background process with minimal user visibility. Researchers also noted that these components never appeared in the project's public GitHub repository, suggesting the malicious code bypassed the project's normal development workflow and was introduced during package publication.

The payload itself is a Rust-based infostealer engineered to harvest assets commonly found on developer workstations and build infrastructure. Investigators found code targeting cloud credentials associated with AWS, Microsoft Azure, and Google Cloud, browser-stored passwords and cookies, cryptocurrency wallets, Bitwarden vault data, communication platforms such as Slack, Discord and Telegram, and developer secrets that could provide access to production environments. Researchers also observed the malware searching for configuration files belonging to AI-assisted development tools, including Claude Desktop, Cursor, Windsurf, Visual Studio Code and Zed, where API keys and Model Context Protocol credentials are frequently stored.

Beyond credential theft, the malware incorporated platform-specific capabilities intended to strengthen its foothold on compromised systems. Analysts found Linux-specific code interacting with eBPF, a kernel technology that allows programs to execute within the operating system kernel, although the precise purpose of this functionality remains under investigation. Windows and macOS variants incorporated persistence mechanisms designed to survive system reboots, while encrypted command-and-control communications complicated static analysis and hindered efforts to identify the attackers' infrastructure. Runtime monitoring also identified outbound connections associated with the campaign's command infrastructure.

The campaign expanded rapidly after the initial discovery. Additional malicious versions, including 8.16.0, 8.17.0, 8.18.0 and 8.20.0, were subsequently identified. While the earlier releases relied on npm's preinstall hook to execute the malware automatically during installation, later versions embedded the same payload directly into the package's runtime code. This change allowed the malware to execute when the package was imported or its command-line interface was launched, reducing the effectiveness of mitigations such as disabling lifecycle scripts during installation. Researchers described the shift as an example of attackers quickly adapting to evolving software supply chain defenses.

Further investigation by JFrog linked the malware to an evolved variant of the IronWorm infostealer. According to the researchers, the malware extends beyond information theft by attempting to propagate itself across the npm ecosystem. The code searches compromised systems for npm authentication tokens, validates the stolen credentials, identifies valuable packages, injects malicious components into package archives, and attempts to publish trojanized versions directly to the npm registry. JFrog also reported that the malware broadens its search to include VPN configurations, password managers, Tor-related files and directories associated with penetration testing frameworks, indicating an effort to compromise developers, security researchers and enterprise engineering teams alike.

The incident adds to a growing series of attacks targeting open source software distribution channels, where compromising trusted packages offers attackers access to developer workstations and CI/CD pipelines instead of directly attacking production systems. Because these environments often contain deployment credentials, signing keys, cloud secrets and proprietary source code, a single compromised dependency can expose far more than the application that depends on it. Researchers have increasingly warned that software supply chain attacks are shifting toward development infrastructure, making continuous dependency monitoring and rapid package verification critical components of modern software security.

Organizations that installed any affected version should immediately upgrade to Jscrambler 8.22.0 or later, investigate development workstations and build systems for signs of compromise, and assume any credentials accessible to the affected environment have been exposed. Security teams should rotate cloud credentials, npm and GitHub tokens, API keys, browser sessions and other secrets, inspect lockfiles and build logs for compromised package versions, and review systems for persistence artifacts before returning affected machines to service.

Zimbra Urges Immediate Update to Fix Critical Classic Web Client XSS Vulnerability

 

Zimbra has released a security update to address a critical vulnerability in the Zimbra Classic Web Client that could allow malicious actors to compromise user accounts and execute unauthorized code. The company recommends that customers install the latest update to mitigate the threat. The flaw is a stored cross-site scripting (XSS) vulnerability that could allow an unauthenticated attacker to execute malicious JavaScript in the browser of a user viewing a specially crafted email message. 

The problem exists in the Classic Web Client component of Zimbra Collaboration Suite. While no CVE identifier has been assigned yet, Zimbra warned that successful exploitation of the vulnerability would lead to the exposure of mailbox content and settings, as well as session details. A stored XSS vulnerability occurs when the application stores user-supplied input without proper sanitization and later displays it to other users. 

In this case, an attacker could utilize this flaw to deliver specially crafted email messages that would execute arbitrary JavaScript code in the browser of a user who opens this message in the Zimbra Classic Web Client. The malicious script would then steal the victim’s session and potentially access their mailbox content, modify account settings, or perform other actions. While Zimbra has not reported any confirmed attacks using this vulnerability, several similar XSS flaws in the Zimbra Collaboration Suite have been actively exploited in the past. 

Attackers have targeted the webmail platform multiple times to hijack the accounts of high-profile organizations, including the Brazilian military, with no success, according to Zimbra. Previously exploited flaws affecting the product are CVE-2025-27915, CVE-2023-37580, and CVE-2024-27443. Therefore, organizations must ensure they have applied the latest security update to address the newly discovered vulnerability. 

The Zimbra Collaboration Suite 10.1.19 release notes mention the fix for the stored XSS in the Classic Web Client. Users must always access the updated version of the webmail platform via HTTPS to avoid man-in-the-middle attacks and other threats. Moreover, security analysts recommend monitoring the email traffic for any signs of suspicious activity and reviewing account access logs for unauthorized changes. 

Users must not open any attachments or links in emails that seem suspicious as these may contain malicious scripts that target webmail clients. Organizations must ensure they apply all security updates to their collaboration platforms as they provide critical protection against potential threats. 

In this case, the newly discovered vulnerability is yet another reminder of the importance of timely software updates. Attackers will continue targeting collaboration platforms such as Zimbra webmail to compromise user accounts by exploiting flaws such as XSS.