Kaspersky's 2025 compromise assessment report reveals that organizations consistently fail to detect long-dwelling threats, with 30.8% of incidents persisting over 3 months and 52% of high-severity compromises going undetected for 90+ days. Key findings include widespread abuse of LoLBins and remote management tools in every incident-bearing engagement, 40% of web shells surviving in backups to be restored post-remediation, and a strong correlation between in-house forensics/reverse-engineering capability and reduced incident severity. Multiple case studies document dormant crypto-mining on domain controllers (4 years), in-memory LionTail implants on critical servers, PurpleFox rootkit infections evading EDR with disabled memory scanning, and ClipBanker persistence via registry Run keys with Defender exclusions.
Legitimate Tools Hijacked as AI Becomes the New Battleground
The most damaging intrusions this week didn't rely on custom malware — they hijacked the legitimate tools and protocols organizations already trust. FortiBleed harvested real credentials from FortiGate firewall configurations worldwide, EvilTokens bypassed multi-factor authentication by abusing Microsoft's own device login flow, and a WhatsApp campaign installed legitimate ManageEngine remote management software to maintain persistent access.
Simultaneously, attackers are learning to manipulate the AI systems defenders increasingly depend on. The macOS.Gaslight malware feeds fake error messages to AI analysis tools to blind security analysts, malicious skills on the OpenClaw marketplace trick AI assistants into executing harmful commands, and researchers demonstrated that chatbot reconnaissance can map an organization's defenses through casual conversation.
Reset all FortiGate and VPN credentials immediately, scrutinize AI marketplace add-ons before installation, and assume that any legitimate-looking login prompt or remote management tool could be an attacker wearing a trusted disguise.
The StrikeShark campaign utilizes a novel malware family named SharkLoader to deploy Cobalt Strike Beacons across various global sectors. Threat actors gain initial access by exploiting known vulnerabilities in public-facing applications or distributing custom droppers disguised as legitimate software. SharkLoader employs advanced evasion techniques, including Perfect DLL Hijacking and extensive API hooking, to bypass loader locks and conceal its execution in memory.
ESET researchers discovered two undocumented Windows variants of the SprySOCKS backdoor, WINDRV and WINPLUS, attributed to the China-aligned FishMonger APT. These variants utilize advanced stealth techniques, including a custom kernel driver for hiding artifacts and diverting TCP traffic, as well as print processor abuse for persistence.
ThreatLabz has identified MLTBackdoor, a highly obfuscated post-exploitation framework delivered via ClickFix social engineering lures. The malware utilizes Mixed Boolean-Arithmetic (MBA), Control Flow Flattening (CFF), and indirect system calls to evade detection, while maintaining persistence and control through a custom encrypted protocol, a Domain Generation Algorithm (DGA), and a Beacon Object File (BOF) loader.
Sophos researchers uncovered a threat actor utilizing AI-native development tools, specifically the Cursor IDE and Claude Opus, to build and iteratively test a post-exploitation framework designed to evade major EDR solutions. The framework automates the ingestion of public security research to generate and refine custom Rust and Go payloads, ultimately supporting ransomware and data theft operations.
Session Hijacking and Developer Tool Poisoning Collapse Authentication Trust
This week, attackers proved that multi-factor authentication is no longer a reliable gatekeeper. Campaigns like Tycoon 2FA and Chinese-language PhaaS platforms intercept one-time passwords in real time and steal session tokens to maintain persistent access, while infostealers like EKZ Infostealer harvest browser cookies to bypass authentication entirely. Even when victims reset passwords and revoke sessions, attackers retain access through hidden device registrations — meaning standard incident response playbooks are now incomplete.
Developers remain the preferred entry point for supply chain compromise. The Glassworm botnet was disrupted after hiding malware in VSCode extensions and npm packages, while the Megalodon campaign poisoned GitHub Actions workflows across 5,500 repositories. A malicious Sicoob.Sdk NuGet package stole banking certificates from Brazilian developers, and North Korea's Lazarus group compromised the widely used axios npm library — a single attack touching millions of downstream applications.
Organizations must move beyond password-and-MFA reliance: adopt hardware security keys, shorten session lifetimes, delete attacker-registered devices before resetting credentials, and audit developer toolchains and CI/CD pipelines for tampering.
A critical ViewState deserialization vulnerability (CVE-2026-5426) in the KnowledgeDeliver LMS allows unauthenticated remote code execution due to shared ASP.NET machine keys across deployments. Threat actors are actively exploiting this flaw to deploy the BLUEBEAM in-memory web shell and modify application JavaScript, ultimately distributing targeted Cobalt Strike BEACON payloads to end-users visiting the compromised sites.
Software Supply Chain and AI Exploitation Dominate Threat Landscape
The software supply chain has become the primary battlefield for attackers because compromising a single developer tool can cascade into thousands of enterprise networks. Campaigns like Mini Shai-Hulud and TrapDoor are stealing credentials and injecting backdoors across major code registries, while the Laravel Lang Compromise and the Coruna Exploit Kit show how malicious code can automatically execute to steal secrets or exploit end users. As a result, organizations must treat developer environments as high-value targets, because a single compromised package or malicious VS Code extension can lead to catastrophic breaches like the GitHub internal repository theft by TeamPCP.
In parallel, artificial intelligence is simultaneously accelerating attacks and creating dangerous new attack surfaces. Threat actors are using AI to automate influence campaigns like Patriot Bait and crack passwords, while also impersonating AI tools like Gemini CLI and Claude Code to deliver infostealers. Furthermore, attackers are directly targeting exposed AI infrastructure, such as Ollama AI endpoints, and manipulating AI coding assistants via hidden prompt injections in campaigns like TrapDoor, which means AI systems are both the weapon and the target.
These trends together suggest that traditional perimeter defenses are failing against supply chain and AI-driven threats. Managers should immediately enforce strict vetting of open-source packages, restrict developer access to unverified extensions, and ensure AI infrastructure is not exposed to the public internet.
Developer Supply Chains Under Siege as Edge Device Exploits Surge
The dominant narrative this week is the coordinated weaponization of the software supply chain, as threat actors like TeamPCP and Mini Shai-Hulud aggressively target developer tools to steal cloud credentials. Because these attackers compromise trusted build systems like GitHub Actions, a single malicious package—such as the compromised TanStack libraries—can cascade into massive downstream breaches, allowing criminals to hold development environments hostage and even deploy destructive dead-man switches if their access is cut off.
In parallel, attackers are bypassing traditional network defenses by exploiting internet-facing edge devices and logging in with stolen credentials. Threat clusters are actively exploiting critical flaws in Cisco Catalyst SD-WAN and Microsoft Exchange, while ransomware groups like The Gentlemen and state-sponsored actors like Secret Blizzard use these footholds to live off the land, hijacking legitimate IT tools to stay hidden for months.
These trends together suggest that perimeter-focused defenses and basic patching are no longer sufficient. Organizations must immediately isolate their CI/CD pipelines from cloud credentials, enforce phishing-resistant multi-factor authentication on all internet-facing systems, and assume that trusted vendor tools may already be compromised.
Cisco Talos is tracking active exploitation of multiple vulnerabilities in Cisco Catalyst SD-WAN Controller and Manager. Threat actor UAT-8616 is exploiting CVE-2026-20182 for authentication bypass, while other clusters are chaining CVE-2026-20133, CVE-2026-20128, and CVE-2026-20122 to deploy JSP webshells and post-exploitation frameworks like Sliver and AdaptixC2.
FrostyNeighbor, a Belarus-aligned threat actor, has updated its toolset to target Ukrainian governmental organizations with a multi-stage compromise chain. The attack utilizes spearphishing with malicious PDFs that redirect to a RAR archive containing a JavaScript dropper, which ultimately deploys a Cobalt Strike beacon via the PicassoLoader malware following strict server-side and manual victim validation.
Quasar Linux (QLNX) is an advanced, previously undocumented Linux Remote Access Trojan (RAT) designed to compromise developer workstations and facilitate supply chain attacks. It employs sophisticated evasion techniques, including fileless execution, process name spoofing, and dynamically compiled LD_PRELOAD and eBPF rootkits, alongside a PAM backdoor to harvest critical cloud and repository credentials.
Tropic Trooper is conducting a cyber espionage campaign targeting Chinese-speaking individuals in Asia using military-themed lures. The threat actors employ a trojanized SumatraPDF reader (TOSHIS loader) to deploy a custom AdaptixC2 Beacon that uses GitHub for command-and-control, ultimately establishing persistent remote access via VS Code tunnels.
The Gentlemen is an emerging Ransomware-as-a-Service (RaaS) operation that provides affiliates with versatile, multi-platform lockers. Recent incident response telemetry reveals affiliates utilizing Cobalt Strike and SystemBC for post-exploitation and C2, culminating in highly automated, domain-wide ransomware deployment via Group Policy and built-in lateral movement mechanisms.
The article highlights the critical shift towards identity-centric cybersecurity in the AI era, where human, machine, and AI-agent identities form the primary attack surface. It advocates for unified Identity Visibility and Intelligence Platforms (IVIP) to combat AI-generated phishing, insider risks, and fragmented visibility, emphasizing automated threat detection and response.
In 2025, Insikt Group observed the continued dominance of Cobalt Strike, AsyncRAT, and infostealers like Vidar, alongside the rise of new offensive tools such as RedGuard, Ligolo, and CastleLoader. The report highlights the critical role of Threat Activity Enablers (TAEs) and the abuse of legitimate infrastructure services, such as CDNs, in sustaining cybercriminal and APT operations.
The Warlock ransomware group (Water Manaul) has enhanced its attack chain by exploiting Microsoft SharePoint servers for initial access and deploying a sophisticated post-exploitation toolkit. The group leverages BYOVD techniques via the NSecKrnl.sys driver to disable security tools, establishes redundant C&C channels using legitimate tools like Velociraptor and Cloudflare Tunnels, and automates ransomware deployment domain-wide using Group Policy Objects (GPO).
Check Point Research identified Silver Dragon, a Chinese-nexus APT group likely affiliated with APT41, targeting organizations in Southeast Asia and Europe. The group utilizes public-facing server exploits and phishing to deploy custom loaders that establish persistence via AppDomain hijacking and service manipulation. These loaders deliver Cobalt Strike and a novel Google Drive-based backdoor called GearDoor.