Cavern Manticore, an Iran-MOIS-linked APT group, deploys a modular .NET C2 framework targeting Israeli government and IT organizations. The framework uses three compilation formats (Mixed-Mode C++/CLI, NativeAOT, .NET Framework) as an anti-analysis layer, with DLL sideloading via WinDirStat.exe for initial execution. Post-exploitation modules provide DPAPI decryption, LDAP brute-forcing, SQL browsing, network reconnaissance, and SOCKS5 tunneling, with C2 traffic XOR-encrypted over HTTPS/WebSocket channels.
The Shai Hulud supply chain worm, attributed to TeamPCP, compromises CI/CD pipelines by injecting malicious npm/PyPI packages that harvest build credentials and pivot into production AWS cloud infrastructure. In a confirmed breach, attackers stole Jenkins EC2 instance role credentials via the Instance Metadata Service (IMDS), used them from external IPs, escalated privileges by creating an IAM user with AdministratorAccess, modified Redshift and Aurora security groups to open network paths, enumerated Secrets Manager for warehouse credentials, and exfiltrated data via the Redshift Data API. The attack demonstrates that pipeline identity equals production identity, with explicit attacker naming conventions (exfil-s3-* policies, exfil STS session names) providing high-fidelity detection opportunities.
ESET Research contributed to Operation Endgame, a coordinated global disruption targeting the Amadey botnet and Stealc infostealer MaaS ecosystems. The operation seized or rendered inoperative approximately 50 domains and nearly 200 active IP-based C&C servers. ESET provided technical analysis, C&C server lists, RC4 encryption keys, campaign/build identifiers, and clustering methodology based on long-term tracking of both malware families. The fragmented, affiliate-operated infrastructure model used by both services required advanced graph-based clustering of RC4 keys, build IDs, and C&C URL paths to identify high-priority targets for disruption.
A cryptocurrency-mining campaign is actively exploiting CVE-2026-33017, an unauthenticated RCE vulnerability in Langflow, to deploy the lambsys malware. The attack chain involves a bash dropper that establishes SSH-based lateral movement, followed by a Go-based payload that systematically disables Linux security controls, eliminates rival miners, and deploys a customized XMRig miner.
This threat intelligence report highlights recent data breaches involving third-party vendors, emerging AI threat vectors such as prompt injection and WebSocket abuse, and active exploitation of critical vulnerabilities in Fortinet, Cisco, and Splunk products. Additionally, seasonal phishing campaigns targeting travelers and Amazon Prime members are surging alongside a cross-platform Rust-based crypto clipboard hijacker.
ESET researchers discovered two undocumented Windows variants of the SprySOCKS backdoor, WINDRV and WINPLUS, attributed to the China-aligned FishMonger APT. These variants utilize advanced stealth techniques, including a custom kernel driver for hiding artifacts and diverting TCP traffic, as well as print processor abuse for persistence.
Varonis Threat Labs discovered SearchLeak, a critical vulnerability chain in Microsoft 365 Copilot Enterprise Search (CVE-2026-42824). By chaining Parameter-to-Prompt (P2P) injection, an HTML rendering race condition, and a Server-Side Request Forgery (SSRF) via Bing's image search, attackers could exfiltrate sensitive organizational data via a single malicious link.
Google Threat Intelligence Group identified a PRC-nexus espionage campaign by UNC6508 targeting North American research and defense entities. The actors compromised REDCap servers to deploy INFINITERED, a custom malware that harvests credentials and intercepts software upgrades for persistence. Using stolen credentials, the attackers pivoted to administrative accounts and abused email content compliance rules to covertly exfiltrate sensitive intelligence.
Between 2024 and 2026, the Vietnam-aligned threat actor OceanLotus (APT32) shifted its focus toward domestic espionage, conducting a supply-chain attack against the FireAnt MetaKit stock investment platform and compromising a major infrastructure corporation. The campaigns leveraged DLL side-loading to deploy the SPECTRALVIPER backdoor, which features advanced orchestration capabilities and exfiltrates encrypted host data via HTTP Cookie headers.
Mandiant and Google Threat Intelligence Group identified an active extortion campaign by UNC6240 (ShinyHunters) exploiting CVE-2026-35273, a critical zero-day RCE vulnerability in Oracle PeopleSoft. The threat actors targeted the higher education sector, deploying customized MeshCentral agents for C2 and utilizing custom scripts for lateral movement, defacement, and data exfiltration.
Multiple Russia-aligned threat actors, including SHADOW-EARTH-066 and Earth Dahu, are actively exploiting a patched WinRAR path traversal vulnerability (CVE-2025-8088) to target Ukrainian organizations. The attackers use crafted RAR archives with NTFS Alternate Data Streams to silently drop malicious payloads, such as the evolved GIFTEDCROOK infostealer or HTA-based espionage tools, into the Windows Startup folder and ProgramData directories.
The financially motivated threat cluster UNC3753 is conducting a fast-paced data theft and extortion campaign against US legal and professional services. The group leverages vishing and IT helpdesk impersonation to trick targets into installing legitimate RMM and screen-sharing tools, enabling rapid data exfiltration from corporate repositories and VDI environments. Notably, the campaign also involves suspected physical intrusions where actors use USB media to steal data directly from endpoints.
Gamaredon, an FSB-linked threat actor, has deployed a highly evasive, fileless stealer dubbed GammaSteel targeting Ukrainian entities. The malware leverages Windows DPAPI to encrypt and stage payloads within the registry, actively monitoring local, network, and USB drives for sensitive documents to exfiltrate via legitimate cloud services and dynamic C2 infrastructure.
Check Point Research uncovered a large-scale malware distribution ecosystem that uses search engine optimization and impersonated open-source project sites to drive traffic to a sophisticated Traffic Distribution System (TDS). The TDS employs click hijacking and strict gating to selectively deliver malware, including the SessionGate loader, RemusStealer, and AnimateClipper, while actively evading automated analysis through one-time key releases and file inflation.
JS.MonoGlyphRAT is a newly identified, highly obfuscated JavaScript backdoor targeting US enterprises via phishing. It establishes persistence, communicates over HTTP using custom headers, and acts as a loader capable of executing AES-encrypted payloads, PowerShell commands, and in-memory .NET assemblies while bypassing AMSI.
Session Hijacking and Developer Tool Poisoning Collapse Authentication Trust
This week, attackers proved that multi-factor authentication is no longer a reliable gatekeeper. Campaigns like Tycoon 2FA and Chinese-language PhaaS platforms intercept one-time passwords in real time and steal session tokens to maintain persistent access, while infostealers like EKZ Infostealer harvest browser cookies to bypass authentication entirely. Even when victims reset passwords and revoke sessions, attackers retain access through hidden device registrations — meaning standard incident response playbooks are now incomplete.
Developers remain the preferred entry point for supply chain compromise. The Glassworm botnet was disrupted after hiding malware in VSCode extensions and npm packages, while the Megalodon campaign poisoned GitHub Actions workflows across 5,500 repositories. A malicious Sicoob.Sdk NuGet package stole banking certificates from Brazilian developers, and North Korea's Lazarus group compromised the widely used axios npm library — a single attack touching millions of downstream applications.
Organizations must move beyond password-and-MFA reliance: adopt hardware security keys, shorten session lifetimes, delete attacker-registered devices before resetting credentials, and audit developer toolchains and CI/CD pipelines for tampering.
A malicious NuGet package named Sicoob.Sdk impersonated the official C# SDK for the Brazilian financial cooperative Sicoob. The package was designed to silently exfiltrate sensitive banking authentication material, including PFX certificates and passwords, as well as raw transaction data, to a third-party Sentry telemetry endpoint, posing a severe risk of API impersonation and financial data exposure.
Threat actors exploited CVE-2026-35616, an improper access control vulnerability in FortiClient EMS, to deploy a novel credential stealer named EKZ Infostealer to managed endpoints. The attackers abused legitimate VPN scripting workflows to execute malicious PowerShell commands that downloaded the stealer, which subsequently harvested browser credentials and exfiltrated them to a threat-actor-controlled server.
Frontier AI models such as Anthropic Mythos and OpenAI GPT 5.5 Cyber represent a paradigm shift in security testing by leveraging multi-step reasoning to chain vulnerabilities and misconfigurations into viable attack paths. Zscaler's evaluation demonstrates that these models significantly outperform legacy tools in speed and accuracy when embedded in structured testing harnesses, though they require careful contextual grounding to avoid severity inflation or pattern anchoring. Organizations are advised to implement Zero Trust architectures and deception technologies to mitigate the accelerated threat posed by AI-enabled adversaries.
Unit 42 identified an active cyberespionage campaign by the Iran-nexus APT group Screening Serpens, targeting entities in the U.S., Israel, and the Middle East. The threat actor deployed two new RAT families, MiniUpdate and MiniJunk V2, utilizing advanced AppDomainManager hijacking and DLL sideloading to evade native .NET security mechanisms like ETW. The attacks rely on highly tailored social engineering lures, such as fake job portals and video conferencing updates, to initiate the infection chain and establish persistent command and control.
A financially motivated eCrime campaign is leveraging SEO poisoning to impersonate AI coding assistants like Gemini CLI and Claude Code, tricking developers into executing a fileless PowerShell infostealer. The malware executes entirely in memory, disables Windows telemetry (ETW and AMSI), and harvests sensitive enterprise credentials, session tokens, and files before exfiltrating them to attacker-controlled infrastructure.
The Ransomware-as-a-Service (RaaS) ecosystem relies heavily on affiliates who dictate the actual intrusion tradecraft, meaning a single ransomware brand can be associated with vastly different attack chains. Affiliates frequently abuse legitimate Remote Monitoring and Management (RMM) tools, exposed RDP, and vulnerable edge appliances for initial access, followed by the use of LOLBins and open-source utilities for persistence and data exfiltration.
The China-aligned APT group Webworm has updated its toolset in 2025, shifting focus to European and South African targets. The group deployed two new custom backdoors, EchoCreep and GraphWorm, which abuse Discord and the Microsoft Graph API respectively for command and control. Additionally, Webworm utilizes a complex network of custom proxy tools and compromised infrastructure, including GitHub and Amazon S3, to stage payloads and exfiltrate data.
A large-scale npm supply chain attack compromised hundreds of packages, notably within the @antv ecosystem, using a malware variant known as Mini Shai-Hulud. The malware executes upon installation to harvest sensitive developer and CI/CD secrets, exfiltrating them to a hardcoded C2 server or via a GitHub repository fallback, and leverages stolen npm tokens to propagate itself to other packages.
WantToCry is a remote ransomware operation that targets internet-exposed SMB services using brute-force authentication. Instead of deploying local malware, attackers exfiltrate files, encrypt them on their own infrastructure, and write the encrypted versions back to the victim's network via authenticated SMB sessions, effectively bypassing traditional process-based EDR detections.
Recent versions of the popular npm package node-ipc (9.1.6, 9.2.3, 12.0.1) were compromised to include an obfuscated credential stealer. The malware executes upon CommonJS module load, harvests sensitive developer and cloud credentials, and exfiltrates the compressed data via DNS TXT queries to attacker-controlled infrastructure.
UNC6671, operating under the BlackFile brand, conducts sophisticated vishing and Adversary-in-the-Middle (AiTM) attacks to bypass MFA and compromise SSO platforms like Microsoft 365 and Okta. Once inside, the group uses automated Python and PowerShell scripts to rapidly exfiltrate sensitive data via APIs, often masking their activity as routine file access events, before launching aggressive extortion campaigns.
The TeamPCP threat actor deployed the Mini Shai-Hulud worm in a sophisticated supply chain attack targeting the npm ecosystem via a GitHub Actions CI cache-poisoning technique. The malware steals credentials, establishes persistence via developer tools like VS Code and Claude Code, and features a destructive dead man switch that wipes the victim's home directory if access tokens are revoked.
Kazuar is a sophisticated, modular P2P botnet attributed to the Russian state-sponsored actor Secret Blizzard. It utilizes a tripartite architecture (Kernel, Bridge, Worker) and a leader election mechanism to minimize external C2 traffic, relying on Mailslots, Window Messaging, and Named Pipes for internal communication and HTTP, WSS, or EWS for external C2.
Sophos MDR investigated a macOS infostealer infection attributed to an AMOS (Atomic macOS) variant. The attack leverages ClickFix social engineering to trick users into running a malicious Terminal command, which initiates a multi-stage infection chain. The malware captures the user's system password via a spoofed prompt, evades analysis by checking for virtualized environments, and exfiltrates sensitive data like Keychain and browser credentials before establishing persistence via a LaunchDaemon.
An 18-month Agent Tesla campaign is targeting LATAM enterprises, particularly in Chile, using procurement-themed phishing lures. The attack chain employs a multi-stage loader protected by .NET Reactor 6.x, utilizing process hollowing into aspnet_compiler.exe to execute the credential-stealing payload entirely in memory. Stolen data is exfiltrated via cleartext FTP to compromised legitimate infrastructure.
FrostyNeighbor, a Belarus-aligned threat actor, has updated its toolset to target Ukrainian governmental organizations with a multi-stage compromise chain. The attack utilizes spearphishing with malicious PDFs that redirect to a RAR archive containing a JavaScript dropper, which ultimately deploys a Cobalt Strike beacon via the PicassoLoader malware following strict server-side and manual victim validation.
A recent leak of internal communications and backend data from 'The Gentlemen' RaaS operation has revealed the group's highly structured operational model and mature toolset. The threat actors actively exploit edge appliances and NTLM relay vulnerabilities for initial access, followed by extensive use of red-team tools and custom EDR evasion techniques to deploy their cross-platform ransomware.
The GemStuffer campaign leverages the RubyGems package registry as an unconventional data exfiltration channel. Threat actors deploy Ruby scripts that scrape UK local government portals, package the harvested data into valid .gem archives, and push them to RubyGems using hardcoded API keys. The malware demonstrates defense evasion by overriding the HOME environment variable to a /tmp directory to isolate its credential environment, or by bypassing the gem CLI entirely to perform direct API POST requests.
TeamPCP (SHADOW-WATER-058) executed a sophisticated supply chain campaign compromising developer toolchains across multiple ecosystems, including Docker Hub, PyPI, and GitHub Actions. The attacks leveraged CI/CD trust, such as unsanitized PR comments and stolen publisher tokens, to distribute credential-harvesting payloads via Python .pth files and the Bun runtime, targeting over 80 credential types and abusing live AWS APIs.
A sophisticated threat actor compromised a third-party IT services provider to abuse legitimate HPE Operations Agent infrastructure, enabling stealthy execution and discovery. The attackers established persistence and harvested credentials using malicious network provider and password filter DLLs on domain controllers, while utilizing web shells and ngrok tunnels to maintain long-term, undetected access.
Trend Micro identified two distinct threat campaigns, SHADOW-AETHER-040 and SHADOW-AETHER-064, leveraging agentic AI to orchestrate attacks against Latin American government and financial institutions. The attackers utilized AI models like Anthropic's Claude to dynamically generate scripts, analyze configurations, and establish SOCKS5 tunnels for lateral movement, demonstrating a shift towards AI-assisted, signature-evasive intrusion operations.
A supply chain attack utilizing five malicious NuGet packages typosquatting Chinese .NET libraries has been discovered distributing a cross-platform infostealer. The malware leverages .NET Reactor and JIT hooking via module initializers to execute automatically upon assembly load, targeting credentials and cryptocurrency wallets across developer workstations and CI/CD pipelines.
Cisco Talos identified UAT-8302, a China-nexus APT, targeting global government entities using a diverse toolkit of custom and shared malware. The threat actor leverages DLL side-loading to deploy implants like NetDraft, CloudSorcerer v3, and VSHELL, while utilizing open-source tools for extensive network reconnaissance, credential harvesting, and lateral movement.
North Korea-aligned APT ScarCruft executed a multi-platform supply-chain attack compromising the sqgame platform to target ethnic Koreans in China's Yanbian region. The campaign distributed the BirdCall backdoor via trojanized Android applications and malicious Windows updates (which initially dropped RokRAT), enabling extensive espionage capabilities including data exfiltration, audio recording, and screen capture.
Quasar Linux (QLNX) is an advanced, previously undocumented Linux Remote Access Trojan (RAT) designed to compromise developer workstations and facilitate supply chain attacks. It employs sophisticated evasion techniques, including fileless execution, process name spoofing, and dynamically compiled LD_PRELOAD and eBPF rootkits, alongside a PAM backdoor to harvest critical cloud and repository credentials.
A software supply chain campaign attributed to the GitHub account 'BufferZoneCorp' published malicious Ruby gems and Go modules designed to steal developer secrets and compromise CI/CD environments. The packages impersonate legitimate developer tools to execute install-time and runtime payloads that harvest credentials, tamper with GitHub Actions workflows, manipulate Go dependency resolution, and establish SSH persistence.
The official intercom-client npm package (version 7.0.4) was compromised in a supply chain attack attributed to the Mini Shai-Hulud campaign and linked to the TeamPCP threat actor. The malicious package executes during installation via a preinstall hook to harvest cloud, Kubernetes, and Vault credentials from developer and CI/CD environments, exfiltrating them via the GitHub API.
The popular PyPI package 'lightning' was compromised in a supply chain attack affecting versions 2.6.2 and 2.6.3. The malicious package executes an obfuscated JavaScript payload via the Bun runtime to harvest cloud and developer credentials, poison GitHub repositories by impersonating Anthropic's Claude Code, and infect local npm packages.
SHADOW-EARTH-053 is a China-aligned cyberespionage campaign exploiting legacy N-day vulnerabilities in Microsoft Exchange and IIS servers to target government and defense sectors primarily in Asia. The threat actors utilize GODZILLA web shells for persistence and deploy ShadowPad implants via DLL sideloading, sharing significant operational overlaps with another intrusion set tracked as SHADOW-EARTH-054.
Arctic Wolf Labs identified a highly targeted campaign by the DPRK-nexus threat actor BlueNoroff against the Web3 sector. The attackers utilize sophisticated social engineering, including AI-generated deepfakes and stolen webcam footage, to lure victims into fake Zoom or Teams meetings. Once engaged, a ClickFix clipboard injection attack deploys a fileless PowerShell C2 implant, leading to the theft of cryptocurrency wallets, browser credentials, and Telegram sessions.
A coordinated supply chain attack compromised official distribution channels for Checkmarx KICS and the Bitwarden CLI, pushing malicious updates designed to harvest developer credentials, cloud keys, and AI assistant configurations. The payloads exfiltrated data to a shared C2 domain and exhibited advanced techniques, including weaponizing stolen GitHub tokens to inject malicious workflows and using victim repositories as dead drops.
The Bitwarden CLI npm package was compromised in a supply chain attack linked to the ongoing Checkmarx campaign. The malicious payload, injected via GitHub Actions, harvests extensive cloud and developer credentials, exfiltrating them through unauthorized GitHub repositories and a dedicated C2 server while employing a Russian locale kill switch and shell profile persistence.
Google Threat Intelligence Group identified UNC6692, a threat actor utilizing Microsoft Teams phishing and email bombing to deploy a custom modular malware suite. The attack chain leverages a malicious Chromium extension (SNOWBELT), a Python tunneler (SNOWGLAZE), and a Python bindshell (SNOWBASIN) to establish persistence, move laterally, and exfiltrate sensitive Active Directory data via legitimate cloud services.
ESET researchers uncovered GopherWhisper, a previously undocumented China-aligned APT group targeting a Mongolian governmental entity. The group utilizes a diverse arsenal of custom, primarily Go-based malware that leverages legitimate services like Slack, Discord, and Microsoft Outlook for command and control, blending malicious traffic with normal enterprise communications.