New Kongtuke #ClickFix campaign sideloads Havoc C2 using signed WinWrapIDE binary. The evasive loader uses window cloaking, sandbox sleep, and native callback evasion to run a memory-only #infostealer. Details at https://t.co/YUeLe97wM2
🚨 SECURITY ALERT 🚨
A new supply chain attack has been detected. A Shai Hulud worm variant dubbed "Alright Lets See If This Works" has hijacked 20 LeoPlatform npm packages, including "leo-logger", which impacts over 3.5K weekly downloads.
Audit your dependencies immediately. Full analysis and mitigation details will be live soon on our blog: https://t.co/dDYb74DYyE
Microsoft Threat Intelligence continues to observe Sapphire Sleet refining their macOS intrusion tactics, following the same previously documented core attack chain, but with a new Teams‑themed lure. https://t.co/1Gtyc7X8Zz
Along with the lure, the new activity also uses updated infrastructure and component naming while maintaining the same user-driven execution model: tricking users into executing trusted system tools to enable credential theft, persistence, and data exfiltration without exploiting vulnerabilities.
We updated our blog to highlight the new Sapphire Sleet campaign, and expanded Microsoft Defender detections and hunting queries to help organizations defend against this new activity.
The software supply chain has a new predator. 🐛
Meet Iron Worm, the "rustier cousin" of the infamous Shai-Hulud worm. Just like its predecessor, it burrows into dev environments, steals credentials, and self-propagates through trusted GitHub and npm workflows.
Except this one is built in heavy, async Rust, hides behind an eBPF kernel rootkit, and talks over Tor.
Full teardown of the beast:
https://t.co/9Tn4G8tluW
An #adware campaign involving 50+ Chrome extensions (disguised as live wallpapers) has hit ~30K users. Spread across three publisher accounts, the attackers are pushing remote HTML to 40+ extensions and wiping IndexedDB on install and startup. Details at https://t.co/yihnkqJ3tj
Microsoft has identified a npm supply chain compromise impacting 90+ redhat-cloud-services/* packages, including patch-client 4.0.4, insights-client 4.0.4, rbac-client 9.0.3, host-inventory-client 5.0.3, frontend-components 7.7.2, and others. The payload is a self-propagating worm that infects other npm packages and self-publishes.
Each compromised package adds a malicious preinstall hook, embedding an index.js script in the package.json that silently executes “node index.js” during installation, downloads Bun, and runs a payload that steals secrets from npm, GitHub, Amazon Web Services (AWS), and Secure Shell (SSH). The added code bloats index.js from ~8KB to ~4.3MB, acting as a heavily obfuscated ROT-9 eval loader.
If any of the compromised packages are installed, users and organizations should assume compromise, rotate credentials, revert to a previously trusted version, and block compromised packages. Identified compromised npm packages have been taken down, and we continue to work with the npm team. Microsoft continues to investigate this attack and will publish updates as more information is available.
#TuxBot v3 Evolution: IoT malware/C2 framework tied to AISURU/Keksec. Self-ID "Akiru." 30-plus exploit targets, 1,496 credential pairs, encrypted C2, and DGA. Developers used an LLM to port exploits and write code, leaving traces in some files. Details at https://t.co/7mIjUcEG3y
I spent the last weeks building LLM benchmarks for a very specific reason:
We want to use AI in RuneAI to help with THOR finding triage, and I needed a better baseline for model selection than generic LLM leaderboards.
Security-event triage is its own thing.
A model can be great at coding, reasoning or vulnerability writeups and still be a bad fit for deciding whether a messy endpoint finding should be suppressed, reviewed or escalated.
In real deployments this will likely happen inside agentic workflows with tools, memory, context handling and feedback loops. But before testing the whole system, I wanted a clean baseline:
How does the model behave when it only gets the enriched finding itself?
Blog post with the reasoning and methodology:
https://t.co/KQPOPDWP1B
Interactive benchmark results:
https://t.co/pvVhTBJsz0
Repo:
https://t.co/Fw3uW9nu2a
Maybe useful for others building SOC / security-event triage benchmarks.
What does it take to disrupt cyber threats at scale?
Luke McNamara and GTIG disruption lead Charley Snyder discuss how Google is disrupting adversary operations. Learn about the team, and lessons from recent disruptions: IPIDEA & GRIDTIDE.
Listen now: https://t.co/bPjCrB4sSH
GOOGLE BUILT A SECRET WEAPON FOR FILE DETECTION
they ran it internally for years, gmail, drive, safe browsing, hundreds of billions of files every week
then they open sourced it
it's called magika and it exposes what files really are, not what they pretend to be
rename malware to "resume.pdf"? magika sees through it
disguise a script as an image? magika sees through it
any trick attackers use with file extensions? magika sees through all of it
ai trained on 100 million files. 200+ content types. 99% accuracy. 5ms per file
one command
`pip install magika`
the same tool protecting google's billion users is now protecting yours
https://t.co/Jr3LjmQobq
gopacket is live! Check it out, it is intended to be a full reimplementation of Impacket in Go (it is in beta please send me bug reports) https://t.co/9XjTickbyA
#Lorikazz: An #Android TV and STB #botnet using Tor .onion C2, ENS resolution, and bundled ELF payloads disguised as system libraries to hijack set-top boxes for proxyware operations. Details at https://t.co/WzNI5Hn88M
https://t.co/SU99mCoOAw
ArgusMonitor is a german app people install to check their CPU temperature. its kernel driver has 47 commands that give you full access to physical memory, every hardware port, PCI devices, and CPU registers
the driver "encrypts" these commands but you choose the key. set it to zeros. no encryption. it doesn't check who's asking
microsoft signed. no blocklist. no CVE
26 LLM routers are secretly injecting malicious tool calls and stealing creds. One drained our client $500k wallet.
We also managed to poison routers to forward traffic to us. Within several hours, we can directly take over ~400 hosts.
Check our paper: https://t.co/zyWz25CDpl
The Russian military intelligence actor Forest Blizzard has conducted large-scale exploitation of vulnerable small office/home office (SOHO) devices to hijack DNS requests and enable persistent, passive visibility and reconnaissance at scale. https://t.co/6oONFAtP20
By compromising edge devices that are upstream of larger targets, threat actors could take advantage of less closely monitored assets to pivot into enterprise environments. We have identified over 200 organizations and 5,000 consumer devices impacted by Forest Blizzard’s malicious DNS infrastructure.
Microsoft Threat Intelligence is publishing this research to increase awareness of the risks associated with insecure home and small-office internet devices and to give users and organizations tools to mitigate, detect, and hunt for these threats where they might be impacted.
North Korea is targeting npm maintainers -- not for crypto, but for write access to packages downloaded trillions of times a year.
Several Socket engineers were targeted in this campaign -- myself, @ljharb, @jdalton, and others. None of us fell for the bait. Unfortunately, the axios maintainer did. No shame in that -- these aren't phishing emails. They're weeks-long ops with fake companies, fake Slack workspaces, and spoofed meeting platforms built with realistic Zoom/Teams interfaces using the official SDKs for realism.
Other confirmed targets: @matteocollina (Fastify, Pino, Undici, Node.js TSC Chair), @wesleytodd (Express TC), @voxpelli (mocha, neostandard).
The common thread? High-trust maintainers with publish access to packages that sit deep in everyone's dependency tree.
The attack chain: build rapport over weeks, schedule a video call, fake an audio error, prompt the target to install a "fix." That fix is a RAT. Once it's on your machine, they have your .npmrc tokens, browser sessions, AWS creds, keychain. 2FA doesn't matter. OIDC publishing doesn't matter. Game over.
Security researcher @tayvano_ linked this to UNC1069, a DPRK-nexus group Mandiant has tracked since 2018. Why social engineer one rich person when you can compromise one maintainer and reach millions of machines?
This is the threat model now. If you maintain popular packages, act accordingly. If you use open source (and you certainly do), act accordingly.
Full writeup: https://t.co/bNKdrLmwMn
Very good research by @martinsohndk
Sometimes the bug is not in the product.
It’s in vendor documentation
23 documentation pieces across 16 vendors guided admins into critical attack paths - often old, well-known AD CS misconfigurations that can help turn low privilege into full domain compromise
Never trust vendor docs blindly.
Especially not for Tier Zero infrastructure
https://t.co/8djPGIMsVY
Iranian cyber ops shift: less custom malware, more destructive LotL. They target the enterprise management plane, not just EDR evasion. When management tools become weapons, defense must evolve to strict identity resilience. Read the full analysis: https://t.co/i2xzhBzm0Y